Last Modified: 7/27/2016
If the resolution requires us to create a hotfix, the hotfix will be based on the code for the most recent product patch and will require you to upgrade to that patch.
- Patch Release Cycle
- McAfee products (excluding Network Security Platform)
- Patch Support
- Currently, patch releases for VirusScan Enterprise and Host Intrusion Prevention are targeted to correspond with Windows 10 update releases. This could change in the future, if a more efficient schedule is required.
- SiteAdvisor releases a patch twice per year, targeting Q1 and Q3.
- ePolicy Orchestrator releases patch updates and/or a full release each quarter. Check with your support representative for current ePolicy Orchestrator release schedules.
- McAfee Agent releases patches twice per year. Check with your support representative for current McAfee Agent release schedules.
Each patch is released in a two-stage distribution: Managed Release To Support (RTS) and Release to World (RTW).
Distribution is limited to customers who have escalated issues addressed by the patch, and to customers who have opted to participate in our phased distribution cycles. During the first phase of Managed Release, RTS customers who have previously reported issues are expected to deploy RTS patches and confirm issue resolutions within two weeks to confirm resolutions for their issue. All fixed issues are confirmed prior to general RTS availability during the last two-week phase of managed release, for customers who have opted to participate.
Release to World (RTW)
Intel Security will make every attempt to maintain the integrity of the above patch release schedule. In cases where the quality of the patch does not meet the Intel Security minimum ship requirements, the date will be adjusted as needed. If the patch release date has to be moved, Intel Security will notify customers via SNS, and will post the new release date on the ServicePortal patch downloads page.
NOTE: Between patch releases, Intel Security is committed to providing customers with hotfixes on a case-by-case basis for any critical issues. These hotfixes are typically rolled up as part of the next scheduled patch.
System Security products include the following:
- ePolicy Orchestrator
- Host Intrusion Prevention
- McAfee Agent
- SiteAdvisor Enterprise
- VirusScan Enterprise
Back to Contents
McAfee products (excluding Network Security Platform)
Patches and hotfixes are provided by Intel Security primarily to resolve customer-reported issues and, at the discretion of Intel Security, might also include other fixes and product modifications. They are released from QA to Support after satisfying the QA exit criteria. Product modifications and resolved issues (customer-reported or otherwise) are documented in the accompanying Release Notes for each hotfix or patch release.
Service packs are posted on the Product Downloads site.
What is an older patch?
Any patch release older than the current or latest patch for the product is an older patch.
What should I expect from Technical Support?
Technical Support will often advise customers to test issues against the current or latest patch, if the reported incident is occurring in an environment using an older patch.
NOTE: It is best practice to run the latest patch in your environment, because the latest patch contains the latest fixes available for the product. Confirming an issue exists with the latest patch is also valuable to help in understanding the nature of an issue.
Why stay current?
Patch releases solve business impacting product issues reported from the field. They may add product functionality, operating system support, and improve product security to combat malware and malicious users. Failure to patch the product regularly increases risk to your environment.
Special mention must be made for patching of product vulnerabilities (for example, SB10151 and SB10158). These two examples require adopting Patch 7 or later. For many customers that can be a marked jump in patch levels, presenting a high-risk upgrade path (see "How do I assess the risk of patching") but this can be mitigated by following guidance provided in KB87328 - Supported upgrade paths for McAfee Agent, VirusScan Enterprise, and Host Intrusion Prevention.
How to stay current?
Notifications are sent to customers via the Support Notification Service (SNS), to inform when new releases are available. Intel Security expects to follow Microsoft Windows release schedules to maintain support for newer operating system platforms. It is advisable to plan for, and test adoption of, a new Patch when it becomes available.
Patches can be downloaded from the Product Downloads site (requires a valid Grant Number - http://www.mcafee.com/us/downloads/), the ePolicy Orchestrator Software Manager, and the Support Service portal (https://support.mcafee.com). Older patches can be obtained from Technical Support, if needed.
What are the patch upgrade limitations?
Starting with Patch 8 for both VSE and Host IPS products, Intel Security can only support patch updates of the past four patch releases. For example, Patch 8 will be able to update Patch 4 or later, and Patch 9 will be able to update Patch 5 or later. If other limitations exist for a specific patch release they will be described in the patch release notes.
How do I assess the risk of patching?
Software technology can change in each patch due to additions of operating system platform support and ongoing security improvements. These changes could expose interoperability issues with third-party software, or other software anomalies specific to an environment. To assess risk, confirm the build of %windir%\system32\drivers\MFEHIDK.SYS currently deployed in your environment compared to the build being installed with the new patch. For example, you might currently have MFEHIDK.SYS version 220.127.116.115 and a new patch may install version 18.104.22.1687; the difference here is a minor version upgrade (noted in the version number as [major].[minor].0.[build]). Risk can be gauged as follows, based on the difference:
- Major version difference = High risk change to the environment
- Minor version difference of 1 = Medium risk change to the environment
- Minor version difference of 2 or more = High risk change to the environment
- Only build number difference = Low risk change to the environment
- A test plan, for testing software functionality against your own environment and applications.
- A pilot program targeting a group of users who are informed of the pending change and can report anomalies, allowing you to investigate prior to larger deployments.
- Patch frequently (see "How do I assess the risk of patching"). With a lesser delta between patches, you reduce the inherent risk of patching.
Do I need to reboot? See the release notes of the patch for specific details, but generally a reboot is not required when patching.
If you are downgrading the installed MFEHIDK.SYS version (uninstall a newer version/patch to install an older version/patch), a reboot is mandatory after removing the software.
When a reboot is recommended, the reboot may be postponed to a convenient or planned window but be aware that in such scenarios the longer the reboot is postponed the higher the risk of encountering an outage.
Back to Contents
Previous Document ID
ePolicy Orchestrator 5.3
ePolicy Orchestrator 5.1
Host Intrusion Prevention 8.0
McAfee Agent 5.0.x
McAfee Agent 4.8
SiteAdvisor Enterprise 3.5
VirusScan Enterprise 8.8
VirusScan Enterprise for Linux 1.9.x
Beta Translate with
Select a desired language below to translate this page.
Glossary of Technical Terms
Please take a moment to browse our Glossary of Technical Terms.