Knowledge Center

Service Packs, patches, hotfixes, maintenance releases, and patch release cycle
Technical Articles ID:   KB51560
Last Modified:  4/6/2017


McAfee System Security Products


IMPORTANT: McAfee will troubleshoot and investigate issues for supported product versions, regardless of the current patch level. Be aware that part of the troubleshooting and resolution process can involve applying the most current product patch. 

If the resolution requires us to create a hotfix, the hotfix will be based on the code for the most recent product patch and will require you to upgrade to that patch.

Patch Release Cycle
McAfee delivers patches for products with the following expected release timelines:
  • Currently, patch releases for VirusScan Enterprise and Host Intrusion Prevention are targeted to correspond with Windows 10 update releases. This could change in the future, if a more efficient schedule is required.
  • SiteAdvisor releases a patch twice per year, targeting Q1 and Q3.
  • ePolicy Orchestrator releases patches twice per year. Check with your support representative for current ePolicy Orchestrator release schedules.  
  • McAfee Agent releases patches twice per year. Check with your support representative for current McAfee Agent release schedules.
NOTE: Other system security products may release patches on an "as required" basis.

Each patch is released in a two-stage distribution: Managed Release To Support (RTS) and Release to World (RTW). 

Managed Release
The Managed Release cycle is approximately four weeks long.

Distribution is limited to customers who have escalated issues addressed by the patch, and to customers who have opted to participate in our phased distribution cycles. During the first phase of Managed Release, RTS customers who have previously reported issues are expected to deploy RTS patches and confirm issue resolutions within two weeks to confirm resolutions for their issue. All fixed issues are confirmed prior to general RTS availability during the last two-week phase of managed release, for customers who have opted to participate. 

Release to World (RTW)
If Managed Release customers confirm that the patch performs as expected, the patch moves to RTW at the end of the four-week period. At this stage, McAfee posts the patch on the Product Downloads site and ServicePortal. The RTW date will coincide with the second Tuesday of the month in February, June, and October.

McAfee will make every attempt to maintain the integrity of the above patch release schedule. In cases where the quality of the patch does not meet the McAfee minimum ship requirements, the date will be adjusted as needed. If the patch release date has to be moved, McAfee will notify customers via SNS, and will post the new release date on the ServicePortal patch downloads page.

NOTE: Between patch releases, McAfee is committed to providing customers with hotfixes on a case-by-case basis for any critical issues. These hotfixes are typically rolled up as part of the next scheduled patch.

System Security products include the following:
  • ePolicy Orchestrator
  • Host Intrusion Prevention
  • McAfee Agent
  • SiteAdvisor Enterprise
  • VirusScan Enterprise 
Products referenced in this document may adopt a standard patch release schedule in the future, or have a patch release cycle not specified in this document. Release cycles associated with these listed products are subject to change and McAfee will make every best effort to inform customers of schedule changes in subscriber notifications and related Knowledge Base articles.

Back to Contents

McAfee products (excluding Network Security Platform)
IMPORTANT: McAfee will troubleshoot and investigate issues for supported product versions, regardless of the current patch level. Part of the troubleshooting and resolution process might involve applying the most current product patch. If the resolution requires a hotfix, the hotfix will be based on the code for the most recent product patch and will require you to upgrade to that patch.

Patches and hotfixes are provided by McAfee primarily to resolve customer-reported issues and, at the discretion of McAfee, might also include other fixes and product modifications. They are released from QA to Support after satisfying the QA exit criteria. Product modifications and resolved issues (customer-reported or otherwise) are documented in the accompanying Release Notes for each hotfix or patch release.

A patch is a single installable package which updates a specific version of a product and usually contains fixes for multiple issues. This often involves updating multiple files installed by the product. Patches for McAfee products are cumulative, meaning that the current patch contains all fixes included in previous patch versions. 
Patches are intended for all customers.
Patches undergo a phased distribution release period prior to being made publicly available. This phased distribution is managed by Tier III Technical Support. After the phased distribution, the full release is managed by QA and Technical Support, who are responsible for posting the patch to the Product Downloads site and ServicePortal. Customers who subscribe will also receive an SNS notice. For more information about the SNS, see KB67828 McAfee Support Notification Service (SNS) Frequently Asked Questions.

When a critical defect is identified and verified in a live environment, a hotfix is created to address it. A hotfix is a package which updates a specific version of a product, and usually contains a fix for a single issue.
Contact Technical Support for the correct identification and validation of the issue. In general, hotfix distribution is managed by Tier III Technical Support only. A hotfix is delivered in response to an escalated Service Request, which support confirms and meets all requirements to receive the hotfix. Exceptions to hotfix distribution must be agreed upon by the product Sustaining Team and Tier III Technical Support.

Service Pack
Fully quality-assured updates consisting of code released previously as multiple patches and hotfixes.

Service packs are posted on the Product Downloads site.


Ratings for Hotfixes and Patches
The product Sustaining Team is responsible for deciding which rating a hotfix or patch will have. These ratings are as follows:
  • Required for all environments.
  • Failure to apply mandatory updates might result in a security breach.
  • Mandatory patches and hotfixes resolve vulnerabilities that might affect product functionality and compromise security. You must apply these updates to maintain a viable and supported product.
  • Critical for all environments.
  • Failure to apply a critical update might result in severe business impact.
  • A hotfix for a Severity 1 or Severity 2 issue can be considered critical.
  • A patch that resolves commonly reported kernel crashes or other issues that might cause significant business impact may be considered critical.
High Priority
  • High priority for all environments.
  • Failure to apply a High Priority update may result in potential business impact.
  • Most Patches and Hotfixes are considered High Priority.
  • Recommended for all environments. Apply this update at the earliest convenience.
  • Not applicable to hotfixes, because a hotfix is only created in response to a business-impacting issue.
  • A patch which resolves non-severe issues or improves product quality might be considered as recommended.
Patch Support
Technical Support will assist customers having issues with any patch level of the product; however, for any issue that requires a code change, only the latest patch or next patch will receive that code change. Hotfixes are built for the latest patch only, and only in response to high severity escalations where no viable workaround exists. Hotfix code will be included in the next patch.

What is an older patch?
Any patch release older than the current or latest patch for the product is an older patch.

What should I expect from Technical Support?
Technical Support will often advise customers to test issues against the current or latest patch, if the reported incident is occurring in an environment using an older patch.

NOTE: It is best practice to run the latest patch in your environment, because the latest patch contains the latest fixes available for the product. Confirming an issue exists with the latest patch is also valuable to help in understanding the nature of an issue. 

Why stay current?
Patch releases solve business impacting product issues reported from the field. They may add product functionality, operating system support, and improve product security to combat malware and malicious users. Failure to patch the product regularly increases risk to your environment.

Special mention must be made for patching of product vulnerabilities (for example, SB10151 and SB10158). These two examples require adopting Patch 7 or later. For many customers that can be a marked jump in patch levels, presenting a high-risk upgrade path (see "How do I assess the risk of patching") but this can be mitigated by following guidance provided in KB87328 - Supported upgrade paths for McAfee Agent, VirusScan Enterprise, and Host Intrusion Prevention.

How to stay current?
Notifications are sent to customers via the Support Notification Service (SNS), to inform when new releases are available. McAfee expects to follow Microsoft Windows release schedules to maintain support for newer operating system platforms. It is advisable to plan for, and test adoption of, a new Patch when it becomes available.

Patches can be downloaded from the Product Downloads site (requires a valid Grant Number - http://www.mcafee.com/us/downloads/), the ePolicy Orchestrator Software Manager, and the Support Service portal (https://support.mcafee.com). Older patches can be obtained from Technical Support, if needed. 

 What are the patch upgrade limitations?
Starting with Patch 8 for both VSE and Host IPS products, McAfee can only support patch updates of the past four patch releases. For example, Patch 8 will be able to update Patch 4 or later, and Patch 9 will be able to update Patch 5 or later. If other limitations exist for a specific patch release they will be described in the patch release notes.

 How do I assess the risk of patching?
Software technology can change in each patch due to additions of operating system platform support and ongoing security improvements. These changes could expose interoperability issues with third-party software, or other software anomalies specific to an environment. To assess risk, confirm the build of %windir%\system32\drivers\MFEHIDK.SYS currently deployed in your environment compared to the build being installed with the new patch. For example, you might currently have MFEHIDK.SYS version and a new patch may install version; the difference here is a minor version upgrade (noted in the version number as [major].[minor].0.[build]). Risk can be gauged as follows, based on the difference:

  • Major version difference = High risk change to the environment
  • Minor version difference of 1 = Medium risk change to the environment
  • Minor version difference of 2 or more = High risk change to the environment
  • Only build number difference = Low risk change to the environment 

 How do I mitigate the risk of patching McAfee recommends following best practices for software adoption?
This should include some or all of the following:

  • A test plan, for testing software functionality against your own environment and applications.
  • A pilot program targeting a group of users who are informed of the pending change and can report anomalies, allowing you to investigate prior to larger deployments.
  • Patch frequently (see "How do I assess the risk of patching"). With a lesser delta between patches, you reduce the inherent risk of patching.

Do I need to reboot? See the release notes of the patch for specific details, but generally a reboot is not required when patching.

If you are downgrading the installed MFEHIDK.SYS version (uninstall a newer version/patch to install an older version/patch), a reboot is mandatory after removing the software.

When a reboot is recommended, the reboot may be postponed to a convenient or planned window but be aware that in such scenarios the longer the reboot is postponed the higher the risk of encountering an outage.
Back to Contents


Previous Document ID


Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.