To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
Contents
Click to expand the section you want to view:
WARNING: VSE 8.8 Patch 7 and earlier are not compatible with the Microsoft Windows 10 Anniversary Update. Support for the Windows 10 Anniversary Update is included in VSE 8.8 Patch 8 or later. Do not install VSE 8.8 Patch 7 or earlier on systems running the Windows 10 Anniversary Update. Likewise, do not upgrade systems running VSE 8.8 Patch 7 or earlier to the Windows 10 Anniversary Update.
VSE 8.8 Patch 15 build 8.8.0.2232.34 was re-released to address an installation issue, as documented under reference VSE-16828 in article:
KB93424 - VSE 8.8 Patch 15 installation or upgrade fails due to missing environmental variable
Issue: System crash (blue screen) Bugcheck 3b. Seen during an upgrade from VSE 8.8 Patch 9 to Patch 10 on a Microsoft Windows Server 2012 R2 Datacenter (64-bit) system.
Issue: Microsoft Windows supports a method for loading DLLs into running processes that uses the Image File Execution Options (IFEO) registry key. With VSE 8.8 Patch 1–9, it is not possible to use VSE Access Protection rules to block entries for IFEO Image File Execution Options.
Issue: System becomes unresponsive during a restart, after you apply a Microsoft update on a Windows 7 client.
1194999
-
VSE 8.8
VSE 8.8
Patch 10
Issue: Microsoft Windows Server 2012 R2 intermittently becomes unresponsive during shutdown.
1185668
-
VSE 8.8
VSE 8.8
Patch 10
Issue: Windows becomes unresponsive (hangs) during shutdown, because the filter driver (mfehidk.sys) reviews long-running processes.
1190914
-
VSE 8.8
VSE 8.8
Patch 10
Issue: The McShield.exe process consumes high CPU while it prints during a remote desktop session.
1184698
-
VSE 8.8
VSE 8.8
Patch 10
Issue: Installations managed by System Center Configuration Manager (SCCM) deployments get interrupted by unnecessary validation trust checks from the MFEVTP service (mfevtps.exe).
Issue: Installation of VSE becomes unresponsive when the mcupdate.exe no longer generates a session 0 error dialog box.
The mcupdate.exe process generates the following error during installation:
"McAfee AutoUpdate Properties - AutoUpdate"
"Failed to initialize Common Updater subsystem. Make sure the McAfee Framework Service is running. McAfee-Common Framework returned error fffff95b @ 2"
1160889
-
VSE 8.8
Patch 8
VSE 8.8
Patch 9
Issue: Excessive installation time (25 minutes or more).
Resolution: VSE 8.8 Patch 9 removes unnecessary access calls, which reduce the amount of time it takes to install VSE.
Issue: In rare circumstances, a system might experience a system crash (blue screen error) with the following bug check code: BugCheck 18 - REFERENCE_BY_POINTER.
The bug check can occur if the driver mfewfpk.sys references an invalid object used by the kernel.
Issue: System crash (Blue screen) when accessing exFAT-formatted removable media encrypted with File and Removable Media Protection.
1161216
-
VSE 8.8
Patch 7
VSE 8.8
Patch 9
Issue: Random system crash (blue screen) occurs on systems with more than 10 McAfee products installed.
Resolution: The mfehidk.sys reference count now resets to 0 after a product is installed.
1150270
-
VSE 8.8
Patch 6
VSE 8.8
Patch 9
Issue: Systems become unresponsive because of McShield reporter threads prematurely exiting.
1155750
-
VSE 8.8
Patch 7
VSE 8.8
Patch 9
Issue: Changes to Arbitrary Access Control causes Windows System Restore Points to fail to load. After a system restart, the restore fails and shows an Access Denied error code.
1162190
VSE 8.8
Patch 7
VSE 8.8
Patch 9
Issue: System crash (blue screen) BugCheck 7E that reference the mfehidk.sys driver on Microsoft Clustered Servers running Windows Storage Server.
1174550
-
VSE 8.8
Patch 7
VSE 8.8
Patch 9
Issue: System crash (blue screen) occurs when Internet Explorer starts and ScriptScan COM object is enabled.
1178550
-
VSE 8.8
Patch 7
VSE 8.8
Patch 9
Issue: VSE events do not get processed, they remain in the folder C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\Events.
Resolution: Events from devices that report merged IP4 and IPv6 addresses now correctly parse and send to the McAfee ePO database.
Issue: In rare circumstances, a scheduled or manually triggered on-demand scan (ODS) might fail to complete with the respective scan process scan64.exe/scan32.exe closing unexpectedly. Workaround: Delete all temporary files in user temp directories and system temp directories.
Issue: Installation or upgrade of VSE 8.8 Patch 8 results in intermediate certificates being incorrectly installed. The certificate was installed in the Trusted Root Certification Authoritiescertificate store. The certificates are expected to be installed the Intermediate Certification Authoritiescertificate store. This fact could potentially cause problems on some IIS servers, which reject non-self-signed certificates in the Trusted Root Certification Authorities. Workaround: You can move the certificate from the Trusted Root Certification Authorities certificate store to Intermediate Certification Authorities certificate store locally (manually). Or, use an Active Directory group policy for wide deployment. See the related article.
Issue: VSE is not compatible and can't be deployed with the Installation Designer software using the originally posted VSE 8.8 Patch 8 package (build 8.8.0.1588).
Resolution: This issue is resolved in the September 19, 2016, repost of VSE 8.8 Patch 8 (build 8.8.0.1599).
Issue: Systems with VSE 8.8 Patch 6 or 7 can experience random bug checks with mfehidk always fairly low in the stack. The bug check string might vary, depending on which operation failed at the time of the bug check.
1149594
-
VSE 8.8 (GA)
And
Patches
1–7
VSE 8.8
Patch 8
Issue: The Windows 10 Anniversary Update is not compatible with VSE 8.8 Patch 7 and earlier. Microsoft did not have in place upgrade prevention protection when VSE 8.8 Patch 7 or earlier was installed.
Workaround: Delay upgrading to the Windows 10 Anniversary Update. Or, make sure that VSE 8.8 Patch 8 is installed before you upgrade Windows 10 to the Windows 10 Anniversary Update. See the related article for more details.
Issue: Systems with multiple McAfee products that use SysCore installed (such as VSE 8.8 Patch 7 and McAfee Agent 5.x or Host Intrusion Prevention 8.x) hang at startup.
Workaround: Disable Prefetch startup options. See the related article.
Issue: VSE 8.8 Patch 7 is unable to upgrade standalone systems running older versions of the standalone McAfee Agent. Affected products include VSE 8.8 Patches 2–5. Issue discovered: March 30, 2016.
Workaround: Uninstall the older version of VSE 8.8 and install from a newly downloaded copy of VSE 8.8 with the latest patch level. Or update the McAfee Agent to a version that is supported for VSE 8.8 Patch 7 upgrade. See KB51111 for a list of supported environments, including McAfee Agent versions.
Issue: "Prevent Windows Process spoofing" AP rule blocks legitimate processes after you upgrade to SysCore 15.4.0.811.
Workaround: See the related article.
1129321
1126611
VSE 8.8
Patch 7
Host Intrusion Prevention
Issue: VSE 8.8 Patch 7 upgrade fails if the Host Intrusion Prevention feature "Startup IPS protection enabled" is enabled. Issue discovered: March 15, 2016.
Resolution: This issue was resolved in the Host Intrusion Prevention Startup Protection rules included with the May 2016 content release.
Workaround: For available workarounds, see the related article.
1122581
-
VSE 8.8
Patch 7
Endpoint Security
10.1
Issue: If you upgrade to the Endpoint Security (ENS) 10.1 GA release, VSE is uninstalled but ENS fails to install.
Workaround: If you are planning an upgrade from VSE 8.8 Patch 7 to ENS 10.1, you must upgrade to ENS 10.1 Update 1 or later.
Issue: Windows Server 2008 (64-bit) servers can hang or become unresponsive after you install VSE 8.8 Patch 7 or earlier.
Workaround: Work with Technical Support. See the related article for details.
908732
-
VSE 8.8
Patch 4
VSE 8.8 Patch 8
Issue: Outlook hangs during or immediately after Patch 4 installation. If Outlook hangs sometime after the Patch 4 installation, this issue is not applicable.
Issue: Bug check failures on startup for systems with NUMA processors. See the related article for additional information.
1082074
1104094
VSE 8.8
Patch 6
VSE 8.8
Patch 7
Issue: Non-page pool memory leak in pool tag MFeB occurs when Access Protection is enabled. See the related article for additional information.
1101766
-
VSE 8.8
Patch 6
VSE 8.8
Patch 7
Issue: Environments that use both Microsoft App-V and ScriptScan encounter VSE upgrade failures because of files that are still in use. The Patch 6 upgrade fails initially, but succeeds after a reboot. See the related article for additional information.
Workaround: Disable the ScriptScan feature before you perform the upgrade to Patch 6. The policy change avoids the issue and can be enabled again after the upgrade completes.
Issue: Data Loss Prevention (DLP) customers: This release upgrades a common component used by DLP, which might cause the system to hang.
Workaround: Customers using DLP 9.4.0 are advised to delay installation VSE 8.8 Patch 6 until further notice. Development is in progress for updating the DLP 9.4 version to work with VSE 8.8 Patch 6. This updated release is needed before you install VSE 8.8 Patch 6. This article is updated as more detail becomes available.
Issue: VirusScan threat events do not parse to the ePolicy Orchestrator (ePO) database with VSE Reports Extension 1.2.0.263.
Solution: This issue is resolved in the updated Reporting Extension, build 264 (or later), NOTE: VSE 8.8 Patch 7 is shipped with the Reporting Extension, build 1.2.0.272.
Issue: Access Protection and on-access scanner are disabled after you install VSE 8.8 Patch 5 or later on a system with Host Intrusion Prevention 8.0 Patch 4 or earlier.
Resolution: Upgrade Host Intrusion Prevention 8.0 to Patch 5 or later.
Issue: A BugCheck 50 error can occur randomly when files are being scanned. So far, this issue has been reported only on server-class systems. Workaround: See the related article for details.
-
-
VSE 8.8
Patch 5
VSES
1.2.0
WARNING:
VSES 1.0.2, 1.0.3, and 1.1.0 are not compatible with products that install SysCore 15.3 or 15.4. These products include:
VSE 8.8 Patches 5 and 6
Host Intrusion Prevention 8.0 Patch 6
McAfee Agent (MA) 5.x
VSES 1.0.2, 1.0.3, and 1.1.0 are compatible with products that install SysCore 15.1 or prior. These products include:
VSE 8.8 Patch 4
HIP 8.0 Patch 4
MA 4.x
VSES 1.2.0 is compatible with products that install SysCore 15.4.0.811 or later. These products include:
VSE 8.8 Patch 7 and later
HIP 8.0 Patch 7 and later
MA 4.8.x (MA 4.8.x does not drop or consume SysCore and is compatible.)
MA 5.0.2.333 and later (Prior versions of MA 5.x are not compatible.)
Issue: McAfee SiteAdvisor Enterprise (SAE) 3.5.0 displays an orange browser balloon (GTI server unavailable) for all sites after you install VSE 8.8 Patch 2. NOTE:Install SAE 3.5 Patch 1. To obtain the hotfix, see the article.
Issue: VSE 8.8 On-Demand Scan32.exe or Scan64.exe uses large amounts of memory.
778101 761179
VSE 8.8 Patch 2
VSE 8.8
Patch 4
Issue: User Session IDs are not recycled and CSRSS.exe sessions are not closed after logging out on Windows Server 2008 Patch 1.
Resolution: This issue was originally resolved in VSE 8.8 Patch 2 Hotfix 778101, which is no longer available. Install the latest VSE 8.8 patch.
-
-
VSE 8.8
Patch 2
VSE 8.8
Patch 4
Issue: Either BugCheck 24 or 8E errors displayed on shutdown of VSE 8.8.
726019
-
VSE 8.8
Patch 1
Host DLP
9.2
Patch 1
Host DLP
9.1
Patch 2
Issue: Intermittent bug checks (blue screen errors) might occur when running VSE 8.8 Patch 1 with Host DLP 9.x.
Resolution: This issue is resolved in the following patches:
Host DLP 9.2 Patch 1 - this patch was released to customers on April 11, 2012.
Host DLP 9.1 Patch 2 - this patch was GA on April 16, 2012.
These patches are available from the Product Downloads site.
657097
VSE 8.8
VSE 8.8
Patch 1
(Repost)
Issue: VSE cache persistence can trigger issues with Windows 2000 registry size limitations.
Resolution: This issue was resolved in VSE 8.8 Patch 1 Repost and later. With this release and by default, disables cache persistence.
For VSE 8.8 cache persistence best practices, see KB71905.
638935
-
VSE 8.8
Host IPS
Issue: If Host Intrusion Prevention 7 is installed, you must update to the latest Host Intrusion Prevention content before you upgrade from VSE 8.7i to VSE 8.8.
Resolution: Update Host Intrusion Prevention content; for more information see:
KB55211 - Manual update of Host Intrusion Prevention 8.0 or 7.0 signatures from the CommonUpdater site.
662684
VSE 8.8
VSE 8.8
Patch 1
Issue: When ScriptScan is disabled, you see the application error pop-up message: The instruction at "0x1449603e" referenced memory.
684965
VSE 8.8
VSE 8.8
Patch 1
Issue: The distribution of VSE 8.8 Hotfix 660014 and Host Intrusion Prevention Hotfix 660568 was initially stopped because of a potential installation failure of McAfee Agent 4.x. The potential failure occurred when both the following applies:
McAfee Agent 4.x is installed after the hotfix is applied
Issue: A system crash (blue screen) with Bugcheck 7E error occurs after you successfully install or upgrade to VSE 8.8 Patch 10 (and later) on Windows Server 2008 R2 with Citrix XenApp 6.5. The issue is seen on Citrix XenApp clients running the Citrix File System Minifilter PVS driver.
Resolution: Upgrade Citrix PVS to version 7.6 or later before installing or upgrading VSE. See the related article for details.
Issue 1: ePO or MA installation fails with the following error:
Error 1911.Could not register type library for file C:\Program Files (x86)\McAfee\Common Framework\ComponentUserInterface.dll
Issue 2: VSE 8.8 Patch 7 installation fails with the following error in the MSI installation log:
Error 1722.There is a problem with this Windows Installer package. A program that ran as part of the setup did NOT finish as expected. Contact your support personnel or package vendor.
Workaround: For available Microsoft workarounds, see the related article.
Non-critical Known Issues – Third-party Resolved
Reference Number
Related Article
Found Version
Resolved Version
Issue Description
1251763
-
VSE 8.8
Patch 9
Microsoft KB4022727
Issue: The following error might display if Secure Boot is enabled on a Windows 10 system:
Windows can't verify the digital signature for this file
File: \Windows\system32\drirvers\mfehidk.sys
Error code: 0xc0000428
The above issue is seen after you install VSE 8.8 Patch 9 (or later) and restart the system:
Workaround: Disable Secure Boot before installing VSE.
Resolution: To prevent this issue, install Microsoft KB4022727 (or later) before you install VSE. If you have already encountered this issue, perform the following steps to resolve the issue:
To boot the system, disable Secure Boot on the system
Issue: Cluster Shared Volumes (CSV) status becomes Online (Redirected access).
Resolution: Microsoft has confirmed that a Cluster (Windows 2008 R2) puts a Cluster Server Volume (CSV) in redirected mode. It does so if a filter's Altitude is not an integer.
The following Microsoft Knowledge Base article resolves the above issue. To obtain the hotfix and instructions to address this issue, see the Microsoft article 2674551: http://support.microsoft.com/default.aspx?scid=kb;EN-US;2674551.
Issue: Installation or upgrade of VSE Patch 15 (GA release) fails because of a missing environmental variable.
NOTE: Issue previously addressed in Patch 15 RTS, which has now been rolled into VSE 8.8 Patch 16.
VSE-16806
-
VSE 8.8 Patch 15
VSE 8.8 Patch 16
Issue: File scanning fails due to oplock errors, which leads to infector blocker not working on Windows 7.
VSE-16796
-
VSE 8.8 Patch 12
VSE 8.8 Patch 16
Issue: Solid Core upgrade fails due to VSE On-Access Scan. Issue seen with a default policy. The on-access scanner blocks the Solid Core services.
VSE-16799
-
VSE 8.8 Patch 13
VSE 8.8 Patch 16
Issue: VSE 'Common Standard Protection' AP Rule prevent the termination of a non-McAfee process.
VSE-16821
-
VSE 8.8 Patch 12
VSE 8.8 Patch 16
Issue: McAfee McShield service goes into a stop state and does not restart.
VSE-16838
-
VSE 8.8 Patch 15
VSE 8.8 Patch 16
Issue: VSE8.8 Patch 15 fails to install on Windows 10 Enterprise for Virtual Desktops (1809).
VSE-16841
-
VSE 8.8 Patch 15
VSE 8.8 Patch 16
Issue: VSE Exclude Subfolders checkbox is not preserved when you edit the VSE On-Access Default Processes Policies, through the ePO console.
1163253
-
VSE 8.8
Patch 8
VSE 8.8
Patch 11
Issue: Unable to establish IPsec connections to remote servers after you install and reboot VSE 8.8 Patch 8, 9 or 10.
1219297
-
VSE 8.8
VSE 8.8
Patch 11
Issue: Any user with no administrator rights can modify the quarantine folder.
1222708
-
VSE 8.8
VSE 8.8
Patch 11
Issue: Access Protection categories are not correctly displayed under the VirusScan Enterprise Access Protection Policies page, on all supported McAfee ePO server. NOTE: Previously resolved by VSE 8.8 Extension Hotfix 1222708 which was only Released to Support (RTS). The hotfix is no longer available.
1225063
-
VSE 8.8
Patch 8
VSE 8.8
Patch 11
Issue: User-Defined Access Protection rule is not logging in the Access Protection Log file when set to report only. Seen on systems with Host Intrusion Prevention.
Issue: VSE events are not parsed after you remove MSXML4 and migrate to MSXML6 on the McAfee ePO server.
1212592
-
VSE 8.8
Patch 9
VSE 8.8
Patch 10
Issue: Interoperability issue with Microsoft Azure recovery services agent cbengine.exe.
1209462
-
VSE 8.8
Patch 9
VSE 8.8
Patch 10
Issue: Access Protection rules that are not set for reporting, no longer generate log entries.
1205001
-
VSE 8.8
VSE 8.8
Patch 10
Issue: Access Protection rule settings that were customized through the McAfee Installation Designer with a previous update package, are not preserved.
1203434
-
VSE 8.8
VSE 8.8
Patch 10
Issue: Scheduled on-demand scans do not start when the system is locked.
1215135
-
VSE 8.8
Patch 9
VSE 8.8
Patch 10
Issue: A new validation checks for memory allocation success, to prevent a bug check that occurs during low memory conditions.
1170795
-
VSE 8.8
Patch 9
VSE 8.8
Patch 10
Issue: This release adds a feature to Access Protection, called 'Global Exclusions for Self-Protection', that allows user-specified processes to be excluded from all Self-Protection rules.
1197438
-
VSE 8.8
Patch 9
VSE 8.8
Patch 10
Issue: The MFEHIDK driver is no longer registered as a legacy driver on Microsoft Windows 8 and later. This change allows Hyper-V checkpoint files to be merged.
Issue: After you upgrade to VSE 8.8 Patch 9, users observe on the client that the VirusScan (vShield) notification area icon is no longer visible. The icon is no longer visible after the ePO administrator disables the McAfee Agent (McTray) icon.
Issue: Lightweight Directory Access Protocol (LDAP) queries increase when scanning Information Rights Management-protected files, after you update to the 5800 Scan Engine.
Workaround: See the related article for workaround details.
Issue: Access Protection creates false reports against a rule that is disabled for reporting.
1165693
VSE 8.8
Patch 8
VSE 8.8
Patch 9
Issue: Self-Protection blocks the Windows Sysprep tool. During a system startup, the Sysprep tool fails to complete the configuration. The following error is shown:
Issue: The VirusScan Enterprise tray icon and McAfee Agent tray icon are both shown running in the Windows notification area. Only the McAfee Agent icon must be shown.
1161386
-
VSE 8.8
Patch 7
VSE 8.8
Patch 9
Issue: VSE incorrectly installs two intermediate certificates under Trusted Root Certification Authorities.
Resolution:COMODO RSA Code Signing CA and Verisign Class 3 Code Signing 2010 CA certificates now correctly install in the Intermediate Certification Authorities location.
1153943
-
VSE 8.8
Patch 7
VSE 8.8
Patch 9
Issue: From the Help on the client, selecting Submit a Sample Page fails to open the correct page. The following error is shown:
The Host is not resolvable.URL: www.webimmune.net/?id=0000. For assistance, please contact the Security Operations Center.
1173314
-
VSE 8.8
Patch 7
VSE 8.8
Patch 9
Issue: The on-access scanner (OAS) randomly closes on a few systems. OAS disabled events are sent to ePO at system startup.
Resolution: The MFEANN.exe process now automatically restarts if it unexpectedly closed.
Issue: Lightweight Directory Access Protocol (LDAP) communications increase when scanning Information Rights Management (IRM) protected files after you update to the 5800 Scan Engine.
1144892
-
VSE 8.8
GA
VSE 8.8
Patch 9
Issue: Access Protection rules now correctly protect targets in Program Files and Program files (x86), and no longer protect unintended paths.
Issue: Hotfix 1159675 uninstalls Microsoft Windows Defender from Windows Server 2016.
This removal is needed when you run VSE on Windows Server 2016. The reason is because of possible performance-related issues when you run more than one default security application.
Issue: ABugCheck 8E error seen with VSE 8.8 Patch 5.
1089232
1088707
-
VSE 8.8
Patch
5 or 6
Hotfix
1087536
MA 5.0.2
Hotfix
1091027
Issue: Host DLP and Policy Auditor event generation fail with McAfee Agent 5.0.x when VSE 8.8 Patch 5 or 6 HF 1087536 is installed.
Resolution: This issue is fixed with McAfee Agent 5.0.2 Hotfix 1091027.
940611
-
VSE 8.8
Patch 5
VSE 8.8
Patch 6
Issue: Upgrading to Patch 5 from Patch 1 does not update the strings.bin file, causing the Help menu option for Known Issues to display as IDS_MENU_KNOWNISSUES.
1046952
-
VSE 8.8
Patch 5
VSE 8.8
Patch 6
Issue: Access Protection fails to block a registry action when the protected key contains extended characters.
934907
-
VSE 8.8
Patch 4
VSE 8.8
Patch 5
Issue: Registry entries are still present after uninstalling the VSE 8.8 product using Add/Remove Programs. The registry remnants do not affect reinstallation of the product.
908985
-
VSE 8.8
Patch 4
VSE 8.8
Patch 5
Issue: There is no option to uninstall the VSE 8.8 Patch 4 in the Add/Remove Programs applet.
900042
-
VSE 8.8
Patch 4
VSE 8.8
Patch 5
Issue: VSE Patch 4 does not install on 64-bit systems running VSE Patch 1.
1031673
-
VSE 8.8
Patch 4 HF929019
VSE 8.8
Patch 5
Issue: Access Protection rules are disabled, and not being enforced, because of an invalid character in the rule policy.
1020874
-
VSE 8.8
Patch 4
VSE 8.8
Patch 5
Issue: System stops responding during boot when applying Microsoft updates. Cause: A TrustedInstaller.exe thread locks a resource found atnt!CmpRegistryLock, with mfehidk and mfeavfk in the stack.
940611
-
VSE 8.8
Patch 4
VSE 8.8
Patch 5
Issue: Upgrading to Patch 4 from Patch 1 does not update the strings.bin file, causing the Help menu option for Known Issues to display as IDS_MENU_KNOWNISSUES.
929420
-
VSE 8.8
Patch 4
VSE 8.8
Patch 5
Issue: When starting the VSE console on x64 systems, the following notification dialog is seen: Failed to connect to computer '.'.
Workaround: Restart the McTaskManager service. This symptom has multiple causes. Some are resolved with Patch 5 and later; but, there might yet be other causes to identify.
Issue: Client system properties in ePO report that the on-access scanner is running even when certain conditions on client systems prevent scanning. See the related article for details. NOTE: Previously resolved with VSE 8.8 Patch 1, 2, and 3 Hotfix 820636.
851415
-
VSE 8.8 Patch 2
VSE 8.8 Patch 4
Issue: McShield service fails indicating Event ID 5019, a process crash. This issue occurs randomly and only in the presence of an Extra.DAT file.
-
VSE 8.8 Patch 2
VSE 8.8 Patch 4
Issue: After you apply Windows Server 2008 R2 Service Pack 1, CSRSS.exe sessions have open session objects even after the active user session is closed.
739627
-
VSE 8.8 Patch 2
VSE 8.8 Patch 4
Issue: After you run the query 'VirusScan version', the query correctly reports all VSE versions installed in the environment and provides a list of managed systems distinguishing between Workstations and Servers. But, if you select to then view the table under Servers for one VSE-specific version (for example 8.8.0.849), it results in the drill-down table unexpectedly reporting the details for 8.8.0.849, for both Servers and Workstations. NOTE:This issue applies to all previous releases.
802430
-
VSE 8.8 Patch 2
VSE 8.8 Patch 4
Issue: Access Protection rules (except User Defined) are not displayed when accessed via a remote console.
Issue: Client system properties in ePO report that the on-access scanner is running even when certain conditions on client systems prevent scanning. NOTE: Previously resolved with VSE 8.8 Patch 1, 2 and 3 Hotfix 820636.
-
-
VSE 8.8
VSE 8.8 Patch 4
Issue: If you upgrade from VSE 8.7i to VSE 8.8, it is highly recommended that you are at Patch 4 before you upgrade to 8.8. This scenario allows a clean migration.
Issue: A BugCheck C2 error or 19 error occurs when file paths of a certain length are matched against Access Protection rules. NOTE: Previously resolved in VSE 8.8 Patch 2 Hotfix 778101.
784349
-
VSE 8.8 Patch 2
VSE 8.8 Patch 3
Issue: When a file could not be deleted as part of a repair option, the file was incorrectly added to a pending file rename operations list. The result is some errors during the repair.
800778
-
VSE 8.8 Patch 2
VSE 8.8 Patch 3
Issue: Servers with multiple network adapters and Receive Side Scaling enabled experienced high memory use or depletion.
791945
-
VSE 8.8 Patch 2
VSE 8.8 Patch 3
Issue: A new Category (G_BehavioralScan) and Rule (BS01) is seen after you check in the VSE 8.8 Patch 2 Extension. It is seen when you open the VSE Policy for Access Protection, and switch between Workstation and Server. NOTE: After you enforce Tasks and Policies to a supported server operating system, the new Category and Rule on the client Access Protection User Interface do not show.
-
-
VSE 8.8 Patch 2
VSE 8.8 Patch 3
Issue: You might experience a sporadic blue screen error on shutdown on systems with Host Intrusion Prevention Patch 1. This patch upgrade resolves this issue after a restart. But, the risk to encounter the crash on shutdown exists until that restart is satisfied. NOTE: If this issue happens on shutdown, the restart requirement has still not been satisfied.
761202
-
VSE 8.8 Patch 1
VSE 8.8 Patch 3
Issue: The Last Access Time is changed after you run a VSE 8.8 on-demand scan on a folder.
625756
-
VSE 8.8 Patch 3
MA 4.5 Patch 3
Issue: Event 516 still occurs despite updating to Patch 1.
Resolution: The number of 516 events is reduced by installing McAfee Agent 4.5 Patch 3. To resolve this type of issue, see the Event 516 troubleshooting article.
708485
-
VSE 8.8 Patch 1
VSE 8.8 Patch 2
Issue: Lotus Notes stops responding when opening email.
735512
-
VSE 8.8 Patch 1
VSE 8.8 Patch 2
Issue: When Hotfix 625756 is installed on a system with Host Intrusion Prevention, Host Intrusion Prevention blocks a McAfee process (mfehidin.exe) from setting Access Control List (ACL) on a McAfee driver (mfevtps).
682177
-
VSE 8.8 Patch 1
VSE 8.8 Patch 2
Issue: A STOP error (BugCheck 7f) could occur with the filter driver because of lost content header information when transmitting through a raw socket on Windows 7. This issue was seen with some third-party VPN clients.
742092
-
VSE 8.8 Patch 1
VSE 8.8 Patch 2
Issue: On-demand scan stops responding after you install VSE 8.8 Patch 1.
719680
-
VSE 8.8 Patch 1
VSE 8.8 Patch 2
Issue: Processes that write data to disk frequently or write much data in a short amount of time can experience poor performance from the scanning.
Issue: During a DAT update, VSE unnecessarily downloads the full .zip file instead of downloading incremental files.
737991
-
VSE 8.8 Patch 1
VSE 8.8 Patch 2
Issue: Cluster failover fails on a Windows 2003 SQL cluster because it is unable to mount the Quorum drive.
625756
-
VSE 8.8 Patch 1
VSE 8.8 Patch 2
Issue: Event 516 still occurs despite updating to Patch 1.
-
-
VSE 8.8 Patch 1
VSE 8.8 Patch 2
Issue: The Windows System Event log reports multiple entries for Event ID 516 with an event description of Warning, Process **\VSTSKMGR.EXE pid (XXXX) contains signed but untrusted code.
Resolution: This error has multiple causes. The issues need troubleshooting to identify the cause and resolution.
The individual known issues articles for this problem are:
Issue: Blue screen error with BugCheck 27 - RDR_FILE_SYSTEM error on mfehidk.sys.
625756
VSE 8.8 Patch 1
VSE 8.8 Patch 2
Issue: Multiple entries for Event ID 514, 516, and 519 are recorded in the Windows System Event log. Third-party products that inject DLLs into processes could cause the VSE service (VsTskMgr.exe) to periodically poll data and frequently log event entries.
Issue: Custom UI Runtime Error in email Scan Add-in error (when opening an existing or new email).
642481
VSE 8.8
VSE 8.8 Patch 2
Issue: Unable to add exclusions to the Access Protection rule: Anti-spyware Standard Protection - Protect Internet Explorer Favorites and Settings.
661424
-
VSE 8.8
VSE 8.8 Patch 1
Issue: Access Protection rules involving the block of System: Remote fail to enforce. This issue also applies to preventing remote access to shares.
660014
-
VSE 8.8
VSE 8.8 Patch 1
Issue: Files on network locations might trigger an unhandled exception that leads to a system crash if the network experiences a failure or the object is unreadable. One report of this issue occurred when opening Outlook 2010 with PST files configured to reside on remote storage.
641015
-
VSE 8.8
VSE 8.8 Patch 1
Issue: A BugCheck 5 error can occur in terminal server environments during logoff of a client using a multi-byte character language pack. VSE exposes a race condition with the Microsoft win32k.sys driver, causing an unhandled exception.
664539, 665345
-
VSE 8.8
VSE 8.8 Patch 1
Issue: When you filter network input/output, a timing issue could occur leading to a kernel thread stack exhaustion. This issue could result in a system crash.
643440
-
VSE 8.8
VSE 8.8 Patch 1
Issue: Malware might change NTFS folder permissions on McAfee folders to disable the software.
638858
-
VSE 8.8
VSE 8.8 Patch 1
Issue: Installation fails with ERROR 1920 The McShield Service failed to start. This issue can occur when Microsoft Windows is installed to a subfolder rather than the root.
673462
-
VSE 8.8
VSE 8.8 Patch 1
Issue: A memory leak could occur with the process validation service and Microsoft .NET runtime support library, mscoree.dll file.
661424
-
VSE 8.8
VSE 8.8 Patch 1
Issue: Access Protection blocking rules involving remote access to shares are not enforced.
Under each location, create a REG_DWORD value with nameArchiveCacheSizewith the value in megabytes. The default configuration is 12 MB, and the maximum supported value is 512 MB.
Enter 64 initially to both locations and apply the changes.
Purge the Scan Cache:
Run: C:\Program Files\Common Files\McAfee\SystemCore>cacheinfo.exe resetall
You see the output: Reset all attribute ids.
Verify that the change reduced the high CPU issue. If not, increase the Scan Cache size, for example, to 128.
Issue: Outlook 2010/2016 temporarily becomes unresponsive when receiving emails with large attachments when the VSE 8.8 Patch 9 On Delivery Email Scanner is installed.
Workaround: To improve the amount of time the initial pause occurs, turn on Cached Exchange Mode. To turn on this option, and to review other performance improvement tips for VSE 8.8, see the Related Article. NOTES: Expected behavior of the VSE Outlook Email Scanner:
Outlook is intentionally paused while both the message attachments and body are downloaded locally and scanned to prevent access to the email.
After scanning, the Outlook client will download the message attachments and body again for the user.
Issue: VSE 8.8 Patch 7 installs SysCore 15.4.0.811. All McAfee products that install SysCore 15.4.x.x have vital service dependencies on Cryptographic Services (the Microsoft Cryptographic Service) and Power (the Microsoft User Mode Power Service). Issue discovered: February 23, 2016. NOTE:This issue was discovered in Patch 7, and persists in Patch 8.
Workaround: If you install a McAfee product that upgrades to SysCore 15.4.x.x, these services must both be present, and you must permanently set these two services to Automatic, or the product does not install. If the services are changed after installation, the product, entire system fails, or be greatly impacted.
NOTES:
The service start must be set to Automatic without delay. Setting this service to Automatic (Delayed Start) in the Service Control Manager drop-down list does not resolve issues. If either service is not present, contact Microsoft for assistance.
Windows XP Embedded 2009, Windows Server 2008, and Windows Vista do not have the Power service. SysCore 15.4.x.x, when installed on these nodes, retains the dependency on the Cryptographic Services service but does not have a dependency on the non-existent Power service.
Issue: Upgrade to VSE 8.8 Patch 14 Hotfix 116778 can fail when a registry key is accessed.
Workaround: See the related article.
1268562
-
VSE 8.8 Patch 12
-
Issue: Windows Defender Security Center displays the status of VSE as Unavailable. But, VSE is correctly installed and functioning. This issue occurs only with Windows 10 Version 1803 (April 2018 Update) or later.
Issue: When creating a Microsoft Windows installation image with VSE installed into the image, if you run sysprep.exe /generalize /oobe against the image, the computer fails to boot properly with the following message:
Windows could not finish configuring the system. To attempt to resume configuration, restart the computer.
Resolution: Install VSE after the computer has been deployed and brought online.
Issue: The default query VSE: Version 8.8 Compliance produces incorrect results.
Resolution: Edit the query. See the related article for details.
-
VSE 8.8
Patch 7
(and later)
-
Issue: McAfee Agent can lose communication with the McAfee ePO server and fail to enforce policies because of Access Protection blocking new McAfee Agent processes.
Issue: Creation or deletion of files succeeds in the folder where the user-defined Access Protection rule was designed to prevent them. No blocking or reporting of events is generated anymore, and the Access Protection Log is not updated. Issue Discovered: May 19, 2016.
Resolution: See the related article for details.
1109341
-
VSE 8.8
Patch
5 or 6
Hotfix
1087536
-
Issue: McAfee Profiler tool (VSE Profiler) no longer functions when VSE 8.8 Patch 5 or 6 HF 1087536 is installed.
Resolution: This issue will be fixed in a future release of the McAfee Profiler tool.
Issue: McAfee Agent can lose communication with the McAfee ePO server and fail to enforce policies because of Access Protection blocking new McAfee Agent processes.
Resolution: See the related article.
1074199
-
VSE 8.8
Patch 6
-
Issue: Environments using Lotus Notes mail, with the Lotus Notes mail scanner feature enabled, encounter Access Protection violations after installing Patch 6.
Resolution: Add the Lotus Notes process (NLNOTES.EXE) to the Processes to Exclude list for the Access Protection rule that is being violated (for example, Common Standard Protection: Prevent modification of McAfee files and settings).
Issue: Change to the Global Threat Intelligence FQDN field for the Network Heuristic The feature requires a reboot on the client before the change takes effect.
Resolution: Restart the McShield service or reboot the system.
-
VSE 8.8
Patch 5
-
Issue: McAfee Agent can lose communication with the McAfee ePO server and fail to enforce policies because of Access Protection blocking new McAfee Agent processes.
Issue: McAfee Agent can lose communication with the McAfee ePO server and fail to enforce policies because of Access Protection blocking new McAfee Agent processes.
Resolution: See the related article.
-
-
VSE 8.8
Patch 5
-
Issue: VSE uses .MSP files for product updates. Windows handles these files as a new product installation while adding the changes from the patch to the original installation. VSE 8.8 Patch 5 (.msp) file does not support patch rollback or removal. Although the VSE product can be removed, the patch on its own can't.
Resolution: To restore to an earlier VSE patch, you must first uninstall the current VSE product/patch, then reinstall the VSE product with the needed earlier patch.
1046993
1053515
-
VSE 8.8
Patch 5
-
Issue: Incorrect action is recorded in Access Protection log file. Expected action was Delete but recorded action shows Write. Similarly, entries where Execute was expected show Read.
Resolution: This behavior is expected.
832150
-
VSE 8.8
Patch 5
-
Issue: Changed ePO tasks are not applied to the client. Workaround: Edit the task and click Save. The task can be applied to the clients using the option Force complete policy and task update.
901979
-
VSE 8.8
Patch 5
-
Issue: Access Protection alerts occur after installing Patch 5 on systems with McAfee SiteAdvisor installed.
Workaround: To establish Trust with McAfee components, reboot the client.
888146
VSE 8.8
Patch 5
-
Issue: Access Protection violations triggered when uninstalling or upgrading from VSE 8.7i.
Workaround: See the related article.
903631
-
VSE 8.8
Patch 5
-
Issue: In ePO queries, filtering on BufferOverflow is not possible. The Product\BufferOverflow\ALL\ Query\BufferOverflow is missing from the drop-down list in a new query.
903224
-
VSE 8.8
Patch 5
-
Issue: Double-byte languages do not properly display text for Query Criteria Properties in ePO.
Issue: System deadlock on startup because of untrusted third-party "hooking" applications when SysCore 15.3 is installed.
Workarounds: See the article for details.
-
-
VSE 8.8
Patch 4
-
Issue: VSE uses .MSP files for product updates. Windows handles these files as a new product installation while adding the changes from the patch to the original installation. The VSE 8.8 Patch 4 (.MSP) file does not support patch rollback or removal. Although the VSE product can be removed, the patch on its own can't.
Resolution: To restore to an earlier VSE patch, you must first uninstall the current VSE product/patch, then reinstall the VSE product with the needed earlier patch.
Issue: A compatibility issue exists with Microsoft DirectAccess software on Server 2012 and later, where the connections drop after you install VSE 8.8 Patch 3 or 4.
Resolution: See the article for details.
832150
-
VSE 8.8
Patch 4
-
Issue: Changed ePO tasks are not applied to the client. Workaround: Edit the task and click Save. The task can be applied to the clients using the option Force complete policy and task update.
901979
-
VSE 8.8
Patch 4
-
Issue: Where McAfee SiteAdvisor is installed, after installing Patch 4, some Access Protection alerts might be encountered. Workaround: A reboot is needed for McAfee SiteAdvisor to again establish awareness of which components are Trusted.
888146
-
VSE 8.8
Patch 4
-
Issue: Access Protection violations triggered when you uninstall or upgrade from VSE 8.7i. NOTE: VSE 8.7i has reached End of Life and is no longer supported.
Workaround: See the related article for details.
903631
-
VSE 8.8
Patch 4
-
Issue: In ePO queries, filtering on BufferOverflow is not possible. For example, Product\BufferOverflow\ALL\ Query\BufferOverflow is missing from the drop-down list in a new query.
Resolution: Under investigation.
903224
-
VSE 8.8
Patch 4
-
Issue: Double-byte languages do not properly display text for Query Criteria Properties in ePO.
Resolution: Under investigation.
-
-
VSE 8.8
Patch 4
-
Issue: VSE 8.8 Hotfix 925610 is reported as installed after installing VSE 8.8 Patch 4.
Resolution: The reporting of this hotfix number is expected. It allows us to distinguish between the current release and that of an earlier Patch 4 release. NOTE:The hotfix is not a separate installation; it is part of the current Patch 4 installation package.
Issue: The MFEVTPS.exe uses an increasing amount of memory. This issue occurs despite having installed VSE 8.8 Hotfix 660014, which was released to address a specific high memory use issue with MFEVTPS.exe. The same symptoms still occur because of a Microsoft update to CRYPT32.DLL.
Resolution: Microsoft has a solution available for this issue. See the article in the left column for details.
VSE-1189
-
VSE 8.8
-
Issue: Email on delivery or ODS on email doesn't show scanned attachments when attachments are present in an email.
Resolution: This issue is cosmetic and will be addressed in a future release version of the product.
Issue: VSE 8.8 Patch 7 installation fails with the following error:
Error 1722. There is a problem with this Windows Installer package. (AddAACStickyPolicy)
Issue discovered: May 4, 2016.
Resolution: You must first identify which third party DLL is injected into the process, then implement one of the several available workarounds, see the related article.
-
-
VSE 8.8
Patch 6
Expected
Behavior
IMPORTANT: Installing VSE by starting the .MSI package directly is no longer supported. The installation must be performed from the SetupVSE.exe bootstrapper to avoid risk of the installation getting blocked by self-protection mechanisms (Access Protection or Arbitrary Access Control).
Starting SetupVSE.exe also helps to make sure that no incompatible software is present on the device. NOTE: VSE 8.8 Patch 8 and later include constraints to prevent the execution of the .MSI or .MSP packages to install or upgrade VSE. The packages can't perform actions such as installation prerequisite checks to block installation on incompatible environments. The following is extracted from the VSE 8.8 Patch 8 Release Notes:
"Using .MSI or .MSP to start VirusScan Enterprise is now blocked and produces this error message: "You must use SETUPVSE.EXE or SETUP.EXE to start VirusScan Enterprise installation"
1161468
-
VSE 8.8
Patch 3
Expected
Behavior
Issue: You can't upgrade from VSE 8.8 Patch 3 and earlier. It is no longer supported to later versions.
-
-
VSE 8.8
Patch 2
Expected
Behavior
Issue: After you install VSE 8.8 Patch 2, you must restart the MOVE-AV service or restart the system.
Non-critical Known Issues – Expected Behavior
Reference Number
Related
Article
Found
Version
Resolved Version
Issue Description
1246870
-
VSE
Patch 9
Expected
Behavior
Issue: When VSE debug logging is enabled for ScriptScan, it is not logging the URL when accessing a cloud-based URL. But, it is logging a locally accessed URL (Non-Cloud-based URL).
-
-
VSE 8.8
Expected
Behavior
Issue: When you install VSE, a brief network disconnect might occur when the network filter driver is loaded. While not typically noticed on the endpoint, the interruption might generate an alert for network sensitive applications or appliances. For example, a clustered server that fails over during the disconnect or other related symptoms.
Issue: Windows Defender could remain enabled after VSE 8.8 Patch 3 or later installation
Resolution: This behavior is expected with VSE 8.8 Patch 3 and later with Microsoft. Change the group policy to disable Windows Defender, if needed. See the related article for details.
Issue: Windows Defender is disabled after installing VSE 8.8 Patch 3 or later on Windows 8 and Server 2012.
Resolution: This behavior is expected with VSE 8.8 Patch 3 and later for Microsoft Windows 8 or Server 2012 and later. Microsoft now disables Windows Defender when an antimalware product is installed.
Issue: The HP Insight Foundation Agents process (cqmghost.exe), could generate Access Protection violations in VSE 8.8 Patch 8, against some registry keys.
Resolution: Access protection is working as designed. See the related article for details.
Gerelateerde informatie
NOTE: To create an ePO query for VSE Hotfixes, use the field in the VirusScan Enterprise - Additional Propertiessection. For information about how to create ePO queries to report on installed hotfixes, see KB67406.
Released to Support hotfixes
McAfee investigated this issue and a solution is currently available. This solution is currently not generally available, but is in Released to Support (RTS) status. To obtain the RTS build, log on to the ServicePortal and create a Service Request (https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR). Include this article number in the Problem Description field.
