Knowledge Center

Service Packs, patches, hotfixes, maintenance releases, and patch release cycle
Technical Articles ID:   KB51560
Last Modified:  5/10/2018


McAfee System Security Products


IMPORTANT: McAfee troubleshoots and investigates issues for supported product versions, regardless of the current patch level. Be aware, part of the troubleshooting and resolution process can involve applying the most current product patch. 

If the resolution requires us to create a hotfix, the hotfix is based on the code for the most recent product patch and requires you to upgrade to that patch.

Click to expand the section you want to view:

McAfee delivers patches for products with the following expected release timelines:
  • Currently, patch releases for VirusScan Enterprise and Host Intrusion Prevention are targeted to correspond with Windows 10 update releases. This process could change in the future, if a more efficient schedule is required.
  • SiteAdvisor releases a patch twice per year, targeting Q1 and Q3.
  • ePolicy Orchestrator releases patches twice per year. Check with your support representative for current ePolicy Orchestrator release schedules.  
  • McAfee Agent releases patches twice per year. Check with your support representative for current McAfee Agent release schedules.
NOTE: Other system security products might release patches on an "as required" basis.

Each patch is released in a two-stage distribution: Managed Release To Support (RTS) and Release to World (RTW). 

Managed Release
The Managed Release cycle is about four weeks long. A managed release goes through the same Quality Assurance (QA) process as an RTW release, and is fully supported. The only difference between the two is how they are distributed. 

Distribution of a managed release is limited to customers who have issues addressed by the patch, and to customers who have opted to participate in our phased distribution cycles. During the first phase of a Managed Release, customers who have previously reported issues receive RTS patches, and are expected to deploy them and confirm resolution of the issues within two weeks. All fixed issues are confirmed before general RTS availability during the last two-week phase of the Managed Release; this last two-week phase is for customers who have opted to participate. 

Release to World (RTW)
If Managed Release customers confirm that the patch performs as expected, the patch moves to RTW at the end of the four-week period. At this stage, McAfee posts the patch on the Product Downloads site and ServicePortal. 

McAfee always tries to maintain the integrity of the above patch release schedule. In cases where the quality of the patch does not meet the McAfee minimum ship requirements, the date is adjusted as needed. If the patch release date must be moved, McAfee notifies customers via SNS, and posts the new release date on the ServicePortal patch downloads page.

NOTE: Between patch releases, McAfee is committed to providing customers with hotfixes on a case-by-case basis for any critical issues. These hotfixes are typically rolled up as part of the next scheduled patch.

System Security products include the following:
  • ePolicy Orchestrator
  • Host Intrusion Prevention
  • McAfee Agent
  • SiteAdvisor Enterprise
  • VirusScan Enterprise
Products referenced in this document might adopt a standard patch release schedule in the future, or have a patch release cycle not specified in this document. Release cycles associated with these listed products are subject to change. McAfee makes every best effort to inform customers of schedule changes, in subscriber notifications and related Knowledge Base articles.

Back to Top

IMPORTANT: McAfee troubleshoots and investigates issues for supported product versions, regardless of the current patch level. Part of the troubleshooting and resolution process might involve applying the most current product patch. If the resolution requires a hotfix, the hotfix is based on the code for the most recent product patch and requires you to upgrade to that patch.

Patches and hotfixes are provided by McAfee primarily to resolve customer-reported issues and, at the discretion of McAfee, might also include other fixes and product changes. They are released from QA to Support after satisfying the QA exit criteria. Product changes, and resolved issues that are customer-reported or otherwise, are documented in the accompanying Release Notes for each hotfix or patch release.

A patch is a single installable package that updates a specific version of a product and usually contains fixes for multiple issues. A patch often involves updating multiple files installed by the product. Patches for McAfee products are cumulative, meaning that the current patch contains all fixes included in previous patch versions. Patches are intended for all customers.
Patches undergo a phased distribution release period before being made publicly available. The Advanced Support Team manages this phased distribution. QA and Technical Support, who are responsible for posting the patch to the Product Downloads site and ServicePortal, manage the full release after the phased distribution completes. Customers who subscribe also receive an SNS notice. For more information about the SNS service, see KB67828 McAfee Support Notification Service (SNS) Frequently Asked Questions.

When a critical defect is identified and verified in a live environment, a hotfix is created to address it. A hotfix is a package that updates a specific version of a product, and usually contains a fix for a single issue.
Contact Technical Support for the correct identification and validation of the issue. In general, only the Advanced Support Team manages hotfix distribution. A hotfix is delivered in response to a Service Request, which support confirms meets all requirements to receive the hotfix.
Service Pack
A service pack is a fully quality-assured update that consists of code released previously as multiple patches and hotfixes.

Service packs are posted on the Product Downloads site.


Ratings for Hotfixes and Patches
The product Sustaining Team is responsible for deciding which rating a hotfix or patch has. These ratings are as follows:
  • Required for all environments.
  • Failure to apply mandatory updates might result in a security breach.
  • Mandatory patches and hotfixes resolve vulnerabilities that might affect product functionality and compromise security. You must apply these updates to maintain a viable and supported product.
  • Critical for all environments.
  • Failure to apply a critical update might result in severe business impact.
  • A hotfix for a Severity 1 or Severity 2 issue can be considered critical.
  • A patch that resolves commonly reported kernel crashes, or other issues that might cause significant business impact, might be considered critical.
High Priority
  • High priority for all environments.
  • Failure to apply a High Priority update might result in potential business impact.
  • Most patches and hotfixes are considered High Priority.
  • Recommended for all environments. Apply this update at the earliest convenience.
  • Not applicable to hotfixes, because a hotfix is only created in response to a business-impacting issue.
  • A patch that resolves non-severe issues or improves product quality might be considered as recommended.

Back to Top

Technical Support will help customers who have issues with any patch level of the product. But, for any issue that requires a code change, only the latest patch or next patch will receive that code change. Hotfixes are built only for the latest patch, and only in response to high severity cases where no viable workaround exists. Hotfix code will be included in the next patch.

What is an older patch?
Any patch release older than the current or latest patch for the product is an older patch.

What can I expect from Technical Support?
Technical Support often advises customers to test issues against the current or latest patch, if the reported incident is seen to occur in an environment using an older patch.

NOTE: It is best practice to run the latest patch in your environment, because the latest patch contains the latest fixes available for the product. Confirming that an issue exists with the latest patch is also valuable to help in understanding the nature of an issue. 

Why must I stay current?
Patch releases solve business-impacting product issues reported from the field. They might add product functionality, operating system support, and improve product security to combat malware and malicious users. Failure to patch the product regularly increases risk to your environment.

Special mention must be made for patching of product vulnerabilities, for example, SB10151 and SB10158. These two examples require adopting Patch 7 or later. For many customers that can be a significant jump in patch levels, presenting a high-risk upgrade path (see the answer to the FAQ "How do I assess the risk of patching"). But, this risk can be mitigated by following the guidance provided in KB87328 - Supported upgrade paths for McAfee Agent, VirusScan Enterprise, and Host Intrusion Prevention.

How do I stay current?
Notifications are sent to customers via the Support Notification Service (SNS), to inform them when new releases are available. McAfee expects to follow Microsoft Windows release schedules to maintain support for newer operating system platforms. It is advisable to plan for, and test the adoption of, a new patch when it becomes available.

Patches can be downloaded from the Product Downloads site, at http://www.mcafee.com/us/downloads/, which requires a valid Grant Number, the ePolicy Orchestrator Software Manager, and the Support ServicePortal at https://support.mcafee.com. Older patches can be obtained from Technical Support, if needed. 

What are the patch upgrade limitations?
For both the VSE and Host IPS products, McAfee supports direct patch updates from Patch 4 or later. For example, Patches 5–10 can all update Patch 4. If other limitations exist for a specific patch release, they are described in the patch release notes.

How do I assess the risk of patching?
Software technology can change in each patch because of additions of operating system platform support and ongoing security improvements. These changes could expose interoperability issues with third-party software, or other software anomalies specific to an environment. To assess risk, confirm the build of %windir%\system32\drivers\MFEHIDK.SYS currently deployed in your environment compared to the build being installed with the new patch. For example, you might currently have MFEHIDK.SYS version and a new patch might install version The difference here is a minor version upgrade (noted in the version number as [major].[minor].0.[build]). Risk can be gauged as follows, based on the difference:

  • Major version difference = High risk change to the environment
  • Minor version difference of 1 = Medium risk change to the environment
  • Minor version difference of 2 or more = High risk change to the environment
  • Only build number difference = Low risk change to the environment 

How do I mitigate the risk of patching?
McAfee recommends following best practices for software adoption. These practices must include some or all of the following:

  • A test plan, for testing software functionality against your own environment and applications.
  • A pilot program targeting a group of users who are informed of the pending change and can report anomalies, allowing you to investigate before larger deployments.
  • Patch frequently (see the answer to the FAQ, "How do I assess the risk of patching"). With a lesser delta between patches, you reduce the inherent risk of patching.

Do I need to reboot?
See the release notes of the patch for specific details, but generally a reboot is not required when patching.

If you are downgrading the installed MFEHIDK.SYS version, uninstall a newer version or patch to install an older version or patch. A reboot is mandatory after removing the software.

When a reboot is recommended, the reboot might be postponed to a convenient or planned window. In such scenarios, the longer the reboot is postponed, the higher the risk of encountering an outage.

Back to Top

Previous Document ID



The content of this article originated in English. If there are differences between the English content and its translation, the English content is always the most accurate. Some of this content has been provided using Machine Translation translated by Microsoft.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.