Technical Articles ID:
KB82141
Last Modified: 2/10/2021
Environment
McAfee Change Control (MACC) 6.x.x
Summary
Recent updates to this article
Date
Update
February 11, 2021
Added MACC-10527 details.
December 8, 2020
Added 6.4.12 General Availability (GA) release details.
Added reference MACC-10497 to the "Non-critical known issues" section.
November 6, 2020
Added 6.4.11 General Availability (GA) release details.
Added reference MACC-10408 to the 6.4.x known issues section.
September 30, 2020
Added 6.4.9 General Availability (GA) release details.
August 28, 2020
Fixed the broken release notes links.
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
Contents
Click to expand the section you want to view:
To view all available General Availability (GA) release notes, and other documentation, visit the Enterprise Product Documentation site:
For McAfee product documents, go to the Enterprise Product Documentation portal at https://docs.mcafee.com.
For Release To Support (RTS) release notes, contact Technical Support.
Version
Release Date
6.4.12.125 (GA)
December 8, 2020
6.4.11.128
November 5, 2020
6.4.9.107 (GA)
September 29, 2020
6.4.8.101 (RTS)
August 11, 2020
6.4.7.105
July 21, 2020
6.4.5
May 12, 2020
6.4.4
April 14, 2020
6.4.2.206
February 11, 2020
6.4.1.135
December 10, 2019
6.4.0.132
October 17, 2019
6.3.0.794
August 13, 2019
6.3.0.724 (Linux only)
July 2, 2019
6.3.0.503 (Linux only)
April 9, 2019
6.3.0.418 (Linux only)
March 12, 2019
6.3.0.299 (Linux only)
February 12, 2019
6.3.0.242 (Linux only)
January 8, 2019
6.3.0.180 (Linux only)
November 13, 2018
6.3.0 (Linux only)
October 9, 2018
6.2.0
April 9, 2015
6.1.7 (Linux only)
April 7, 2015
6.1.4 (Linux/UNIX only)
June 16, 2014
6.1.3
April 16, 2014
6.1.2
December 24, 2013
6.1.1
August 30, 2013
6.1.0
February 12, 2013
Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at https://www.mcafee.com/enterprise/en-us/downloads/my-products.html.
Critical: There are currently no known critical issues.
Non-critical:
Linux:
Reference
Related
Article
Found in Version
Resolved in Version
Description
MACC-10527
6.4.12
6.4.13
Issue: On system reboot, the SCSRVC service authentication fails to initialize. Workaround: [Non Windows] SCSRVC doesn't start on reboot of system, but does after running SCSRVC -d.
MACC-10497
6.4.12
Issue: On XFS file system, MACC Inventory is not updated intermittently when you rename unsolidified files in Update or via the updater process.
Workaround:
In the Standalone deployment, run: sadmin check -r or sadmin so <file path>
In ePO managed, run check -r or so <file path> from the SC: Run Command client task.
Issue: MVEDR collectors are blocked from running on Linux with McAfee Application control enabled.
Workaround: Configure /opt/McAfee/mvedr/mfemvedr as an updater under Application Control Rules (Unix).
MACC-9369
6.4.x
-
Issue: Monitoring rules do not work unless a change control rule is in place.
Workaround:
You must create a dummy change control (write-protect) rule and apply it to the system.
MACC-8763
6.4.2-206
6.4.2-206
Issue: When the Disable Task command is executed from ePO, inconsistency is observed in the Solidcore Client Task Log.
MACC-8764
6.4.2-206
6.4.3-109
Issue: When the Enable Task command is executed from ePO, inconsistency is observed in the Solidcore Client Task Log.
MACC-8888
6.4.2-206
6.4.3-109
Issue: When Enable Task is executed from ePO, inconsistency is observed in the Solidcore Client Task Log.
MACC-8889
6.4.2-206
6.4.3-109
Issue: When Disable is executed in the Update Mode, Solidcore Client task events are not displayed.
MACC-8673
6.4.1-135
-
Issue: In the Observe Mode, the "Write Denied" event is not generated after an echo operation to a write-protected file.
MACC-8672
6.4.1-135
-
Issue: Event is not generated when the rights of a folder that is protected with "write-protect" is changed.
MACC-8671
6.4.1-135
-
Issue: Event is not generated when the ownership of the file that is protected with "write-protect" is changed.
MACC-8643
6.4.1-135
6.4.2-206
Issue: Core dump information is not generated when there is a kernel panic on Red Hat 8.
MACC-8355
6.4.1-135
6.4.2-206
Issue: The scsrvc restarts when flushing auth cache.
MACC-8346
6.4.0-132
6.4.1-135
Issue: After upgrading ENSL from version 10.6.5 to 10.6.6 on SUSE12 MACC, BVT execution hangs.
Workaround: Add the following ""ProcPassThruList"" items to solidcore.conf: /opt/McAfee/ens/tp/bin/mfetpd
/opt/McAfee/ens/tp/bin/mfetpcli
/opt/McAfee/ens/esp/bin/mfeespd
/opt/McAfee/ens/fw/bin/mfefwd
/opt/McAfee/ens/fw/bin/mfefwcli
MACC-8332
6.4.0-132
6.4.1-135
Issue: The PROCESS_START and PROCESS_EXIT processes are not generating events after setting a rule to include monitoring over process.
MACC-8334
6.4.0-132
6.4.2-206
Issue: [BDS] Operational risk factor for OpenSSL.
1259050
6.3.0-180
-
Issue: Events for invalid CCT rule creation are randomly reported to ePO.
1263560
6.3.0-242
-
Issue: [Exploratory] When a directory is included on the integrity monitoring, created files or directories are not considered as changes. So, they are not listed on the change control in ePO.
1260084
6.3.0-180
-
Issue: When MACC 6.3.0.180 is installed in the standalone mode in CentOS 7, it displays an error message.
1256613
6.3.0-152
-
Issue: In the Update Mode, the "file diff dir" events are generated for rename and delete directories.
MACC-7216
6.3.0-794
-
Issue: Unable to create a user when MACC is in the Update Mode on RHEL8 with SSSD version 2.0.0-43 installed.
Issue: Upgrade to 6.3.0-794 from 6.3.0-724 in LEL5 32 bits, LEL6 32 bits, and LSES11 32 bits leaves system Disabled and Unsolidified. Workaround: Add a license, solidify if MAC, and enable.
MACC - 8331
6.4.0.132
6.4.2-206
Issue: [Exploratory] sadmin help auth information does not contain how to run remove option.
MACC - 8332
6.4.0.132
6.4.2-206
Issue: Setting rule to include monitoring over process are not generating PROCESS_START and PROCESS_EXIT events.
MACC - 8334
6.4.0.132
6.4.1.135
6.4.2.206
Issue: [Security] Blackduck scan: Operational risk factor for OpenSSL.
MACC - 8346
6.4.0.132
6.4.1.135
Issue: [Interop] After upgrading Endpoint Security for Linux from version 10.6.5 to 10.6.6 on SUSE12 MACC, BVT execution hangs. Workaround: Add the following ""ProcPassThruList"" items to solidcore.conf:
/opt/McAfee/ens/tp/bin/mfetpd
/opt/McAfee/ens/tp/bin/mfetpcli
/opt/McAfee/ens/esp/bin/mfeespd
/opt/McAfee/ens/fw/bin/mfefwd
/opt/McAfee/ens/fw/bin/mfefwcli
MACC - 8355
6.4.0.132
6.4.1.135
Issue: The scsrvc crashes when flushing auth cache (SIGSEGV).
MACC - 8643
6.4.1.135
Issue: Default configuration change needed to generate Core dump info during kernel panic on Red Hat 8.
MACC - 8671
6.4.1.135
Issue: During a change owner operation for file write-protected, no event is generated.
MACC - 8672
6.4.1.135
Issue: During a rights change operation for a folder write-protected, no is event generated.
MACC - 8673
6.4.1.135
Issue: After an echo operation to a write-protected file (in Observe mode), no Write Denied event is generated.
CRITICAL: There are no known critical issues.
Non-critical:
Linux
Reference
Related
Article
Found in Version
Resolved in Version
Description
1253988
6.3.0-129
Issue: CCT: CLI - Content change tracking rule can be created with invalid encoding value.
1254355
6.3.0-129
Issue: CCT: CLI - Inclusion filters with more than one wrong pattern is not working as expected.
1254435
6.3.0-152
6.3.0-180
Issue: CCT: Problem with updating a policy to add exclusion filter pattern. Workaround: Delete the rule and create it from scratch adding the exclusion filter. Or, edit any other property on the rule and it is applied correctly.
1254607
6.3.0-116
6.3.0-299
Issue: CCT: Exploratory - endpoint lost communication with ePO.
1254610
6.3.0-152
6.3.0-180
Issue: CCT: Exploratory - Operations on binaries are reported to ePO as "File type not supported."
1256065
6.3.0-152
6.3.0-180
Issue: CCT: File deleted and File deleted update xmls are generated with ReturnCode = 0 for binaries.
1256085
6.3.0-152
6.3.0-180
Issue: CCT: Not all events related to binaries are shown on ePO.
1256092
6.3.0-152
6.3.0-242
Issue: CCT: Enhancement: Add a mechanism to identify on the CLI if a rule is recursive or not.
1256261
6.3.0-152
6.3.0-180
Issue: CCT: MACC service crashes after updating FileDiffMaxSize.
1256344
6.3.0-152
6.3.0-180
Issue: CCT E2E: Recursion level for one recursion level case combined with exclusion patterns.
1256352
6.3.0-152
6.3.0-242
Issue: CCT: macompatsvc crashes after several CCT policy updates.
1256359
6.3.0-152
6.3.0-180
Issue: In Ubuntu 12.04, the File diff events of "File created" and "File modified" are not created.
1256469
6.3.0-152
6.3.0-180
Issue: CCT: Events for binary, script, or text files in update mode sometimes are listed with "Path not found" error.
1256488
6.3.0-142
6.3.0-180
Issue: CCT Exploratory: File rule matched with directory error reported for DAT files.
1256613
6.3.0-152
Issue: In update mode, the "file diff dir" events are generated for rename and delete directories.
1259032
6.3.0-180
6.3.0-242
Issue: CCT: The libmagic returns different mime strings in RHEL5.
1259050
6.3.0-180
6.3.0-242
Issue: CCT: Some events for invalid CCT rule creation are randomly reported to ePO.
1259139
6.3.0-180
Issue: CCT: FILE_RENAMED_UPDATE event in LEL5 is not generated correctly when specifying encoding on cct rule.
1260084
6.3.0-180
Issue: An error message is encountered when installing MACC 6.3.0.180 in standalone mode in a CentOS 7 environment.
1263203
6.3.0-242
6.3.0-299
Issue: After upgrading from build 6.3.0-180 and disabling integrity feature, sadmin can no longer execute.
1263206
6.3.0-242
6.3.0-299
Issue: After upgrading from 6.3.0-180, a permission denied message is shown for /usr/bin/xauth. Workaround:
1. Edit the /etc/mcafee/solidcore/solidcore.conf file, set RTEModeOnReboot = 0x0, and reboot the system.
2. After restart, run the command sadmin check -r or sadmin so.
3. After the command finishes, run sadmin enable and restart the service.
1263207
6.3.0-242
Issue: After upgrading from 6.3.0-180, the ssh service can't be restarted. Workaround:
1. Edit the /etc/mcafee/solidcore/solidcore.conf file, set RTEModeOnReboot = 0x0, and reboot the system.
2. After restart, run the command sadmin check -r or sadmin so.
3. After the command finishes, run sadmin enable and restart the service.
1263208
6.3.0-242
6.3.0-299
Issue: After upgrading from 6.3.0-180, sadmin check is failing on LUBT12 (AMD64 and x86). Workaround:
1. Edit the /etc/mcafee/solidcore/solidcore.conf file, set RTEModeOnReboot = 0x0, and reboot the system.
2. After restart, run the command sadmin check -r or sadmin so.
3. After the command finishes, run sadmin enable and restart the service.
1263209
6.3.0-242
6.3.0-299
Issue: After upgrading from 6.3.0-180 and disabling integrity, you can't log on using the endpoint's tty on CentOS5 (AMD64 and X86). Workaround:
1. Edit the /etc/mcafee/solidcore/solidcore.conf file, set RTEModeOnReboot = 0x0, and reboot the system.
2. After restart, run the command sadmin check -r or sadmin so.
3. After the command finishes, run sadmin enable and restart the service.
1263552
6.3.0-242
Issue: Error in locking authority file in Ubuntu 16.
1263558
6.3.0-242
6.3.0-299
Issue: [Exploratory] Precedence rule for monitoring is not working as expected.
1263559
6.3.0-242
6.3.0-299
Issue: [Exploratory] Integrity monitoring – If VIM is added as an included process for integrity monitoring, the files modified by VIM are not reported as changed.
1263560
6.3.0-242
Issue: [Exploratory] When a directory is included on the integrity monitoring, created files or directories are not considered as changes. So, they are not listed on the change control in ePO.
1263564
6.3.0-242
Issue: CCT: Several file-related events can't be validated in Update Mode.
1263609
6.3.0-242
6.3.0-299
Issue: [Exploratory] Policy to exclude a user from monitoring list can't be applied. Workaround: As a workaround, users can be excluded from the monitoring list. Use the sadmin mon user -e <username> command in unmanaged mode, or use the "Run command" option from ePO.
1265307
6.3.0-299
6.3.0-418
Issue: Kernel loops in LUBT 14 kernel 4.2.
1266210
6.3.0-299
6.3.0-724
Issue: Policy "Minimal System Monitoring for Linux variants (McAfee Default)" is not correctly applied on some endpoints.
1266302
6.3.0-299
Issue: [Exploratory] When CCT catches binary files operations, the ePO message is incorrect because attributes are not changed.
1266310
6.3.0-299
Issue: [Exploratory] To be disabled, mon features require a reboot.
1266502
6.3.0-299
Issue: Bad behavior in enablement from ePO in Oracle 7.
1268052
6.3.0-418
Issue: No message is shown on the command line when restarting scsrvc service in Ubuntu 16.
1269359
6.3.0-503
Issue: Warning message logged in /tmp/solidcoreS3_uninstall.log after solidcore uninstalled.
1269365
6.3.0-503
6.3.0-724
Issue:The Dpkg preinstallation script logs an error after installation with build 6.3.0-503.
1273558
6.3.0-607
Issue: When build target tool fails, some files are not removed from the system. Workaround: Remove the files manually.
1273659
6.3.0-671
Issue: XFS with kernel 4.10 and above is not supported.
Workaround: Technical Support does not recommend using MACC 6.3.0 on Red Hat Enterprise Linux Server 8 systems if you have kernel version 4.18 or higher and XFS. The recommended file system to use is EXT4. See KB87944 for supported EXT versions.
For systems that experience this issue with:
SUSE Enterprise Linux Server 12 or SUSE Enterprise Linux Desktop 12 with kernel 4.10 or higher installed
And
MACC with XFS in Update mode in use
Then:
Restart the system with a kernel version lower than 4.10 (see KB90947 for supported kernel versions).
When the system starts, leave update mode by executing sadmin eu.
Restart system again with kernel version higher than 4.10.
1274415
6.3.0-607
Issue: [Exploratory] When adding a monitoring rule, no initial snapshot of the files monitored is created.
1274416
6.3.0-702
Issue: "orig_user_name" is not correctly reported in events.
MACC-6863
6.3.0-724
Issue: Build target fails to build kernel module in RHEL 8.
MACC-7077
6.3.0-724
6.4.1.135
Issue: The Self kernel support tool does not work for OL7 UEKR5 unsupported UEK kernel.
MACC-7216
6.3.0-794
Will not fix
Issue: User can't be created when MACC is in update mode on RHEL 8 with SSSD version 2.0.0-43 installed.
MACC-7240
6.3.0-794
6.4.1.135
Issue: After upgrade from MACC for Linux 6.3.0-724 to 6.3.0-794, you can't uninstall 6.3.0-794 fail in LEL6 32-bit.
Workaround: Perform the following steps:
Run "/opt/bitrock/solidcoreS3-6.3.0-724/helperBinaryUninstall"
Run "rpm -e solidcoreS3-6.3.0-794.i386 --noscripts"
Run "rpm -e solidcoreS3-kmod-6.3.0-794.i386 --noscripts"
CRITICAL: There are no known critical issues.
Non-critical:
Solidcore Extension
Reference
Related
Article
Found in version
Resolved in Version
Description
608618
5.0.0
Issue: You try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer. The file upload times out if the network upload speed is slow. Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 or later. If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Access the ePO console on the ePO server and upload the file from the local path. This method avoids possible network delays.
607452
Issue: ePO 4.6 reports and dashboard entries are not removed after the Solidcore Extension is uninstalled. Workaround: If you are uninstalling and reinstalling the Solidcore Extension, remove the reports and dashboards manually after uninstalling and before reinstalling.
607517
Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347
Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304
5.0.2
Issue: It is not possible to export data from the Reporting, Solidcore Events page. Workaround: Use Queries (Reporting, Queries) to export event data.
636769
5.1.1
Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 or later, existing Solidcore events in the Solidcore Events table are not migrated to the ePO Events table.
636352
5.1.1
Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554
Issue: Solidcore policies can't be duplicated using the Policy Details page because the OK button is disabled. Workaround: Use the Policy Catalog page to duplicate policies.
643854
5.1.1
Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button is not enabled when changes are made to Solidcore Policies. Workaround: Edit the policy using the Policy Catalog without using Guided Configuration.
608374
5.0.0
Issue: When you try to enable an already enabled Solidcore Agent, the error displayed is not translated.
607908
Issue: It is not possible to export more than 50,000 records from any table or report.
608025
Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU is not added.
609911
5.1.0
Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO server. Workaround: To export rule groups, use Internet Explorer from a different computer.
610303
5.1.0
Issue: The Server Task pages in ePO might not work properly if you use Mozilla Firefox version 3.0. Workaround: If you encounter issues, McAfee recommends using Mozilla Firefox version 3.6 or later or Internet Explorer 6.0 or later.
608753
5.0.0
Issue: Sometimes, using the user name field of reported events on the ePO server as a trusted user might not work if the client system is part of an Active Directory domain. The reason is because the domain name reported in the events is not the full AD domain. Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete user name to specify as the trusted user.
608390
Issue: When viewing an Integrity Monitor policy, the My Rules tab is not translated.
669563
5.1.2
Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5,000 hosts), the System with Unauthorized changes page does not open. When you select the Systems with Unauthorized changes link, the page times out and the user is logged off the ePO console. (The Systems with Unauthorized changes link is on the Risk and Compliance, Change Control Reconciliation page.)
656518
5.1.2
Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working. Workaround: Upgrade the required DLL with the following command: https://<ePO_IP_address:port>/remote/scor.upgradeEventParser.do
661203
5.1.2
Issue: If you use reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you can't access the older reconciliation data.
607950
5.0.0
Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486
5.2.0
Issue: When using the ePO 4.6 console, navigating quickly through the Events and Inventory pages, logs off the user.
714176
5.2.0
Issue: In ePO 4.6 Update 1 or 2, if you add multiple commands to a Run Commands client task while you create the task, you can't later remove the commands from the saved client task.
719796
5.2.0
Issue: Global Catalog search for Active Directory (AD) groups is not supported. Workaround: Search for a group in a specific AD server instead of using the Global Catalog. To add a specific group:
Log on to the ePO 4.x console.
Add the AD server with the group as a registered server.
Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
Add the group to a policy as a trusted group.
722045
5.2.0
Issue: If you add new columns, such as Solidcore Status and Solidification Status,for an endpoint by clicking Actions, Choose columns, noncompliant Solidcore Agent, it might not display values for all endpoints. The reason is because the noncompliant Solidcore Agent section includes only noncompliant agent properties. Workaround: When adding new columns for an endpoint, click Actions, Choose columns, Solidcore Client Properties instead of Actions, Choose columns, noncompliant Solidcore Agent.
695769
5.2.0
Issue: Under the Content Change Tracking feature, the view file page goes blank for a file size of around 1 MB.
800014
6.1.0
Issue: Extra events are reconciled when manual reconciliation is performed from custom queries. Workaround: To perform the manual reconciliation for multiple events, select either All in this page or Select All in all pages. Then open the Solidcore events page directly by clicking Menu, Reporting, Solidcore Events.
NOTE: This option does not work well if you reach Solidcore Events by drilling down from a Query page.
882821
6.1.1
Issue: Sorting is not supported on the Last Modification Time column on the Content Change Tracking page.
1033281
6.2.0
Issue: Upgrading to Solidcore Extension 6.2.0 might fail immediately after the extension restart while performing an upgrade from a version older than 6.1.2.
985336
6.2.0
Issue: The event pages in ePO might not work properly if you are using Mozilla Firefox version 3.5. Workaround: If you encounter issues, McAfee recommends using Mozilla Firefox version 3.6 or later or Internet Explorer 6.0 or later.
1043052
6.2.0
Issue: You can't upgrade the Solidcore help extension from previous versions to 6.2. Workaround: Uninstall the old help extension and install the new one.
Issue: The Original user name reported in events is the same as the user name.
600805
4.7.0
Issue: While opening a write-protected network share in Windows Explorer, a few deny-write errors are observed.
603747
4.8.0
Issue: The trusted, solidified, and write-protect features do not work correctly for folder-mounted volumes. Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes.
608036
5.0.0
Issue: Mapped drive names can't be used in commands issued by remote users/ePO.
598002
4.5.0
Issue: Registry key protection does not work for all registry key hives, it works only for HKEY_LOCAL_MACHINE.
599240
4.5.3
Issue: A subkey registry does not get added to a protected registry key when using the reg command.
601500
4.7.0
Issue: Creating a shortcut in a read-protected directory is not allowed.
602122
4.7.0
Issue: Any file operation performed on a read-protected file generates deny-read events that correspond to the file even when the file operation is allowed.
603032
4.8.0
Issue: Changes to folder-mounted volumes that do not have an associated drive letter can't be monitored. Workaround: Assign a drive letter to a volume before mounting it on any other folder.
603628
4.8.0
Issue: On 64-bit platforms, ACL change events are not generated when the update mechanism supersedes the deny-write policies for registries.
605371
4.8.3
Issue: When you try to read a read-protected file with certain file flags set through Windows Explorer, read-denied events might not be written to the event viewer. The events are recorded in the Solidcore Agent log file.
606496
4.9.0
Issue: Only full long names are supported with commands that accept file or folder names. For example, names such as c:\myPackages\SETUP-~1.EXE are not supported.
606532
4.9.0
Issue: Virtual drive paths are not supported as path values in Solidcore Agent commands, such as write-protect, read-protect, and monitor.
600748
4.6.4
Issue: Multiple deny write events might be generated for a single deny write action. For example, on deletion of a file using Windows Explorer, up to 8 file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting in an event for each attempt.
691196
5.2.0
Issue: For a file where you track content changes, you receive an unknown error if connectivity issues occur while sending metadata for the file from the endpoint to the ePO console. Workaround: When network connectivity resumes, the next change to the file is reflected accurately on the ePO console.
724796
5.2.0
Issue: Although you can track content changes for a read-protected file, you can't view the actual changes. The reason is because the read protection rule prevents the software from fetching file contents from the endpoint.
799559
6.1.0
Issue: If you exclude the .bat extension from monitoring, events for batch file operations are generated.
812964
6.1.0
Issue: If the Updater flag is removed for a cert rule in ePO, the certificate is listed as an Updater on the endpoint.
876430
6.1.1
Issue: For monitoring and change control rules with *, the longest path rule is not given precedence for conflicting rules.
881480
6.1.1
Issue: Revisions are not reported for Content Change tracking if user events are filtered using the filter rules. Workaround: Exclude the user from event filtering and apply advanced filters for the user excluding unwanted events for files and directories.
894237
6.1.1
Issue: For a directory-based Content Change Tracking rule, renaming of the directory or its subdirectory generates spurious monitor events.
Issue: The version is not updated in the ePO server and the McTray About box after an endpoint upgrade. Workaround: See the related article for details.
Issue: During manual installation of the Solidcore Agent on Windows 2008 R2 (64-bit), a Windows installer encountered a validation error message displays for the msiexec.exeand kernelbase.dllfiles. Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation.
Windows 2008 (64-bit)
Reference
Related
Article
Found in version
Resolved in Version
Description
609780
5.0.2
Issue: On Windows 2008 (64-bit), the rundll32.exefile crashes if an application is uninstalled using Add or Remove Programs after the SetupInstallFromInfSection()function was used to install the application.
Windows 7 (64-bit)
Reference
Related
Article
Found in version
Resolved in Version
Description
708226
5.1.5
Issue: MCC is functionally incompatible with Avecto Privilege guard.
Windows XP
Reference
Related
Article
Found in version
Resolved in Version
Description
601738
4.7.0
Issue: On Windows XP SP2, deny-write errors with two different file names or folder names are logged when a file or folder is created under a write-protected folder.
604834
4.8.1
Issue: On Windows XP, NTFS junction points are supported only when junctions are created for volumes and not for folders.
Issue: Write/read protection does not work on files added via cachefs/lofs.
607024
4.0.0-5920
Will not fix
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to the Solidcore agent. But, it is effective only after the deny-read feature is enabled on the Solidcore agent.
607245
4.9.0-246
Will not fix
Issue: No events are generated for changes to a file with the string solidcore.log in its name (example: mysolidcore.log)
610254
5.0.1-1
Will not fix
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gz file is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
5.1.0-6817
Will not fix
Issue: Localized strings not consistent. Partial localization occurs in some events and messages.
762449
6.1.0-9301
Will not fix
Issue: Events are generated if a special device file is renamed.
797291
6.1.0-9323
Will not fix
Issue: After Dynamic Kernel Module compilation, an empty file named 2 gets created in the dksdirectory.
797363
6.1.0-9323
Issue: The sadmin xray command does not list the attr specific configurations for the running process.
798843
6.1.0-9323
Will not fix
Issue: You might observe unexpected behavior if a process exits without closing one or more changed files.
807180
6.1.0-9402
Will not fix
Issue: Installation on a non pre-compiled kernel fails if you run the installer from a Windows share that is mounted with CIFS.
Mount the Windows share using NFS.
811983
6.1.0
Issue: Property collection on ePO and the endpoint might show different versions of Solidifier if the system is not rebooted after upgrade.
812578
6.1.0-9434
Will not fix
Issue: On some kernels, error messages related to scdrv are displayed in the console during system boot.
818828
6.1.0-9463
Issue: Withe VirusScan Enterprise for Linux (VSEL) 1.7 installed, the VSEL service stops with errors on the CLI.
989865
6.1.5-224
Will not fix
Issue: Installation of Solidifier should not occur in a symbolic link path.
Issue: After upgrading to MCC 6.1.7, new advanced exclusion filters (AEF)/updaters and attr rules re not added as default rules.
1053355
6.1.7-192
Will not fix
Issue: If you erroneously try to stop the Solidcore service by using the systemctl command in Enabled mode, a subsequent attempt to stop the service in Disabled mode might fail.
To stop the service in Disabled mode, use the following commands:
Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow. Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the Solidcore Agent Deployment Package to a local directory on the ePO server. Access the ePO console through a browser window on the ePO server. Upload the file from the local path. Then, the upload happens from the ePO server to ePO and avoid network delays.
607452
Issue: ePO 4.6 reports and dashboard entries are not removed after the Solidcore Extension is uninstalled. Workaround: If you are uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling, and before reinstalling.
607517
Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347
Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304
Issue: It is not possible to export data from the Reporting, Solidcore Events page. Workaround: Use Queries (Reporting, Queries) to export event data.
636769
Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table are not migrated to the ePO Events table.
636352
Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554
Issue: Solidcore policies can't be duplicated using the Policy Details page because the OK button is disabled. Workaround: Use the Policy Catalog page to duplicate policies.
643854
Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button is not enabled when changes are made to Solidcore Policies. Workaround: Edit the policy using the Policy Catalog without using Guided Configuration.
608374
Issue: When you try to enable an already enabled Solidcore Agent, the error displayed is not translated.
607908
Issue: It is not possible to export more than 50,000 records from any table or report.
608025
Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU is not added.
609911
Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO server. Workaround: Use Internet Explorer from a different computer to export rule groups.
610303
Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0. Workaround: Technical Support recommends using Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).
608753
Issue: Sometimes, using the user name field of reported events on the ePO server as a trusted user might not work if the client system is part of an Active Directory domain. The reason is because the domain name reported in the events is not the full AD domain. Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete user name to specify as the trusted user.
608390
Issue: When viewing an Integrity Monitor policy, the My Rules tab is not translated.
669563
Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5,000 hosts), the Systems with Unauthorized changes page does not open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and the user is logged off the ePO console.
656518
Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working. Workaround: Upgrade the required DLL with the following command: https://<ePO_IP_address: port>remote/scor.upgradeEventParser.do
661203
Issue: If you are using reconciliation with Solidcore Extension 5.1.1 or earlier and upgrade to Solidcore Extension 5.1.2 or later, you can't access the older reconciliation data.
607950
Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486
Issue: When using the ePO 4.6 console, navigating quickly through the Events and Inventory pages logs off the user.
714176
Issue: On ePO 4.6 Update 1 or 2, if you add multiple commands to a Run Commands client task while you create the task, you can't later remove the commands from the saved client task.
719796
Issue: Global Catalog search for Active Directory (AD) groups is not supported. Workaround: Search for a group in a specific AD server instead of using the Global Catalog.
To add a specific group:
Log on to the ePO 4.x console.
Add the AD server with the group as a Registered Server.
Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
Add the group to a policy as a trusted group.
722045
Issue: Adding new columns, such as Solidcore Status and Solidification Status,for an endpoint by clicking Actions, Choose columns, noncompliant Solidcore Agent might not display values for all endpoints. The reason is because the noncompliant Solidcore Agent section includes only noncompliant agent properties. Workaround: When adding new columns for an endpoint, click Actions, Choose columns, Solidcore Client Properties instead of Actions, Choose columns, noncompliant Solidcore Agent.
695769
Issue: Under the Content Change Tracking feature, the view file page goes blank for a file size of around 1 MB.
800014
Issue: Extra events are reconciled when you perform manual reconciliation from custom queries. Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page directly by clicking Menu, Reporting, Solidcore Events.
NOTE: This option does not work well if you reach Solidcore Events by drilling down from a Query page.
882821
Issue: Sorting is not supported on the Last Modification Time column on the Content Change Tracking page.
937037
Issue: You can't upgrade Solidcore help extension from previous versions. Workaround: Uninstall the old help extension and install the new one.
Issue: MAC/MCC 6.1.7 are not compatible with VirusScan Enterprise for Linux (VSEL) 2.0.
900761
Issue: When MCC is placed in a Disabled state and the endpoint is not rebooted, an upgrade of MCC does not successfully complete. The reason is because the driver is not unloaded. Workaround: Reboot the endpoint (after disabling MCC) and perform the upgrade task again.
608671
Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO is not supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. Technical Support recommends that you uninstall the existing version and then install the new version using ePO.
608737
Issue: If the partition with the /opt/McAfee/cma directory has insufficient space, events might not be generated. Also, a Failed to generate event xml error message is added to the solidcore.log file. Free up space in partition with the /opt/McAfee/cma directory.
601728
Issue: According to the NFS protocol, if a file present on the NFS share is opened once on the NFS client, it can't be reopened until the file attributes are changed. If a read-protected file, on an NFS share, is opened on the client in Update mode, the user could read it on the client. They can read it in Enabled mode (after coming out of the Update mode) until the file attributes are changed on the server.
601734
Issue: Changing a hard link might cause the name of the link or program to display in events.
601914
Issue: For daemon processes, the reported user name and original user name are the same.
602653
Issue: A write-protected file can be changed through its hard link if the hard link has already been created.
602772
Issue: Scripts without the #! tag can't act as updaters.
602977
Issue: For loopback file systems, some features, such as updater and monitoring, do not work correctly when the loopback path is used instead of the physical path in the sadmin commands. For instance, if /optis mounted as a loopback file system at/mnt, to add/mnt/abcas an updater, you must add the path /opt/abcas an updater.
602990
Issue: Some features, such as updaters and mon-proc-exec, do not work properly for unsupported file formats. Only executable binaries and#!scripts are supported file formats.
603462
Issue: The BOOTING_ENABLED and BOOTING_UPDATE_MODE events are not added to the system log. Workaround: At boot time, start the syslog service before the Solidcore Agent service.
603490
Issue: You observe the following issues when an updater calls another updater:
If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.
604780
Issue: For processes that are not directly associated with a terminal, the original_user field is the same as the user field. For example, when you run a script through Runlevel/init scripts, original_useris same as the user.
605062
Issue: The mmap system call at the NFS client does not work if the file is read-protected.
606674
Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.
607014
Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.
607024
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to Solidcore Agent, but it is effective only after the deny-read feature is enabled on the Solidcore Agent.
607245
Issue: No events are generated for changes to a file with the stringsolidcore.log in its name, for example, mysolidcore.log.
601763
Issue: Process information can't be determined for processes that are invoked before the Solidcore Agent driver is loaded. This issue has the following implications:
If such a process makes file changes, these changes might not be reported.
For processes that started before the driver was loaded, only the partial program names are reported.
For NFS, the changes made by the client, the change events displaying on the server have only the relative name for the NFS daemon (in other words, nfsd or nfsktcpd).
No Process Start and Process Stop events are generated for already running processes.
On only the AIX platform, Change Tracking / Prevention on file systems mounted by such processes might or might not work. System calls executed by already running processes can't be trapped because of differences in the way system calls are implemented for the AIX platform. As a workaround, you can restart such processes.
604604
Issue: Write/read protection does not work on files added via cachefs/lofs.
613214
Issue: If the installation path is a mount point, forcibly unmounting (for example, using the umount –fcommand) might lead to non-deterministic behavior.
603386
Issue: The Solidcore Agent can't be installed, upgraded, or uninstalled through init scripts that run at system boot time. Workaround: Add the following two statements in the init script before invoking the installer:
HOME=""/"" export HOME
613205
Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For example, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.
613213
Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls and multiple FILE_MODIFIED events are generated at the NFS server.
610254
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gz file is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
Issue: Localized strings not consistent. Partial localization occurs in some events and messages.
708279
Issue: For RHEL5/RHEL6 (kernels earlier than 2.6.32-220) and kernels of SLES 10/SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over an NFSv4 partition.
762449
Issue: Events are generated if a special device file is renamed.
797291
Issue: After Dynamic Kernel Module compilation, an empty file named 2 gets created in the dksdirectory.
797363
Issue: TheSadmin Xray command does not list the attr specific configurations for the running process.
798843
Issue: You might observe unexpected behavior if a process exits without closing one or more changed files.
807180
Issue: Installation on a non pre-compiled kernel fails if you run the installer from a Windows share that is mounted using CIFS. Workaround: Mount the Windows share using NFS.
811983
Issue: Property collection on ePO and the endpoint might show different versions of Solidifier if the system is not rebooted after upgrade.
812578
Issue: On some kernels, error messages related to scdrv are displayed in the console during system boot.
818828
Issue: With VirusScan Enterprise for Linux (VSEL) 1.7 installed, the VSEL service stops with errors on the CLI.
989865
Issue: Installation of Solidifier should not occur in a symbolic link path.
Issue: After upgrading to MCC 6.1.7, new advanced exclusion filters (AEF)/updaters and attr rules are not added as default rules.
1053355
Issue:If you erroneously try to stop the Solidcore service by using the systemctlcommand in Enabled mode, a subsequent attempt to stop the service in Disabled mode might fail. Workaround: To stop the service in Disabled mode, use the following commands:
Issue: When you log on to a solidified system using Telnet as a non-root user, the original_user name displays as root.
602981
Issue: When you mount a single share on more than one mount point and perform a file operation from any of these mount points, events that show the path name might refer to any of those shares.
1009579
Issue: On a protected system running Red Hat Enterprise Linux (RHEL) 5 with kernel 2.6.18-308.EL5 or later, the deny-read feature does not work on an NFSv4 mounted partition.
1211104
Issue: After running automated testing tool (Solomon), there is a crash in UBUNTU 16.04 x86 platform with kernel 4.4.0-47-generic.
1224787
Issue: MACC service stops working after running the command sadmin disable and restarting Solidcore service. Workaround: To complete entering disabled mode, reboot the system. After you reboot the system, it operates as expected.
Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow. Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the Solidcore Agent Deployment Package to a local directory on the ePO server. Open a browser window on the ePO server, access the ePO console, and upload the file from the local path. The upload happens from the ePO server to ePO avoiding network delays.
607452
Issue: ePO 4.6 reports and dashboard entries are not removed after the Solidcore Extension is uninstalled. Workaround: If you are uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling, and before reinstalling.
607517
Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347
Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304
Issue: It is not possible to export data from the Reporting, Solidcore Events page. Workaround: Use Queries (Reporting, Queries) to export event data.
636769
Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table are not migrated to the ePO Events table.
636352
Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554
Issue: Solidcore policies can't be duplicated using the Policy Details page because the OK button is disabled. Workaround: Use the Policy Catalog page to duplicate policies.
643854
Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button is not enabled when changes are made to Solidcore Policies. Workaround: Edit the policy using the Policy Catalog without using Guided Configuration.
608374
Issue: When you try to enable an already enabled Solidcore Agent, the error displayed is not translated.
607908
Issue: It is not possible to export more than 50,000 records from any table or report.
608025
Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU is not added.
609911
Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO server. Workaround: Use Internet Explorer from a different computer to export rule groups.
610303
Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0. Workaround: Technical Support recommends using Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).
608753
Issue: Sometimes, using the user name field of reported events on the ePO server as a trusted user might not work if the client system is part of an Active Directory domain. The reason is because the domain name reported in the events is not the full AD domain. Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete user name to specify as the trusted user.
608759
Issue: If ePO is installed on the Japanese version of Windows, exporting the dashboard data to HTML format fails if the generated HTML file name contains digits.
608390
Issue: When viewing an Integrity Monitor policy, the My Rules tab is not translated.
669563
Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5,000 hosts), the Systems with Unauthorized changes page does not open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and the user is logged off the ePO console.
656518
Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working. Workaround: Upgrade the required DLL with the following command: https://<ePO_IP_address: port>remote/scor.upgradeEventParser.do
661203
Issue: If you use reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you can't access the older reconciliation data.
607950
Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486
Issue: When using the ePO 4.6 console, navigating quickly through the Events and Inventory pages logs off the user.
714176
Issue: On ePO 4.6 Update 1 or 2, if you add multiple commands to a Run Commands client task while you create the task, you can't later remove the commands from the saved client task.
719796
Issue: Global Catalog search for Active Directory (AD) groups is not supported. Workaround: Search for a group in a specific AD server instead of using the Global Catalog.
To add a specific group:
Log on to the ePO 4.x console.
Add the AD server with the group as a Registered Server.
Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
Add the group to a policy as a trusted group.
722045
Issue: Adding new columns, such as Solidcore Status and Solidification Status,for an endpoint by clicking Actions, Choose columns, noncompliant Solidcore Agent might not display values for all endpoints. The reason is because the noncompliant Solidcore Agent section includes only noncompliant agent properties. Workaround: When adding new columns for an endpoint, click Actions, Choose columns, Solidcore Client Properties instead of Actions, Choose columns, noncompliant Solidcore Agent.
695769
Issue: Under the Content Change Tracking feature, the view file page goes blank for a file size of around 1 MB.
800014
Issue: Extra events are reconciled when you perform manual reconciliation from custom queries. Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page directly by clicking Menu, Reporting, Solidcore Events.
NOTE: This option does not work well if you reach Solidcore Events by drilling down from a Query page.
882821
Issue: Sorting is not supported on the Last Modification Time column on the Content Change Tracking page.
937037
Issue: You can't upgrade Solidcore help extension from previous versions to 6.1.2.020. Workaround: Uninstall the old help extension and install the new one.
Issue: For an unsupported kernel, the Build property of the endpoint on the ePO properties screen displays as Compiled.
944538
Issue: MAC/MCC 6.1.4 are not compatible with VSEL 2.0.
900761
Issue: When the endpoint is Disabled and not rebooted, the product upgrade is not successful. The reason is because the driver is not unloaded. Workaround: Reboot the endpoint system and perform the upgrade task again.
The following issues are from the MCC 6.1.0 Linux/UNIX release
608671
Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO is not supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. Technical Support recommends that you uninstall the existing version and then install the new version using ePO.
608737
Issue: If the partition with the/opt/McAfee/cmadirectory has insufficient space, events might not be generated. Also, a Failed to generate event xml error message is added to the solidcore.logfile. Free up space in partition with the /opt/McAfee/cma directory.
601728
Issue: According to NFS protocol, if a file present on the NFS share is opened once on the NFS client, it can't be reopened until the file attributes are changed. If a read-protected file, on an NFS share, is opened on the client side in update mode, the user could be read it on the client. It can be read in enable mode (after coming out of the update mode) until the file attributes are changed on the server.
601734
Issue: Changing a hard link might cause the name of the link or program to display in events.
601914
Issue: For daemon processes, the reported user name and original user name are the same.
602653
Issue: A write-protected file can be changed through its hard link if the hard link has already been created.
602772
Issue: Scripts without the #! tag can't act as updaters.
602977
Issue: For loopback file systems, some features, such as updater and monitoring, do not work correctly when the loopback path is used instead of the physical path in the sadmin commands. For instance, if /optis mounted as a loopback file system at/mnt, to add/mnt/abcas an updater, you must add the path /opt/abcas an updater.
602990
Issue: Some features, such as updaters and mon-proc-exec, do not work properly for unsupported file formats. Only executable binaries and#!scripts are supported file formats.
603462
Issue: The BOOTING_ENABLEDand BOOTING_UPDATE_MODEevents are not added to the system log. Workaround: At boot time, start the syslog service before the Solidcore Agent service.
603490
Issue: The following issues are observed when an updater calls another updater:
If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.
604780
Issue: For processes that are not directly associated with a terminal, the original_user field is the same as the user field. For example, when you run a script through Runlevel/init scripts, original_user is same as the user.
605062
Issue: The mmap system call at the NFS client does not work if the file is read-protected.
606674
Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.
607014
Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.
607024
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to Solidcore Agent. But, it is effective only after the deny-read feature is enabled on the Solidcore Agent.
607245
Issue: No events are generated for changes to a file with the stringsolidcore.log in its name, for example, mysolidcore.log.
601763
Issue: Process information can't be determined for processes that are invoked before the Solidcore Agent driver is loaded. This issue has the following implications:
If such a process makes file changes, these changes might not be reported.
For processes that started before the driver was loaded, only the partial program names are reported.
For NFS, the changes done by the client, the change events displaying on the server have only the relative name for the NFS daemon (in other words, nfsd or nfsktcpd).
No Process Start and Process Stop events are generated for already running processes.
On only the AIX platform, Change Tracking / Prevention on file systems mounted by such processes might or might not work. System calls executed by already running processes can't be trapped because of differences in the way system calls are implemented for the AIX platform. As a workaround, you can restart such processes.
604604
Issue: Write/read protection does not work on files added via cachefs/lofs.
613214
Issue: If the installation path is a mount point, forcibly unmounting (for example, using the umount –f command) might lead to non-deterministic behavior.
603386
Issue: The Solidcore Agent can't be installed, upgraded, or uninstalled through init scripts that run at system boot time. Workaround: Add the following two statements in the init script before invoking the installer:
HOME=""/"" export HOME
613205
Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For example, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.
613213
Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls and multiple FILE_MODIFIED events are generated at the NFS server.
610254
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gz file is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
Issue: Localized strings not consistent. Partial localization occurs in some events and messages.
708279
Issue: For RHEL5/RHEL6 (Kernel less than 2.6.32-220) and kernels of SLES 10/SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over an NFSv4 partition.
762449
Issue: Events are generated if a special device file is renamed.
797291
Issue: After Dynamic Kernel Module compilation, an empty file named 2 gets created in the dks directory.
797363
Issue: The Sadmin Xraycommand does not list the attr specific configurations for the running process.
798843
Issue: Unexpected behavior might be observed if a process exits without closing one or more changed files.
802433
Issue: If the volume is unsolidified, it is not listed as unsolidified in the output of sadmin status.
807180
Issue: Installation on a non pre-compiled kernel fails if you run the installer from a Windows share that is mounted using CIFS. Workaround: Mount the Windows share using NFS.
811983
Issue: Property collection on ePO and the endpoint might show different versions of Solidifier if the system is not rebooted after upgrade.
812578
Issue: On some kernels, error messages related to scdrv are displayed in the console during system boot.
818828
Issue: With VirusScan Enterprise for Linux (VSEL) 1.7 installed, the VSEL service stops with errors on the CLI.
989865
Issue: Installation of Solidifier should not occur in a symbolic link path.
Issue: When you log on to a solidified system using Telnet as a non-root user, the original_user name displays as root.
602981
Issue: When a single share is mounted on more than one mount point and a file operation is performed from any of these mount points, events that show the pathname might refer to any of those shares.
1009579
Issue: On a protected system running Red Hat Enterprise Linux 5 with kernel 2.6.18-308.EL5 or later, the deny-read feature does not work on an NFSv4 mounted partition.
Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow. Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Access the ePO console on the ePO server and upload the file from the local path. This method avoids possible network delays.
607452
Issue: ePO 4.6 reports and dashboard entries are not removed after the Solidcore Extension is uninstalled. Workaround: If you are uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling and before reinstalling.
607517
Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347
Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304
Issue: It is not possible to export data from the Reporting, Solidcore Events page. Workaround: Use Queries (Reporting, Queries) to export event data.
636769
Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table are not migrated to the ePO Events table.
636352
Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554
Issue: Solidcore policies can't be duplicated using the Policy Details page because the OK button is disabled. Workaround: Use the Policy Catalog page to duplicate policies.
643854
Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button is not enabled when changes are made to Solidcore Policies. Workaround: Edit the policy using the Policy Catalog without using Guided Configuration.
608374
Issue: When you try to enable an already enabled Solidcore Agent, the error displayed is not translated.
607908
Issue: It is not possible to export more than 50,000 records from any table or report.
608025
Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU is not added.
609911
Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO server. Workaround: Use Internet Explorer from a different computer to export rule groups.
610303
Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0. Workaround: Technical Support recommends Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).
608753
Issue: Sometimes, using the user name field of reported events on the ePO server as a trusted user might not work if the client system is part of an Active Directory domain. The reason is because the domain name reported in the events is not the full AD domain. Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete user name to specify as the trusted user.
608759
Issue: If ePO is installed on a Japanese version of Windows, exporting the dashboard data to HTML format fails if the generated HTML file name contains digits.
608390
Issue: When viewing an Integrity Monitor policy, the My Rules tab is not translated.
669563
Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5,000 hosts), the Systems with Unauthorized changes page does not open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and the user is logged off the ePO console.
656518
Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working. Workaround: Upgrade the required DLL with the following command: https://<ePO IP address:port>/remote/scor.upgradeEventParser.do
661203
Issue: If you are using reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you can't access the older reconciliation data.
607950
Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486
Issue: When using the ePO 4.6 console, navigating quickly through the Events pages logs off the user.
714176
Issue: On ePO 4.6 Update 1 or Update 2, if you add multiple commands to a Run Commands client task while creating the task, you can't later remove the commands from the saved client task.
719796
Issue: Global Catalog search for Active Directory groups is not supported. Workaround: Search for a group in a specific Active Directory server instead of using the Global Catalog. To add a specific group:
Log on to the ePO 4.x console.
Add the AD server with the group as a registered server.
Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
Add the group to a policy as a trusted group.
722045
Issue: Adding new columns, such as Solidcore Status and Solidification Status,for an endpoint by clicking Actions, Choose columns, noncompliant Solidcore Agent might not display values for all endpoints. The reason is because the noncompliant Solidcore Agent section includes only noncompliant agent properties. Workaround: When adding new columns for an endpoint, click Actions, Choose columns, Solidcore Client Properties instead of Actions, Choose columns, noncompliant Solidcore Agent.
695769
Issue: Under the Content Change Tracking feature, the view file page goes blank for a file size of around 1 MB.
800014
Issue: Extra events are reconciled when manual reconciliation is performed from custom queries. Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page. Navigate to Menu, Reporting, Solidcore Events.
NOTE: This option does not work well if you reach Solidcore Events by drilling down from a Query page.
882821
Issue: Sorting is not supported on the Last Modification Time column on the Content Change Tracking page.
937037
Issue: You can't upgrade Solidcore help extension from previous versions to 6.1.2.020. Workaround: Uninstall the old help extension and install the new one.
Issue: The Original user name reported in events is the same as the user name.
595051
Issue: Multiple operating systems on the same computer are not supported. Product features work only on the operating system it is installed on.
599812
Issue: Uninstallation fails if the uninstallation process is canceled before it completes.
600805
Issue: While opening a write-protected network share in Windows Explorer, a few deny-write errors are observed.
603747
Issue: The trusted, solidified, and write-protect features do not work correctly for folder-mounted volumes. Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes.
604153
Issue: Post installation script customization is not available during upgrades. It can be used only during a fresh installation of the Solidcore Agent.
608036
Issue: Mapped drive names can't be used in commands issued by remote users/ePO.
634733
Issue: If the database tables are corrupted, the Solidcore Agent upgrade fails and you see the following error message:
""Database: . Could not load table 'Control' in SQL query: SELECT `Control`,
`Type`, `X`, `Y`, `Width`, `Height`, `Attributes`, `Property`, `Text`,
`Control_Next`, `Help` FROM `Control` WHERE `Dialog_`=?"""
Workaround: Use silent installation instead of UI mode installation.
605369
Issue: When an agent installer runs the Solidcore Agent installer with the/? argument, a series of unwanted dialog boxes display because of a bug in the third-party packaging software. You can ignore these dialog boxes.
609311
Issue: Manual uninstallation of the Solidcore Agent (deployed from ePO) fails on a client computer with McAfee Agent version 4.0 (or earlier). Workaround: Contact Technical Support for assistance if you have already tried manual uninstallation.
598002
Issue: Registry key protection does not work for all registry key hives, it works only for HKEY_LOCAL_MACHINE.
599240
Issue: A subkey registry does not get added to a protected registry key when using the reg command.
601500
Issue: Creating a shortcut in a read-protected directory is not allowed.
602122
Issue: Any file operation performed on a read-protected file generates deny-read events that correspond to the file even when the file operation is allowed.
603032
Issue: Changes to folder-mounted volumes that do not have an associated drive letter can't be monitored. Workaround: Assign a drive letter to a volume before mounting it on any other folder.
603628
Issue: On 64-bit platforms, ACL change events are not generated when the update mechanism supersedes the deny-write policies for registries.
605371
Issue: When you try to read a read-protected file with certain file flags set through Windows Explorer, read-denied events might not be written to the event viewer. The events are recorded in the Solidcore Agent log file.
606496
Issue: Only full long names are supported with commands that accept file or folder names. For example, names such as c:\myPackages\SETUP-~1.EXE are not supported.
606532
Issue: Virtual drive paths are not supported as path values in Solidcore Agent commands, such as write-protect, read-protect, and monitor.
600748
Issue: Multiple deny write events might be generated for a single deny write action. For example, on deletion of a file using Windows Explorer, up to 8 file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting in an event for each attempt.
608639
Issue: After you uninstall the Solidcore client from the Windows (64-bit) operating system, the Solidcore folder (c:\program files(x86)\solidcore) and Registry link (HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates) remain on the endpoint.
691196
Issue: For a file where you are tracking content changes, you receive an unknown error if connectivity issues occur while sending metadata for the file from the endpoint to the ePO console. Workaround: When network connectivity resumes, the next change to the file is reflected accurately on the ePO console.
685124
Issue: If you are running VirusScan Enterprise (VSE) 8.8 with the Access Protection Level set to Maximum, you can't deploy Solidcore on the endpoint.
724796
Issue: Although you can track content changes for a read-protected file, you can't view the actual changes. The reason is because the read protection rule prevents the software from fetching file contents from the endpoint.
726020
Issue: If you upgrade from an earlier release to the 6.0 release and use a command added or changed in the 6.0 release without restarting the endpoint, you might receive a Msg not found error. Workaround: Restart the endpoint to make sure that all commands added or changed in the 6.0 release work correctly.
770524
Issue: The scormcpl.dll displays an older version in inventory after it is upgraded.
799559
Issue: If you exclude the .bat extension from monitoring, events for batch file operations are generated.
812964
Issue: If the Updater flag is removed for a cert rule over ePO, the certificate is listed as updater on the endpoint.
656298
Issue: Upgrade via a hotfix build fails in Update mode if initiated through an ePO Product Update Task.
876430
Issue: For monitoring and change control rules with *, the longest path rule is not given precedence for conflicting rules.
881480
Issue: Revisions are not reported for Content Change tracking if user events are filtered using the filter rules. Workaround: Exclude the user from event filtering and apply advanced filters for the user excluding unwanted events for files and directories.
894237
Issue: For a directory-based Content Change Tracking rule, renaming of the directory or its subdirectory generates spurious monitor events.
919290
Issue: The Registry Name in mon events is inconsistent.
Issue: During manual installation of the Solidcore Agent on Windows 2008 R2 (64-bit), a Windows installer encountered a validation error message displays for the msiexec.exe and kernelbase.dll files. Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation.
Windows 2008 (64-bit)
Reference
Description
609780
Issue: On Windows 2008 (64-bit), the rundll32.exe file crashes if an application is uninstalled via Add/Remove Programs after the SetupInstallFromInfSection() function was used to install the application.
Windows 7 (64-bit)
Reference
Related
Article
Found in version
Resolved in Version
Description
708226
Issue: MCC is functionally incompatible with Avecto Privilege guard.
Windows XP
Reference
Description
601738
Issue: On Windows XP SP2, deny-write errors with two different file names or folder names are logged when a file or folder is created under a write-protected folder.
604834
Issue: On Windows XP, NTFS junction points are supported only when junctions are created for volumes and not for folders.
Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO is not supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. Technical Support recommends that you uninstall the existing version and then install the new version using ePO.
608737
Issue: If the partition with the /opt/McAfee/cma directory has insufficient space, events might not be generated and the Failed to generate event xml error message is added to the solidcore.log file. Free up space in the partition with the/opt/McAfee/cmadirectory.
601728
Issue: According to NFS protocol, if a file present on the NFS share is opened once on the NFS client, it can't be reopened until the file attributes are changed. A read-protected file, on an NFS share, opened on the client side in Update mode, can be read on the client. It can be read even in Enable mode (after coming out of the Update mode) until the file attributes are changed on the server.
601734
Issue: Changing a hard link might cause the name of the link or program to be displayed in events.
601914
Issue: For daemon processes, the reported user name and original user name are the same.
602653
Issue: A write-protected file can be changed through its hard link if the hard link has already been created.
602772
Issue: Scripts without a #! tag can't act as updaters.
602977
Issue: For loopback file systems, some features such as updater and monitoring, do not work correctly when the loopback path is used instead of the physical path in the sadmin commands. For instance, if /optis mounted as a loopback file system at/mnt, to add/mnt/abcas an updater you must add the path /opt/abcas an updater.
602990
Issue: Some features like updaters and mon-proc-exec do not work properly for unsupported file formats. Only executable binaries and#!scripts are supported file formats.
603462
Issue: The BOOTING_ENABLEDand BOOTING_UPDATE_MODEevents are not added to the system log. Workaround: At boot time, start the syslog service before the Solidcore Agent service.
603490
Issue: The following issues are observed when an updater calls another updater:
If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.
604780
Issue: For processes that are not directly associated with a terminal, the original_user field is the same as the user field.
For example, when you run a script through Runlevel/init scripts, original_user is the same as the user.
605062
Issue: The mmap system call at the NFS client does not work if the file is read-protected.
606674
Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.
607014
Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.
607024
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to the Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.
607245
Issue: No events are generated for changes to a file with the string solidcore.log in its name. For example, mysolidcore.log.
601763
Issue: Process information can't be determined for processes that are invoked before the Solidcore Agent driver is loaded. This issue has the following implications:
If these processes make file changes then the changes might not be reported.
For processes that started before the driver was loaded, only the partial program names are reported.
For NFS, the changes done by the client, the change events displayed on the server have only the relative name for the NFS daemon (in other words, nfsd or nfsktcpd).
No Process Start and Process Stop events are generated for already running processes.
On only the AIX platform: Change Tracking / Prevention on file systems mounted by these processes might or might not work. System calls executed by already running processes can’t be trapped due to differences in the way system calls are implemented. As a workaround, you can restart such processes.
604604
Issue: Write/read protection does not work on files added via cachefs/lofs.
613214
Issue: If the installation path is a mount point, forcibly unmounting (Example: Using the umount –fcommand) might lead to non-deterministic behavior.
603386
Issue: The Solidcore Agent can't be installed, upgraded, or uninstalled through init scripts that run at system boot time. Workaround: Add the following two statements in the init script before invoking the installer:
HOME=""/"" export HOME
613205
Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For example, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.
613213
Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls and multiple FILE_MODIFIED events are generated at the NFS server.
610254
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gz file is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
Issue: Localized strings are not consistent. Partial localization occurs in some events and messages.
708279
Issue: For RHEL5/RHEL6 (kernels earlier than 2.6.32-220) and kernels of SLES 10/SUSE11 (excluding SLES11 SP2), FILE_CREATEDevents are incorrectly reported as FILE_ATTR_MODIFIEDover an NFSv4 partition.
762449
Issue: Events are generated if a special device file is renamed.
797291
Issue: During Dynamic Kernel Module compilation, an empty file named 2 is created in the dks directory.
797363
Issue: The Sadmin Xraycommand does not list the attr specific configurations for the running process.
798843
Issue: Unexpected behavior might be observed if a process exits without closing one or more changed files.
802433
Issue: If the volume is unsolidified, it is not listed as unsolidified in the output of ‘sadmin status’.
807180
Issue: Installation on a non pre-compiled kernel fails if the installer runs from a Windows share that is mounted using CIFS. Workaround: Mount the Windows share using NFS.
811983
Issue: Property collection on ePO and the endpoint might show different versions of solidifier if the system is not rebooted after upgrade.
812578
Issue: On some kernels, you see error messages related to scdrv in the console during system boot.
818828
Issue: With VirusScan Enterprise for Linux (VSEL) 1.7 installed, the VSEL service stops with errors on the CLI.
Issue: When you log on to a solidified system using Telnet as a non-root user, the original_user name displays as root.
602981
Issue: When a single share is mounted on more than one mount point and a file operation is performed, events that show the pathname might refer to any of those shares.
Issue: The Parent Process name might be incorrect in events if it can't be resolved properly.
605854
Issue: For file truncation operations, only a FILE_MODIFICATION event is generated. The behavior that occurs on an AIX platform differs on other UNIX platforms.
605639
Issue: For files that exist on an unsupported volume or processes that start from an unsupported volume, only the basename (not the complete path) displays in some events.
605819
Issue: For a user in the system WPAR with a UID that does not exist on the global environment, the user name can't be determined. Events for this user are raised with user name: UNKNOWN and original user name: UNKNOWN.
605899
Issue: The Solidcore Agent is not supported in Trusted Execution Environment.
649574
Issue: When you run the Enable client task from ePO for the AIX platform, the task is incorrectly listed as a failed task on the Client Task Log page. Workaround: The Enable client task runs successfully, so you can ignore the task status on the Client Task Log page.
664439
Issue: Files in an autofs file-system are reported with/? at the beginning. This issue has following implications:
Events have/? at the beginning of the path.
rp/wp does not work on such files.
649731
Issue: If you use McAfee Agent 4.5 (earlier than Update 3) on the AIX 6.1 (64-bit) platform, upgrade via ePO to Solidcore 5.1.1 fails. Complete the following steps to manually upgrade to the 5.1.1 version on AIX 6.1:
Stop the CMA service using the /usr/sbin/cma stop command.
Uncompress the SOLIDCOR511-7505_AIX.zip file.
Execute the slibclean command.
Execute mapkg_install.sh (sh mapkg_install.sh) from the output directory of the .zip file.
Complete one of the following steps:
If upgraded in Update mode, restart the system.
If upgraded in Disabled mode, start the CMA service (/usr/sbin/cma start).
777090
Issue: Under stress conditions, the event service is restarted, although there is no loss in functionality. This issue applies to AIX update 6.0.1.
Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow. Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Access the ePO console on the ePO server and upload the file from the local path. This workaround avoids possible network delays.
607452
Issue: ePO4.6 - Reports and dashboard entries are not removed after the Solidcore Extension is uninstalled. Workaround: If you are uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling and before reinstalling.
607517
Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347
Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304
Issue: It is not possible to export data from the Reporting, Solidcore Events page. Workaround: Use Queries (Reporting, Queries) to export event data.
636769
Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table are not migrated to the ePO Events table.
636352
Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554
Issue: Solidcore policies can't be duplicated by using the Policy Details page because the OK button is disabled. Workaround: Use the Policy Catalog page to duplicate policies.
643854
Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button is not enabled when changes are made to Solidcore Policies. Workaround: Edit the policy by using the Policy Catalog without using Guided Configuration.
608374
Issue: When you try to enable an already enabled Solidcore Agent, the error displayed is not translated.
607908
Issue: It is not possible to export more than 50,000 records from any table or report.
608025
Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU is not added.
609911
Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO Server. Workaround: Use Internet Explorer from a different computer to export rule groups.
610303
Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0. Workaround: Technical Support recommends Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).
608753
Issue: Sometimes, using the user name field of reported events on the ePO as a trusted user might not work if the client system is part of an Active Directory domain. The reason is because the domain name reported in the events is not the full AD domain. Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete user name to specify as the trusted user.
608759
Issue: If ePO is installed on a Japanese version of Windows, exporting the dashboard data to HTML format fails if the generated HTML file name contains digits.
608390
Issue: When viewing an Integrity Monitor policy, the My Rules tab is not translated.
669563
Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5000 hosts), the Systems with Unauthorized changes page does not open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and user is logged off the ePO console.
656518
Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working. Workaround: Upgrade the required DLL with the following command:
https://[ePO IP address:port]/remote/scor.upgradeEventParser.do
661203
Issue: If you are using reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you can't access the older reconciliation data.
607950
Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486
Issue: When using the ePO 4.6 console, navigating quickly through the Events pages logs off the user.
714176
Issue: On ePO 4.6 Update 1 or Update 2, if you add multiple commands to a Run Commands client task while creating the task, you can't later remove the commands from the saved client task.
719796
Issue: Global catalog search for Active Directory groups is not supported. Workaround: Search for a group in a specific Active Directory server instead of using the Global Catalog. To add a specific group:
Log on to the ePO 4.x console.
Add the AD server with the group as a registered server.
Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
Add the group to a policy as a trusted group.
722045
Issue: Adding new columns, such as Solidcore Status and Solidification Status for an endpoint by clicking Actions, Choose columns, noncompliant Solidcore Agent might not display values for all endpoints. The reason is because the noncompliant Solidcore Agent section includes only noncompliant agent properties. Workaround: When adding new columns for an endpoint, click Actions, Choose columns, Solidcore Client Properties instead of Actions, Choose columns, noncompliant Solidcore Agent.
695769
Issue: Under Content Change Tracking feature, the view file page goes blank for file size of around 1 MB.
800014
Issue: Extra events are reconciled when manual reconciliation done from custom queries. Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page. Navigate to Menu, Reporting, Solidcore Events.
NOTE: This option does not work well if you reach to Solidcore Events by drilling down from a Query page.
882821
Issue: Sorting is not supported on Last Modification Time column on the Content Change Tracking page.
921436
Issue: ePO 5.0 - File upload functionality does not work when file is uploaded from Internet Explorer 10 browser. The following action might not work when ePO 5.0 is used with Internet Explorer 10 browser.
Click Menu, Configuration.
Click Solidcore Rules, Rule Groups Page.
Workaround: Perform this action using other browsers (Example: Firefox, Chrome).
937037
Issue: Can't upgrade Solidcore help extension from previous versions to 6.1.2.020.
Workaround: Uninstall the old help extension and install the new one.
Issue: Original user name reported in events is the same as user name.
595051
Issue: Multiple operating systems on the same computer are not supported. Product features work only on the operating system it is installed on.
599812
Issue: Uninstallation fails if the uninstallation process is canceled before it completes.
600805
Issue: While opening a write-protected network share in Windows Explorer, few deny-write errors are observed.
603747
Issue: The trusted, solidified, and write-protect features do not work correctly for folder-mounted volumes. Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes.
604153
Issue: Post install script customization is not available during upgrades. It can only be used during fresh installation of the Solidcore Agent.
608036
Issue: Mapped drive names can't be used in commands issued by remote users/ePO.
634733
Issue: If the database tables are corrupted, the Solidcore Agent upgrade fails and you see the following error message:
""Database: . Could not load table 'Control' in SQL query: SELECT `Control`,
`Type`, `X`, `Y`, `Width`, `Height`, `Attributes`, `Property`, `Text`,
`Control_Next`, `Help` FROM `Control` WHERE `Dialog_`=?"""
Workaround: Use silent installation instead of UI mode installation.
605369
Issue: When an agent installer runs the Solidcore Agent installer with the/? argument, a series of unwanted dialog boxes display due to a bug in the third-party packaging software. You can ignore these dialog boxes.
609311
Issue: Manual uninstallation of the Solidcore Agent (deployed from ePO) fails on a client computer with McAfee Agent version 4.0 (or earlier). Workaround: Contact Technical Support for assistance if you have already tried manual uninstallation.
598002
Issue: Registry key protection does not work for all registry key hives, it works only for HKEY_LOCAL_MACHINE.
599240
Issue: A subkey registry does not get added to a protected registry key when using the reg command.
601500
Issue: Creating a shortcut in a read-protected directory is not allowed.
602122
Issue: Any file operation performed on a read-protected file generates deny-read events that correspond to the file even when the file operation is allowed.
603032
Issue: Changes to folder-mounted volumes that do not have an associated drive letter can't be monitored. Workaround: Assign a drive letter to a volume before mounting it on any other folder.
603628
Issue: On 64-bit platforms, ACL change events are not generated when the update mechanism supersedes the deny-write policies for registries.
605371
Issue: When you try to read a read-protected file with certain file flags set through Windows Explorer, read-denied events might not be written to the event viewer. The events are recorded in the Solidcore Agent log file.
606496
Issue: Only full long names are supported with commands that accept file or folder names. For example, Names such as c:\myPackages\SETUP-~1.EXE are not supported.
606532
Issue: Virtual drive paths are not supported as path values in Solidcore Agent commands, such as write-protect, read-protect, and monitor.
607024
Issue: The deny-read feature is disabled by default. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.
600748
Issue: Multiple deny write events might be generated for a single deny write action. For example, on deletion of a file using Windows Explorer, up to 8 file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting an event for each attempt.
608639
Issue: After you uninstall the Solidcore client from the Windows (64-bit) operating system, the Solidcore folder (c:\program files(x86)\solidcore) and Registry link (HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates) remain on the endpoint.
691196
Issue: For a file where you are tracking content changes, you receive an unknown error if connectivity issues occur while sending metadata for the file from the endpoint to the ePO console. Workaround: When network connectivity resumes, the next change to the file is reflected accurately on the ePO console.
685124
Issue: If you are running VirusScan Enterprise (VSE) 8.8 with the Access Protection Level set to Maximum, you can't deploy Solidcore on the endpoint.
724796
Issue: Although you can track content changes for a read-protected file, you can't view the actual changes. The reason is because the read protection rule prevents the software from fetching file contents from the endpoint.
726020
Issue: If you upgrade from an older release to the 6.0 release and use a command added or changed in the 6.0 release without restarting the endpoint, you might receive a Msg not found error. Workaround: Restart the endpoint to make sure that all commands added or changed in the 6.0 release work correctly.
770524
Issue: The scormcpl.dll displays an older version in inventory after it is upgraded.
799559
Issue: If you exclude the .bat extension from monitoring, events for batch file operations are generated.
812964
Issue: If the Updater flag is removed for a cert rule over ePO, certificate is listed as updater on the endpoint.
656298
Issue: Upgrade via hotfix build fails in Update Mode if initiated through an ePO Product Update Task.
876430
Issue: For monitoring and change control rules with '*', the 'longest path' rule is not given precedence for conflicting rules.
881480
Issue: Revisions not reported for Content Change tracking if user events are filtered using the filter rules. Workaround: Exclude the user from event filtering and apply advanced filters for the user for exclusion of unwanted events for files and directories.
894237
Issue: For a directory-based Content Change Tracking rule, renaming of the directory or its subdirectory generates spurious monitor events.
919290
Issue: The Registry Names in mon events are inconsistent.
Issue: During manual installation of the Solidcore Agent on Windows 2008 R2 (64-bit), the Windows installer encountered a validation error messagedisplays for the msiexec.exe and kernelbase.dll files. Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation.
Windows 2008 [64-bit]
Reference
Description
609780
Issue: On Windows 2008 (64-bit), the rundll32.exe file crashes if an application is uninstalled via the Add/Remove Programs after the SetupInstallFromInfSection() function was used to install the application.
Windows 7 [64-bit]
Reference
Description
708226
Issue: MCC is functionally incompatible with Avecto Privilege guard.
Windows XP
Reference
Description
601738
Issue: On Windows XP SP2, deny-write errors with two different file names or folder names are logged when a file or folder is created under a write-protected folder.
604834
Issue: On Windows XP, NTFS junction points are supported only when junctions are created for volumes and not for folders.
Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO is not supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. Technical Support recommends that you uninstall the existing version and then install the new version using ePO.
608737
Issue: If the partition with the /opt/McAfee/cma directory has insufficient space, events might not be generated and the Failed to generate event xml error message is added to the solidcore.log file. Free up space in partition with the /opt/McAfee/cma directory.
601728
Issue: According to NFS protocol, if a file present on the NFS share is opened once on the NFS client, it can't be reopened until the file attributes are changed. A read-protected file, on an NFS share, opened on the client side in update mode can be read on the client. It can be read even in enable mode (after coming out of the update mode) until the file attributes are changed on the server.
601734
Issue: Changing a hard link might cause the name of the link or program to be displayed in events.
601914
Issue: For daemon processes, the reported user name and original user name are the same.
602653
Issue: A write-protected file can be changed through its hard link if the hard link has already been created.
602772
Issue: Scripts without a #! tag can't act as updaters.
602977
Issue: For loopback file systems, some features such as updater and monitoring do not work correctly when the loopback path is used instead of physical path in the sadmin commands. For instance, if /optis mounted as a loopback file system at/mnt, to add/mnt/abcas an updater you must add the path /opt/abc as an updater.
602990
Issue: Some features like updaters and mon-proc-exec do not work properly for unsupported file formats. Only executable binaries and#!scripts are supported file formats.
603462
Issue: The BOOTING_ENABLEDand BOOTING_UPDATE_MODEevents are not added to the system log. Workaround: At boot time, start the syslog service before the Solidcore Agent service.
603490
Issue: The following issues are observed when an updater calls another updater:
If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.
604780
Issue: For processes that are not directly associated with a terminal, the original_user field is the same as the user field.
For example, when you run a script through Runlevel/initscripts, original_useris same as the user.
605062
Issue: The mmap system call at the nfs client does not work if the file is read-protected.
606674
Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.
607014
Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.
607024
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.
607245
Issue: No events are generated for changes to a file with the string“solidcore.log” in its name. For example, mysolidcore.log.
601763
Issue: Process information can't be determined for processes that are invoked before the Solidcore Agent driver is loaded. This fact has the following implications:
If these processes make file changes then the changes might not be reported.
For processes that started before the driver was loaded, only the partial program names are reported.
For NFS, the changes done by the client, the change events displayed on the server have only the relative name for the NFS daemon (in other words, nfsd or nfsktcpd).
No Process Start and Process Stop events are generated for already running processes.
On only the AIX platform: Change Tracking / Prevention on file systems mounted by these processes might or might not work. System calls executed by already running processes can't be trapped due to differences in the way system calls are implemented. As a workaround, you can restart such processes.
604604
Issue: Write/read protection does not work on files added via cachefs/lofs.
613214
Issue: If the install path is a mount point, forcibly unmounting (Example: Using the umount –fcommand) might lead to non-deterministic behavior.
603386
Issue: The Solidcore Agent can't be installed, upgraded, or uninstalled through init scripts that run at system boot time. Workaround: Add the following two statements in the init script before invoking the installer:
HOME=""/""
export HOME
613205
Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For instance, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.
613213
Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls and multiple FILE_MODIFIED events are generated at the NFS server.
610254
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gz file is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
Issue: Localized strings not consistent. Partial localization in some events and messages.
708279
Issue: For RHEL5/RHEL6 (Kernel less than 2.6.32-220) and kernels of SLES 10/SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over NFSv4 partition.
762449
Issue: Events are generated if special device file is renamed.
797291
Issue: During Dynamic Kernel Module compilation, an empty file named 2 is created in the dks directory.
797363
Issue: The Sadmin Xraycommand does not list the attr specific configurations for the running process.
798843
Issue: Unexpected behavior might be observed if a process exits without closing one or more changed files.
802433
Issue: If the volume is unsolidified, it is not listed as unsolidified in the output of ‘sadmin status’.
807180
Issue: Installation on a non pre-compiled kernel fails if the installer runs from a Windows share that is mounted using CIFS. Workaround: Mount the Windows share using NFS.
811983
Issue: Property collection on ePO and endpoint might show different versions of solidifier if the system is not rebooted after Upgrade.
812578
Issue: On some kernels, you see error messages related to scdrv in the console during system boot.
818828
Issue: With VirusScan Enterprise for Linux (VSEL) 1.7 installed, the VSEL service stops with errors on CLI.
Issue: When you log on to a solidified system using telnet as a non-root user, the original_user name displays as root.
602981
Issue: When a single share is mounted on more than one mount point and a file operation is performed, events that show the pathname might refer to any of those shares.
Issue: The Parent Process name might be incorrect in events if it can't be resolved properly.
605854
Issue: For file truncation operations, only a FILE_MODIFICATION event is generated. The behavior that occurs on AIX platforms is different on other UNIX platforms.
605639
Issue: For files that exist on an unsupported volume or processes that start from an unsupported volume, only the basename (not the complete path) displays in some events.
605819
Issue: For a user in system WPAR with a UID that does not exist on the global environment, the user name can't be determined. Events for this user are raised with user name: UNKNOWN and original user name: UNKNOWN.
605899
Issue: The Solidcore Agent is not supported in Trusted Execution Environment.
649574
Issue: When you run the Enable client task from ePO for the AIX platform, the task is incorrectly listed as a failed task on the Client Task Log page. Workaround: The Enable client task runs successfully, so you can ignore the task status on the Client Task Log page.
664439
Issue: Files in an autofs file system are reported with/? at the beginning. This issue has following implications:
Events have/? at the beginning of the path.
rp/wp does not work on such files.
649731
Issue: If you use McAfee Agent 4.5 (earlier than Update 3) on the AIX 6.1 (64-bit) platform, upgrade via ePO to Solidcore 5.1.1 fails. Complete the following steps to manually upgrade to the 5.1.1 version on AIX 6.1:
Stop the CMA service using the following command: /usr/sbin/cma stop
Uncompress the SOLIDCOR511-7505_AIX.zip file.
Execute the slibclean command.
Execute mapkg_install.sh (sh mapkg_install.sh) from the output directory of the .zip file.
Complete one of the following steps:
If upgraded in update mode, restart the system.
If upgraded in disabled mode, start the CMA service (/usr/sbin/cma start).
777090
Issue: Under stress conditions, the event service is restarted, although there is no loss in functionality. This issue applies to AIX update 6.0.1.
Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow. Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Access the ePO console on the ePO server and upload the file from the local path. This workaround avoids possible network delays.
607452
Issue: Reports and dashboard entries are not removed after the Solidcore Extension is uninstalled. Workaround: If you are uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling and before reinstalling.
607517
Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347
Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304
Issue: It is not possible to export data from the Reporting, Solidcore Events page. Workaround: Use Queries (Reporting, Queries) to export event data.
636769
Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table are not migrated to the ePO Events table.
636352
Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554
Issue: Solidcore policies can't be duplicated by using the Policy Details page because the OK button is disabled. Workaround: Use the Policy Catalog page to duplicate policies.
643854
Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button is not enabled when changes are made to Solidcore Policies. Workaround: Edit the policy by using the Policy Catalog without using Guided Configuration.
608374
Issue: When you try to enable an already enabled Solidcore Agent, the error displayed is not translated.
607908
Issue: It is not possible to export more than 50,000 records from any table or report.
608017
Issue: The Configuration page allows users to create a group with the name My Rules.
608025
Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU is not added.
609911
Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO Server. Workaround: Use Internet Explorer from a different computer to export rule groups.
610303
Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0. Workaround: McAfee recommends Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).
608753
Issue: Sometimes, using the user name field of reported events on the ePO as a trusted user might not work if the client system is part of an Active Directory domain. The reason is because the domain name reported in the events is not the full AD domain. Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete user name to specify as the trusted user.
608759
Issue: If ePO is installed on a Japanese version of Windows, exporting the dashboard data to HTML format fails if the generated HTML file name contains digits.
608390
Issue: When viewing an Integrity Monitor policy, the My Rules tab is not translated.
669563
Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5000 hosts), the Systems with Unauthorized changes page does not open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and user is logged off the ePO console.
656518
Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working. Workaround: Upgrade the required DLL with the following command:
https://[ePO IP address:port]/remote/scor.upgradeEventParser.do
661203
Issue: If you are using reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you can't access the older reconciliation data.
607950
Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486
Issue: When using the ePO 4.6 console, navigating quickly through the Events pages logs off the user.
714176
Issue: On ePO 4.6 Update 1 or Update 2, if you add multiple commands to a Run Commands client task while creating the task, you can't later remove the commands from the saved client task.
719796
Issue: Global catalog search for Active Directory groups is not supported. Workaround: Search for a group in a specific Active Directory server instead of using the Global Catalog. To add a specific group:
Log on to the ePO 4.x console.
Add the AD server with the group as a registered server.
Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
Add the group to a policy as a trusted group.
722045
Issue: Adding new columns, such as Solidcore Status and Solidification Status for an endpoint by clicking Actions, Choose columns, noncompliant Solidcore Agent might not display values for all endpoints. The reason is because the noncompliant Solidcore Agent section includes only noncompliant agent properties. Workaround: When adding new columns for an endpoint, click Actions, Choose columns, Solidcore Client Properties instead of Actions, Choose columns, noncompliant Solidcore Agent.
695769
Issue: Under Content Change Tracking feature, the view file page goes blank for file size of around 1 MB.
800014
Issue: Extra events are reconciled when manual reconciliation done from custom queries. Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page. Navigate to Menu, Reporting, Solidcore Events.
NOTE: This option does not work well if you reach to Solidcore Events by drilling down from a Query page.
882821
Issue: Sorting is not supported on Last Modification Time column on the Content Change Tracking page.
Issue: Original user name reported in events is the same as user name.
595051
Issue: Multiple operating systems on the same computer are not supported. Product features work only on the operating system it is installed on.
599812
Issue: Uninstallation fails if the uninstallation process is canceled before it completes.
600805
Issue: While opening a write-protected network share in Windows Explorer, few deny-write errors are observed.
603747
Issue: The trusted, solidified, and write-protect features do not work correctly for folder-mounted volumes. Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes.
604153
Issue: Post install script customization is not available during upgrades. It can only be used during fresh installation of the Solidcore Agent.
608036
Issue: Mapped drive names can't be used in commands issued by remote users/ePO.
634733
Issue: If the database tables are corrupted, the Solidcore Agent upgrade fails and the following error message is displayed:
""Database: . Could not load table 'Control' in SQL query: SELECT `Control`,
`Type`, `X`, `Y`, `Width`, `Height`, `Attributes`, `Property`, `Text`,
`Control_Next`, `Help` FROM `Control` WHERE `Dialog_`=?"""
Workaround: Use silent installation instead of UI mode installation.
605369
Issue: When an agent installer runs the Solidcore Agent installer with the/? argument, a series of unwanted dialog boxes display due to a bug in the third-party packaging software. You can ignore these dialog boxes.
609311
Issue: Manual uninstallation of the Solidcore Agent (deployed from ePO) fails on a client computer with McAfee Agent version 4.0 (or earlier). Workaround: Contact Technical Support for assistance if you have already tried manual uninstallation.
598002
Issue: Registry key protection does not work for all registry key hives, it works only for HKEY_LOCAL_MACHINE.
599240
Issue: A subkey registry does not get added to a protected registry key when using the reg command.
601500
Issue: Creating a shortcut in a read-protected directory is not allowed.
602122
Issue: Any file operation performed on a read-protected file generates deny-read events that correspond to the file even when the file operation is allowed.
603032
Issue: Changes to folder-mounted volumes that do not have an associated drive letter can't be monitored. Workaround: Assign a drive letter to a volume before mounting it on any other folder.
603628
Issue: On 64-bit platforms, ACL change events are not generated when the update mechanism supersedes the deny-write policies for registries.
605371
Issue: When you try to read a read-protected file with certain file flags set through Windows Explorer, read-denied events might not be written to the event viewer. The events are recorded in the Solidcore Agent log file.
606496
Issue: Only full long names are supported with commands that accept file or folder names. For example, Names such as c:\myPackages\SETUP-~1.EXE are not supported.
606532
Issue: Virtual drive paths are not supported as path values in Solidcore Agent commands, such as write-protect, read-protect, and monitor.
607024
Issue: The deny-read feature is disabled by default. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.
600748
Issue: Multiple deny write events might be generated for a single deny write action. For example, on deletion of a file using Windows Explorer, up to 8 file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting an event for each attempt.
608639
Issue: After you uninstall the Solidcore client from the Windows (64-bit) operating system, the Solidcore folder (c:\program files(x86)\solidcore) and Registry link (HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates) remain on the endpoint.
691196
Issue: For a file where you are tracking content changes, you receive an unknown error if connectivity issues occur while sending metadata for the file from the endpoint to the ePO console. Workaround: When network connectivity resumes, the next change to the file is reflected accurately on the ePO console.
685124
Issue: If you are running VirusScan Enterprise (VSE) 8.8 with the Access Protection Level set to Maximum, you can't deploy Solidcore on the endpoint.
724796
Issue: Although you can track content changes for a read-protected file, you can't view the actual changes. The reason is because the read protection rule prevents the software from fetching file contents from the endpoint.
726020
Issue: If you upgrade from an older release to the 6.0 release and use a command added or changed in the 6.0 release without restarting the endpoint, you might receive a Msg not found error. Workaround: Restart the endpoint to make sure that all commands added or changed in the 6.0 release work correctly.
770524
Issue: The scormcpl.dll displays an older version in inventory after it is upgraded.
799559
Issue: If you exclude the .bat extension from monitoring, events for batch file operations are generated.
812964
Issue: If the Updater flag is removed for a cert rule over ePO, certificate is listed as updater on the endpoint.
656298
Issue: Upgrade via hotfix build fails in Update Mode if initiated through an ePO Product Update Task.
876430
Issue: For monitoring and change control rules with '*', the 'longest path' rule is not given precedence for conflicting rules.
881480
Issue: Revisions not reported for Content Change tracking if user events are filtered using the filter rules. Workaround: Exclude the user from event filtering and apply advanced filters for the user for exclusion of unwanted events for files and directories.
894237
Issue: For a directory-based Content Change Tracking rule, renaming of the directory or its subdirectory generates spurious monitor events.
Issue: During manual installation of the Solidcore Agent on Windows 2008 R2 (64-bit), the Windows installer encountered a validation error displays for the msiexec.exe and kernelbase.dll files. Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation.
Windows 2008 [64-bit]
Reference
Description
609780
Issue: On Windows 2008 (64-bit), the rundll32.exe file crashes if an application is uninstalled via the Add/Remove Programs after the SetupInstallFromInfSection() function was used to install the application.
Windows 7 [64-bit]
Reference
Description
708226
Issue: MCC is functionally incompatible with Avecto Privilege guard.
Windows XP
Reference
Description
601738
Issue: On Windows XP SP2, deny-write errors with two different file names or folder names are logged when a file or folder is created under a write-protected folder.
604834
Issue: On Windows XP, NTFS junction points are supported only when junctions are created for volumes and not for folders.
Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO is not supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. McAfee recommends that you uninstall the existing version and then install the new version using ePO.
608737
Issue: If the partition with the /opt/McAfee/cma directory has insufficient space, events might not be generated and the Failed to generate event xml error message is added to the solidcore.log file. Free up space in partition with the /opt/McAfee/cma directory.
601728
Issue: According to NFS protocol, if a file present on the NFS share is opened once on the NFS client, it can't be reopened until the file attributes are changed. A read-protected file, on an NFS share, opened on the client side in update mode, can be read on the client. It can be read in enable mode (after coming out of the update mode) until the file attributes are changed on the server.
601734
Issue: Changing a hard link might cause the name of the link or program to display in events.
601914
Issue: For daemon processes, the reported user name and original user name are the same.
602653
Issue: A write-protected file can be changed through its hard link if the hard link has already been created.
602772
Issue: Scripts without a #! tag can't act as updaters.
602977
Issue: For loopback file systems, some features such as updater and monitoring do not work correctly when the loopback path is used instead of physical path in the sadmin commands. For instance, if /opt is mounted as a loopback file system at /mnt, to add /mnt/abc as an updater you must add the path /opt/abc as an updater.
602990
Issue: Some features like updaters and mon-proc-exec do not work properly for unsupported file formats. Only executable binaries and #! scripts are supported file formats.
603462
Issue: The BOOTING_ENABLED and BOOTING_UPDATE_MODE events are not added to the system log. Workaround: At boot time, start the syslog service before the Solidcore Agent service.
603490
Issue: The following issues are observed when an updater calls another updater:
If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.
604780
Issue: For processes that are not directly associated with a terminal, the original_user field is the same as the user field.
For example, when you run a script through Runlevel/init scripts, original_user is same as the user.
605062
Issue: The mmap system call at the nfs client does not work if the file is read-protected.
606674
Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.
607014
Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.
607024
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.
607245
Issue: No events are generated for changes to a file with the string “solidcore.log” in its name. For example, mysolidcore.log.
601763
Issue: Process information can't be determined for processes that are invoked before the Solidcore Agent driver is loaded. This issue has the following implications:
If these processes make file changes then the changes might not be reported.
For processes that started before the driver was loaded, only the partial program names are reported.
For NFS, the changes done by the client, the change events displayed on the server have only the relative name for the NFS daemon (that is, nfsd or nfsktcpd).
No Process Start and Process Stop events are generated for already running processes.
On only the AIX platform: Change Tracking / Prevention on file systems mounted by these processes might or might not work. System calls executed by already running processes can't be trapped due to differences in the way system calls are implemented. As a workaround, you can restart such processes.
604604
Issue: Write/read protection does not work on files added via cachefs/lofs.
613214
Issue: If the install path is a mount point, forcibly unmounting (Example: Using the umount –f command) might lead to non-deterministic behavior.
603386
Issue: The Solidcore Agent can't be installed, upgraded, or uninstalled through init scripts that run at system boot time. Workaround: Add the following two statements in the init script before invoking the installer:
HOME=""/""
export HOME
613205
Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For instance, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.
613213
Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls and multiple FILE_MODIFIED events are generated at the NFS server.
610254
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gz file is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
Issue: Localized strings not consistent. Partial localization in some events and messages.
708279
Issue: For RHEL5/RHEL6 (Kernel less than 2.6.32-220) and kernels of SLES 10/SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over NFSv4 partition.
762449
Issue: Events are generated if special device file is renamed.
797291
Issue: During Dynamic Kernel Module compilation, an empty file named 2 is created in the dks directory.
797363
Issue: The Sadmin Xraycommand does not list the attr specific configurations for the running process.
798843
Issue: Unexpected behavior might be observed if a process exits without closing one or more changed files.
802433
Issue: If the volume is unsolidified, it is not listed as unsolidified in the output of ‘sadmin status’.
807180
Issue: Installation on a non pre-compiled kernel fails if the installer runs from a Windows share that is mounted using CIFS. Workaround: Mount the Windows share using NFS.
811983
Issue: Property collection on ePO and endpoint might show different versions of solidifier if the system is not rebooted after Upgrade.
812578
Issue: On some kernels, error messages related to scdrv are displayed in the console during system boot.
818828
Issue: With VirusScan Enterprise for Linux (VSEL) 1.7 installed, the VSEL service stops with errors on CLI.
Issue: When you log on to a solidified system using telnet as a non-root user, the original_user name displays as root.
602981
Issue: When a single share is mounted on more than one mount point and a file operation is performed, events that show the pathname might refer to any of those shares.
AIX
Reference
Description
605295
Issue: The Parent Process name might be incorrect in events if it can't be resolved properly.
605854
Issue: For file truncation operations, only a FILE_MODIFICATION event is generated. This behavior on AIX platform is different from behavior on other UNIX platforms.
605639
Issue: For files that exist on an unsupported volume or processes that start from an unsupported volume, only the basename (not the complete path) displays in several events.
605819
Issue: For a user in system WPAR with a UID that does not exist on the global environment, the user name can't be determined. Events for this user are raised with user name: UNKNOWN and original user name: UNKNOWN.
605899
Issue: The Solidcore Agent is not supported in Trusted Execution Environment.
649574
Issue: When you run the Enable client task from ePO for the AIX platform, the task is incorrectly listed as a failed task on the Client Task Log page. Workaround: The Enable client task runs successfully, so you can ignore the task status on the Client Task Log page.
664439
Issue: Files in an autofs file-system are reported with/? at the beginning. This issue has following implications:
Events have/? at the beginning of the path.
rp/wp does not work on such files.
649731
Issue: If you use McAfee Agent 4.5 (earlier than Update 3) on the AIX 6.1 (64-bit) platform, upgrade via ePO to Solidcore 5.1.1 fails. Complete the following steps to manually upgrade to the 5.1.1 version on AIX 6.1:
Stop the CMA service using the following command: /usr/sbin/cma stop
Uncompress the SOLIDCOR511-7505_AIX.zip file.
Execute the slibclean command.
Execute mapkg_install.sh (sh mapkg_install.sh) from the output directory of the .zip file.
Complete one of the following steps:
If upgraded in update mode, restart the system.
If upgraded in disabled mode, start the CMA service (/usr/sbin/cma start).
777090
Issue: Under stress conditions, the event service is restarted, although there is no loss in functionality. This issue applies to AIX update 6.0.1.
Issue: The Solidcore 6.1 Extension is not supported in ePO versions 4.5 Update 2 (and earlier). Resolution: The 6.1 Extension is supported in ePO 4.5 Update 3 (and later).
608556
608557
Issue: Solidcore Extension does not install on ePolicy Orchestrator (ePO) if the database back-end is SQL Server 2000. It supports SQL Server 2005 with DB compatibility level of 90 and above.
608618
Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow. Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Then access the ePO console on the ePO server and upload the file from the local path. This workaround avoids possible network delays.
607452
Issue: Reports and dashboard entries are not removed after the Solidcore Extension is uninstalled. Workaround: If you are uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling and before reinstalling.
607517
Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347
Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304
Issue: It is not possible to export data from the Reporting, Solidcore Events page. Workaround: Use Queries (Reporting, Queries) to export event data.
636769
Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table are not migrated to the ePO Events table.
636352
Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554
Issue: Solidcore policies can't be duplicated by using the Policy Details page because the OK button is disabled. Workaround: Use the Policy Catalog page to duplicate policies.
643854
Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button is not enabled when changes are made to Solidcore Policies. Workaround: Edit the policy by using the Policy Catalog without using Guided Configuration.
608374
Issue: When you try to enable an already enabled Solidcore Agent, the error displayed is not translated.
607908
Issue: It is not possible to export more than 50,000 records from any table or report.
607963
Issue: An incorrect message (Monitor Failure) displays in ePO 4.5 when a user without the required permissions tries to access a dashboard.
608017
Issue: The Configuration page allows users to create a group with the name My Rules.
608025
Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU is not added.
609911
Issue: Export of rule groups does not work in Internet Explorer when opened from the ePO Server.
Workaround: Use Internet Explorer from a different computer to export rule groups.
610303
Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0. Workaround: Technical Support recommends Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).
608753
Issue: Sometimes, using the user name field of reported events on the ePO as a trusted user might not work if the client system is part of an Active Directory domain. The reason is because the domain name reported in the events is not the full AD domain. Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete user name to specify as the trusted user.
608759
Issue: If ePO is installed on a Japanese version of Windows, exporting the dashboard data to HTML format fails if the generated HTML file name contains digits.
608390
Issue: When viewing an Integrity Monitor policy, the My Rules tab is not translated.
669563
Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5000 hosts), the Systems with Unauthorized changes page does not open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and user is logged off the ePO console.
656518
Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working. Workaround: Upgrade the required DLL with the following command: https://[ePO IP address:port]/remote/scor.upgradeEventParser.do
661203
Issue: If you are using reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you can't access the older reconciliation data.
607950
Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486
Issue: When using the ePO 4.6 console, navigating quickly through the Events pages logs off the user.
714176
Issue: On ePO 4.6 Update 1 or Update 2, if you add multiple commands to a Run Commands client task while creating the task, you can't later remove the commands from the saved client task.
719796
Issue: Global catalog search for Active Directory groups is not supported.
Workaround: Search for a group in a specific Active Directory server instead of using the Global Catalog. To add a specific group:
Log on to the ePO 4.x console.
Add the AD server with the group as a registered server.
Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
Add the group to a policy as a trusted group.
722365
Issue: If a non-administrative user changes the displayed columns for an endpoint and adds any new columns, other endpoints (on which Change Control or Application Control is not installed) might be removed from the System Tree.
722045
Issue: Adding new columns, such as Solidcore Status and Solidification Status for an endpoint by clicking Actions, Choose columns, noncompliant Solidcore Agent might not display values for all endpoints. The reason is because the noncompliant Solidcore Agent section includes only noncompliant agent properties. Workaround: When adding new columns for an endpoint: Click Actions, Choose columns, Solidcore Client Properties instead of Actions, Choose columns, noncompliant Solidcore Agent.
695769
Issue: Under Content Change Tracking feature, the view file page goes blank for file size of around 1 MB.
800014
Issue: Extra events are reconciled when manual reconciliation done from custom queries. Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page. Navigate to Menu, Reporting, Solidcore Events.
NOTE: This option does not work well if you reach to Solidcore Events by drilling down from a Query page.
Issue: ‘Sadmin config export/import <file>’command might fail on standalone deployment.
608418
Issue: Original user name reported in events is the same as user name.
595051
Issue: Multiple operating systems on the same computer are not supported. Product features work only on the operating system it is installed on.
599812
Issue: Uninstallation fails if the uninstallation process is canceled before it completes.
600805
Issue: While opening a write-protected network share in Windows Explorer, few deny-write errors are observed.
603747
Issue: The trusted, solidified, and write-protect features do not work correctly for folder-mounted volumes. Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes.
604153
Issue: Post install script customization is not available during upgrades. It can only be used during fresh installation of the Solidcore Agent.
608036
Issue: Mapped drive names can't be used in commands issued by remote users/ePO.
634733
Issue: If the database tables are corrupted, the Solidcore Agent upgrade fails and the following error message is displayed:
""Database: . Could not load table 'Control' in SQL query: SELECT `Control`,
`Type`, `X`, `Y`, `Width`, `Height`, `Attributes`, `Property`, `Text`,
`Control_Next`, `Help` FROM `Control` WHERE `Dialog_`=?"""
Workaround: Use silent installation instead of UI mode installation.
605369
Issue: When an agent installer runs the Solidcore Agent installer with the/? argument, a series of unwanted dialog boxes display due to a bug in the third-party packaging software. You can ignore these dialog boxes.
609311
Issue: Manual uninstallation of the Solidcore Agent (deployed from ePO) fails on a client computer with McAfee Agent version 4.0 (or earlier). Workaround: Contact Technical Support for assistance if you have already tried manual uninstallation.
598002
Issue: Registry key protection does not work for all registry key hives, it works only for HKEY_LOCAL_MACHINE.
599240
Issue: A subkey registry does not get added to a protected registry key when using the reg command.
601500
Issue: Creating a shortcut in a read-protected directory is not allowed.
602122
Issue: Any file operation performed on a read-protected file generates deny-read events that correspond to the file even when the file operation is allowed.
603032
Issue: Changes to folder-mounted volumes that do not have an associated drive letter can't be monitored. Workaround: Assign a drive letter to a volume before mounting it on any other folder.
603628
Issue: On 64-bit platforms, ACL change events are not generated when the update mechanism supersedes the deny-write policies for registries.
605371
Issue: When you try to read a read-protected file with certain file flags set through Windows Explorer, read-denied events might not be written to the event viewer. The events are recorded in the Solidcore Agent log file.
606496
Issue: Only full long names are supported with commands that accept file or folder names. For example, Names such as c:\myPackages\SETUP-~1.EXE are not supported.
606532
Issue: Virtual drive paths are not supported as path values in Solidcore Agent commands, such as write-protect, read-protect, and monitor.
607024
Issue: The deny-read feature is disabled by default. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.
600748
Issue: Multiple deny write events might be generated for a single deny write action. For example, on deletion of a file using Windows Explorer, up to 8 file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting an event for each attempt.
608639
Issue: After you uninstall the Solidcore client from the Windows (64-bit) operating system, the Solidcore folder (c:\program files(x86)\solidcore) and Registry link (HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates) remain on the endpoint.
691196
Issue: For a file where you are tracking content changes, you receive an unknown error if connectivity issues occur while sending metadata for the file from the endpoint to the ePO console. Workaround: When network connectivity resumes, the next change to the file is reflected accurately on the ePO console.
685124
Issue: If you are running VirusScan Enterprise (VSE) 8.8 with the Access Protection Level set to Maximum, you can't deploy Solidcore on the endpoint.
724796
Issue: Although you can track content changes for a read-protected file, you can't view the actual changes. The reason is because the read protection rule prevents the software from fetching file contents from the endpoint.
726020
Issue: If you upgrade from an older release to the 6.0 release and use a command added or changed in the 6.0 release without restarting the endpoint, you might receive a Msg not found error. Workaround: Restart the endpoint to make sure that all commands added or changed in the 6.0 release work correctly.
770524
Issue: The scormcpl.dll displays an older version in inventory after it is upgraded.
799559
Issue: If you exclude the .bat extension from monitoring, events for batch file operations are generated.
812964
Issue: If the Updater flag is removed for a cert rule over ePO, certificate is listed as updater on the endpoint.
656298
Issue: Upgrade via hotfix build fails in Update Mode if initiated through an ePO Product Update Task.
Issue: During manual installation of the Solidcore Agent on Windows 2008 R2 (64-bit), the Windows installer encountered a validation error displays for the msiexec.exe and kernelbase.dll files. Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation.
Windows 2008 [64-bit]
Reference
Description
609780
Issue: On Windows 2008 (64-bit), the rundll32.exe file crashes if an application is uninstalled via the Add/Remove Programs after the SetupInstallFromInfSection() function was used to install the application.
Windows 7 [64-bit]
Reference
Description
708226
Issue: MCC is functionally incompatible with Avecto Privilege guard.
Windows XP
Reference
Description
601738
Issue: On Windows XP SP2, deny-write errors with two different file names or folder names are logged when a file or folder is created under a write-protected folder.
604834
Issue: On Windows XP, NTFS junction points are supported only when junctions are created for volumes and not for folders.
Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO is not supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. Technical Support recommends that you uninstall the existing version and then install the new version using ePO.
608737
Issue: If the partition with the /opt/McAfee/cma directory has insufficient space, events might not be generated and the Failed to generate event xml error message is added to the solidcore.log file. Free up space in partition with the /opt/McAfee/cma directory.
601728
Issue: According to NFS protocol, if a file present on the NFS share is opened once on the NFS client, it can't be reopened until the file attributes are changed. A read-protected file on an NFS share, opened on the client side in update mode, can be read on the client. It can be read in enable mode (after coming out of the update mode) until the file attributes are changed on the server.
601734
Issue: Changing a hard link might cause the name of the link or program to display in events.
601914
Issue: For daemon processes, the reported user name and original user name are the same.
602653
Issue: A write-protected file can be changed through its hard link if the hard link has already been created.
602772
Issue: Scripts without a #!tag can't act as updaters.
602977
Issue: For loopback file systems, some features such as updater and monitoring do not work correctly when the loopback path is used instead of physical path in the sadmin commands. For instance, if /opt is mounted as a loopback file system at /mnt, to add /mnt/abc as an updater you must add the path/opt/abcas an updater.
602990
Issue: Some features like updaters and mon-proc-exec do not work properly for unsupported file formats. Only executable binaries and#! scripts are supported file formats.
603462
Issue: The BOOTING_ENABLED and BOOTING_UPDATE_MODE events are not added to the system log. Workaround: At boot time, start the syslog service before the Solidcore Agent service.
603490
Issue: The following issues are observed when an updater calls another updater:
If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.
604780
Issue: For processes that are not directly associated with a terminal, the original_user field is the same as the user field.
For example, when you run a script through Runlevel/init scripts, original_user is same as the user.
605062
Issue: The mmap system call at the nfs client does not work if the file is read-protected.
606674
Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.
607014
Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.
607024
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.
607245
Issue: No events are generated for changes to a file with the string “solidcore.log” in its name. For example, mysolidcore.log.
601763
Issue: Process information can't be determined for processes that are invoked before the Solidcore Agent driver is loaded. This issue has the following implications:
If these processes make file changes then the changes might not be reported.
For processes that started before the driver was loaded, only the partial program names are reported.
For NFS, the changes done by the client, the change events displayed on the server have only the relative name for the NFS daemon (that is, nfsd or nfsktcpd).
No Process Start and Process Stop events are generated for already running processes.
On only the AIX platform: Change Tracking / Prevention on file systems mounted by these processes might or might not work. System calls executed by already running processes can't be trapped due to differences in the way system calls are implemented. As a workaround, you can restart such processes.
604604
Issue: Write/read protection does not work on files added via cachefs/lofs.
613214
Issue: If the install path is a mount point, forcibly unmounting (Example: Using the umount –f command) might lead to non-deterministic behavior.
603386
Issue: The Solidcore Agent can't be installed, upgraded, or uninstalled through init scripts that run at system boot time.
Workaround: Add the following two statements in the init script before invoking the installer:
HOME=""/""
export HOME
613205
Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For instance, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.
613213
Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls and multiple FILE_MODIFIED events are generated at the NFS server.
610254
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gz file is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
Issue: Localized strings not consistent. Partial localization in some events and messages.
708279
Issue: For RHEL5/RHEL6 (Kernel less than 2.6.32-220) and kernels of SLES 10/SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over NFSv4 partition
762449
Issue: Events are generated if special device file is renamed.
797291
Issue: During Dynamic Kernel Module compilation, an empty file named 2 is created in the dks directory.
797363
Issue: The Sadmin Xraycommand does not list the attr specific configurations for the running process.
798843
Issue: Unexpected behavior might be observed if a process exits without closing one or more changed files.
802433
Issue: If the volume is unsolidified, it is not listed as unsolidified in the output of ‘sadmin status’.
807180
Issue: Installation on a non pre-compiled kernel fails if the installer runs from a Windows share that is mounted using CIFS. Workaround: Mount the Windows share using NFS.
811983
Issue: Property collection on ePO and endpoint might show different versions of solidifier if the system is not rebooted after Upgrade.
812578
Issue: On some kernels, error messages related to scdrv are displayed in the console during system boot.
818828
Issue: With VirusScan Enterprise for Linux (VSEL) 1.7 installed, the VSEL service stops with errors on CLI.
Issue: When you log on to a solidified system using telnet as a non-root user, the original_user name displays as root.
602981
Issue: When a single share is mounted on more than one mount point and a file operation is performed, events that show the pathname might refer to any of those shares.
AIX
Reference
Description
605295
Issue: The Parent Process name might be incorrect in events if it can't be resolved properly.
605854
Issue: For file truncation operations, only a FILE_MODIFICATION event is generated. This behavior on AIX platform is different from behavior on other UNIX platforms.
605639
Issue: For files that exist on an unsupported volume or processes that start from an unsupported volume, only the basename (not the complete path) displays in several events.
605819
Issue: For a user in system WPAR with a UID that does not exist on the global environment, the user name can't be determined. Events for this user are raised with user name: UNKNOWN and original user name: UNKNOWN.
605899
Issue: The Solidcore Agent is not supported in Trusted Execution Environment.
649574
Issue: When you run the Enable client task from ePO for the AIX platform, the task is incorrectly listed as a failed task on the Client Task Log page.
Workaround: The Enable client task runs successfully, so you can ignore the task status on the Client Task Log page.
664439
Issue: Files in an autofs file-system are reported with/? at the beginning. This issue has following implications:
Events have/? at the beginning of the path.
rp/wp does not work on such files.
649731
Issue: If you use McAfee Agent 4.5 (earlier than Update 3) on the AIX 6.1 (64-bit) platform, upgrade via ePO to Solidcore 5.1.1 fails. Complete the following steps to manually upgrade to the 5.1.1 version on AIX 6.1:
Stop the CMA service using the following command: /usr/sbin/cma stop
Uncompress the SOLIDCOR511-7505_AIX.zipfile.
Execute the slibclean command.
Execute mapkg_install.sh (sh mapkg_install.sh) from the output directory of the .zip file.
Complete one of the following steps:
If upgraded in update mode, restart the system.
If upgraded in disabled mode, start the CMA service (/usr/sbin/cma start).
777090
Issue: Under stress conditions, the event service is restarted, although there is no loss in functionality. This issue applies to: AIX update 6.0.1