Loading...

Knowledge Center


Change Control 6.x Known Issues
Technical Articles ID:   KB81084
Last Modified:  8/13/2019

Environment

McAfee Change Control (MCC) 6.x.x

Summary

Recent updates to this article
Date Update
August 13, 2019 Added Change Control 6.3.0-794 release information and known issues.
July 8, 2019 Changed (corrected) Change Control version release number from 6.3.0-714 to 6.3.0-724 and updated known issues.
July 1, 2019 Added Change Control 6.3.0-714 known issues and product release information.
April 9, 2019 Added Change Control 6.3.0-503 known issues and product release information.
March 12, 2019 Added Change Control 6.3.0-418 known issues.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.


Contents
Click to expand the section you want to view:

Version General Availability (GA) Release Notes
6.3.0-794 August 13, 2019 PD28450
6.3.0-724 July 2, 2019 PD28392
6.3.0-503 (Linux only) April 9, 2019 PD28310
6.3.0-418 (Linux only) March 12, 2019 PD28266
6.3.0-299 (Linux only) February 12, 2019 PD28213
6.3.0-242 (Linux only) January 8, 2019 PD28165
6.3.0-180 (Linux only) November 13, 2018 PD28094
6.3.0 (Linux only) October 9, 2018 PD28051
6.2.0 April 9, 2015 PD25626
6.1.7 (Linux only) April 7, 2015 PD25891
6.1.4 (Linux/UNIX only) June 16, 2014 PD25243
6.1.3 April 16, 2014 PD25160
6.1.2 December 24, 2013 PD24893
6.1.1 August 30, 2013 PD24584
6.1.0 February 12, 2013 PD24180

Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.

CRITICAL: There are no known critical issues.

Non-critical:

Linux
Reference Article Found in Version Resolved in Version Description
1253988   6.3.0-129   Issue: CCT: CLI - Content change tracking rule can be created with invalid encoding value.
1254355   6.3.0-129   Issue: CCT: CLI - Inclusion filters with more than one wrong pattern is not working as expected.
1254435   6.3.0-152 6.3.0-180 Issue: CCT: Problem with updating a policy to add exclusion filter pattern.
Workaround: Delete the rule and create it from scratch adding the exclusion filter. Or, edit any other property on the rule and it is applied correctly.
1254607   6.3.0-116 6.3.0-299 Issue: CCT: Exploratory - endpoint lost communication with ePO.
1254610   6.3.0-152 6.3.0-180 Issue: CCT: Exploratory - Operations on binaries are reported to ePO as "File type not supported."
1256065   6.3.0-152 6.3.0-180 Issue: CCT: File deleted and File deleted update xmls are generated with ReturnCode = 0 for binaries.
1256085   6.3.0-152 6.3.0-180 Issue: CCT: Not all events related to binaries are shown on ePO.
1256092   6.3.0-152 6.3.0-242 Issue: CCT: Enhancement: Add a mechanism to identify on the CLI if a rule is recursive or not.
1256261   6.3.0-152 6.3.0-180 Issue: CCT: MACC service crashes after updating FileDiffMaxSize.
1256344   6.3.0-152 6.3.0-180 Issue: CCT E2E: Recursion level for one recursion level case combined with exclusion patterns.
1256352   6.3.0-152 6.3.0-242 Issue: CCT: macompatsvc crashes after several CCT policy updates.
1256359   6.3.0-152 6.3.0-180 Issue: In Ubuntu 12.04, the File diff events of "File created" and "File modified" are not created.
1256469   6.3.0-152 6.3.0-180 Issue: CCT: Events for binary, script, or text files in update mode sometimes are listed with "Path not found" error.
1256488   6.3.0-142 6.3.0-180 Issue: CCT Exploratory: File rule matched with directory error reported for DAT files.
1256613   6.3.0-152   Issue: In update mode, the "file diff dir" events are generated for rename and delete directories.
1259032   6.3.0-180 6.3.0-242 Issue: CCT: libmagic returns different mime strings in RHEL5.
1259050   6.3.0-180 6.3.0-242 Issue: CCT: Some events for invalid CCT rule creation are randomly reported to ePO.
1259139   6.3.0-180   Issue: CCT: FILE_RENAMED_UPDATE event in LEL5 is not generated correctly when specifying encoding on cct rule.
1260084   6.3.0-180   Issue: An error message is encountered when installing MACC 6.3.0.180 in standalone mode in a CentOS 7 environment.
1263203   6.3.0-242 6.3.0-299 Issue: After upgrading from build 6.3.0-180 and disabling integrity feature, sadmin can no longer execute.
1263206   6.3.0-242 6.3.0-299 Issue: After upgrading from 6.3.0-180, a permission denied message is shown for /usr/bin/xauth.
Workaround:
1. Edit the /etc/mcafee/solidcore/solidcore.conf file, set RTEModeOnReboot = 0x0, and reboot the system.
2. After restart, run the command sadmin check -r or sadmin so.
3. After check or so finishes, run sadmin enable and restart the service.
1263207   6.3.0-242   Issue: After upgrading from 6.3.0-180, ssh service cannot be restarted.
Workaround:
1. Edit the /etc/mcafee/solidcore/solidcore.conf file, set RTEModeOnReboot = 0x0, and reboot the system.
2. After restart, run the command sadmin check -r or sadmin so.
3. After check or so finishes, run sadmin enable and restart the service. 
1263208   6.3.0-242 6.3.0-299 Issue: After upgrading from 6.3.0-180, sadmin check is failing on LUBT12 (AMD64 and x86).
Workaround:
1. Edit the /etc/mcafee/solidcore/solidcore.conf file, set RTEModeOnReboot = 0x0, and reboot the system.
2. After restart, run the command sadmin check -r or sadmin so.
3. After check or so finishes, run sadmin enable and restart the service.
1263209   6.3.0-242 6.3.0-299 Issue: After upgrading from 6.3.0-180 and disabling integrity, you cannot log on using the endpoint's tty on CentOS5 (AMD64 and X86).
Workaround:
1. Edit the /etc/mcafee/solidcore/solidcore.conf file, set RTEModeOnReboot = 0x0, and reboot the system.
2. After restart, run the command sadmin check -r or sadmin so.
3. After check or so finishes, run sadmin enable and restart the service.
1263552   6.3.0-242   Issue: Error in locking authority file in Ubuntu 16.
1263558   6.3.0-242 6.3.0-299 Issue: [Exploratory] Precedence rule for monitoring is not working as expected.
1263559   6.3.0-242 6.3.0-299 Issue: [Exploratory] Integrity monitoring – If VIM is added as an included process for integrity monitoring, the files modified by VIM are not reported as changed.
1263560   6.3.0-242   Issue: [Exploratory] When a directory is included on the integrity monitoring, created files or directories are not considered as changes. So, they are not listed on the change control in ePO.
1263564   6.3.0-242   Issue: CCT: Several file-related events cannot be validated in Update Mode.
1263609   6.3.0-242 6.3.0-299 Issue: [Exploratory] Policy to exclude a user from monitoring list cannot be applied. Workaround: As a workaround, users can be excluded from the monitoring list. Use the sadmin mon user -e <username> command in unmanaged mode, or use the "Run command" option from ePO.
1265307   6.3.0-299 6.3.0-418 Issue: Kernel loops in LUBT 14 kernel 4.2.
1266210   6.3.0-299 6.3.0-724 Issue: Policy "Minimal System Monitoring for Linux variants (McAfee Default)" is not correctly applied on some endpoints.
1266302   6.3.0-299   Issue: [Exploratory] When binary files operations are caught by CCT, on ePO message is incorrect since attributes are not changed.
1266310   6.3.0-299   Issue: [Exploratory] To be disabled, mon features require a reboot.
1266502   6.3.0-299   Issue: Bad behavior in enablement from ePO in Oracle 7.
1268052   6.3.0-418   Issue: No message is shown on the command line when restarting scsrvc service in Ubuntu 16.
1269359   6.3.0-503   Issue: Warning message logged in /tmp/solidcoreS3_uninstall.log after solidcore uninstalled.
1269365   6.3.0-503 6.3.0-724 Issue: Dpkg preinstallation script logs an error after installation with build 6.3.0-503.
1273558   6.3.0-607   Issue: When build target tool fails, some files are not removed from the system.
Workaround: Remove the files manually.
1273659   6.3.0-671   Issue: XFS with kernel 4.10 and above is not supported.
Workaround: Technical Support does not recommend using MACC 6.3.0 on Red Hat Enterprise Linux Server 8 systems if you have kernel version 4.18 or higher and XFS. The recommended file system to use is EXT4. See KB73341 for supported EXT versions.

For systems that experience this issue with SUSE Enterprise Linux Server 12 or SUSE Enterprise Linux Desktop 12 with kernel 4.10 or higher installed and MACC with XFS in Update mode in use, you can:
  1. Restart the system with a kernel version lower than 4.10 (see KB90947 for supported kernel versions).
  2. When the system starts, leave update mode by executing “sadmin eu”.
  3. Restart system again with kernel version higher than 4.10.
1274415   6.3.0-607   Issue:  [Exploratory] When adding a monitoring rule, no initial snapshot of the files monitored is created.
1274416   6.3.0-702   Issue: "orig_user_name" is not correctly reported in events.
MACC-6863   6.3.0-724   Issue: Build target fails to build kernel module in RHEL 8.
MACC-7077   6.3.0-724   Issue: Self kernel support tool does not work for OL7 UEKR5 unsupported UEK kernel.
MACC-7216   6.3.0-794   Issue: User cannot be created when MACC is in update mode on RHEL 8 with SSSD version 2.0.0-43 installed.
MACC-7240   6.3.0-794   Issue: After upgrade from MACC for Linux 6.3.0-724 to 6.3.0-794, attempts to uninstall 6.3.0-794 fail in LEL6 32-bit.
Workaround: Perform the following steps:
  1. Run ""/opt/bitrock/solidcoreS3-6.3.0-724/helperBinaryUninstall""
  2. Run ""rpm -e solidcoreS3-6.3.0-794.i386 --noscripts""
  3. Run ""rpm -e solidcoreS3-kmod-6.3.0-794.i386 --noscripts""

CRITICAL: There are no known critical issues.

Non-critical:

Solidcore Extension
 
Reference Article Found in version Resolved in Version Description
608618   5.0.0   Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow. 
Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 or later. If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Access the ePO console on the ePO server and upload the file from the local path. This method avoids possible network delays.
607452       Issue: ePO 4.6 reports and dashboard entries are not removed after the Solidcore Extension is uninstalled.
Workaround: If you are uninstalling and reinstalling the Solidcore Extension, remove the reports and dashboards manually after uninstalling and before reinstalling.
607517       Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347       Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304   5.0.2   Issue: It is not possible to export data from the Reporting, Solidcore Events page. 
Workaround: Use Queries (Reporting, Queries) to export event data.
636769   5.1.1   Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 or later, existing Solidcore events in the Solidcore Events table are not migrated to the ePO Events table.
636352   5.1.1   Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554       Issue: Solidcore policies cannot be duplicated using the Policy Details page because the OK button is disabled.
Workaround: Use the Policy Catalog page to duplicate policies.
643854   5.1.1   Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button is not enabled when changes are made to Solidcore Policies. 
Workaround: Edit the policy using the Policy Catalog without using Guided Configuration.
608374   5.0.0   Issue: When you try to enable an already enabled Solidcore Agent, the error displayed is not translated.
607908       Issue: It is not possible to export more than 50,000 records from any table or report.
608025       Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU is not added.
609911   5.1.0   Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO server.
Workaround: To export rule groups, use Internet Explorer from a different computer.
610303   5.1.0   Issue: The Server Task pages in ePO might not work properly if you use Mozilla Firefox version 3.0.
Workaround: If you encounter issues, McAfee recommends using Mozilla Firefox version 3.6 or later or Internet Explorer 6.0 or later.
608753   5.0.0   Issue: Sometimes, using the user name field of reported events on the ePO server as a trusted user might not work if the client system is part of an Active Directory domain. The reason is because the domain name reported in the events is not the full AD domain. 
Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete user name to specify as the trusted user.
608390       Issue: When viewing an Integrity Monitor policy, the My Rules tab is not translated.
669563   5.1.2   Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5,000 hosts), the System with Unauthorized changes page does not open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and the user is logged off the ePO console.
656518   5.1.2   Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working.
Workaround: Run the following command to upgrade the required DLL: https://<ePO_IP_address:port>/remote/scor.upgradeEventParser.do 
661203   5.1.2   Issue: If you use reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you cannot access the older reconciliation data.
607950   5.0.0   Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486   5.2.0   Issue: When using the ePO 4.6 console, navigating quickly through the Events and Inventory pages, logs off the user.
714176   5.2.0   Issue: In ePO 4.6 Update 1 or Update 2, if you add multiple commands to a Run Commands client task while you create the task, you cannot later remove the commands from the saved client task.
719796   5.2.0   Issue: Global Catalog search for Active Directory (AD) groups is not supported.
Workaround: Search for a group in a specific AD server instead of using the Global Catalog. To add a specific group:
  1. Log on to the ePO 4.x console.
  2. Add the AD server with the group as a registered server.
  3. Search for the group by selecting the registered AD server. Ensure that the Global Catalog Search option is deselected.
  4. Add the group to a policy as a trusted group.
722045   5.2.0   Issue: Adding new columns, such as Solidcore Status and Solidification Status, for an endpoint by clicking ActionsChoose columnsNon Compliant Solidcore Agent might not display values for all endpoints. The reason is because the Non Compliant Solidcore Agent section includes only noncompliant agent properties.
Workaround: When adding new columns for an endpoint, click ActionsChoose columnsSolidcore Client Properties instead of Actions, Choose columns, Non Compliant Solidcore Agent.
695769   5.2.0   Issue: Under the Content Change Tracking feature, the view file page goes blank for a file size of around 1 MB.
800014   6.1.0   Issue: Extra events are reconciled when manual reconciliation is performed from custom queries.
Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page directly by clicking Menu, Reporting, Solidcore Events.

NOTE: This option does not work well if you reach Solidcore Events by drilling down from a Query page.
882821   6.1.1   Issue: Sorting is not supported on the Last Modification Time column on the Content Change Tracking page.
1033281   6.2.0   Issue: Upgrading to Solidcore Extension 6.2.0 might fail immediately after the extension restart while performing an upgrade from a version older than 6.1.2.
985336   6.2.0   Issue: The event pages in ePO might not work properly if you are using Mozilla Firefox version 3.5.
Workaround: If you encounter issues, McAfee recommends using Mozilla Firefox version 3.6 or later or Internet Explorer 6.0 or later.
1043052   6.2.0   Issue: You cannot upgrade the Solidcore help extension from previous versions to 6.2.
Workaround: Uninstall the old help extension and install the new one.

Back to top

Windows (all versions)
 
Reference Article Found in version Resolved in Version Description
608418   5.0.0   Issue: The Original user name reported in events is the same as the user name.
600805   4.7.0   Issue: While opening a write-protected network share in Windows Explorer, a few deny-write errors are observed.
603747   4.8.0   Issue: The trusted, solidified, and write-protect features do not work correctly for folder-mounted volumes.
Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes.
608036   5.0.0   Issue: Mapped drive names cannot be used in commands issued by remote users/ePO.
598002   4.5.0   Issue: Registry key protection does not work for all registry key hives, it works only for HKEY_LOCAL_MACHINE.
599240   4.5.3   Issue: A subkey registry does not get added to a protected registry key when using the reg command.
601500   4.7.0   Issue: Creating a shortcut in a read-protected directory is not allowed.
602122   4.7.0   Issue: Any file operation performed on a read-protected file generates deny-read events that correspond to the file even when the file operation is allowed.
603032   4.8.0   Issue: Changes to folder-mounted volumes that do not have an associated drive letter cannot be monitored.
Workaround: Assign a drive letter to a volume before mounting it on any other folder.
603628   4.8.0   Issue: On 64-bit platforms, ACL change events are not generated when the update mechanism supersedes the deny-write policies for registries.
605371   4.8.3   Issue: When you try to read a read-protected file with certain file flags set through Windows Explorer, read-denied events might not be written to the event viewer. The events are recorded in the Solidcore Agent log file.
606496   4.9.0   Issue: Only full long names are supported with commands that accept file or folder names. For example, names such as c:\myPackages\SETUP-~1.EXE are not supported.
606532   4.9.0   Issue: Virtual drive paths are not supported as path values in Solidcore Agent commands, such as write-protect, read-protect, and monitor.
600748   4.6.4   Issue: Multiple deny write events might be generated for a single deny write action. For example, on deletion of a file using Windows Explorer, up to 8 file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting in an event for each attempt.
691196   5.2.0   Issue: For a file where you are tracking content changes, you receive an unknown error if connectivity issues occur while sending metadata for the file from the endpoint to the ePO console.
Workaround: When network connectivity resumes, the next change to the file is reflected accurately on the ePO console.
724796   5.2.0   Issue: Although you can track content changes for a read-protected file, you cannot view the actual changes. The reason is because the read protection rule prevents the software from fetching file contents from the endpoint.
799559   6.1.0   Issue: If you exclude the .bat extension from monitoring, events for batch file operations are generated.
812964   6.1.0   Issue: If the Updater flag is removed for a cert rule in ePO, the certificate is listed as an Updater on the endpoint.
876430   6.1.1   Issue: For monitoring and change control rules with *, the longest path rule is not given precedence for conflicting rules.
881480   6.1.1   Issue: Revisions are not reported for Content Change tracking if user events are filtered using the filter rules.
Workaround: Exclude the user from event filtering and apply advanced filters for the user excluding unwanted events for files and directories. 
894237   6.1.1   Issue: For a directory-based Content Change Tracking rule, renaming of the directory or its subdirectory generates spurious monitor events.

920568

 KB79987 6.1.2   Issue: The version is not updated in the ePO server and the McTray About box after an endpoint upgrade.
Workaround: See the Knowledge Base article for details.
940085  KB73484 6.1.2  
Issue: There is a known incompatibility between McAfee Change Control and SafeNet ProtectFile: File Encryption and Protection software.

1027687

 KB84043 6.2.0   Issue: Upgrade to Application Control or Change Control 6.2 fails for endpoints.
Workaround: See the Knowledge Base article for details.

Back to top

Windows 2008 R2 (64-bit)
 
Reference Article Found in version Resolved in Version Description
608636   5.0.0   Issue: During manual installation of the Solidcore Agent on Windows 2008 R2 (64-bit), a Windows installer encountered a validation error message displays for the msiexec.exe and kernelbase.dll files.
Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation.

Windows 2008 (64-bit)
 
Reference Article Found in version Resolved in Version Description
609780   5.0.2   Issue: On Windows 2008 (64-bit), the rundll32.exe file crashes if an application is uninstalled via Add/Remove Programs after the SetupInstallFromInfSection() function was used to install the application.

Windows 7 (64-bit)
 
Reference Article Found in version Resolved in Version Description
708226   5.1.5   Issue: MCC is functionally incompatible with Avecto Privilege guard.

Windows XP
 
Reference Article Found in version Resolved in Version Description
601738   4.7.0   Issue: On Windows XP SP2, deny-write errors with two different file names or folder names are logged when a file or folder is created under a write-protected folder.
604834   4.8.1   Issue: On Windows XP, NTFS junction points are supported only when junctions are created for volumes and not for folders.

Back to top

UNIX (all versions)
 
Reference Article Found in version Resolved in Version Description  
604604   4.8.3-164 Will not fix Issue: Write/read protection does not work on files added via cachefs/lofs.   
607024   4.0.0-5920 Will not fix Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to the Solidcore agent. But, it is effective only after the deny-read feature is enabled on the Solidcore agent.  
607245   4.9.0-246 Will not fix Issue: No events are generated for changes to a file with the string solidcore.log in its name (example: mysolidcore.log)  
610254   5.0.1-1 Will not fix Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gz file is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.  
616089   5.1.0-6817 Will not fix Issue: Localized strings not consistent. Partial localization occurs in some events and messages.  
762449   6.1.0-9301 Will not fix Issue: Events are generated if a special device file is renamed.  
797291   6.1.0-9323 Will not fix Issue: After Dynamic Kernel Module compilation, an empty file named 2 gets created in the dksdirectory.  
797363   6.1.0-9323   Issue: The sadmin xray command does not list the attr specific configurations for the running process.  
798843   6.1.0-9323 Will not fix Issue: You might observe unexpected behavior if a process exits without closing one or more changed files.  
807180   6.1.0-9402 Will not fix Issue: Installation on a non pre-compiled kernel fails if you run the installer from a Windows share that is mounted with CIFS. Mount the Windows share using NFS.
811983   6.1.0   Issue: Property collection on ePO and the endpoint might show different versions of Solidifier if the system is not rebooted after upgrade.  
812578   6.1.0-9434 Will not fix Issue: On some kernels, error messages related to scdrv are displayed in the console during system boot.  
818828   6.1.0-9463   Issue: Withe VirusScan Enterprise for Linux (VSEL) 1.7 installed, the VSEL service stops with errors on the CLI.  
989865   6.1.5-224 Will not fix Issue: Installation of Solidifier should not occur in a symbolic link path.  
991605 KB82820 6.1.4-237   Issue: After upgrading to MCC 6.1.7, new advanced exclusion filters (AEF)/updaters and attr rules re not added as default rules.  
1053355   6.1.7-192 Will not fix Issue: If you erroneously try to stop the Solidcore service by using the systemctl command in Enabled mode, a subsequent attempt to stop the service in Disabled mode might fail. 
 
To stop the service in Disabled mode, use the following commands:

systemctl start scsrvc.service
systemctl stop scsrvc.service
1202241   6.1.7-504   Issue: The events are not generated in RHEL 6 x86.  
1203232   6.1.7-540   Issue: Solomon automated test tool can't verify some events.  

Back to top

Linux
 
Reference Article Found in version Resolved in Version Description Workaround
1009579   6.1.4-249   Issue: On a protected system running RHEL5 with kernel 2.6.18-308.EL5 or later, the deny-read feature does not work on an NFSv4 mounted partition.  
1205485   6.1.7-504   Issue: Linux Desktop Timeout with Root login/logoff when Solidcore is Enabled/Updated. Create the file /etc/X11/xinit/xinitrc.d/00-gvfs-disable-fuse.sh with the following contents:

GVFS_DISABLE_FUSE=1
export GVFS_DISABLE_FUSE

This script disables fuse's daemon running in the background, so fuse filesystem is not mounted. Restart the system so the changes can take effect.

 
1211104   6.1.7   Issue: After running automated testing tool (Solomon), there is a crash in Ubuntu 16.04 x86 platform with kernel 4.4.0-47-generic.  
1218213 KB90069 6.1.7-674 Will not fix Issue: After disabled AC without a system reboot, AC 6.1.7-674 enters a partially disabled and the system is allowed to execute.  
1224787   6.1.7-673 Will not fix Issue: MACC service stops working after running the command sadmin disable and restarting the Solidcore service. To complete entering disabled mode, reboot the system. After you reboot the system, it operates as expected.
1225663   6.2.0-114   Issue: MACC is unmanaged after installing build 6.2.0-114 from EPO  
1227491   6.2.0-142   Issue: Write Denied rule is generated with wrong information  
1230613   6.2.0-154   Issue: After upgrading a system from 6.1.7 to 6.2.0 (from ePO), status is unmanaged.  
1230621   6.2.0-154   Issue: ePO tasks are not reflecting the systems status correctly.  
1230623   6.2.0-154 6.2.0-236 Issue: Solidcore version is shown in incorrect format under the Products tab.  
1230625   6.2.0-154   Issue: Solidcore client task log is not refreshed correctly.  
1230835   6.2.0-154 6.2.0-158 Issue: Monitoring events are raised in Observe mode.  
1238336   6.2.0-236   Issue: "No such a process" message shown when trying to restart scsrvc service.  
1239252   6.2.0-236   Issue: In SUSE 11 x86, "touch" binary as updater is not working properly.  
1238936   6.2.0-236 6.2.0-347 Issue: Bad behavior with write-protected files in observe mode.  
1243019   6.2.0-337   Issue: Wrong transition from update mode to Disabled* (Global Pass-Through)  
1243872   6.2.0-347   Issue: Some endpoints are in Disabled* after installation from ePO.  
1243874   6.2.0-347   Issue: Events are not generated on Rhel 6 endpoint with Solidcore installed and enabled.  
1243879   6.2.0-347   Issue: On Ubuntu endpoints, the file events expected for some tests are not the ones generated.  
1253820   6.2.0-463   Issue: MACC 6.2.0-463 does not communicate with MA 5.6.0.  

Back to top
 

CRITICAL: There are no known critical issues.
 
Non-critical:

Solidcore Extension

 
Reference Article Found in version Resolved in Version Description
608618       Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow. 
Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the Solidcore Agent Deployment Package to a local directory on the ePO server. Open a browser window on the ePO server to access the ePO console. Upload the file from the local path. Then, the upload happens from the ePO server to ePO and avoid network delays.
607452       Issue: ePO 4.6 reports and dashboard entries are not removed after the Solidcore Extension is uninstalled.
Workaround: If you are uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling, and before reinstalling.
607517       Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347       Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304       Issue: It is not possible to export data from the Reporting, Solidcore Events page. 
Workaround: Use Queries (Reporting, Queries) to export event data.
636769       Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table are not migrated to the ePO Events table.
636352       Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554       Issue: Solidcore policies cannot be duplicated using the Policy Details page because the OK button is disabled.
Workaround: Use the Policy Catalog page to duplicate policies.
643854       Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button is not enabled when changes are made to Solidcore Policies. 
Workaround: Edit the policy using the Policy Catalog without using Guided Configuration.
608374       Issue: When you try to enable an already enabled Solidcore Agent, the error displayed is not translated.
607908       Issue: It is not possible to export more than 50,000 records from any table or report.
608025       Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU is not added.
609911       Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO server.
Workaround: Use Internet Explorer from a different computer to export rule groups.
610303       Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0.
Workaround: Technical Support recommends using Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).
608753       Issue: Sometimes, using the user name field of reported events on the ePO server as a trusted user might not work if the client system is part of an Active Directory domain. The reason is because the domain name reported in the events is not the full AD domain. 
Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete user name to specify as the trusted user.
608390       Issue: When viewing an Integrity Monitor policy, the My Rules tab is not translated.
669563       Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5,000 hosts), the Systems with Unauthorized changes page does not open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and the user is logged off the ePO console.
656518       Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working.
Workaround: Run the following command to upgrade the required DLL: https://<ePO_IP_address: port>remote/scor.upgradeEventParser.do 
661203       Issue: If you are using reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you cannot access the older reconciliation data.
607950       Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486       Issue: When using the ePO 4.6 console, navigating quickly through the Events and Inventory pages logs off the user.
714176       Issue: On ePO 4.6 Update 1 or Update 2, if you add multiple commands to a Run Commands client task while you create the task, you cannot later remove the commands from the saved client task.
719796       Issue: Global Catalog search for Active Directory (AD) groups is not supported.
Workaround: Search for a group in a specific AD server instead of using the Global Catalog.

To add a specific group:
  1. Log on to the ePO 4.x console.
  2. Add the AD server with the group as a Registered Server.
  3. Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
  4. Add the group to a policy as a trusted group.
722045       Issue: Adding new columns, such as Solidcore Status and Solidification Status, for an endpoint by clicking ActionsChoose columnsNon Compliant Solidcore Agent might not display values for all endpoints. The reason is because the Non Compliant Solidcore Agent section includes only noncompliant agent properties.
Workaround: When adding new columns for an endpoint, click ActionsChoose columnsSolidcore Client Properties instead of Actions, Choose columns, Non Compliant Solidcore Agent.
695769       Issue: Under the Content Change Tracking feature, the view file page goes blank for a file size of around 1 MB.
800014       Issue: Extra events are reconciled when you perform manual reconciliation from custom queries.
Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page directly by clicking Menu, Reporting, Solidcore Events.

NOTE: This option does not work well if you reach Solidcore Events by drilling down from a Query page.
882821       Issue: Sorting is not supported on the Last Modification Time column on the Content Change Tracking page.
937037       Issue: You cannot upgrade Solidcore help extension from previous versions.
Workaround: Uninstall the old help extension and install the new one.

Back to top

Solidcore Agent:

UNIX (all versions)
 
Reference Article Found in version Resolved in Version Description
944538       Issue: MAC/MCC 6.1.7 are not compatible with VirusScan Enterprise for Linux (VSEL) 2.0.
900761      
Issue: When MCC is placed in a Disabled state and the endpoint is not rebooted, an upgrade of MCC does not successfully complete. The reason is because the driver is not unloaded.
Workaround: Reboot the endpoint (after disabling MCC) and perform the upgrade task again.
608671
 
   
Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO is not supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. Technical Support recommends that you uninstall the existing version and then install the new version using ePO.
608737
 
   
Issue: If the partition with the /opt/McAfee/cma directory has insufficient space, events might not be generated. Also, a Failed to generate event xml error message is added to the solidcore.log file. Free up space in partition with the /opt/McAfee/cma directory.
601728
 
   
Issue: According to the NFS protocol, if a file present on the NFS share is opened once on the NFS client, it cannot be reopened until the file attributes are changed. If a read-protected file, on an NFS share, is opened on the client in Update mode, the user could read it on the client. They can read it in Enabled mode (after coming out of the Update mode) until the file attributes are changed on the server.
601734
 
   
Issue: Changing a hard link might cause the name of the link or program to display in events.
601914
 
   
Issue: For daemon processes, the reported user name and original user name are the same.
602653
 
   
Issue: A write-protected file can be changed through its hard link if the hard link has already been created.
602772
 
   
Issue: Scripts without the #! tag cannot act as updaters.
602977
 
   
Issue: For loopback file systems, some features, such as updater and monitoring, do not work correctly when the loopback path is used instead of the physical path in the sadmin commands. For instance, if /opt is mounted as a loopback file system at /mnt, to add /mnt/abc as an updater, you must add the path /opt/abc as an updater.
602990
 
   
Issue: Some features, such as updaters and mon-proc-exec, do not work properly for unsupported file formats. Only executable binaries and #! scripts are supported file formats.
603462
 
   
Issue: The BOOTING_ENABLED and BOOTING_UPDATE_MODE events are not added to the system log.
Workaround: At boot time, start the syslog service before the Solidcore Agent service.
603490
 
   
Issue: You observe the following issues when an updater calls another updater:
  • If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
  • If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.
604780
 
   
Issue: For processes that are not directly associated with a terminal, the original_user field is the same as the user field. For example, when you run a script through Runlevel/init scripts, original_user is same as the user.
605062
 
   
Issue: The mmap system call at the NFS client does not work if the file is read-protected.
606674
 
   
Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.
607014
 
   
Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.
607024
 
   
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to Solidcore Agent, but it is effective only after the deny-read feature is enabled on the Solidcore Agent.
607245
 
   
Issue: No events are generated for changes to a file with the string solidcore.log in its name, for example, mysolidcore.log.
601763
 
   
Issue: Process information cannot be determined for processes that are invoked before the Solidcore Agent driver is loaded. This issue has the following implications:
  • If such a process makes file changes, these changes might not be reported.
  • For processes that started before the driver was loaded, only the partial program names are reported.
  • For NFS, the changes made by the client, the change events displaying on the server have only the relative name for the NFS daemon (in other words, nfsd or nfsktcpd).
  • No Process Start and Process Stop events are generated for already running processes.
  • On only the AIX platform, Change Tracking / Prevention on file systems mounted by such processes might or might not work. System calls executed by already running processes cannot be trapped because of differences in the way system calls are implemented for the AIX platform. As a workaround, you can restart such processes.
604604
 
   
Issue: Write/read protection does not work on files added via cachefs/lofs.
613214
 
   
Issue: If the installation path is a mount point, forcibly unmounting (for example, using the umount –f command) might lead to non-deterministic behavior.
603386
 
   
Issue: The Solidcore Agent cannot be installed, upgraded, or uninstalled through init scripts that run at system boot time.
Workaround: Add the following two statements in the init script before invoking the installer:
HOME=""/""
export HOME
613205
 
   
Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For example, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.
613213
 
   
Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls and multiple FILE_MODIFIED events are generated at the NFS server.
610254
 
   
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gz file is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
     
Issue: Localized strings not consistent. Partial localization occurs in some events and messages.
708279
     
Issue: For RHEL5/RHEL6 (kernels earlier than 2.6.32-220) and kernels of SLES 10/SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over an NFSv4 partition.
762449
     
Issue: Events are generated if a special device file is renamed.
797291
     
Issue: After Dynamic Kernel Module compilation, an empty file named 2 gets created in the dks directory.
797363
     
Issue: The Sadmin Xray command does not list the attr specific configurations for the running process.
798843
     
Issue: You might observe unexpected behavior if a process exits without closing one or more changed files.
807180
     
Issue: Installation on a non pre-compiled kernel fails if you run the installer from a Windows share that is mounted using CIFS.
Workaround: Mount the Windows share using NFS.
811983
     
Issue: Property collection on ePO and the endpoint might show different versions of Solidifier if the system is not rebooted after upgrade.
812578
     
Issue: On some kernels, error messages related to scdrv are displayed in the console during system boot.
818828       Issue: With VirusScan Enterprise for Linux (VSEL) 1.7 installed, the VSEL service stops with errors on the CLI.
989865       Issue: Installation of Solidifier should not occur in a symbolic link path.
991605  KB82820     Issue: After upgrading to MCC 6.1.7, new advanced exclusion filters (AEF)/updaters and attr rules are not added as default rules.
1053355      
Issue: If you erroneously try to stop the Solidcore service by using the systemctl command in Enabled mode, a subsequent attempt to stop the service in Disabled mode might fail. 
Workaround: 
To stop the service in Disabled mode, use the following commands:

systemctl start scsrvc.service
systemctl stop scsrvc.service

 
1202241       Issue: The events are not generated in RHEL 6 x86.
1203232       Issue: Solomon automated test tool can't verify some events.
1221729       Issue: Symbolic link creation message shown after installation.
Workaround: Delete symbolic link manually after uninstallation process.
1221724       Issue: MACC crashes on LSES11 x86 with kernel 3.0.101-108.10-default

Back to top

Linux
 
Reference Article Found in version Resolved in Version Description
602174       Issue: When you log on to a solidified system using Telnet as a non-root user, the original_user name displays as root.
602981       Issue: When you mount a single share on more than one mount point and perform a file operation from any of these mount points, events that show the pathname might refer to any of those shares.
1009579       Issue: On a protected system running Red Hat Enterprise Linux (RHEL) 5 with kernel 2.6.18-308.EL5 or later, the deny-read feature does not work on an NFSv4 mounted partition.
1211104       Issue: After running automated testing tool (Solomon), there is a crash in UBUNTU 16.04 x86 platform with kernel 4.4.0-47-generic.
1224787       Issue: MACC service stops working after running the command sadmin disable and restarting Solidcore service.
Workaround: To complete entering disabled mode, reboot the system. After you reboot the system, it operates as expected.

Back to top
 

CRITICAL: There are no known critical issues.
 
Non-critical:

Solidcore Extension

 
Reference Article Found in version Resolved in Version Description
608618       Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow. 
Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the Solidcore Agent Deployment Package to a local directory on the ePO server. Open a browser window on the ePO server to access the ePO console and upload the file from the local path. The upload happens from the ePO server to ePO avoiding network delays.
607452       Issue: ePO 4.6 reports and dashboard entries are not removed after the Solidcore Extension is uninstalled.
Workaround: If you are uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling, and before reinstalling.
607517       Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347       Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304       Issue: It is not possible to export data from the Reporting, Solidcore Events page. 
Workaround: Use Queries (Reporting, Queries) to export event data.
636769       Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table are not migrated to the ePO Events table.
636352       Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554       Issue: Solidcore policies cannot be duplicated using the Policy Details page because the OK button is disabled.
Workaround: Use the Policy Catalog page to duplicate policies.
643854       Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button is not enabled when changes are made to Solidcore Policies. 
Workaround: Edit the policy using the Policy Catalog without using Guided Configuration.
608374       Issue: When you try to enable an already enabled Solidcore Agent, the error displayed is not translated.
607908       Issue: It is not possible to export more than 50,000 records from any table or report.
608025       Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU is not added.
609911       Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO server.
Workaround: Use Internet Explorer from a different computer to export rule groups.
610303       Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0.
Workaround: Technical Support recommends using Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).
608753       Issue: Sometimes, using the user name field of reported events on the ePO server as a trusted user might not work if the client system is part of an Active Directory domain. The reason is because the domain name reported in the events is not the full AD domain. 
Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete user name to specify as the trusted user.
608759       Issue: If ePO is installed on the Japanese version of Windows, exporting the dashboard data to HTML format fails if the generated HTML file name contains digits.
608390       Issue: When viewing an Integrity Monitor policy, the My Rules tab is not translated.
669563       Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5,000 hosts), the Systems with Unauthorized changes page does not open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and the user is logged off the ePO console.
656518       Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working.
Workaround: Run the following command to upgrade the required DLL: https://<ePO_IP_address: port>remote/scor.upgradeEventParser.do 
661203       Issue: If you use reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you cannot access the older reconciliation data.
607950       Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486       Issue: When using the ePO 4.6 console, navigating quickly through the Events and Inventory pages logs off the user.
714176       Issue: On ePO 4.6 Update 1 or Update 2, if you add multiple commands to a Run Commands client task while you create the task, you cannot later remove the commands from the saved client task.
719796       Issue: Global Catalog search for Active Directory (AD) groups is not supported.
Workaround: Search for a group in a specific AD server instead of using the Global Catalog.

To add a specific group:
  1. Log on to the ePO 4.x console.
  2. Add the AD server with the group as a Registered Server.
  3. Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
  4. Add the group to a policy as a trusted group.
722045       Issue: Adding new columns, such as Solidcore Status and Solidification Status, for an endpoint by clicking ActionsChoose columnsNon Compliant Solidcore Agent might not display values for all endpoints. The reason is because the Non Compliant Solidcore Agent section includes only noncompliant agent properties.
Workaround: When adding new columns for an endpoint, click ActionsChoose columnsSolidcore Client Properties instead of Actions, Choose columns, Non Compliant Solidcore Agent.
695769       Issue: Under the Content Change Tracking feature, the view file page goes blank for a file size of around 1 MB.
800014       Issue: Extra events are reconciled when you perform manual reconciliation from custom queries.
Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page directly by clicking Menu, Reporting, Solidcore Events.

NOTE: This option does not work well if you reach Solidcore Events by drilling down from a Query page.
882821       Issue: Sorting is not supported on the Last Modification Time column on the Content Change Tracking page.
937037       Issue: You cannot upgrade Solidcore help extension from previous versions to 6.1.2.020.
Workaround: Uninstall the old help extension and install the new one.

Back to top

Solidcore Agent:

UNIX (all versions)
 
Reference Article Found in version Resolved in Version Description
969846       Issue: For an unsupported kernel, the Build property of the endpoint on the ePO properties screen displays as Compiled.
944538       Issue: MAC/MCC 6.1.4 are not compatible with VSEL 2.0.
900761      
Issue: When the endpoint is Disabled and not rebooted, the product upgrade is not successful. The reason is because the driver is not unloaded.
Workaround: Reboot the endpoint system and perform the upgrade task again.
       
The following issues are from the MCC 6.1.0 Linux/UNIX release
608671
 
   
Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO is not supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. Technical Support recommends that you uninstall the existing version and then install the new version using ePO.
608737
 
   
Issue: If the partition with the /opt/McAfee/cma directory has insufficient space, events might not be generated. Also, a Failed to generate event xml error message is added to the solidcore.log file. Free up space in partition with the /opt/McAfee/cma directory.
601728
 
   
Issue: According to NFS protocol, if a file present on the NFS share is opened once on the NFS client, it cannot be reopened until the file attributes are changed. If a read-protected file, on an NFS share, is opened on the client side in update mode, the user could be read it on the client. It can be read in enable mode (after coming out of the update mode) until the file attributes are changed on the server.
601734
 
   
Issue: Changing a hard link might cause the name of the link or program to display in events.
601914
 
   
Issue: For daemon processes, the reported user name and original user name are the same.
602653
 
   
Issue: A write-protected file can be changed through its hard link if the hard link has already been created.
602772
 
   
Issue: Scripts without the #! tag cannot act as updaters.
602977
 
   
Issue: For loopback file systems, some features, such as updater and monitoring, do not work correctly when the loopback path is used instead of the physical path in the sadmin commands. For instance, if /opt is mounted as a loopback file system at /mnt, to add /mnt/abc as an updater, you must add the path /opt/abc as an updater.
602990
 
   
Issue: Some features, such as updaters and mon-proc-exec, do not work properly for unsupported file formats. Only executable binaries and #! scripts are supported file formats.
603462
 
   
Issue: The BOOTING_ENABLED and BOOTING_UPDATE_MODE events are not added to the system log.
Workaround: At boot time, start the syslog service before the Solidcore Agent service.
603490
 
   
Issue: The following issues are observed when an updater calls another updater:
  • If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
  • If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.
604780
 
   
Issue: For processes that are not directly associated with a terminal, the original_user field is the same as the user field. For example, when you run a script through Runlevel/init scripts, original_user is same as the user.
605062
 
   
Issue: The mmap system call at the NFS client does not work if the file is read-protected.
606674
 
   
Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.
607014
 
   
Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.
607024
 
   
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to Solidcore Agent. But, it is effective only after the deny-read feature is enabled on the Solidcore Agent.
607245
 
   
Issue: No events are generated for changes to a file with the string solidcore.log in its name, for example, mysolidcore.log.
601763
 
   
Issue: Process information cannot be determined for processes that are invoked before the Solidcore Agent driver is loaded. This issue has the following implications:
  • If such a process makes file changes, these changes might not be reported.
  • For processes that started before the driver was loaded, only the partial program names are reported.
  • For NFS, the changes done by the client, the change events displaying on the server have only the relative name for the NFS daemon (in other words, nfsd or nfsktcpd).
  • No Process Start and Process Stop events are generated for already running processes.
  • On only the AIX platform, Change Tracking / Prevention on file systems mounted by such processes might or might not work. System calls executed by already running processes cannot be trapped because of differences in the way system calls are implemented for the AIX platform. As a workaround, you can restart such processes.
604604
 
   
Issue: Write/read protection does not work on files added via cachefs/lofs.
613214
 
   
Issue: If the installation path is a mount point, forcibly unmounting (for example, using the umount –f command) might lead to non-deterministic behavior.
603386
 
   
Issue: The Solidcore Agent cannot be installed, upgraded, or uninstalled through init scripts that run at system boot time.
Workaround: Add the following two statements in the init script before invoking the installer:
HOME=""/""
export HOME
613205
 
   
Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For example, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.
613213
 
   
Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls and multiple FILE_MODIFIED events are generated at the NFS server.
610254
 
   
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gz file is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
     
Issue: Localized strings not consistent. Partial localization occurs in some events and messages.
708279
     
Issue: For RHEL5/RHEL6 (Kernel less than 2.6.32-220) and kernels of SLES 10/SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over an NFSv4 partition.
762449
     
Issue: Events are generated if a special device file is renamed.
797291
     
Issue: After Dynamic Kernel Module compilation, an empty file named 2 gets created in the dks directory.
797363
     
Issue: The Sadmin Xray command does not list the attr specific configurations for the running process.
798843
     
Issue: Unexpected behavior might be observed if a process exits without closing one or more changed files.
802433
     
Issue: If the volume is unsolidified, it is not listed as unsolidified in the output of sadmin status.
807180
     
Issue: Installation on a non pre-compiled kernel fails if you run the installer from a Windows share that is mounted using CIFS.
Workaround: Mount the Windows share using NFS.
811983
     
Issue: Property collection on ePO and the endpoint might show different versions of Solidifier if the system is not rebooted after upgrade.
812578
     
Issue: On some kernels, error messages related to scdrv are displayed in the console during system boot.
818828       Issue: With VirusScan Enterprise for Linux (VSEL) 1.7 installed, the VSEL service stops with errors on the CLI.
989865       Issue: Installation of Solidifier should not occur in a symbolic link path.
991605  KB82820     Issue: After upgrading to MCC 6.1.4, new advanced exclusion filters (AEF)/updaters and attr rules are not added as default rules.

Back to top

Linux
 
Reference Article Found in version Resolved in Version Description
602174       Issue: When you log on to a solidified system using Telnet as a non-root user, the original_user name displays as root.
602981       Issue: When a single share is mounted on more than one mount point and a file operation is performed from any of these mount points, events that show the pathname might refer to any of those shares.
1009579       Issue: On a protected system running Red Hat Enterprise Linux 5 with kernel 2.6.18-308.EL5 or later, the deny-read feature does not work on an NFSv4 mounted partition.

Back to top
 

CRITICAL: There are no known critical issues.

Non-critical:

Solidcore Extension
 
Reference Article Found in version Resolved in Version Description
608618       Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow. 
Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Access the ePO console on the ePO server and upload the file from the local path. This method avoids possible network delays.
607452       Issue: ePO 4.6 reports and dashboard entries are not removed after the Solidcore Extension is uninstalled.
Workaround: If you are uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling and before reinstalling.
607517       Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347       Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304       Issue: It is not possible to export data from the Reporting, Solidcore Events page. 
Workaround: Use Queries (Reporting, Queries) to export event data.
636769       Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table are not migrated to the ePO Events table.
636352       Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554       Issue: Solidcore policies cannot be duplicated using the Policy Details page because the OK button is disabled.
Workaround: Use the Policy Catalog page to duplicate policies.
643854       Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button is not enabled when changes are made to Solidcore Policies. 
Workaround: Edit the policy using the Policy Catalog without using Guided Configuration.
608374       Issue: When you try to enable an already enabled Solidcore Agent, the error displayed is not translated.
607908       Issue: It is not possible to export more than 50,000 records from any table or report.
608025       Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU is not added.
609911       Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO server.
Workaround: Use Internet Explorer from a different computer to export rule groups.
610303       Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0.
Workaround: Technical Support recommends Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).
608753       Issue: Sometimes, using the user name field of reported events on the ePO server as a trusted user might not work if the client system is part of an Active Directory domain. The reason is because the domain name reported in the events is not the full AD domain. 
Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete user name to specify as the trusted user.
608759       Issue: If ePO is installed on a Japanese version of Windows, exporting the dashboard data to HTML format fails if the generated HTML file name contains digits.
608390       Issue: When viewing an Integrity Monitor policy, the My Rules tab is not translated.
669563       Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5,000 hosts), the Systems with Unauthorized changes page does not open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and the user is logged off the ePO console.
656518       Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working.
Workaround: Run the following command to upgrade the required DLL: https://<ePO IP address:port>/remote/scor.upgradeEventParser.do 
661203       Issue: If you are using reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you cannot access the older reconciliation data.
607950       Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486       Issue: When using the ePO 4.6 console, navigating quickly through the Events pages logs off the user.
714176       Issue: On ePO 4.6 Update 1 or Update 2, if you add multiple commands to a Run Commands client task while creating the task, you cannot later remove the commands from the saved client task.
719796       Issue: Global Catalog search for Active Directory groups is not supported.
Workaround: Search for a group in a specific Active Directory server instead of using the Global Catalog. To add a specific group:
  1. Log on to the ePO 4.x console.
  2. Add the AD server with the group as a registered server.
  3. Search for the group by selecting the registered AD server. Ensure that the Global Catalog Search option is deselected.
  4. Add the group to a policy as a trusted group.
722045       Issue: Adding new columns, such as Solidcore Status and Solidification Status, for an endpoint by clicking ActionsChoose columnsNon Compliant Solidcore Agent might not display values for all endpoints. The reason is because the Non Compliant Solidcore Agent section includes only noncompliant agent properties.
Workaround: When adding new columns for an endpoint, click ActionsChoose columnsSolidcore Client Properties instead of Actions, Choose columns, Non Compliant Solidcore Agent.
695769       Issue: Under the Content Change Tracking feature, the view file page goes blank for a file size of around 1 MB.
800014       Issue: Extra events are reconciled when manual reconciliation is performed from custom queries.
Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page. Navigate to Menu, Reporting, Solidcore Events.

NOTE: This option does not work well if you reach Solidcore Events by drilling down from a Query page.
882821       Issue: Sorting is not supported on the Last Modification Time column on the Content Change Tracking page.
937037       Issue: You cannot upgrade Solidcore help extension from previous versions to 6.1.2.020.
Workaround: Uninstall the old help extension and install the new one.

Back to top

Solidcore Agent

Windows (all versions)
 
Reference Article Found in version Resolved in Version Description
608418       Issue: The Original user name reported in events is the same as the user name.
595051       Issue: Multiple operating systems on the same computer are not supported. Product features work only on the operating system it is installed on.
599812       Issue: Uninstallation fails if the uninstallation process is canceled before it completes.
600805       Issue: While opening a write-protected network share in Windows Explorer, a few deny-write errors are observed.
603747       Issue: The trusted, solidified, and write-protect features do not work correctly for folder-mounted volumes.
Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes.
604153       Issue: Post installation script customization is not available during upgrades. It can be used only during a fresh installation of the Solidcore Agent.
608036       Issue: Mapped drive names cannot be used in commands issued by remote users/ePO.
634733       Issue: If the database tables are corrupted, the Solidcore Agent upgrade fails and you see the following error message:

""Database: . Could not load table 'Control' in SQL query: SELECT `Control`, 
`Type`, `X`, `Y`, `Width`, `Height`, `Attributes`, `Property`, `Text`, 
`Control_Next`, `Help` FROM `Control` WHERE `Dialog_`=?"""

Workaround: Use silent installation instead of UI mode installation.
605369       Issue: When an agent installer runs the Solidcore Agent installer with the /? argument, a series of unwanted dialog boxes display because of a bug in the third-party packaging software. You can ignore these dialog boxes.
609311       Issue: Manual uninstallation of the Solidcore Agent (deployed from ePO) fails on a client computer with McAfee Agent version 4.0 (or earlier).
Workaround: Contact Technical Support for assistance if you have already tried manual uninstallation.
598002       Issue: Registry key protection does not work for all registry key hives, it works only for HKEY_LOCAL_MACHINE.
599240       Issue: A subkey registry does not get added to a protected registry key when using the reg command.
601500       Issue: Creating a shortcut in a read-protected directory is not allowed.
602122       Issue: Any file operation performed on a read-protected file generates deny-read events that correspond to the file even when the file operation is allowed.
603032       Issue: Changes to folder-mounted volumes that do not have an associated drive letter cannot be monitored.
Workaround: Assign a drive letter to a volume before mounting it on any other folder.
603628       Issue: On 64-bit platforms, ACL change events are not generated when the update mechanism supersedes the deny-write policies for registries.
605371       Issue: When you try to read a read-protected file with certain file flags set through Windows Explorer, read-denied events might not be written to the event viewer. The events are recorded in the Solidcore Agent log file.
606496       Issue: Only full long names are supported with commands that accept file or folder names. For example, names such as c:\myPackages\SETUP-~1.EXE are not supported.
606532       Issue: Virtual drive paths are not supported as path values in Solidcore Agent commands, such as write-protect, read-protect, and monitor.
600748       Issue: Multiple deny write events might be generated for a single deny write action. For example, on deletion of a file using Windows Explorer, up to 8 file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting in an event for each attempt.
608639       Issue: After you uninstall the Solidcore client from the Windows (64-bit) operating system, the Solidcore folder (c:\program files(x86)\solidcore) and Registry link (HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates) remain on the endpoint.
691196       Issue: For a file where you are tracking content changes, you receive an unknown error if connectivity issues occur while sending metadata for the file from the endpoint to the ePO console.
Workaround: When network connectivity resumes, the next change to the file is reflected accurately on the ePO console.
685124       Issue: If you are running VirusScan Enterprise (VSE) 8.8 with the Access Protection Level set to Maximum, you cannot deploy Solidcore on the endpoint.
724796       Issue: Although you can track content changes for a read-protected file, you cannot view the actual changes. The reason is because the read protection rule prevents the software from fetching file contents from the endpoint.
726020       Issue: If you upgrade from an earlier release to the 6.0 release and use a command added or changed in the 6.0 release without restarting the endpoint, you might receive a Msg not found error. 
Workaround: Restart the endpoint to ensure that all commands added or changed in the 6.0 release work correctly.
770524       Issue: The scormcpl.dll displays an older version in inventory after it is upgraded.
799559       Issue: If you exclude the .bat extension from monitoring, events for batch file operations are generated.
812964       Issue: If the Updater flag is removed for a cert rule over ePO, the certificate is listed as updater on the endpoint.
656298       Issue: Upgrade via a hotfix build fails in Update mode if initiated through an ePO Product Update Task.
876430       Issue: For monitoring and change control rules with *, the longest path rule is not given precedence for conflicting rules.
881480       Issue: Revisions are not reported for Content Change tracking if user events are filtered using the filter rules.
Workaround: Exclude the user from event filtering and apply advanced filters for the user excluding unwanted events for files and directories. 
894237       Issue: For a directory-based Content Change Tracking rule, renaming of the directory or its subdirectory generates spurious monitor events.
919290       Issue: The Registry Name in mon events is inconsistent.

920568

 KB79987     Issue: The version is not updated on the ePO server and the McTray "About" box after an endpoint upgrade.

941675

      Issue: Any changes to predefined rules for skiplist are not applied for upgrades.

940921

      Issue: Write-Denied events are generated for sadmin.exe and Instaconfig.exe by the process csrss.exe.
940085  KB73484    
Issue: There is a known incompatibility between Change Control and SafeNet ProtectFile: File Encryption and Protection software.

Back to top

Windows 2008 R2 (64-bit)
 
Reference Article Found in version Resolved in Version Description
608636       Issue: During manual installation of the Solidcore Agent on Windows 2008 R2 (64-bit), a Windows installer encountered a validation error message displays for the msiexec.exe and kernelbase.dll files.
Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation.

Windows 2008 (64-bit)
 
Reference Article Found in version Resolved in Version Description
609780       Issue: On Windows 2008 (64-bit), the rundll32.exe file crashes if an application is uninstalled via Add/Remove Programs after the SetupInstallFromInfSection() function was used to install the application.

Windows 7 (64-bit)
 
Reference Article Found in version Resolved in Version Description
708226       Issue: MCC is functionally incompatible with Avecto Privilege guard.

Windows XP
 
Reference Article Found in version Resolved in Version Description
601738       Issue: On Windows XP SP2, deny-write errors with two different file names or folder names are logged when a file or folder is created under a write-protected folder.
604834       Issue: On Windows XP, NTFS junction points are supported only when junctions are created for volumes and not for folders.

Back to top

UNIX (all versions)
 
Reference Article Found in version Resolved in Version Description
608671       Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO is not supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. Technical Support recommends that you uninstall the existing version and then install the new version using ePO.
608737       Issue: If the partition with the /opt/McAfee/cma directory has insufficient space, events might not be generated and the Failed to generate event xml error message is added to the solidcore.log file. Free up space in the partition with the /opt/McAfee/cma directory.
601728       Issue: According to NFS protocol, if a file present on the NFS share is opened once on the NFS client, it cannot be reopened until the file attributes are changed. A read-protected file, on an NFS share, opened on the client side in Update mode, can be read on the client. It can be read even in Enable mode (after coming out of the Update mode) until the file attributes are changed on the server.
601734       Issue: Changing a hard link might cause the name of the link or program to be displayed in events.
601914       Issue: For daemon processes, the reported user name and original user name are the same.
602653       Issue: A write-protected file can be changed through its hard link if the hard link has already been created.
602772       Issue: Scripts without a #! tag cannot act as updaters.
602977       Issue: For loopback file systems, some features such as updater and monitoring, do not work correctly when the loopback path is used instead of the physical path in the sadmin commands. For instance, if /opt is mounted as a loopback file system at /mnt, to add /mnt/abc as an updater you must add the path /opt/abc as an updater.
602990       Issue: Some features like updaters and mon-proc-exec do not work properly for unsupported file formats. Only executable binaries and #! scripts are supported file formats.
603462       Issue: The BOOTING_ENABLED and BOOTING_UPDATE_MODE events are not added to the system log.
Workaround: At boot time, start the syslog service before the Solidcore Agent service.
603490       Issue: The following issues are observed when an updater calls another updater:
  • If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
  • If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.
604780       Issue: For processes that are not directly associated with a terminal, the original_user field is the same as the user field. 

For example, when you run a script through Runlevel/init scripts, original_user is the same as the user.
605062       Issue: The mmap system call at the NFS client does not work if the file is read-protected.
606674       Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.
607014       Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.
607024       Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to the Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.
607245       Issue: No events are generated for changes to a file with the string solidcore.log in its name. For example, mysolidcore.log.
601763       Issue: Process information cannot be determined for processes that are invoked before the Solidcore Agent driver is loaded. This issue has the following implications:
  • If these processes make file changes then the changes might not be reported.
  • For processes that started before the driver was loaded, only the partial program names are reported.
  • For NFS, the changes done by the client, the change events displayed on the server have only the relative name for the NFS daemon (in other words, nfsd or nfsktcpd).
  • No Process Start and Process Stop events are generated for already running processes.
  • On only the AIX platform: Change Tracking / Prevention on file systems mounted by these processes might or might not work. System calls executed by already running processes cannot be trapped due to differences in the way system calls are implemented. As a workaround, you can restart such processes.
604604       Issue: Write/read protection does not work on files added via cachefs/lofs.
613214       Issue: If the installation path is a mount point, forcibly unmounting (Example: Using the umount –f command) might lead to non-deterministic behavior.
603386       Issue: The Solidcore Agent cannot be installed, upgraded, or uninstalled through init scripts that run at system boot time.
Workaround: Add the following two statements in the init script before invoking the installer:

HOME=""/"" 
export HOME

613205       Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For example, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.
613213       Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls and multiple FILE_MODIFIED events are generated at the NFS server.
610254       Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gz file is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089       Issue: Localized strings are not consistent. Partial localization occurs in some events and messages.
708279       Issue: For RHEL5/RHEL6 (kernels earlier than 2.6.32-220) and kernels of SLES 10/SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over an NFSv4 partition.
762449       Issue: Events are generated if a special device file is renamed.
797291       Issue: During Dynamic Kernel Module compilation, an empty file named 2 is created in the dks directory.
797363       Issue: The Sadmin Xray command does not list the attr specific configurations for the running process.
798843       Issue: Unexpected behavior might be observed if a process exits without closing one or more changed files.
802433       Issue: If the volume is unsolidified, it is not listed as unsolidified in the output of ‘sadmin status’.
807180       Issue: Installation on a non pre-compiled kernel fails if the installer runs from a Windows share that is mounted using CIFS. 
Workaround: Mount the Windows share using NFS.
811983       Issue: Property collection on ePO and the endpoint might show different versions of solidifier if the system is not rebooted after upgrade.
812578       Issue: On some kernels, you see error messages related to scdrv in the console during system boot.
818828       Issue: With VirusScan Enterprise for Linux (VSEL) 1.7 installed, the VSEL service stops with errors on the CLI.

Back to top

Linux
 
Reference Article Found in version Resolved in Version Description
602174       Issue: When you log on to a solidified system using Telnet as a non-root user, the original_user name displays as root.
602981       Issue: When a single share is mounted on more than one mount point and a file operation is performed, events that show the pathname might refer to any of those shares.

Back to top

AIX
 
Reference Article Found in version Resolved in Version Description
605295       Issue: The Parent Process name might be incorrect in events if it cannot be resolved properly.
605854       Issue: For file truncation operations, only a FILE_MODIFICATION event is generated. The behavior that occurs on an AIX platform differs on other UNIX platforms.
605639       Issue: For files that exist on an unsupported volume or processes that start from an unsupported volume, only the basename (not the complete path) displays in some events.
605819       Issue: For a user in the system WPAR with a UID that does not exist on the global environment, the user name cannot be determined. Events for this user are raised with user name: UNKNOWN and original user name: UNKNOWN.
605899       Issue: The Solidcore Agent is not supported in Trusted Execution Environment.
649574       Issue: When you run the Enable client task from ePO for the AIX platform, the task is incorrectly listed as a failed task on the Client Task Log page.
Workaround: The Enable client task runs successfully, so you can ignore the task status on the Client Task Log page.
664439       Issue: Files in an autofs file-system are reported with /? at the beginning. This issue has following implications:
  • Events have /? at the beginning of the path.
  • rp/wp does not work on such files.
649731       Issue: If you use McAfee Agent 4.5 (earlier than Update 3) on the AIX 6.1 (64-bit) platform, upgrade via ePO to Solidcore 5.1.1 fails. Complete the following steps to manually upgrade to the 5.1.1 version on AIX 6.1:
  1. Stop the CMA service using the /usr/sbin/cma stop command.
  2. Uncompress the SOLIDCOR511-7505_AIX.zip file.
  3. Execute the slibclean command.
  4. Execute mapkg_install.sh (sh mapkg_install.sh) from the output directory of the .zip file.
  5. Complete one of the following steps:
     
    • If upgraded in Update mode, restart the system.
    • If upgraded in Disabled mode, start the CMA service (/usr/sbin/cma start).
777090       Issue: Under stress conditions, the event service is restarted, although there is no loss in functionality. This issue applies to AIX update 6.0.1.

Back to top
 

CRITICAL: There are no known critical issues.

Non-critical:

Solidcore Extension
 
Reference Article Found in version Resolved in Version Description

608618

      Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow. 
Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Access the ePO console on the ePO and upload the file from the local path. This workaround avoids possible network delays.

607452

 

   

Issue: ePO4.6 - Reports and dashboard entries are not removed after the Solidcore Extension is uninstalled.
Workaround: If you are uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling and before reinstalling.

607517

 

   

Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.

608347

 

   

Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.

609304

 

   

Issue: It is not possible to export data from the Reporting, Solidcore Events page. 
Workaround: Use Queries (Reporting, Queries) to export event data.

636769

 

   

Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table are not migrated to the ePO Events table.

636352

 

   

Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.

607554

 

   

Issue: Solidcore policies cannot be duplicated by using the Policy Details page because the OK button is disabled.
Workaround: Use the Policy Catalog page to duplicate policies.

643854

 

   

Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button is not enabled when changes are made to Solidcore Policies. 
Workaround: Edit the policy by using the Policy Catalog without using Guided Configuration.

608374

 

   

Issue: When you try to enable an already enabled Solidcore Agent, the error displayed is not translated.

607908

 

   

Issue: It is not possible to export more than 50,000 records from any table or report.

608025

 

   

Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU is not added.

609911

 

   

Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO Server.
Workaround: Use Internet Explorer from a different computer to export rule groups.

610303

 

   

Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0.
Workaround: Technical Support recommends Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).

608753

 

   

Issue: Sometimes, using the user name field of reported events on the ePO as a trusted user might not work if the client system is part of an Active Directory domain. The reason is because the domain name reported in the events is not the full AD domain. 
Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete user name to specify as the trusted user.

608759

 

   

Issue: If ePO is installed on a Japanese version of Windows, exporting the dashboard data to HTML format fails if the generated HTML file name contains digits.

608390

 

   

Issue: When viewing an Integrity Monitor policy, the My Rules tab is not translated.

669563

 

   

Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5000 hosts), the Systems with Unauthorized changes page does not open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and user is logged off the ePO console.

656518

 

   

Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working.
Workaround: Execute the following command to upgrade the required DLL:

https://[ePO IP address:port]/remote/scor.upgradeEventParser.do 

661203

 

   

Issue: If you are using reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you cannot access the older reconciliation data.

607950

 

   

Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.

707486

 

   

Issue: When using the ePO 4.6 console, navigating quickly through the Events pages logs off the user.

714176

 

   

Issue: On ePO 4.6 Update 1 or Update 2, if you add multiple commands to a Run Commands client task while creating the task, you cannot later remove the commands from the saved client task.

719796

 

   

Issue: Global catalog search for Active Directory groups is not supported.
Workaround: Search for a group in a specific Active Directory server instead of using the Global Catalog. To add a specific group:

  1. Log on to the ePO 4.x console.
  2. Add the AD server with the group as a registered server.
  3. Search for the group by selecting the registered AD server. Ensure that the Global Catalog Search option is deselected.
  4. Add the group to a policy as a trusted group.

722045

 

   

Issue: Adding new columns, such as Solidcore Status and Solidification Status for an endpoint by clicking ActionsChoose columnsNon Compliant Solidcore Agent might not display values for all endpoints. The reason is because the Non Compliant Solidcore Agent section includes only noncompliant agent properties.
Workaround: When adding new columns for an endpoint, click ActionsChoose columnsSolidcore Client Properties instead of Actions, Choose columns, Non Compliant Solidcore Agent.

695769

 

   

Issue: Under Content Change Tracking feature, the view file page goes blank for file size of around 1 MB.

800014

 

   

Issue: Extra events are reconciled when manual reconciliation done from custom queries.
Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page. Navigate to Menu, Reporting, Solidcore Events.

NOTE: This option does not work well if you reach to Solidcore Events by drilling down from a Query page.

882821

 

   

Issue: Sorting is not supported on Last Modification Time column on the Content Change Tracking page.

921436       Issue: ePO 5.0 - File upload functionality does not work when file is uploaded from Internet Explorer 10 browser. The following action might not work when ePO 5.0 is used with Internet Explorer 10 browser.
  1. Click MenuConfiguration.
  2. Click Solidcore RulesRule Groups Page.

Workaround: Perform this action using other browsers (Example: Firefox, Chrome).

937037       Issue: Cannot upgrade Solidcore help extension from previous versions to 6.1.2.020.

Workaround: Uninstall the old help extension and install the new one.


Back to top

Solidcore Agent

Windows (all versions)
 
Reference Article Found in version Resolved in Version Description

608418

 

   

Issue: Original user name reported in events is the same as user name.

595051

 

   

Issue: Multiple operating systems on the same computer are not supported. Product features work only on the operating system it is installed on.

599812

 

   

Issue: Uninstallation fails if the uninstallation process is canceled before it completes.

600805

 

   

Issue: While opening a write-protected network share in Windows Explorer, few deny-write errors are observed.

603747

 

   

Issue: The trusted, solidified, and write-protect features do not work correctly for folder-mounted volumes.
Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes.

604153

 

   

Issue: Post install script customization is not available during upgrades. It can only be used during fresh installation of the Solidcore Agent.

608036

 

   

Issue: Mapped drive names cannot be used in commands issued by remote users/ePO.

634733

 

   

Issue: If the database tables are corrupted, the Solidcore Agent upgrade fails and you see the following error message:

""Database: . Could not load table 'Control' in SQL query: SELECT `Control`, 
`Type`, `X`, `Y`, `Width`, `Height`, `Attributes`, `Property`, `Text`, 
`Control_Next`, `Help` FROM `Control` WHERE `Dialog_`=?"""

Workaround: Use silent installation instead of UI mode installation.

605369

 

   

Issue: When an agent installer runs the Solidcore Agent installer with the /? argument, a series of unwanted dialog boxes display due to a bug in the third-party packaging software. You can ignore these dialog boxes.

609311

 

   

Issue: Manual uninstallation of the Solidcore Agent (deployed from ePO) fails on a client computer with McAfee Agent version 4.0 (or earlier).
Workaround: Contact Technical Support for assistance if you have already tried manual uninstallation.

598002

 

   

Issue: Registry key protection does not work for all registry key hives, it works only for HKEY_LOCAL_MACHINE.

599240

 

   

Issue: A subkey registry does not get added to a protected registry key when using the reg command.

601500

 

   

Issue: Creating a shortcut in a read-protected directory is not allowed.

602122

 

   

Issue: Any file operation performed on a read-protected file generates deny-read events that correspond to the file even when the file operation is allowed.

603032

 

   

Issue: Changes to folder-mounted volumes that do not have an associated drive letter cannot be monitored.
Workaround: Assign a drive letter to a volume before mounting it on any other folder.

603628

 

   

Issue: On 64-bit platforms, ACL change events are not generated when the update mechanism supersedes the deny-write policies for registries.

605371

 

   

Issue: When you try to read a read-protected file with certain file flags set through Windows Explorer, read-denied events might not be written to the event viewer. The events are recorded in the Solidcore Agent log file.

606496

 

   

Issue: Only full long names are supported with commands that accept file or folder names. For example, Names such as c:\myPackages\SETUP-~1.EXE are not supported.

606532

 

   

Issue: Virtual drive paths are not supported as path values in Solidcore Agent commands, such as write-protect, read-protect, and monitor.

607024

 

   

Issue: The deny-read feature is disabled by default. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.

600748

 

   

Issue: Multiple deny write events might be generated for a single deny write action. For example, on deletion of a file using Windows Explorer, up to 8 file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting an event for each attempt.

608639

 

   

Issue: After you uninstall the Solidcore client from the Windows (64-bit) operating system, the Solidcore folder (c:\program files(x86)\solidcore) and Registry link (HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates) remain on the endpoint.

691196

 

   

Issue: For a file where you are tracking content changes, you receive an unknown error if connectivity issues occur while sending metadata for the file from the endpoint to the ePO console.
Workaround: When network connectivity resumes, the next change to the file is reflected accurately on the ePO console.

685124

 

   

Issue: If you are running VirusScan Enterprise (VSE) 8.8 with the Access Protection Level set to Maximum, you cannot deploy Solidcore on the endpoint.

724796

 

   

Issue: Although you can track content changes for a read-protected file, you cannot view the actual changes. The reason is because the read protection rule prevents the software from fetching file contents from the endpoint.

726020

 

   

Issue: If you upgrade from an older release to the 6.0 release and use a command added or changed in the 6.0 release without restarting the endpoint, you might receive a Msg not found error. 
Workaround: Restart the endpoint to ensure that all commands added or changed in the 6.0 release work correctly.

770524

     

Issue: The scormcpl.dll displays an older version in inventory after it is upgraded.

799559

     

Issue: If you exclude the .bat extension from monitoring, events for batch file operations are generated.

812964

     

Issue: If the Updater flag is removed for a cert rule over ePO, certificate is listed as updater on the endpoint.

656298

     

Issue: Upgrade via hotfix build fails in Update Mode if initiated through an ePO Product Update Task.

876430

     

Issue: For monitoring and change control rules with '*', the 'longest path' rule is not given precedence for conflicting rules.

881480

 

   

Issue: Revisions not reported for Content Change tracking if user events are filtered using the filter rules.
Workaround: Exclude the user from event filtering and apply advanced filters for the user for exclusion of unwanted events for files and directories. 

894237

 

   

Issue: For a directory-based Content Change Tracking rule, renaming of the directory or its subdirectory generates spurious monitor events.

919290

 

   

Issue: The Registry Names in mon events are inconsistent.

920568

KB79987    

Issue: Endpoint version is not updated on the ePO server and the McTray About box after an endpoint upgrade.


Back to top

Windows 2008 R2 [64-bit]
 
Reference Article Found in version Resolved in Version Description
608636       Issue: During manual installation of the Solidcore Agent on Windows 2008 R2 (64-bit), the Windows installer encountered a validation error message displays for the msiexec.exe and kernelbase.dll files.
Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation.

Windows 2008 [64-bit]
 
Reference Article Found in version Resolved in Version Description
609780       Issue: On Windows 2008 (64-bit), the rundll32.exe file crashes if an application is uninstalled via the Add/Remove Programs after the SetupInstallFromInfSection() function was used to install the application.

Windows 7 [64-bit]
 
Reference Article Found in version Resolved in Version Description

708226

     

Issue: MCC is functionally incompatible with Avecto Privilege guard.


Windows XP
 
Reference Article Found in version Resolved in Version Description
601738       Issue: On Windows XP SP2, deny-write errors with two different file names or folder names are logged when a file or folder is created under a write-protected folder.
604834       Issue: On Windows XP, NTFS junction points are supported only when junctions are created for volumes and not for folders.

Back to top

UNIX (all versions)
 
Reference Article Found in version Resolved in Version Description

608671

 

   

Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO is not supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. Technical Support recommends that you uninstall the existing version and then install the new version using ePO.

608737

 

   

Issue: If the partition with the /opt/McAfee/cma directory has insufficient space, events might not be generated and the Failed to generate event xml error message is added to the solidcore.log file. Free up space in partition with the /opt/McAfee/cma directory.

601728

 

   

Issue: According to NFS protocol, if a file present on the NFS share is opened once on the NFS client, it cannot be reopened until the file attributes are changed. A read-protected file, on an NFS share, opened on the client side in update mode can be read on the client. It can be read even in enable mode (after coming out of the update mode) until the file attributes are changed on the server.

601734

 

   

Issue: Changing a hard link might cause the name of the link or program to be displayed in events.

601914

 

   

Issue: For daemon processes, the reported user name and original user name are the same.

602653

 

   

Issue: A write-protected file can be changed through its hard link if the hard link has already been created.

602772

 

   

Issue: Scripts without a #! tag cannot act as updaters.

602977

 

   

Issue: For loopback file systems, some features such as updater and monitoring do not work correctly when the loopback path is used instead of physical path in the sadmin commands. For instance, if /opt is mounted as a loopback file system at /mnt, to add /mnt/abc as an updater you must add the path /opt/abc as an updater.

602990

 

   

Issue: Some features like updaters and mon-proc-exec do not work properly for unsupported file formats. Only executable binaries and #! scripts are supported file formats.

603462

 

   

Issue: The BOOTING_ENABLED and BOOTING_UPDATE_MODE events are not added to the system log.
Workaround: At boot time, start the syslog service before the Solidcore Agent service.

603490

 

   

Issue: The following issues are observed when an updater calls another updater:

  • If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
  • If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.

604780

 

   

Issue: For processes that are not directly associated with a terminal, the original_user field is the same as the user field. 

For example, when you run a script through Runlevel/init scripts, original_user is same as the user.

605062

 

   

Issue: The mmap system call at the nfs client does not work if the file is read-protected.

606674

 

   

Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.

607014

 

   

Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.

607024

 

   

Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.

607245

 

   

Issue: No events are generated for changes to a file with the string “solidcore.log” in its name. For example, mysolidcore.log.

601763

 

   

Issue: Process information cannot be determined for processes that are invoked before the Solidcore Agent driver is loaded. This fact has the following implications:

  • If these processes make file changes then the changes might not be reported.
  • For processes that started before the driver was loaded, only the partial program names are reported.
  • For NFS, the changes done by the client, the change events displayed on the server have only the relative name for the NFS daemon (in other words, nfsd or nfsktcpd).
  • No Process Start and Process Stop events are generated for already running processes.
  • On only the AIX platform: Change Tracking / Prevention on file systems mounted by these processes might or might not work. System calls executed by already running processes cannot be trapped due to differences in the way system calls are implemented. As a workaround, you can restart such processes.

604604

 

   

Issue: Write/read protection does not work on files added via cachefs/lofs.

613214

 

   

Issue: If the install path is a mount point, forcibly unmounting (Example: Using the umount –f command) might lead to non-deterministic behavior.

603386

 

   

Issue: The Solidcore Agent cannot be installed, upgraded, or uninstalled through init scripts that run at system boot time.
Workaround: Add the following two statements in the init script before invoking the installer:

HOME=""/"" 

export HOME

613205

 

   

Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For instance, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.

613213

 

   

Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls and multiple FILE_MODIFIED events are generated at the NFS server.

610254

 

   

Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gz file is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.

616089

     

Issue: Localized strings not consistent. Partial localization in some events and messages.

708279

     

Issue: For RHEL5/RHEL6 (Kernel less than 2.6.32-220) and kernels of SLES 10/SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over NFSv4 partition.

762449

     

Issue: Events are generated if special device file is renamed.

797291

     

Issue: During Dynamic Kernel Module compilation, an empty file named 2 is created in the dks directory.

797363

     

Issue: The Sadmin Xray command does not list the attr specific configurations for the running process.

798843

     

Issue: Unexpected behavior might be observed if a process exits without closing one or more changed files.

802433

     

Issue: If the volume is unsolidified, it is not listed as unsolidified in the output of ‘sadmin status’.

807180

     

Issue: Installation on a non pre-compiled kernel fails if the installer runs from a Windows share that is mounted using CIFS. 
Workaround: Mount the Windows share using NFS.

811983

     

Issue: Property collection on ePO and endpoint might show different versions of solidifier if the system is not rebooted after Upgrade.

812578

     

Issue: On some kernels, you see error messages related to scdrv in the console during system boot.

818828       Issue: With VirusScan Enterprise for Linux (VSEL) 1.7 installed, the VSEL service stops with errors on CLI.

Back to top

Linux
 
Reference Article Found in version Resolved in Version Description
602174       Issue: When you log on to a solidified system using telnet as a non-root user, the original_user name displays as root.
602981       Issue: When a single share is mounted on more than one mount point and a file operation is performed, events that show the pathname might refer to any of those shares.

Back to top

AIX
 
Reference Article Found in version Resolved in Version Description
605295       Issue: The Parent Process name might be incorrect in events if it cannot be resolved properly.
605854       Issue: For file truncation operations, only a FILE_MODIFICATION event is generated. The behavior that occurs on AIX platforms is different on other UNIX platforms.
605639       Issue: For files that exist on an unsupported volume or processes that start from an unsupported volume, only the basename (not the complete path) displays in some events.
605819       Issue: For a user in system WPAR with a UID that does not exist on the global environment, the user name cannot be determined. Events for this user are raised with user name: UNKNOWN and original user name: UNKNOWN.
605899       Issue: The Solidcore Agent is not supported in Trusted Execution Environment.
649574       Issue: When you run the Enable client task from ePO for the AIX platform, the task is incorrectly listed as a failed task on the Client Task Log page.
Workaround: The Enable client task runs successfully, so you can ignore the task status on the Client Task Log page.
664439       Issue: Files in an autofs file-system are reported with /? at the beginning. This issue has following implications:
  • Events have /? at the beginning of the path.
  • rp/wp does not work on such files.
649731       Issue: If you use McAfee Agent 4.5 (earlier than Update 3) on the AIX 6.1 (64-bit) platform, upgrade via ePO to Solidcore 5.1.1 fails. Complete the following steps to manually upgrade to the 5.1.1 version on AIX 6.1:
  1. Stop the CMA service using the following command: /usr/sbin/cma stop
  2. Uncompress the SOLIDCOR511-7505_AIX.zip file.
  3. Execute the slibclean command.
  4. Execute mapkg_install.sh (sh mapkg_install.sh) from the output directory of the .zip file.
  5. Complete one of the following steps:
     
    • If upgraded in update mode, restart the system.
    • If upgraded in disabled mode, start the CMA service (/usr/sbin/cma start).
777090       Issue: Under stress conditions, the event service is restarted, although there is no loss in functionality. This issue applies to AIX update 6.0.1.

Back to top
 

CRITICAL: There are no known critical issues.

Non-critical:

Solidcore Extension
 
Reference Article Found in version Resolved in Version Description

608618

      Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow. 
Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Access the ePO console on the ePO and upload the file from the local path. This workaround avoids possible network delays.

607452

 

   

Issue: Reports and dashboard entries are not removed after the Solidcore Extension is uninstalled.
Workaround: If you are uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling and before reinstalling.

607517

 

   

Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.

608347

 

   

Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.

609304

 

   

Issue: It is not possible to export data from the Reporting, Solidcore Events page. 
Workaround: Use Queries (Reporting, Queries) to export event data.

636769

 

   

Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table are not migrated to the ePO Events table.

636352

 

   

Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.

607554

 

   

Issue: Solidcore policies cannot be duplicated by using the Policy Details page because the OK button is disabled.
Workaround: Use the Policy Catalog page to duplicate policies.

643854

 

   

Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button is not enabled when changes are made to Solidcore Policies. 
Workaround: Edit the policy by using the Policy Catalog without using Guided Configuration.

608374

 

   

Issue: When you try to enable an already enabled Solidcore Agent, the error displayed is not translated.

607908

 

   

Issue: It is not possible to export more than 50,000 records from any table or report.

608017

 

   

Issue: The Configuration page allows users to create a group with the name My Rules.

608025

 

   

Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU is not added.

609911

 

   

Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO Server.
Workaround: Use Internet Explorer from a different computer to export rule groups.

610303

 

   

Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0.
Workaround: McAfee recommends Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).

608753

 

   

Issue: Sometimes, using the user name field of reported events on the ePO as a trusted user might not work if the client system is part of an Active Directory domain. The reason is because the domain name reported in the events is not the full AD domain. 
Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete user name to specify as the trusted user.

608759

 

   

Issue: If ePO is installed on a Japanese version of Windows, exporting the dashboard data to HTML format fails if the generated HTML file name contains digits.

608390

 

   

Issue: When viewing an Integrity Monitor policy, the My Rules tab is not translated.

669563

 

   

Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5000 hosts), the Systems with Unauthorized changes page does not open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and user is logged off the ePO console.

656518

 

   

Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working.
Workaround: Execute the following command to upgrade the required DLL:  

https://[ePO IP address:port]/remote/scor.upgradeEventParser.do 

661203

 

   

Issue: If you are using reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you cannot access the older reconciliation data.

607950

 

   

Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.

707486

 

   

Issue: When using the ePO 4.6 console, navigating quickly through the Events pages logs off the user.

714176

 

   

Issue: On ePO 4.6 Update 1 or Update 2, if you add multiple commands to a Run Commands client task while creating the task, you cannot later remove the commands from the saved client task.

719796

 

   

Issue: Global catalog search for Active Directory groups is not supported.
Workaround: Search for a group in a specific Active Directory server instead of using the Global Catalog. To add a specific group:

  1. Log on to the ePO 4.x console.
  2. Add the AD server with the group as a registered server.
  3. Search for the group by selecting the registered AD server. Ensure that the Global Catalog Search option is deselected.
  4. Add the group to a policy as a trusted group.

722045

 

   

Issue: Adding new columns, such as Solidcore Status and Solidification Status for an endpoint by clicking ActionsChoose columnsNon Compliant Solidcore Agent might not display values for all endpoints. The reason is because the Non Compliant Solidcore Agent section includes only noncompliant agent properties.
Workaround: When adding new columns for an endpoint, click ActionsChoose columnsSolidcore Client Properties instead of Actions, Choose columns, Non Compliant Solidcore Agent.

695769

 

   

Issue: Under Content Change Tracking feature, the view file page goes blank for file size of around 1 MB.

800014

 

   

Issue: Extra events are reconciled when manual reconciliation done from custom queries.
Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page. Navigate to Menu, Reporting, Solidcore Events.

NOTE: This option does not work well if you reach to Solidcore Events by drilling down from a Query page.

882821

 

   

Issue: Sorting is not supported on Last Modification Time column on the Content Change Tracking page.


Back to top

Solidcore Agent

Windows (all versions)
 
Reference Article Found in version Resolved in Version Description

608418

 

   

Issue: Original user name reported in events is the same as user name.

595051

 

   

Issue: Multiple operating systems on the same computer are not supported. Product features work only on the operating system it is installed on.

599812

 

   

Issue: Uninstallation fails if the uninstallation process is canceled before it completes.

600805

 

   

Issue: While opening a write-protected network share in Windows Explorer, few deny-write errors are observed.

603747

 

   

Issue: The trusted, solidified, and write-protect features do not work correctly for folder-mounted volumes.
Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes.

604153

 

   

Issue: Post install script customization is not available during upgrades. It can only be used during fresh installation of the Solidcore Agent.

608036

 

   

Issue: Mapped drive names cannot be used in commands issued by remote users/ePO.

634733

 

   

Issue: If the database tables are corrupted, the Solidcore Agent upgrade fails and the following error message is displayed:

""Database: . Could not load table 'Control' in SQL query: SELECT `Control`, 
`Type`, `X`, `Y`, `Width`, `Height`, `Attributes`, `Property`, `Text`, 
`Control_Next`, `Help` FROM `Control` WHERE `Dialog_`=?"""

Workaround: Use silent installation instead of UI mode installation.

605369

 

   

Issue: When an agent installer runs the Solidcore Agent installer with the /? argument, a series of unwanted dialog boxes display due to a bug in the third-party packaging software. You can ignore these dialog boxes.

609311

 

   

Issue: Manual uninstallation of the Solidcore Agent (deployed from ePO) fails on a client computer with McAfee Agent version 4.0 (or earlier).
Workaround: Contact Technical Support for assistance if you have already tried manual uninstallation.

598002

 

   

Issue: Registry key protection does not work for all registry key hives, it works only for HKEY_LOCAL_MACHINE.

599240

 

   

Issue: A subkey registry does not get added to a protected registry key when using the reg command.

601500

 

   

Issue: Creating a shortcut in a read-protected directory is not allowed.

602122

 

   

Issue: Any file operation performed on a read-protected file generates deny-read events that correspond to the file even when the file operation is allowed.

603032

 

   

Issue: Changes to folder-mounted volumes that do not have an associated drive letter cannot be monitored.
Workaround: Assign a drive letter to a volume before mounting it on any other folder.

603628

 

   

Issue: On 64-bit platforms, ACL change events are not generated when the update mechanism supersedes the deny-write policies for registries.

605371

 

   

Issue: When you try to read a read-protected file with certain file flags set through Windows Explorer, read-denied events might not be written to the event viewer. The events are recorded in the Solidcore Agent log file.

606496

 

   

Issue: Only full long names are supported with commands that accept file or folder names. For example, Names such as c:\myPackages\SETUP-~1.EXE are not supported.

606532

 

   

Issue: Virtual drive paths are not supported as path values in Solidcore Agent commands, such as write-protect, read-protect, and monitor.

607024

 

   

Issue: The deny-read feature is disabled by default. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.

600748

 

   

Issue: Multiple deny write events might be generated for a single deny write action. For example, on deletion of a file using Windows Explorer, up to 8 file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting an event for each attempt.

608639

 

   

Issue: After you uninstall the Solidcore client from the Windows (64-bit) operating system, the Solidcore folder (c:\program files(x86)\solidcore) and Registry link (HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates) remain on the endpoint.

691196

 

   

Issue: For a file where you are tracking content changes, you receive an unknown error if connectivity issues occur while sending metadata for the file from the endpoint to the ePO console.
Workaround: When network connectivity resumes, the next change to the file is reflected accurately on the ePO console.

685124

 

   

Issue: If you are running VirusScan Enterprise (VSE) 8.8 with the Access Protection Level set to Maximum, you cannot deploy Solidcore on the endpoint.

724796

 

   

Issue: Although you can track content changes for a read-protected file, you cannot view the actual changes. The reason is because the read protection rule prevents the software from fetching file contents from the endpoint.

726020

 

   

Issue: If you upgrade from an older release to the 6.0 release and use a command added or changed in the 6.0 release without restarting the endpoint, you might receive a Msg not found error. 
Workaround: Restart the endpoint to ensure that all commands added or changed in the 6.0 release work correctly.

770524

     

Issue: The scormcpl.dll displays an older version in inventory after it is upgraded.

799559

     

Issue: If you exclude the .bat extension from monitoring, events for batch file operations are generated.

812964

     

Issue: If the Updater flag is removed for a cert rule over ePO, certificate is listed as updater on the endpoint.

656298

     

Issue: Upgrade via hotfix build fails in Update Mode if initiated through an ePO Product Update Task.

876430

     

Issue: For monitoring and change control rules with '*', the 'longest path' rule is not given precedence for conflicting rules.

881480

 

   

Issue: Revisions not reported for Content Change tracking if user events are filtered using the filter rules.
Workaround: Exclude the user from event filtering and apply advanced filters for the user for exclusion of unwanted events for files and directories. 

894237

 

   

Issue: For a directory-based Content Change Tracking rule, renaming of the directory or its subdirectory generates spurious monitor events.


Back to top

Windows 2008 R2 [64-bit]
 
Reference Article Found in version Resolved in Version Description
608636       Issue: During manual installation of the Solidcore Agent on Windows 2008 R2 (64-bit), the Windows installer encountered a validation error displays for the msiexec.exe and kernelbase.dll files.
Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation.

Windows 2008 [64-bit]
 
Reference Article Found in version Resolved in Version Description
609780       Issue: On Windows 2008 (64-bit), the rundll32.exe file crashes if an application is uninstalled via the Add/Remove Programs after the SetupInstallFromInfSection() function was used to install the application.

Windows 7 [64-bit]
 
Reference Article Found in version Resolved in Version Description

708226

     

Issue: MCC is functionally incompatible with Avecto Privilege guard.


Windows XP
 
Reference Article Found in version Resolved in Version Description
601738       Issue: On Windows XP SP2, deny-write errors with two different file names or folder names are logged when a file or folder is created under a write-protected folder.
604834       Issue: On Windows XP, NTFS junction points are supported only when junctions are created for volumes and not for folders.

Back to top

UNIX (all versions)
 
Reference Article Found in version Resolved in Version Description

608671

 

   

Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO is not supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. McAfee recommends that you uninstall the existing version and then install the new version using ePO.

608737

 

   

Issue: If the partition with the /opt/McAfee/cma directory has insufficient space, events might not be generated and the Failed to generate event xml error message is added to the solidcore.log file. Free up space in partition with the /opt/McAfee/cma directory.

601728

 

   

Issue: According to NFS protocol, if a file present on the NFS share is opened once on the NFS client, it cannot be reopened until the file attributes are changed. A read-protected file, on an NFS share, opened on the client side in update mode, can be read on the client. It can be read in enable mode (after coming out of the update mode) until the file attributes are changed on the server.

601734

 

   

Issue: Changing a hard link might cause the name of the link or program to display in events.

601914

 

   

Issue: For daemon processes, the reported user name and original user name are the same.

602653

 

   

Issue: A write-protected file can be changed through its hard link if the hard link has already been created.

602772

 

   

Issue: Scripts without a #! tag cannot act as updaters.

602977

 

   

Issue: For loopback file systems, some features such as updater and monitoring do not work correctly when the loopback path is used instead of physical path in the sadmin commands. For instance, if /opt is mounted as a loopback file system at /mnt, to add /mnt/abc as an updater you must add the path /opt/abc as an updater.

602990

 

   

Issue: Some features like updaters and mon-proc-exec do not work properly for unsupported file formats. Only executable binaries and #! scripts are supported file formats.

603462

 

   

Issue: The BOOTING_ENABLED and BOOTING_UPDATE_MODE events are not added to the system log.
Workaround: At boot time, start the syslog service before the Solidcore Agent service.

603490

 

   

Issue: The following issues are observed when an updater calls another updater:

  • If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
  • If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.

604780

 

   

Issue: For processes that are not directly associated with a terminal, the original_user field is the same as the user field. 

For example, when you run a script through Runlevel/init scripts, original_user is same as the user.

605062

 

   

Issue: The mmap system call at the nfs client does not work if the file is read-protected.

606674

 

   

Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.

607014

 

   

Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.

607024

 

   

Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.

607245

 

   

Issue: No events are generated for changes to a file with the string “solidcore.log” in its name. For example, mysolidcore.log.

601763

 

   

Issue: Process information cannot be determined for processes that are invoked before the Solidcore Agent driver is loaded. This issue has the following implications:

  • If these processes make file changes then the changes might not be reported.
  • For processes that started before the driver was loaded, only the partial program names are reported.
  • For NFS, the changes done by the client, the change events displayed on the server have only the relative name for the NFS daemon (that is, nfsd or nfsktcpd).
  • No Process Start and Process Stop events are generated for already running processes.
  • On only the AIX platform: Change Tracking / Prevention on file systems mounted by these processes might or might not work. System calls executed by already running processes cannot be trapped due to differences in the way system calls are implemented. As a workaround, you can restart such processes.

604604

 

   

Issue: Write/read protection does not work on files added via cachefs/lofs.

613214

 

   

Issue: If the install path is a mount point, forcibly unmounting (Example: Using the umount –f command) might lead to non-deterministic behavior.

603386

 

   

Issue: The Solidcore Agent cannot be installed, upgraded, or uninstalled through init scripts that run at system boot time.
Workaround: Add the following two statements in the init script before invoking the installer:

HOME=""/"" 

export HOME

613205

 

   

Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For instance, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.

613213

 

   

Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls and multiple FILE_MODIFIED events are generated at the NFS server.

610254

 

   

Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gz file is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.

616089

     

Issue: Localized strings not consistent. Partial localization in some events and messages.

708279

     

Issue: For RHEL5/RHEL6 (Kernel less than 2.6.32-220) and kernels of SLES 10/SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over NFSv4 partition.

762449

     

Issue: Events are generated if special device file is renamed.

797291

     

Issue: During Dynamic Kernel Module compilation, an empty file named 2 is created in the dks directory.

797363

     

Issue: The Sadmin Xray command does not list the attr specific configurations for the running process.

798843

     

Issue: Unexpected behavior might be observed if a process exits without closing one or more changed files.

802433

     

Issue: If the volume is unsolidified, it is not listed as unsolidified in the output of ‘sadmin status’.

807180

     

Issue: Installation on a non pre-compiled kernel fails if the installer runs from a Windows share that is mounted using CIFS. 
Workaround: Mount the Windows share using NFS.

811983

     

Issue: Property collection on ePO and endpoint might show different versions of solidifier if the system is not rebooted after Upgrade.

812578

     

Issue: On some kernels, error messages related to scdrv are displayed in the console during system boot.

818828       Issue: With VirusScan Enterprise for Linux (VSEL) 1.7 installed, the VSEL service stops with errors on CLI.

Back to top

Linux
 
Reference Article Found in version Resolved in Version Description
602174       Issue: When you log on to a solidified system using telnet as a non-root user, the original_user name displays as root.
602981       Issue: When a single share is mounted on more than one mount point and a file operation is performed, events that show the pathname might refer to any of those shares.

AIX
 
Reference Article Found in version Resolved in Version Description
605295       Issue: The Parent Process name might be incorrect in events if it cannot be resolved properly.
605854       Issue: For file truncation operations, only a FILE_MODIFICATION event is generated. This behavior on AIX platform is different from behavior on other UNIX platforms.
605639       Issue: For files that exist on an unsupported volume or processes that start from an unsupported volume, only the basename (not the complete path) displays in various events.
605819       Issue: For a user in system WPAR with a UID that does not exist on the global environment, the user name cannot be determined. Events for this user are raised with user name: UNKNOWN and original user name: UNKNOWN.
605899       Issue: The Solidcore Agent is not supported in Trusted Execution Environment.
649574       Issue: When you run the Enable client task from ePO for the AIX platform, the task is incorrectly listed as a failed task on the Client Task Log page.
Workaround: The Enable client task runs successfully, so you can ignore the task status on the Client Task Log page.
664439       Issue: Files in an autofs file-system are reported with /? at the beginning. This issue has following implications:
  • Events have /? at the beginning of the path.
  • rp/wp does not work on such files.
649731       Issue: If you use McAfee Agent 4.5 (earlier than Update 3) on the AIX 6.1 (64-bit) platform, upgrade via ePO to Solidcore 5.1.1 fails. Complete the following steps to manually upgrade to the 5.1.1 version on AIX 6.1:
  1. Stop the CMA service using the following command: /usr/sbin/cma stop
  2. Uncompress the SOLIDCOR511-7505_AIX.zip file.
  3. Execute the slibclean command.
  4. Execute mapkg_install.sh (sh mapkg_install.sh) from the output directory of the .zip file.
  5. Complete one of the following steps:
     
    • If upgraded in update mode, restart the system.
    • If upgraded in disabled mode, start the CMA service (/usr/sbin/cma start).
777090       Issue: Under stress conditions, the event service is restarted, although there is no loss in functionality. This issue applies to AIX update 6.0.1.

Back to top
 

CRITICAL: There are no known critical issues.

Non-critical:

Solidcore Extension
 
Reference Article Found in version Resolved in Version Description
822949       Issue: The Solidcore 6.1 Extension is not supported in ePO versions 4.5 Update 2 (and earlier).
Resolution: The 6.1 Extension is supported in ePO 4.5 Update 3 (and later).

608556
608557

      Issue: Solidcore Extension does not install on ePolicy Orchestrator (ePO) if the database back-end is SQL Server 2000. It supports SQL Server 2005 with DB compatibility level of 90 and above.

608618

      Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow. 
Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Then access the ePO console on the ePO and upload the file from the local path. This workaround avoids possible network delays.

607452

 

   

Issue: Reports and dashboard entries are not removed after the Solidcore Extension is uninstalled.
Workaround: If you are uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling and before reinstalling.

607517

 

   

Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.

608347

 

   

Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.

609304

 

   

Issue: It is not possible to export data from the Reporting, Solidcore Events page. 
Workaround: Use Queries (Reporting, Queries) to export event data.

636769

 

   

Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table are not migrated to the ePO Events table.

636352

 

   

Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.

607554

 

   

Issue: Solidcore policies cannot be duplicated by using the Policy Details page because the OK button is disabled.
Workaround: Use the Policy Catalog page to duplicate policies.

643854

 

   

Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button is not enabled when changes are made to Solidcore Policies. 
Workaround: Edit the policy by using the Policy Catalog without using Guided Configuration.

608374

 

   

Issue: When you try to enable an already enabled Solidcore Agent, the error displayed is not translated.

607908

 

   

Issue: It is not possible to export more than 50,000 records from any table or report.

607963

 

   

Issue: An incorrect message (Monitor Failure) displays in ePO 4.5 when a user without the required permissions tries to access a dashboard.

608017

 

   

Issue: The Configuration page allows users to create a group with the name My Rules.

608025

 

   

Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU is not added.

609911

 

   

Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO Server.

Workaround: Use Internet Explorer from a different computer to export rule groups.

610303

 

   

Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0.
Workaround: Technical Support recommends Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).

608753

 

   

Issue: Sometimes, using the user name field of reported events on the ePO as a trusted user might not work if the client system is part of an Active Directory domain. The reason is because the domain name reported in the events is not the full AD domain. 
Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete user name to specify as the trusted user.

608759

 

   

Issue: If ePO is installed on a Japanese version of Windows, exporting the dashboard data to HTML format fails if the generated HTML file name contains digits.

608390

 

   

Issue: When viewing an Integrity Monitor policy, the My Rules tab is not translated.

669563

 

   

Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5000 hosts), the Systems with Unauthorized changes page does not open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and user is logged off the ePO console.

656518

 

   

Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working.
Workaround: Execute the following command to upgrade the required DLL: https://[ePO IP address:port]/remote/scor.upgradeEventParser.do 

661203

 

   

Issue: If you are using reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you cannot access the older reconciliation data.

607950

 

   

Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.

707486

 

   

Issue: When using the ePO 4.6 console, navigating quickly through the Events pages logs off the user.

714176

 

   

Issue: On ePO 4.6 Update 1 or Update 2, if you add multiple commands to a Run Commands client task while creating the task, you cannot later remove the commands from the saved client task.

719796

 

   

Issue: Global catalog search for Active Directory groups is not supported.

Workaround: Search for a group in a specific Active Directory server instead of using the Global Catalog. To add a specific group:

  1. Log on to the ePO 4.x console.
  2. Add the AD server with the group as a registered server.
  3. Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
  4. Add the group to a policy as a trusted group.

722365

 

   

Issue: If a non-administrative user changes the displayed columns for an endpoint and adds any new columns, other endpoints (on which Change Control or Application Control is not installed) might be removed from the System Tree.

722045

 

   

Issue: Adding new columns, such as Solidcore Status and Solidification Status for an endpoint by clicking ActionsChoose columnsNon Compliant Solidcore Agent might not display values for all endpoints. The reason is because the Non Compliant Solidcore Agent section includes only noncompliant agent properties.
Workaround: When adding new columns for an endpoint: Click ActionsChoose columnsSolidcore Client Properties instead of Actions, Choose columns, Non Compliant Solidcore Agent.

695769

 

   

Issue: Under Content Change Tracking feature, the view file page goes blank for file size of around 1 MB.

800014

 

   

Issue: Extra events are reconciled when manual reconciliation done from custom queries.
Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page. Navigate to Menu, Reporting, Solidcore Events.

NOTE: This option does not work well if you reach to Solidcore Events by drilling down from a Query page.


Back to top

Solidcore Agent:

Windows (all versions)
 
Reference Article Found in version Resolved in Version Description
834100 KB77208     Issue: ‘Sadmin config export/import <file>’command might fail on standalone deployment.

608418

 

   

Issue: Original user name reported in events is the same as user name.

595051

 

   

Issue: Multiple operating systems on the same computer are not supported. Product features work only on the operating system it is installed on.

599812

 

   

Issue: Uninstallation fails if the uninstallation process is canceled before it completes.

600805

 

   

Issue: While opening a write-protected network share in Windows Explorer, few deny-write errors are observed.

603747

 

   

Issue: The trusted, solidified, and write-protect features do not work correctly for folder-mounted volumes.
Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes.

604153

 

   

Issue: Post install script customization is not available during upgrades. It can only be used during fresh installation of the Solidcore Agent.

608036

 

   

Issue: Mapped drive names cannot be used in commands issued by remote users/ePO.

634733

 

   

Issue: If the database tables are corrupted, the Solidcore Agent upgrade fails and the following error message is displayed:

""Database: . Could not load table 'Control' in SQL query: SELECT `Control`, 
`Type`, `X`, `Y`, `Width`, `Height`, `Attributes`, `Property`, `Text`, 
`Control_Next`, `Help` FROM `Control` WHERE `Dialog_`=?"""

Workaround: Use silent installation instead of UI mode installation.

605369

 

   

Issue: When an agent installer runs the Solidcore Agent installer with the /? argument, a series of unwanted dialog boxes display due to a bug in the third-party packaging software. You can ignore these dialog boxes.

609311

 

   

Issue: Manual uninstallation of the Solidcore Agent (deployed from ePO) fails on a client computer with McAfee Agent version 4.0 (or earlier).
Workaround: Contact Technical Support for assistance if you have already tried manual uninstallation.

598002

 

   

Issue: Registry key protection does not work for all registry key hives, it works only for HKEY_LOCAL_MACHINE.

599240

 

   

Issue: A subkey registry does not get added to a protected registry key when using the reg command.

601500

 

   

Issue: Creating a shortcut in a read-protected directory is not allowed.

602122

 

   

Issue: Any file operation performed on a read-protected file generates deny-read events that correspond to the file even when the file operation is allowed.

603032

 

   

Issue: Changes to folder-mounted volumes that do not have an associated drive letter cannot be monitored.
Workaround: Assign a drive letter to a volume before mounting it on any other folder.

603628

 

   

Issue: On 64-bit platforms, ACL change events are not generated when the update mechanism supersedes the deny-write policies for registries.

605371

 

   

Issue: When you try to read a read-protected file with certain file flags set through Windows Explorer, read-denied events might not be written to the event viewer. The events are recorded in the Solidcore Agent log file.

606496

 

   

Issue: Only full long names are supported with commands that accept file or folder names. For example, Names such as c:\myPackages\SETUP-~1.EXE are not supported.

606532

 

   

Issue: Virtual drive paths are not supported as path values in Solidcore Agent commands, such as write-protect, read-protect, and monitor.

607024

 

   

Issue: The deny-read feature is disabled by default. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.

600748

 

   

Issue: Multiple deny write events might be generated for a single deny write action. For example, on deletion of a file using Windows Explorer, up to 8 file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting an event for each attempt.

608639

 

   

Issue: After you uninstall the Solidcore client from the Windows (64-bit) operating system, the Solidcore folder (c:\program files(x86)\solidcore) and Registry link (HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates) remain on the endpoint.

691196

 

   

Issue: For a file where you are tracking content changes, you receive an unknown error if connectivity issues occur while sending metadata for the file from the endpoint to the ePO console.
Workaround: When network connectivity resumes, the next change to the file is reflected accurately on the ePO console.

685124

 

   

Issue: If you are running VirusScan Enterprise (VSE) 8.8 with the Access Protection Level set to Maximum, you cannot deploy Solidcore on the endpoint.

724796

 

   

Issue: Although you can track content changes for a read-protected file, you cannot view the actual changes. The reason is because the read protection rule prevents the software from fetching file contents from the endpoint.

726020

 

   

Issue: If you upgrade from an older release to the 6.0 release and use a command added or changed in the 6.0 release without restarting the endpoint, you might receive a Msg not found error. 
Workaround: Restart the endpoint to ensure that all commands added or changed in the 6.0 release work correctly.

770524

     

Issue: The scormcpl.dll displays an older version in inventory after it is upgraded.

799559

     

Issue: If you exclude the .bat extension from monitoring, events for batch file operations are generated.

812964

     

Issue: If the Updater flag is removed for a cert rule over ePO, certificate is listed as updater on the endpoint.

656298

     

Issue: Upgrade via hotfix build fails in Update Mode if initiated through an ePO Product Update Task.


Back to top

Windows 2008 R2 [64-bit]
 
Reference Article Found in version Resolved in Version Description
608636       Issue: During manual installation of the Solidcore Agent on Windows 2008 R2 (64-bit), the Windows installer encountered a validation error displays for the msiexec.exe and kernelbase.dll files.
Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation.

Windows 2008 [64-bit]
 
Reference Article Found in version Resolved in Version Description
609780       Issue: On Windows 2008 (64-bit), the rundll32.exe file crashes if an application is uninstalled via the Add/Remove Programs after the SetupInstallFromInfSection() function was used to install the application.

Windows 7 [64-bit]
 
Reference Article Found in version Resolved in Version Description

708226

     

Issue: MCC is functionally incompatible with Avecto Privilege guard.


Windows XP
 
Reference Article Found in version Resolved in Version Description
601738       Issue: On Windows XP SP2, deny-write errors with two different file names or folder names are logged when a file or folder is created under a write-protected folder.
604834       Issue: On Windows XP, NTFS junction points are supported only when junctions are created for volumes and not for folders.

Back to top

UNIX (all versions)
 
Reference Article Found in version Resolved in Version Description

608671

 

   

Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO is not supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. Technical Support recommends that you uninstall the existing version and then install the new version using ePO.

608737

 

   

Issue: If the partition with the /opt/McAfee/cma directory has insufficient space, events might not be generated and the Failed to generate event xml error message is added to the solidcore.log file. Free up space in partition with the /opt/McAfee/cma directory.

601728

 

   

Issue: According to NFS protocol, if a file present on the NFS share is opened once on the NFS client, it cannot be reopened until the file attributes are changed. A read-protected file on an NFS share, opened on the client side in update mode, can be read on the client. It can be read in enable mode (after coming out of the update mode) until the file attributes are changed on the server.

601734

 

   

Issue: Changing a hard link might cause the name of the link or program to display in events.

601914

 

   

Issue: For daemon processes, the reported user name and original user name are the same.

602653

 

   

Issue: A write-protected file can be changed through its hard link if the hard link has already been created.

602772

 

   

Issue: Scripts without a #! tag cannot act as updaters.

602977

 

   

Issue: For loopback file systems, some features such as updater and monitoring do not work correctly when the loopback path is used instead of physical path in the sadmin commands. For instance, if /opt is mounted as a loopback file system at /mnt, to add /mnt/abc as an updater you must add the path /opt/abc as an updater.

602990

 

   

Issue: Some features like updaters and mon-proc-exec do not work properly for unsupported file formats. Only executable binaries and #! scripts are supported file formats.

603462

 

   

Issue: The BOOTING_ENABLED and BOOTING_UPDATE_MODE events are not added to the system log.
Workaround: At boot time, start the syslog service before the Solidcore Agent service.

603490

 

   

Issue: The following issues are observed when an updater calls another updater:

  • If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
  • If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.

604780

 

   

Issue: For processes that are not directly associated with a terminal, the original_user field is the same as the user field. 

For example, when you run a script through Runlevel/init scripts, original_user is same as the user.

605062

 

   

Issue: The mmap system call at the nfs client does not work if the file is read-protected.

606674

 

   

Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.

607014

 

   

Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.

607024

 

   

Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.

607245

 

   

Issue: No events are generated for changes to a file with the string “solidcore.log” in its name. For example, mysolidcore.log.

601763

 

   

Issue: Process information cannot be determined for processes that are invoked before the Solidcore Agent driver is loaded. This issue has the following implications:

  • If these processes make file changes then the changes might not be reported.
  • For processes that started before the driver was loaded, only the partial program names are reported.
  • For NFS, the changes done by the client, the change events displayed on the server have only the relative name for the NFS daemon (that is, nfsd or nfsktcpd).
  • No Process Start and Process Stop events are generated for already running processes.
  • On only the AIX platform: Change Tracking / Prevention on file systems mounted by these processes might or might not work. System calls executed by already running processes cannot be trapped due to differences in the way system calls are implemented. As a workaround, you can restart such processes.

604604

 

   

Issue: Write/read protection does not work on files added via cachefs/lofs.

613214

 

   

Issue: If the install path is a mount point, forcibly unmounting (Example: Using the umount –f command) might lead to non-deterministic behavior.

603386

 

   

Issue: The Solidcore Agent cannot be installed, upgraded, or uninstalled through init scripts that run at system boot time.

Workaround: Add the following two statements in the init script before invoking the installer:

HOME=""/"" 

export HOME

613205

 

   

Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For instance, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.

613213

 

   

Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls and multiple FILE_MODIFIED events are generated at the NFS server.

610254

 

   

Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gz file is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.

616089

     

Issue: Localized strings not consistent. Partial localization in some events and messages.

708279

     

Issue: For RHEL5/RHEL6 (Kernel less than 2.6.32-220) and kernels of SLES 10/SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over NFSv4 partition

762449

     

Issue: Events are generated if special device file is renamed.

797291

     

Issue: During Dynamic Kernel Module compilation, an empty file named 2 is created in the dks directory.

797363

     

Issue: The Sadmin Xray command does not list the attr specific configurations for the running process.

798843

     

Issue: Unexpected behavior might be observed if a process exits without closing one or more changed files.

802433

     

Issue: If the volume is unsolidified, it is not listed as unsolidified in the output of ‘sadmin status’.

807180

     

Issue: Installation on a non pre-compiled kernel fails if the installer runs from a Windows share that is mounted using CIFS. 
Workaround: Mount the Windows share using NFS.

811983

     

Issue: Property collection on ePO and endpoint might show different versions of solidifier if the system is not rebooted after Upgrade.

812578

     

Issue: On some kernels, error messages related to scdrv are displayed in the console during system boot.

818828       Issue: With VirusScan Enterprise for Linux (VSEL) 1.7 installed, the VSEL service stops with errors on CLI.

Back to top

Linux
 
Reference Article Found in version Resolved in Version Description
602174       Issue: When you log on to a solidified system using telnet as a non-root user, the original_user name displays as root.
602981       Issue: When a single share is mounted on more than one mount point and a file operation is performed, events that show the pathname might refer to any of those shares.

AIX
 
Reference Article Found in version Resolved in Version Description
605295       Issue: The Parent Process name might be incorrect in events if it cannot be resolved properly.
605854       Issue: For file truncation operations, only a FILE_MODIFICATION event is generated. This behavior on AIX platform is different from behavior on other UNIX platforms.
605639       Issue: For files that exist on an unsupported volume or processes that start from an unsupported volume, only the basename (not the complete path) displays in various events.
605819       Issue: For a user in system WPAR with a UID that does not exist on the global environment, the user name cannot be determined. Events for this user are raised with user name: UNKNOWN and original user name: UNKNOWN.
605899       Issue: The Solidcore Agent is not supported in Trusted Execution Environment.
649574       Issue: When you run the Enable client task from ePO for the AIX platform, the task is incorrectly listed as a failed task on the Client Task Log page.

Workaround: The Enable client task runs successfully, so you can ignore the task status on the Client Task Log page.
664439       Issue: Files in an autofs file-system are reported with /? at the beginning. This issue has following implications:
  • Events have /? at the beginning of the path.
  • rp/wp does not work on such files.
649731       Issue: If you use McAfee Agent 4.5 (earlier than Update 3) on the AIX 6.1 (64-bit) platform, upgrade via ePO to Solidcore 5.1.1 fails. Complete the following steps to manually upgrade to the 5.1.1 version on AIX 6.1:
  1. Stop the CMA service using the following command: /usr/sbin/cma stop
  2. Uncompress the SOLIDCOR511-7505_AIX.zip file.
  3. Execute the slibclean command.
  4. Execute mapkg_install.sh (sh mapkg_install.sh) from the output directory of the .zip file.
  5. Complete one of the following steps:
     
    • If upgraded in update mode, restart the system.
    • If upgraded in disabled mode, start the CMA service (/usr/sbin/cma start).
777090       Issue: Under stress conditions, the event service is restarted, although there is no loss in functionality. This issue applies to: AIX update 6.0.1

Back to top

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.