Loading...

Knowledge Center


VirusScan Enterprise 8.8 Known Issues
Technical Articles ID:  KB86129
Last Modified:  8/25/2016
Rated:


Environment

McAfee VirusScan Enterprise (VSE) 8.8

Summary

This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article will be updated if new issues are identified post-release or if additional information becomes available. To read the Release Notes, see:

WARNING: VSE 8.8 Patch 7 and earlier are NOT compatible with the Microsoft Windows 10 Anniversary Update. Support for the Windows 10 Anniversary Update will be included in VSE 8.8 Patch 8. DO NOT install VSE 8.8 Patch 7 or earlier on systems running the Windows 10 Anniversary Update. Likewise, DO NOT upgrade systems running VSE 8.8 Patch 7 or earlier to the Windows 10 Anniversary update. VSE 8.8 Patch 8 is expected to release in late August 2016.

Product Version Released to World
(RTW)
Release Notes
VSE 8.8 Patch 7 February 12, 2016 PD26382
VSE 8.8 Patch 5 or 6, Hotfix 1087536 October 18, 2015 PD26238
VSE 8.8 Patch 6 August 26, 2015 PD26069
VSE 8.8 Patch 5 May 19, 2015 PD25913
VSE 8.8 Patch 4 February 18, 2014 PD24834
VSE 8.8 Patch 3 January 8, 2013
(Reposted January 14, 2013)
PD24224
VSE 8.8 Patch 2 September 5, 2012 PD23934
VSE 8.8 Patch 1 October 26, 2011
(Reposted November 14, 2011)
PD23408
VSE 8.8 January 20, 2011 PD22972

VSE 8.8 Patch 7 is the latest patch available from the Downloads tab of the ServicePortal at https://support.mcafee.com/downloads.
 
NOTE:
VSE 8.8 Patch 7 provides support for all supported Windows operating systems.


Known Issues:

CRITICAL:
Quick Links
Use these links to jump to the list of critical issues reported in each version:
Patch 7
Patch 6
Patch 5
Patch 4
Patch 3
Patch 2
Patch 1
VSE 8.8
Skip to non-critical issues list


Critical issues found in Patch 7
Reference Number Related Article Found Version Resolved Version Issue Description
1126095 KB87281 VSE 8.8 Patch 7 n/a Issue: Systems with multiple McAfee products that use SysCore installed (such as VSE 8.8 Patch 7 and McAfee Agent 5.x or Host IPS 8.x) hang at startup.

Workaround: Disable Prefetch startup options. See the article for details.
1129321
1126611
KB86909 VSE 8.8 Patch 7 n/a Issue: VSE 8.8 Patch 7 upgrade fails if the Host Intrusion Prevention feature "Startup IPS protection enabled" is enabled. Issue discovered: March 15, 2016.

Workaround: For available workarounds, see the related article.
n/a KB85870 VSE 8.8 Patch 7 n/a Issue 1: ePO or MA installation fails with the following error:
Error 1911.Could not register type library for file C:\Program Files (x86)\McAfee\Common Framework\ComponentUserInterface.dll

Issue 2: VSE 8.8 Patch 7 installation fails with the following error in the MSI installation log:
Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did NOT finish as expected. Contact your support personnel or package vendor. Action Install_SysCore_AddAACStickyPolicy, location: C:\windows\Installer\MSIE635.tmp, command: AddAACStickyPolicy
Issue discovered: May 4, 2016.

Workaround:
For available workarounds, see the related article.
1135366
1133615
KB87162 VSE 8.8 Patch 7 n/a Issue: VSE 8.8 Patch 7 installation fails with the following error:
Error 1722. There is a problem with this Windows Installer package. (AddAACStickyPolicy)
Issue discovered: May 4, 2016.

Workaround: For available workarounds, see the related article.
1130166
1127459
KB87096
KB86977

KB86972
VSE 8.8 Patch 7 n/a Issue: VSE 8.8 Patch 7 installation fails because of a certificate chain failure. Issue discovered: March 18, 2016

Workaround: For available workarounds, see the related articles.
1127437
1124530
KB87105 VSE 8.8 Patch 7 n/a Issue: VSE 8.8 Patch 7 is unable to upgrade stand-alone systems running older versions of the stand-alone McAfee Agent. Affected products include VSE 8.8 Patches 2–5. Issue discovered: March 30, 2016.

Workaround: Uninstall the older version of VSE 8.8 and install from a freshly downloaded copy of VSE 8.8 with the latest patch level, or update the McAfee Agent to a version supported for VSE 8.8 Patch 7 upgrade (see KB51111 for a list of supported environments, including McAfee Agent versions).
1123044 KB85374 VSE 8.8 Patch 7 n/a Issue: VSE 8.8 Patch 7 installs SYSCORE 15.4.0.811. All McAfee products that install SYSCORE 15.4.x.x have vital service dependencies on Cryptographic Services (the Microsoft Cryptographic Service) and Power (the Microsoft User Mode Power Service). Issue discovered: February 23, 2016.

Workaround: If you install a McAfee product that upgrades to SYSCORE 15.4.x.x, these services must both be present, and you must permanently set these two services to Automatic, or the product will not install. If the services are changed after installation, the product or entire system functionality will fail or be greatly impacted.

NOTES:
  • The service start must be set to Automatic without delay. Setting this service to Automatic (Delayed Start) in the Service Control Manager drop-down list will not resolve issues. If either service is not present, contact Microsoft for assistance.
  • Windows XP Embedded 2009, Windows Server 2008, and Windows Vista do not have the Power service. SYSCORE 15.4.x.x, when installed on these nodes, retains the dependency on the Cryptographic Services service but does not have a dependency on the non-existent Power service.
1123565 KB86694 VSE 8.8 Patch 7 n/a Issue: "Prevent Windows Process spoofing" AP rule blocks legitimate processes after upgrading to SysCore 15.4.0.811.

Resolution: This issue is under investigation.

Workaround: For available workarounds, see the related article.
1122581 n/a VSE 8.8 Patch 7 n/a Issue: If you upgrade to the Endpoint Security (ENS) 10.1 RTW release, VSE will be uninstalled but ENS will fail to install.

Workaround: If you are planning an upgrade from VSE 8.8 Patch 7 to ENS 10.1, you must upgrade to ENS 10.1 Patch 1 or later.
Critical issues found in Patch 6
Reference Number Related Article Found Version Resolved Version Issue Description
1099913 KB85860 VSE 8.8 Patch 6 VSE 8.8 Patch 7 Issue: Bugcheck failures on startup for systems with NUMA processors. See the related article for additional information.
1082074
1104094
KB86124 VSE 8.8 Patch 6 VSE 8.8 Patch 7 Issue: Non-page pool memory leak in pool tag MFeB occurs when Access Protection is enabled. See the related article for additional information.
1101766 n/a VSE 8.8 Patch 6 VSE 8.8 Patch 7 Issue: Environments that use both Microsoft App-V and ScriptScan encounter patch upgrade failures because of files that are still in use. The Patch 6 upgrade fails initially, but succeeds after a reboot. See the related article for additional information.

Workaround:
Disable the ScriptScan feature before you perform the upgrade to Patch 6. The policy change avoids the issue and can be enabled again after the upgrade completes.
1108063
1110708
1100280
KB86341
KB86259
VSE 8.8 Patch 6 VSE 8.8 Patch 7 Issue: BugCheck 7E occurs randomly (during AAC rule matching).
n/a n/a VSE 8.8 Patch 6 n/a IMPORTANT: Installing VSE by launching the .MSI package directly is no longer supported. The installation must be performed from the SetupVSE.exe bootstrapper to avoid risk of the installation being blocked by self-protection mechanisms (Access Protection or Arbitrary Access Control). Launching SetupVSE.exe also helps to ensure that no incompatible software is present on the device.
n/a n/a VSE 8.8 Patch 6
VSES 1.2.0 WARNING: 
  • VSES 1.0.2, 1.0.3, and 1.1.0 are not compatible with products that install SYSCORE 15.3 or 15.4. This includes:
    • VSE 8.8 Patch 5 and 6
    • Host Intrusion Prevention (HIP) 8.0 Patch 6
    • McAfee Agent (MA) 5.x
  • VSES 1.0.2, 1.0.3, and 1.1.0 are compatible with products that install SYSCORE 15.1 or prior. This includes:
    • VSE 8.8 Patch 4
    • HIP 8.0 Patch 4
    • MA 4.x
  • VSES 1.2.0 is compatible with products that install SYSCORE 15.4.0.811 or later. This includes:
    • VSE 8.8 Patch 7 and later
    • HIP 8.0 Patch 7 and later
    • MA 4.8.x (MA 4.8.x does not drop or consume SYSCORE and is therefore compatible.)
    • MA 5.0.2.333 and later (Prior versions of MA 5.x are not compatible.)
n/a n/a VSE 8.8 Patch 6 n/a Issue: Data Loss Prevention (DLP) customers: This release upgrades a common component used by DLP, which may cause the system to hang.

Workaround: Customers using DLP 9.4.0 are advised to delay installing VSE 8.8 Patch 6 until further notice. Development is in progress for updating the DLP 9.4 version to work with VSE 8.8 Patch 6. This updated release will be required prior to installing VSE 8.8 Patch 6. This article will be updated as more detail becomes available.
1090227 KB85551 VSE 8.8 Patch 6 n/a Issue: VirusScan threat events do not parse to the ePolicy Orchestrator (ePO) database with VSE Reports Extension 1.2.0.263.

Solution:
This issue is resolved in the updated Reporting Extension, build 264 (or later), VIRUSCANREPORTS120(264).zip.
Back to top
Critical issues found in Patch 5
Reference Number Related Article Found Version Resolved Version Issue Description
n/a n/a VSE 8.8 Patch 5
VSES 1.2.0 WARNING: 
  • VSES 1.0.2, 1.0.3, and 1.1.0 are not compatible with products that install SYSCORE 15.3 or 15.4. This includes:
    • VSE 8.8 Patch 5 and 6
    • Host Intrusion Prevention (HIP) 8.0 Patch 6
    • McAfee Agent (MA) 5.x
  • VSES 1.0.2, 1.0.3, and 1.1.0 are compatible with products that install SYSCORE 15.1 or prior. This includes:
    • VSE 8.8 Patch 4
    • HIP 8.0 Patch 4
    • MA 4.x
  • VSES 1.2.0 is compatible with products that install SYSCORE 15.4.0.811 or later. This includes:
    • VSE 8.8 Patch 7 and later
    • HIP 8.0 Patch 7 and later
    • MA 4.8.x (MA 4.8.x does not drop or consume SYSCORE and is therefore compatible.)
    • MA 5.0.2.333 and later (Prior versions of MA 5.x are not compatible.)
An SNS will announce when VSES 1.2.0 is released. 

To receive information about McAfee product updates, sign up for the Support Notification Service at https://sns.secure.intelsecurity.com/signup_login.
 
n/a KB84987 VSE 8.8 Patch 5
n/a Issue: Hyper-V VMs using pass-through disks will not boot after installing VSE 8.8 Patch 5.

Resolution:
See the related article.
1075054 n/a VSE 8.8 Patch 5 VSE 8.8 Patch 6 Issue: Bugcheck 22 citing CsvFs!CsvFsExceptionFilter when VSE 8.8 Patch 5 is installed in a Cluster server environment.
Critical issues found in Patch 4
954838 KB81529 VSE 8.8 Patch 4 n/a Issue: A bugcheck 50 can occur randomly when files are being scanned. So far, this has been reported only on server-class systems.

Workaround: 
Refer to the related article for details.
Critical issues found in Patch 3
Reference Number Related Article Found Version Resolved Version Issue Description
831805 KB77066 VSE 8.8 Patch 3 VSE 8.8 Patch 4 Issue: All VSE policies are lost when the Patch 3 Management Extension fails to check in.
695931 KB74927 VSE 8.8 Patch 3 VSE 8.8 Patch 4

Issue: VSE 8.8 On-Demand Scan32.exe or Scan64.exe uses very large amounts of memory.

778101
761179
KB75462 VSE 8.8 Patch 3 VSE 8.8 Patch 4 Issue: User Session IDs are not recycled and CSRSS.exe sessions are not closed.
n/a n/a VSE 8.8 Patch 3 VSE 8.8 Patch 4 Issue: Bugcheck 24 or 8E errors displayed on shutdown of  VSE 8.8.
Back to top
Critical issues found in Patch 2
Reference Number Related Article Found Version Resolved Version Issue Description
n/a n/a VSE 8.8 Patch 2 n/a Issue: After installing VSE 8.8 Patch 2, you must restart the MOVE-AV service or restart the system.
n/a KB75858 VSE 8.8 Patch 2 SAE 3.5 Patch 1 Issue: SiteAdvisor Enterprise (SAE) 3.5.0 displays an orange browser balloon (GTI server unavailable) for all sites after installing VSE 8.8 Patch 2.

NOTE:
Install SAE 3.5 Patch 1. To obtain the hotfix refer to the article.
695931 KB74927 VSE 8.8 Patch 2 VSE 8.8 Patch 4 Issue: VSE 8.8 On-Demand Scan32.exe or Scan64.exe uses very large amounts of memory.
778101 761179 KB75462 VSE 8.8 Patch 2 Latest VSE 8.8 patch Issue: User Session IDs are not recycled and CSRSS.exe sessions are not closed after logging out on Windows Server 2008 SP1.

Solution:
This issue was originally resolved in VSE 8.8 Patch 2 Hotfix 778101, which is no longer available. Install the latest VSE 8.8 patch.
n/a n/a VSE 8.8 Patch 2 VSE 8.8 Patch 4 Issue: Bugcheck 24 or 8E errors displayed on shutdown of VSE 8.8.
Critical issues found in Patch 1
Reference Number Related Article Found Version Resolved Version Issue Description
726019 KB73722 VSE 8.8 Patch 1
Host DLP 9.2 Patch 1

Host DLP 9.1 Patch 2
Issue: Intermittent Bugchecks (blue screen errors) might occur when running VSE 8.8 Patch 1 with Host DLP 9.x.

Resolution:
This issue is resolved in the following patches:
  • Host DLP 9.2 Patch 1 - this patch was Released To World (RTW) on April 11, 2012.
  • Host DLP 9.1 Patch 2 - this patch was RTW on April 16, 2012.
These patches are available from the
Product Downloads site.
Back to top
Critical issues found in VSE 8.8
Reference Number Related Article Found Version Resolved Version Issue Description
657097  KB71206 VSE 8.8 VSE 8.8 Patch 1

Issue: VSE cache persistence can trigger issues with Windows 2000 registry size limitations.

Resolution:
This issue was resolved in VSE 8.8 Patch 1 Repost and later. This disables cache persistence by default.

For VSE 8.8 cache persistence best practices, see KB71905.

638935 KB72741 VSE 8.8 n/a Issue: If Host IPS 7 is installed, you must update to the latest Host IPS content before you upgrade from VSE 8.7i to VSE 8.8.

Resolution:
Update Host IPS content; for more information see:
  • KB55211 - Manual update of Host IPS 8.0 / 7.0 signatures from the CommonUpdater site.
  • KB66449 - How to check in Host IPS content manually to ePO server repository.
 n/a  KB71660 VSE 8.8 Latest VSE 8.8 patch Issue: When ScriptScan is disabled, you see the application error pop-up message: The instruction at "0x1449603e" referenced memory.
684965 KB72202 VSE 8.8 Latest VSE 8.8 patch Issue: The distribution of VSE 8.8 Hotfix 660014 and Host IPS Hotfix 660568 was initially stopped because of a potential installation failure of McAfee Agent 4.x when it is installed after the hotfix is applied and VSE Access Protection is enabled.

Back to top


Non-critical:
Quick Links
Issue reported in version:
Patch 7
Patch 5 or 6, Hotfix 1087536
Patch 6
Patch 5
Patch 4
Patch 3
Patch 2
Patch 1
VSE 8.8

Issues found in Patch 7
Reference Number Related Article Found Version Resolved Version Issue Description
n/a KB84087 VSE 8.8 Patch 5 n/a Issue: McAfee Agent can lose communication with the ePO server and fail to enforce policies because of Access Protection blocking new McAfee Agent processes.

Resolution:
See the related article.
1127886 KB87177 VSE 8.8
Patch 7
n/a Issue: Creation or deletion of files succeeds in the folder where the user-defined Access Protection rule was designed to prevent them. No blocking or reporting of events is generated anymore, and the Access Protection Log is not updated. Issue Discovered: May 19, 2016.

Solution: See the related article for details.
Issues found in Patches 5 or 6 with Hotfix 107536
Reference Number Related Article Found Version Resolved Version Issue Description
1089232
1088707
n/a VSE 8.8
(Patch 5 or 6)
Hotfix 1087536

McAfee Agent 5.0.2
HF 1091027
Issue: Host DLP and Policy Auditor event generation fail with McAfee Agent 5.0.x when VSE 8.8 Patch 5 or 6 HF 1087536 is installed.

Resolution: 
This issue is fixed with McAfee Agent 5.0.2 HF 1091027.
1109341  n/a VSE 8.8
(Patch 5 or 6)
Hotfix 1087536
n/a Issue: McAfee Profiler tool (VSE Profiler) no longer functions when VSE 8.8 Patch 5 or 6 HF 1087536 is installed.

Resolution:
This issue will be fixed in a future release of the McAfee Profiler tool.
n/a KB84087 VSE 8.8 Patch 5 n/a Issue: McAfee Agent can lose communication with the ePO server and fail to enforce policies because of Access Protection blocking new McAfee Agent processes.

Resolution:
See the related article.
Back to Quick Links
Issues found in Patch 6
Reference Number Related Article Found Version Resolved Version Issue Description
985788 1018728 KB83443 VSE 8.8 Patch 6 n/a Issue: Non page pool memory leak on Server 2003 operating systems when On Demand Scan is configured to scan memory of running processes and/or rootkits.

Workaround:
See the related article for details.
966892 KB84913 VSE 8.8 Patch 6 VSE 8.8 Patch 7
Issue: Access Protection rules are not visible in the ePO console after checking in the Patch 5 or Patch 6 management extension.
1074199 n/a VSE 8.8 Patch 6 n/a Issue: Environments using Lotus Notes mail, with the Lotus Notes mail scanner feature enabled, encounter Access Protection violations after installing Patch 6.

Resolution:
Add the Lotus Notes process (NLNOTES.EXE) to the Processes to Exclude list for the Access Protection rule that is being violated (for example, Common Standard Protection:Prevent modification of McAfee files and settings).
n/a KB84087 VSE 8.8 Patch 5 n/a Issue: McAfee Agent can lose communication with the ePO server and fail to enforce policies because of Access Protection blocking new McAfee Agent processes.

Resolution:
See the related article.
1073810 n/a VSE 8.8 Patch 6 VSE 8.8 Patch 7 Issue: Detection count is inconsistent with detections displayed in the On-Demand Scan (ODS) progress window.
1065335 KB84084 VSE 8.8 Patch 6 n/a Issue: Modification to the Artemis FQDN field for the Network Heuristic Check feature requires a reboot on the client before the change takes effect.

Resolution:
Restart the McShield service or reboot the system.
1077854 n/a VSE 8.8 Patch 6 DLP 9.4 Patch 1 Issue: Outlook closes unexpectedly (crashes) when sending mail after installing VSE 8.8 Patch 6 on systems with DLP 9.4.0 (RTW).

Resolution:
Upgrade to DLP 9.4 Patch 1 or later.
1090908 KB85293 VSE 8.8 Patch 5 VSE 8.8 Patch 7
Issue: Bugcheck 8E with VSE 8.8 Patch 5.
Back to Quick Links
Issues found in Patch 5
Reference Number Related Article Found Version Resolved Version Issue Description
985788 1018728 KB83443 VSE 8.8 Patch 5
n/a Issue: Non page pool memory leak on Server 2003 operating systems when On Demand Scan is configured to scan memory of running processes and/or rootkits.

Workaround: 
See the related article.
966892 KB84913 VSE 8.8 Patch 5 n/a Issue: Access Protection rules are not visible in the ePO console after checking in the Patch 5 management extension.

Resolution:
See the related article.
1077093 KB70432 VSE 8.8 Patch 5 n/a Issue: Windows Action Center indicates VSE is disabled, but inspection of the status of the scanner shows it is healthy and working.

Resolution:
See the related article.
n/a KB84900 VSE 8.8 Patch 5 n/a Issue: Access Protection rules designed to block the EXECUTE action continue to block processes that have been added to the Processes to Exclude list.

Resolution:
See the related article.
n/a KB84087 VSE 8.8 Patch 5 n/a Issue: McAfee Agent can lose communication with the ePO server and fail to enforce policies because of Access Protection blocking new McAfee Agent processes.

Resolution:
See the related article.
n/a n/a VSE 8.8 Patch 5 n/a Issue: VSE uses .MSP files for product patches. Windows handles these files as a new product installation while adding the changes from the Patch to the original installation. VSE 8.8 Patch 5 (.msp) file does not support patch rollback or removal. Although the VSE product can be removed, the patch on its own cannot.

Resolution:
To restore to an earlier VSE patch, you must first uninstall the current VSE product/patch, then reinstall the VSE product with the required earlier patch.
1046993
1053515
VSE 8.8 Patch 5 n/a Issue: Incorrect action is recorded in Access Protection log file. Expected action was Delete but recorded action shows Write. Similarly, entries where Execute was expected will show Read.

Resolution:
This functionality is as-designed. Changes to this functionality are under consideration for a future update.
940611 n/a VSE 8.8 Patch 5 Latest VSE 8.8 patch Issue: Upgrading to Patch 5 from Patch 1 does not update the strings.bin file, causing the Help menu option for Known Issues to display as IDS_MENU_KNOWNISSUES.
832150 n/a VSE 8.8 Patch 5 n/a Issue: Modified ePO tasks are not applied to the client.

Workaround:
Edit the task and click Save. The task can be applied to the clients using the option Force complete policy and task update.
901979 n/a VSE 8.8 Patch 5 n/a Issue: Access Protection alerts occur after installing Patch 5 on systems with SiteAdvisor installed.

Workaround:
Reboot the client to establish Trust with McAfee components.
1046952 n/a VSE 8.8 Patch 5 VSE 8.8 Patch 6 IssueAccess Protection fails to block a registry action when the protected key contains extended characters.
900042 n/a VSE 8.8 Patch 5 Latest VSE 8.8 patch Issue: VSE Patch 5 does not install on 64-bit systems running VSE Patch 1.
888146 KB78645 VSE 8.8 Patch 5 n/a Issue: Access Protection violations triggered when uninstalling or upgrading from VSE 8.7i.

Workaround:
See the related article.
903631 n/a VSE 8.8 Patch 5 n/a Issue: In ePO queries, filtering on BufferOverflow is not possible. Product\BufferOverflow\ALL\ Query\BufferOverflow is missing from the drop-down list in a new query.

Resolution:
Under Investigation for a future product update.
903224 n/a VSE 8.8 Patch 5 n/a Issue: Double-byte languages do not properly display text for Query Criteria Properties in ePO.

Resolution:
Under Investigation for a future product update.
1090908 KB85293 VSE 8.8 Patch 5 VSE 8.8 Patch 7 Issue: Bugcheck 8E with VSE 8.8 Patch 5.
Back to Quick Links
Issues found in Patch 4
Reference Number Related Article Found Version Resolved Version Issue Description
1031673 KB83808 VSE 8.8 Patch 4 Hotfix 929019 VSE 8.8 Patch 5
Issue: Access Protection rules are disabled (not being enforced) because of an invalid character in the rule policy.

Solution: This issue was resolved in VSE 8.8 patch 5 and later.
1014007 KB83123 VSE 8.8 Patch 4 Hotfix 929019 n/a Issue: System deadlock on startup because of untrusted third-party "hooking" applications when SYSCore 15.3 is installed.

Workarounds: See the article for details.
n/a n/a VSE 8.8 Patch 4 n/a Issue: VSE uses .MSP files for product patches. Windows handles these files as a new product installation while adding the changes from the Patch to the original installation. The VSE 8.8 Patch 4 (.MSP) file does not support patch rollback or removal. Although the VSE product can be removed, the patch on its own cannot.

Resolution:
To restore to an earlier VSE patch, you must first uninstall the current VSE product/patch, then reinstall the VSE product with the required earlier patch.
951411 KB79622 VSE 8.8 Patch 4 n/a Issue: A compatibility issue exists with Microsoft DirectAccess software on Server 2012 and later, where the connections drop after installing VSE 8.8 Patch 3 or 4.

Resolution:
See the article for details.
1020874 n/a VSE 8.8 Patch 4 VSE 8.8 Patch 5 Issue: System stops responding during boot when applying Microsoft updates.

Cause:
A TrustedInstaller.exe thread locks a resource found at nt!CmpRegistryLock, with mfehidk and mfeavfk in the stack.
837702 KB77489 VSE 8.8 Patch 4 n/a Issue: A VSE 8.8 On-Demand Scan task set to Run Once might re-trigger after checking in the VSE 8.8 Patch 4 extension.

Workaround:
To prevent the ODS from triggering, disable the McAfee Agent option to Run Missed Task before you check in the VSE 8.8 Patch 4 extension.
954190 KB81532 VSE 8.8 Patch 4 n/a Issue: Random Outlook application crash on Windows 7 systems with VSE 8.8 Patch 4.

Workaround: 
Refer to the related article for details.
940611 n/a VSE 8.8 Patch 4 Latest VSE 8.8 patch Issue: Upgrading to Patch 4 from Patch 1 does not update the strings.bin file, causing the Help menu option for Known Issues to display as IDS_MENU_KNOWNISSUES.
832150 n/a VSE 8.8 Patch 4 n/a Issue: Modified ePO tasks are not applied to the client.

Workaround: Edit the task and click Save. The task can be applied to the clients using the option Force complete policy and task update.
901979 n/a VSE 8.8 Patch 4 n/a Issue: Where SiteAdvisor is installed, after installing Patch 4, some Access Protection alerts may be encountered.

Workaround:
A reboot is required for SiteAdvisor to again establish awareness of which components are Trusted.
929420 n/a VSE 8.8 Patch 4 Latest VSE 8.8 patch Issue: When launching the VSE console on x64 systems, the following notification dialog is seen: "Failed to connect to computer '.'."

Workaround:
Restart the McTaskManager service. This symptom has multiple causes. Some are resolved with Patch 4 and later; however, there may yet be other causes to identify.
888146 KB78645 VSE 8.8 Patch 4 n/a Issue: Access Protection violations triggered when uninstalling or upgrading from VSE 8.7i.

NOTE: VSE 8.7i has reached end of life and is no longer supported. For more information, see KB84590.

Workaround:
Refer to the related article for details.
903631 n/a VSE 8.8 Patch 4 n/a Issue: In ePO queries, filtering on BufferOverflow is not possible. For example, Product\BufferOverflow\ALL\ Query\BufferOverflow is missing from the drop-down list in a new query.

Resolution:
Under investigation.
903224 n/a VSE 8.8 Patch 4 n/a Issue: Double-byte languages do not properly display text for Query Criteria Properties in ePO.
Resolution: Under investigation.
928622
958626
KB81595 VSE 8.8 Patch 4 VSE 8.8 Patch 5 Issue: The W3WP.exe process on web servers may exhibit high CPU, and Dropbox exhibits performance symptoms after installing VSE 8.8 Patch 4.
 n/a n/a VSE 8.8 Patch 4 n/a Issue: VSE 8.8 Hotfix 925610 is reported as installed after installing VSE 8.8 Patch 4.

Resolution:
The reporting of this hotfix number is expected. It allows us to distinguish between the current release and that of an earlier Patch 4 release.

NOTE:
The hotfix is not a separate installation; it is part of the current Patch 4 installation package.
Back to Quick Links
Issues found in Patch 3
Reference Number Related Article Found Version Resolved Version Issue Description
891616 KB78680 VSE 8.8 Patch 3 n/a Issue: Windows Defender is disabled after installing VSE 8.8 Patch 3 or later on Windows 8 and Server 2012.

Resolution:
This is expected behavior for Microsoft Windows 8 or Server 2012 and later. Microsoft now disables Windows Defender when an anti-malware product is installed. For more information, see: http://blogs.msdn.com/b/securitytipstalk/archive/2010/08/26/microsoft-security-essentials-vs-windows-defender.aspx.

NOTE:  To review which versions of VSE can work with the various versions of Windows Defender, see KB71578.
802430  n/a VSE 8.8 Patch 3 VSE 8.8 Patch 4 Issue: Access Protection rules except "User Defined" are not displayed when accessed via a Remote Console.
820636 823110 KB77043 VSE 8.8 Patch 3 Latest VSE 8.8 patch Issue: Client system properties in ePO report that the On-Access Scanner is running even when certain conditions on client systems prevent scanning. See the article for details.
625756 KB71083 VSE 8.8 Patch 3 McAfee Agent 4.5 Patch 3 Issue: Event 516 still occurs despite updating to Patch 1.

Resolution:
The number of 516 events is significantly reduced by installing McAfee Agent 4.5 Patch 3. Refer to the Event 516 troubleshooting article to resolve this type of issue.
657079 KB73288 VSE 8.8 Patch 3 n/a Issue: Using a UNC path in the system %PATH% environment variable causes vstskmgr.exe and mcshield.exe failure during VSE 8.8 installations.

Resolution:
Use the command line property BYPASSUNCCHECK=1. Refer to the article for instructions.
837702 KB77489 VSE 8.8 Patch 3 n/a Issue: A VSE 8.8 On-Demand Scan task set to Run Once might re-trigger after checking in the VSE 8.8 Patch 3 extension.

Resolution:
To prevent the ODS from triggering, disable the McAfee Agent option to Run Missed Task before you check in the VSE 8.8 Patch 3 extension.
832150 n/a VSE 8.8 Patch 3 n/a Issue: Modified ePO tasks are not applied to the client.

Workaround:
Edit the task and click Save. The task can be applied to the clients using the option Force complete policy and task update.
Back to Quick Links
Issues found in Patch 2
Reference Number Related Article Found Version Resolved Version Issue Description
820636 823110 KB77043 VSE 8.8 Patch 2 Latest VSE 8.8 patch Issue: Client system properties in ePO report that the On-Access Scanner is running even when certain conditions on client systems prevent scanning.

Resolution:
This issue was resolved in VSE 8.8 Patch 4.
Issue resolutions in patches and major releases are cumulative; therefore, Intel Security recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.
851415  n/a VSE 8.8 Patch 2 Latest VSE 8.8 patch Issue: McShield service fails indicating Event ID 5019, a process crash. This occurs randomly and only in the presence of an Extra.DAT file.
625756 KB71083 VSE 8.8 Patch 2 McAfee Agent 4.5 Patch 3 Issue: Event 516 still occurs despite updating to Patch 1.

Resolution:
The number of 516 events is significantly reduced by installing McAfee Agent 4.5 Patch 3. Refer to the Event 516 troubleshooting article to resolve this type of issue.
757986 KB76768 VSE 8.8 Patch 2 Latest VSE 8.8 patch Issue: A Bugcheck (C2 or 19) occurs when file paths of a certain length are matched against Access Protection rules.

Resolution:
This issue is resolved in VSE 8.8 Patch 2 Hotfix 778101 and later.
Issue resolutions in patches and major releases are cumulative; therefore, Intel Security recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.
784349 n/a VSE 8.8 Patch 2 Latest VSE 8.8 patch Issue: When a file could not be deleted as part of a repair option, the file was incorrectly added to a pending file rename operations list, causing some errors during the repair.
800778 n/a VSE 8.8 Patch 2 Latest VSE 8.8 patch Issue: Servers with multiple network adapters and Receive Side Scaling enabled experienced high memory usage or depletion.
657079 KB73288 VSE 8.8 Patch 2 n/a Issue: Using a UNC path in the system %PATH% environment variable causes vstskmgr.exe and mcshield.exe failure during VSE 8.8 installations.

Resolution:
Use the command line property BYPASSUNCCHECK=1. Refer to the article for instructions.
n/a n/a VSE 8.8 Patch 2 n/a Issue: The reposted VSE 8.8 version property information still shows the RTW version 8.8.0.849.
Resolution: This is intentional. VSE only increments the version with each patch update.
n/a  n/a VSE 8.8 Patch 2 Latest VSE 8.8 patch Issue: You might experience a sporadic blue screen error on shutdown on systems with Host IPS Patch 1. This patch upgrade resolves this issue after a restart, but the risk to encounter the crash on shutdown exists until that restart is satisfied.

NOTE:
If this happens on shutdown, the restart requirement has still not been satisfied.

Resolution:
After applying the latest VSE 8.8 patch and rebooting, the system will not experience this issue.
n/a KB75462 VSE 8.8 Patch 2 VSE 8.8 Patch 4 Issue: After you apply Windows Server 2008 R2 Service Pack 1, CSRSS.exe sessions have open session objects even after the active user session is closed.
791945 n/a VSE 8.8 Patch 2 Latest VSE 8.8 patch Issue: A new Category (G_BehavioralScan) and Rule (BS01) is seen after checking in the VSE 8.8 Patch 2 Extension, opening the VSE Policy for Access Protection, and switching between Workstation and Server.

NOTE:
After enforcing Tasks and Policies to a supported server operating system, the new Category and Rule on the client Access Protection User Interface do not show.
739627 n/a VSE 8.8 Patch 2 VSE 8.8 Patch 4 Issue: After running the query 'VirusScan version', the query correctly reports all the VSE versions installed in the environment and provides a list of managed machines distinguishing between Workstations and Servers. However, selecting to then view the table under Servers for one VSE specific version (for example 8.8.0.849), results in the drill-down table unexpectedly reporting the details for 8.8.0.849, for both for Servers and Workstations.

NOTE:
This issue applies to all previous releases.
802430 n/a VSE 8.8 Patch 2 Latest VSE 8.8 patch Issue: Access Protection rules (except User Defined) are not displayed when accessed via a remote console.
Back to Quick Links
Issues found in Patch 1
Reference Number Related Article Found Version Resolved Version Issue Description
820636 823110 KB77043 VSE 8.8 Patch 1 Latest VSE 8.8 patch Issue: Client system properties in ePO report that the On-Access Scanner is running even when certain conditions on client systems prevent scanning.

Resolution: 
Resolved in VSE 8.8 Hotfix 820636 and later patches.
Issue resolutions in patches and major releases are cumulative; therefore, Intel Security recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.
737991 KB76135 VSE 8.8 Patch 1 Latest VSE 8.8 patch Issue: Cluster failover fails on a Windows 2003 SQL cluster because it is unable to mount the Quorum drive.
625756 KB71083 VSE 8.8 Patch 1 Latest VSE 8.8 patch Issue: Event 516 still occurs despite updating to Patch 1.
657079 KB73288 VSE 8.8 Patch 1 n/a Issue: How to bypass the UNC path restriction for new installations.

Resolution:
Use the command line property BYPASSUNCCHECK=1
Example: SetupVSE.exe BYPASSUNCCHECK=1 /q
n/a  KB51111 VSE 8.8 Patch 1 n/a Issue: The reposted version property information shows 8.8.0.849.

Resolution:
This is intentional. VSE only increments the version with each patch update.
708485 KB73134 VSE 8.8 Patch 1 Latest VSE 8.8 patch Issue: Lotus Notes stops responding when opening email.
735512 KB75019 VSE 8.8 Patch 1 Latest VSE 8.8 patch Issue: When the Hotfix 625756 is installed on a machine with Host IPS, Host IPS blocks a McAfee process (mfehidin.exe) from setting Access Control List (ACL) on a McAfee driver (mfevtps).
682177 KB72512 VSE 8.8 Patch 1 Latest VSE 8.8 patch Issue: A STOP error (Bugcheck 7f) could occur with the filter driver because of lost content header information when transmitting through a raw socket on Windows 7. This issue was seen with some third-party VPN clients.
742092  KB74926 VSE 8.8 Patch 1 Latest VSE 8.8 patch Issue: On-Demand Scan stops responding after you install VSE 8.8 Patch 1.
719680 KB75374 VSE 8.8 Patch 1 Latest VSE 8.8 patch Issue: Processes that write data to disk frequently and/or write a lot of data in a short amount of time can experience poor performance from the scanning.
n/a KB75051 VSE 8.8 Patch 1 Latest VSE 8.8 patch Issue: During a DAT update, VSE unnecessarily downloads the full ZIP file instead of downloading incremental files.
761202 KB75536 VSE 8.8 Patch 1 Latest VSE 8.8 patch Issue: The Last Access Time is changed after you run a VSE 8.8 On-Demand Scan on a folder.
726019 KB73722 VSE 8.8 Patch 1 Host DLP 9.2 Patch 1

Host DLP 9.1 Patch 2
Issue: Intermittent Bugchecks (blue screen errors) might occur when running VSE 8.8 Patch 1, or Host IPS 8.0 Patch 1 with Host DLP 9.x.

Resolution:
This issue is resolved in the following patches, which are available from the Product Downloads site:
  • Host DLP 9.2 Patch 1 - This patch was Released To World (RTW) on April 11, 2012.
  • Host DLP 9.1 Patch 2 - This patch was RTW on April 16, 2012.
 n/a KB71083 VSE 8.8 Patch 1 Latest VSE 8.8 patch Issue: The Windows System Event log reports multiple entries for Event ID 516 with an event description Warning, Process **\VSTSKMGR.EXE pid (XXXX) contains signed but untrusted code.

Resolution:
This error has multiple causes. The issues need troubleshooting to identify the cause and resolution. Refer to the troubleshooting article KB71083 in the left column for details.

The individual known issues articles for this problem are:
  • McAfee Agent DLL, see KB74177.
  • Third-party application (hook), see KB74176.
  • Microsoft Certificate Stores need updating, see KB74174.

NOTE: Installing the latest VSE 8.8 patch can help reduce the number of events recorded in the Windows System event log. 
719823 KB73596 VSE 8.8 Patch 1 n/a

Issue: Cluster Shared Volumes (CSV) status becomes Online (Redirected access)

Resolution: 
Microsoft has confirmed that a Cluster (Windows 2008 R2) will put a Cluster Server Volume (CSV) in redirected mode if a filter's Altitude is not an integer.
The following Microsoft Knowledge Base article hotfix resolves the issue where Redirected Mode is enabled unexpectedly in a Cluster Shared Volume when you are running a third-party application in a Windows Server 2008 R2-based cluster.

To obtain the hotfix and instructions to address this issue, see the Microsoft article 2674551: http://support.microsoft.com/default.aspx?scid=kb;EN-US;2674551.

741012 753715 KB73521 VSE 8.8 Patch 1 n/a Issue: Bad image: The application or DLL is not a valid Windows image (when launching an On-Demand Scan).

Resolution:
Multiple solutions to resolve this issue. See article for details.
724985 KB73682 VSE 8.8 Patch 1 Latest VSE 8.8 patch Issue: Blue screen error with Bug Check 27 - RDR_FILE_SYSTEM on mfehidk.sys.
625756 KB73485 VSE 8.8 Patch 1 Latest VSE 8.8 patch

Issue: Multiple entries for Event ID 514, 516, and 519 are recorded in the Windows System Event log.

682177 KB72512 VSE 8.8 Patch 1 Latest VSE 8.8 patch Issue: A STOP error (Bugcheck 7f) could occur with the filter driver because of lost content header information when transmitting through a raw socket on Windows 7. This issue was seen with some third-party VPN clients.
625756 KB73485
KB74926
VSE 8.8 Patch 1 Latest VSE 8.8 patch Issue: Third-party products that inject DLLs into processes could cause the VSE service (VsTskMgr.exe) to periodically poll data and frequently log event 516 entries.
742092 KB74926 VSE 8.8 Patch 1 Latest VSE 8.8 patch Issue: On-Demand Scan stops responding after you install VSE 8.8 Patch 1.
Back to Quick Links
Issues found in VSE 8.8
Reference Number Related Article Found Version Resolved Version Issue Description
651887 KB71140 VSE 8.8 VSE 8.8 Patch 1 Issue: Custom UI Runtime Error in E-mail Scan Add-in error (when opening an existing or new email).

Resolution:
This issue was resolved with VSE 8.8 Patch 1 and later.
613017 KB70257   VSE 8.8 VSE 8.7i Patch 5 Issue:  After migrating Polices from VSE 8.7i to VSE 8.8 using ePOPolicymigration.exe, Buffer Overflow exclusions do not appear to have an effect.

Workaround:
Import the VIRUSCAN8700 (198) extension into ePO before using ePOPolicymigration.exe. This extension was provided with Hotfix 613017.

Resolution:
This issue is resolved with VSE 8.7i Patch 5 or later. The Access Protection components are updated to add the expected data for process exclusions.

NOTE: VSE 8.7i has reached end of life and is no longer supported. For more information, see KB84590.
 n/a  n/a VSE 8.8 n/a Issue: If upgrading from VSE 8.7i to VSE 8.8 it is highly recommended to be at Patch 4 prior to upgrading to 8.8, to ensure a clean migration.
642481 KB71886 VSE 8.8 VSE 8.8 Patch 2 Issue: Unable to add exclusions to the Access Protection rule: Anti-Spyware Standard Protection - Protect Internet Explorer Favorites and Settings.

Resolution:
This issue was resolved in VSE 8.8 Patch 2 and later.
661424 KB71535 VSE 8.8 VSE 8.8 Patch 1

Issue: Access Protection rules involving the block of System: Remote fail to enforce. This also applies to preventing remote access to shares.

Resolution:
This issue was resolved in VSE 8.8 Patch 1 and later.

660014 KB72028 VSE 8.8 VSE 8.8 Patch 1

Issue: Files on network locations may trigger an unhandled exception leading to a system crash if the network experiences a failure or the object is unreadable. One report of this occurred when opening Outlook 2010 with PST files configured to reside on remote storage.

Resolution:
This issue was resolved in VSE 8.8 Patch 1 and later.

641015 KB72029 VSE 8.8 VSE 8.8 Patch 1

Issue: A bugcheck 5 can occur in terminal server environments during logout of a client using a multi-byte character language pack. VSE exposes a race condition with the Microsoft win32k.sys driver, causing an unhandled exception.

Resolution:
This issue was resolved in VSE 8.8 Patch 1 and later.

664539, 665345

KB72031 VSE 8.8 VSE 8.8 Patch 1

Issue: When filtering network input/output, a timing issue could occur leading to a kernel thread stack exhaustion. This issue could result in a system crash.

Resolution:
This issue was resolved in VSE 8.8 Patch 1 and later.

643440 KB72032 VSE 8.8 VSE 8.8 Patch 1

Issue: Malicious software may change NTFS folder permissions on McAfee folders in order to disable the software.

Resolution:
This issue was resolved in VSE 8.8 Patch 1 and later.

638858 KB72033 VSE 8.8 VSE 8.8 Patch 1

Issue: Installation fails with ERROR 1920, The McShield Service failed to start. This can occur when Microsoft Windows is installed to a sub-folder rather than the root.

Resolution:
This issue was resolved in VSE 8.8 Patch 1 and later.

673462 KB72035 VSE 8.8 VSE 8.8 Patch 1

Issue: A memory leak could occur with the process validation service and Microsoft .NET runtime support library, mscoree.dll.

Resolution:
This issue was resolved in VSE 8.8 Patch 1 and later.

707098 KB73018 VSE 8.8 n/a Issue: MFEVTPS.exe uses an increasing amount of memory. This issue occurs despite having installed VSE 8.8 Hotfix 660014, which was released to address a specific high memory usage issue with MFEVTPS.exe. The same symptoms still occur because of a Microsoft update to CRYPT32.DLL.

Resolution:
Microsoft has a solution available for this issue. Refer to the article in the left column for details.
661424 KB72030 VSE 8.8 VSE 8.8 Patch 1 Issue: Access Protection blocking rules involving remote access to shares are not enforced.

Resolution:
This issue was resolved in VSE 8.8 Patch 1 and later.
  KB66064 VSE 8.8 n/a

Issue: When you apply a patch to an existing VSE 8.x installation, the following error appears in a dialog box:  Error 1721. There is a problem with this Windows installer package.

Resolution:
Resolved by installing a Microsoft hotfix. For details see: http://support.microsoft.com/kb/943092

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.