For Release To Support (RTS) release notes, contact Technical Support.
Version
Release Date
6.4.16.140
July 13, 2021
6.4.15.172
May 18, 2021
6.4.14.106
March 9, 2021
6.4.13.113
February 9, 2021
6.4.12.125 (GA)
December 8, 2020
6.4.11.128
November 5, 2020
6.4.9.107 (GA)
September 29, 2020
6.4.8.101 (RTS)
August 11, 2020
6.4.7.105
July 21, 2020
6.4.5
May 12, 2020
6.4.4
April 14, 2020
6.4.2.206
February 11, 2020
6.4.1.135
December 10, 2019
6.4.0.132
October 17, 2019
6.3.0.794
August 13, 2019
6.3.0.724 (Linux only)
July 2, 2019
6.3.0.503 (Linux only)
April 9, 2019
6.3.0.418 (Linux only)
March 12, 2019
6.3.0.299 (Linux only)
February 12, 2019
6.3.0.242 (Linux only)
January 8, 2019
6.3.0.180 (Linux only)
November 13, 2018
6.3.0 (Linux only)
October 9, 2018
6.2.0
April 9, 2015
6.1.7 (Linux only)
April 7, 2015
6.1.4 (Linux/UNIX only)
June 16, 2014
6.1.3
April 16, 2014
6.1.2
December 24, 2013
6.1.1
August 30, 2013
6.1.0
February 12, 2013
Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.
Critical:There are currently no known critical issues.
Non-critical:
Linux:
Reference
Related
Article
Found in Version
Resolved in Version
Description
MACC-10839
6.4.3
Issue: Read Protect doesn't work for RHEL8 XFS 4.18.0-305.el8 kernel for network volume. This issue is pre-existing on LEL8 kernel v4.18.0.147 and ACC 6.4.3.
MACC-10527
6.4.12
6.4.13
Issue: On system reboot, the SCSRVC service authentication fails to initialize.
Workaround: [Non-Windows] SCSRVC doesn't start on reboot of the system, but starts after running SCSRVC -d.
MACC-10497
6.4.12
Issue: On the XFS file system, ACC Inventory isn't updated intermittently when you rename unsolidified files in Update or via the updater process.
Workaround:
In the Standalone deployment, run sadmin check -r or sadmin so <file path>
In ePO managed, run check -r or so <file path> from the SC: Run Command client task.
Issue: MVEDR collectors are blocked from running on Linux with Application control enabled.
Workaround: Configure /opt/McAfee/mvedr/mfemvedr as an updater under Application Control Rules (Unix).
MACC-9369
6.4.x
-
Issue: Monitoring rules don't work unless a change control rule is in place.
Workaround: You must create a dummy change control (write-protect) rule and apply it to the system.
MACC-8763
6.4.2-206
6.4.2-206
Issue: When the Disable Task command is executed from ePO, inconsistency is observed in the Solidcore Client Task Log.
MACC-8764
6.4.2-206
6.4.3-109
Issue: When the Enable Task command is executed from ePO, inconsistency is observed in the Solidcore Client Task Log.
MACC-8888
6.4.2-206
6.4.3-109
Issue: When Enable Task is executed from ePO, inconsistency is observed in the Solidcore Client Task Log.
MACC-8889
6.4.2-206
6.4.3-109
Issue: When Disable is executed in the Update Mode, Solidcore Client task events aren't displayed.
MACC-8673
6.4.1-135
-
Issue: In the Observe Mode, the "Write Denied" event isn't generated after an echo operation to a write-protected file.
MACC-8672
6.4.1-135
-
Issue: Event isn't generated when the rights of a folder that's protected with "write-protect" is changed.
MACC-8671
6.4.1-135
-
Issue: Event isn't generated when the ownership of the file that's protected with "write-protect" is changed.
MACC-8643
6.4.1-135
6.4.2-206
Issue: Core dump information isn't generated when there's a kernel panic on Red Hat 8.
MACC-8355
6.4.1-135
6.4.2-206
Issue: The scsrvc restarts when flushing auth cache.
MACC-8346
6.4.0-132
6.4.1-135
Issue: After upgrading ENSL from version 10.6.5 to 10.6.6 on SUSE12 MACC, BVT execution hangs.
Workaround: Add the following "ProcPassThruList" items to solidcore.conf: /opt/McAfee/ens/tp/bin/mfetpd
/opt/McAfee/ens/tp/bin/mfetpcli
/opt/McAfee/ens/esp/bin/mfeespd
/opt/McAfee/ens/fw/bin/mfefwd
/opt/McAfee/ens/fw/bin/mfefwcli
MACC-8332
6.4.0-132
6.4.1-135
Issue: The PROCESS_START and PROCESS_EXIT processes aren't generating events after setting a rule to include monitoring over process.
MACC-8334
6.4.0-132
6.4.2-206
Issue: [BDS] Operational risk factor for OpenSSL.
1259050
6.3.0-180
-
Issue: Events for invalid CCT rule creation are randomly reported to ePO.
1263560
6.3.0-242
-
Issue: [Exploratory] When a directory is included on the integrity monitoring, created files or directories aren't considered as changes. So, they aren't listed on the change control in ePO.
1260084
6.3.0-180
-
Issue: When ACC 6.3.0.180 is installed in the standalone mode in CentOS 7, it displays an error message.
1256613
6.3.0-152
-
Issue: In the Update Mode, the "file diff dir" events are generated for rename and delete directories.
MACC-7216
6.3.0-794
-
Issue: Unable to create a user when ACC is in the Update Mode on RHEL8 with SSSD version 2.0.0-43 installed.
Issue: Upgrade to 6.3.0-794 from 6.3.0-724 in LEL5 32 bits, LEL6 32 bits, and LSES11 32 bits leaves the system Disabled and Unsolidified.
Workaround: Add a license, solidify if MAC, and enable.
MACC - 8331
6.4.0.132
6.4.2-206
Issue: [Exploratory] sadmin help auth information doesn't contain how to run the remove option.
MACC - 8332
6.4.0.132
6.4.2-206
Issue: Setting a rule to include monitoring over process doesn't generate PROCESS_START and PROCESS_EXIT events.
MACC - 8334
6.4.0.132
6.4.1.135
6.4.2.206
Issue: [Security] Blackduck scan: Operational risk factor for OpenSSL.
MACC - 8346
6.4.0.132
6.4.1.135
Issue: [Interop] After upgrading Endpoint Security for Linux from version 10.6.5 to 10.6.6 on SUSE12 MACC, BVT execution hangs.
Workaround: Add the following "ProcPassThruList" items to solidcore.conf:
/opt/McAfee/ens/tp/bin/mfetpd
/opt/McAfee/ens/tp/bin/mfetpcli
/opt/McAfee/ens/esp/bin/mfeespd
/opt/McAfee/ens/fw/bin/mfefwd
/opt/McAfee/ens/fw/bin/mfefwcli
MACC - 8355
6.4.0.132
6.4.1.135
Issue: The scsrvc crashes when flushing auth cache (SIGSEGV).
MACC - 8643
6.4.1.135
Issue: Default configuration change is needed to generate Core dump info during kernel panic on Red Hat 8.
MACC - 8671
6.4.1.135
Issue: During a change owner operation for a file that's write-protected, no event is generated.
MACC - 8672
6.4.1.135
Issue: During a rights change operation for a folder that's write-protected, no event is generated.
MACC - 8673
6.4.1.135
Issue: After an echo operation to a write-protected file (in Observe mode), no Write Denied event is generated.
Critical: There are no known critical issues.
Non-critical:
Linux
Reference
Related
Article
Found in Version
Resolved in Version
Description
1253988
6.3.0-129
Issue: CCT: CLI - Content change tracking rule can be created with an invalid encoding value.
1254355
6.3.0-129
Issue: CCT: CLI - Inclusion filters with more than one wrong pattern doesn't work as expected.
1254435
6.3.0-152
6.3.0-180
Issue: CCT: Problem with updating a policy to add an exclusion filter pattern.
Workaround: Delete the rule and create it from scratch adding the exclusion filter. Or, edit any other property on the rule and it's applied correctly.
1254607
6.3.0-116
6.3.0-299
Issue: CCT: Exploratory - endpoint lost communication with ePO.
1254610
6.3.0-152
6.3.0-180
Issue: CCT: Exploratory - Operations on binaries are reported to ePO as "File type not supported."
1256065
6.3.0-152
6.3.0-180
Issue: CCT: File deleted and File deleted update xmls are generated with ReturnCode = 0 for binaries.
1256085
6.3.0-152
6.3.0-180
Issue: CCT: Not all events related to binaries are shown on ePO.
1256092
6.3.0-152
6.3.0-242
Issue: CCT: Enhancement: Add a mechanism to identify on the CLI if a rule is recursive or not.
1256261
6.3.0-152
6.3.0-180
Issue: CCT: ACC service crashes after updating FileDiffMaxSize.
1256344
6.3.0-152
6.3.0-180
Issue: CCT E2E: Recursion level for one recursion level case combined with exclusion patterns.
1256352
6.3.0-152
6.3.0-242
Issue: CCT: macompatsvc crashes after several CCT policy updates.
1256359
6.3.0-152
6.3.0-180
Issue: In Ubuntu 12.04, the File diff events of "File created" and "File modified" aren't created.
1256469
6.3.0-152
6.3.0-180
Issue: CCT: Events for binary, script, or text files in update mode sometimes are listed with "Path not found" error.
1256488
6.3.0-142
6.3.0-180
Issue: CCT Exploratory: File rule matches with the directory error reported for DAT files.
1256613
6.3.0-152
Issue: In update mode, the "file diff dir" events are generated for rename and delete directories.
1259032
6.3.0-180
6.3.0-242
Issue: CCT: The libmagic returns different mime strings in RHEL5.
1259050
6.3.0-180
6.3.0-242
Issue: CCT: Some events for invalid CCT rule creation are randomly reported to ePO.
1259139
6.3.0-180
Issue: CCT: FILE_RENAMED_UPDATE event in LEL5 isn't generated correctly when specifying encoding on cct rule.
1260084
6.3.0-180
Issue: An error message is encountered when installing ACC 6.3.0.180 in standalone mode in a CentOS 7 environment.
1263203
6.3.0-242
6.3.0-299
Issue: After upgrading from build 6.3.0-180 and disabling the integrity feature, sadmin can no longer execute.
1263206
6.3.0-242
6.3.0-299
Issue: After upgrading from 6.3.0-180, a permission denied message is shown for /usr/bin/xauth.
Workaround:
1. Edit the /etc/mcafee/solidcore/solidcore.conf file, set RTEModeOnReboot = 0x0, and reboot the system.
2. After restart, run the command sadmin check -r or sadmin so.
3. After the command finishes, run sadmin enable and restart the service.
1263207
6.3.0-242
Issue: After upgrading from 6.3.0-180, the ssh service can't be restarted.
Workaround:
1. Edit the /etc/mcafee/solidcore/solidcore.conf file, set RTEModeOnReboot = 0x0, and reboot the system.
2. After restart, run the command sadmin check -r or sadmin so.
3. After the command finishes, run sadmin enable and restart the service.
1263208
6.3.0-242
6.3.0-299
Issue: After upgrading from 6.3.0-180, sadmin check fails on LUBT12 (AMD64 and x86).
Workaround:
1. Edit the /etc/mcafee/solidcore/solidcore.conf file, set RTEModeOnReboot = 0x0, and reboot the system.
2. After restart, run the command sadmin check -r or sadmin so.
3. After the command finishes, run sadmin enable and restart the service.
1263209
6.3.0-242
6.3.0-299
Issue: After upgrading from 6.3.0-180 and disabling integrity, you can't log on using the endpoint's tty on CentOS5 (AMD64 and X86).
Workaround:
1. Edit the /etc/mcafee/solidcore/solidcore.conf file, set RTEModeOnReboot = 0x0, and reboot the system.
2. After restart, run the command sadmin check -r or sadmin so.
3. After the command finishes, run sadmin enable and restart the service.
1263552
6.3.0-242
Issue: Error in locking the authority file in Ubuntu 16.
1263558
6.3.0-242
6.3.0-299
Issue: [Exploratory] Precedence rule for monitoring doesn't work as expected.
1263559
6.3.0-242
6.3.0-299
Issue: [Exploratory] Integrity monitoring – If VIM is added as an included process for integrity monitoring, the files modified by VIM aren't reported as changed.
1263560
6.3.0-242
Issue: [Exploratory] When a directory is included on the integrity monitoring, created files or directories aren't considered as changes. So, they aren't listed on the change control in ePO.
1263564
6.3.0-242
Issue: CCT: Several file-related events can't be validated in Update Mode.
1263609
6.3.0-242
6.3.0-299
Issue: [Exploratory] A policy to exclude a user from the monitoring list can't be applied.
Workaround: As a workaround, users can be excluded from the monitoring list. Use the sadmin mon user -e <username> command in unmanaged mode, or use the "Run command" option from ePO.
1265307
6.3.0-299
6.3.0-418
Issue: Kernel loops in LUBT 14 kernel 4.2.
1266210
6.3.0-299
6.3.0-724
Issue: Policy "Minimal System Monitoring for Linux variants (McAfee Default)" isn't correctly applied on some endpoints.
1266302
6.3.0-299
Issue: [Exploratory] When CCT catches binary files operations, the ePO message is incorrect because the attributes aren't changed.
1266310
6.3.0-299
Issue: [Exploratory] To be disabled, mon features require a reboot.
1266502
6.3.0-299
Issue: Bad behavior in enablement from ePO in Oracle 7.
1268052
6.3.0-418
Issue: No message is shown on the command line when restarting scsrvc service in Ubuntu 16.
1269359
6.3.0-503
Issue: Warning message logged in /tmp/solidcoreS3_uninstall.log after solidcore is uninstalled.
1269365
6.3.0-503
6.3.0-724
Issue:The Dpkg preinstallation script logs an error after installation with build 6.3.0-503.
1273558
6.3.0-607
Issue: When the build target tool fails, some files aren't removed from the system.
Workaround: Remove the files manually.
1273659
6.3.0-671
Issue: XFS with kernel 4.10 and above isn't supported.
Workaround: Technical Support doesn't recommend using ACC 6.3.0 on Red Hat Enterprise Linux Server 8 systems if you have kernel version 4.18 or higher and XFS. The recommended file system to use is EXT4. See KB87944 for supported EXT versions.
For systems that experience this issue with the following:
SUSE Enterprise Linux Server 12 or SUSE Enterprise Linux Desktop 12 with kernel 4.10 or higher installed
ACC with XFS in Update mode in use
Perform the steps below:
Restart the system with a kernel version lower than 4.10 (see KB90947 for supported kernel versions).
When the system starts, leave the update mode by executing sadmin eu.
Restart the system again with kernel version higher than 4.10.
1274415
6.3.0-607
Issue: [Exploratory] When adding a monitoring rule, no initial snapshot of the files monitored is created.
1274416
6.3.0-702
Issue: "orig_user_name" isn't correctly reported in events.
MACC-6863
6.3.0-724
Issue: Build target fails to build a kernel module in RHEL 8.
MACC-7077
6.3.0-724
6.4.1.135
Issue: The Self kernel support tool doesn't work for OL7 UEKR5 unsupported UEK kernel.
MACC-7216
6.3.0-794
Will not fix
Issue: Users can't be created when ACC is in update mode on RHEL 8 with SSSD version 2.0.0-43 installed.
MACC-7240
6.3.0-794
6.4.1.135
Issue: After upgrade from ACC for Linux 6.3.0-724 to 6.3.0-794, you can't uninstall 6.3.0-794 fail in LEL6 32-bit.
Workaround: Perform the following steps:
Run "/opt/bitrock/solidcoreS3-6.3.0-724/helperBinaryUninstall"
Run "rpm -e solidcoreS3-6.3.0-794.i386 --noscripts"
Run "rpm -e solidcoreS3-kmod-6.3.0-794.i386 --noscripts"
Critical: There are no known critical issues.
Non-critical:
Solidcore Extension
Reference
Related
Article
Found in version
Resolved in Version
Description
608618
5.0.0
Issue: You try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer. The file upload times out if the network upload speed is slow.
Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 or later. If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Access the ePO console on the ePO server and upload the file from the local path. This method avoids possible network delays.
607452
Issue: ePO 4.6 reports and dashboard entries aren't removed after the Solidcore Extension is uninstalled.
Workaround: If you're uninstalling and reinstalling the Solidcore Extension, remove the reports and dashboards manually after uninstalling and before reinstalling.
607517
Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347
Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304
5.0.2
Issue: It's not possible to export data from the Reporting, Solidcore Events page.
Workaround: Use Queries (Reporting, Queries) to export event data.
636769
5.1.1
Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 or later, existing Solidcore events in the Solidcore Events table aren't migrated to the ePO Events table.
636352
5.1.1
Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554
Issue: Solidcore policies can't be duplicated using the Policy Details page because the OK button is disabled.
Workaround: Use the Policy Catalog page to duplicate policies.
643854
5.1.1
Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button isn't enabled when changes are made to Solidcore Policies.
Workaround: Edit the policy using the Policy Catalog without using Guided Configuration.
608374
5.0.0
Issue: When you try to enable an already enabled Solidcore Agent, the error displayed isn't translated.
607908
Issue: It's not possible to export more than 50,000 records from any table or report.
608025
Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU isn't added.
609911
5.1.0
Issue: Export of rule groups doesn't work in Internet Explorer when opened from the ePO server.
Workaround: To export rule groups, use Internet Explorer from a different computer.
610303
5.1.0
Issue: The Server Task pages in ePO might not work properly if you use Mozilla Firefox version 3.0.
Workaround: If you encounter issues, we recommend using Mozilla Firefox version 3.6 or later or Internet Explorer 6.0 or later.
608753
5.0.0
Issue: Sometimes, using the username field of reported events on the ePO server as a trusted user might not work if the client system is part of an Active Directory (AD) domain. The reason is because the domain name reported in the events isn't the full AD domain.
Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete username to specify as the trusted user.
608390
Issue: When viewing an Integrity Monitor policy, the My Rules tab isn't translated.
669563
5.1.2
Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5,000 hosts), the System with Unauthorized changes page doesn't open. When you select the Systems with Unauthorized changes link, the page times out and the user is logged off the ePO console. (The Systems with Unauthorized changes link is on the Risk and Compliance, Change Control Reconciliation page.)
656518
5.1.2
Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working.
Workaround: Upgrade the required DLL with the following command: https://<ePO_IP_address:port>/remote/scor.upgradeEventParser.do
661203
5.1.2
Issue: If you use reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you can't access the older reconciliation data.
607950
5.0.0
Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486
5.2.0
Issue: When using the ePO 4.6 console, navigating quickly through the Events and Inventory pages logs off the user.
714176
5.2.0
Issue: In ePO 4.6 Update 1 or 2, if you add multiple commands to a Run Commands client task while you create the task, you can't remove the commands from the saved client task later.
719796
5.2.0
Issue: Global Catalog search for AD groups isn't supported.
Workaround: Search for a group in a specific AD server instead of using the Global Catalog. To add a specific group, perform the steps below:
Log on to the ePO 4.x console.
Add the AD server with the group as a registered server.
Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
Add the group to a policy as a trusted group.
722045
5.2.0
Issue: If you add new columns, such as Solidcore Status and Solidification Status,for an endpoint by clicking Actions, Choose columns, noncompliant Solidcore Agent, it might not display values for all endpoints. The reason is because the noncompliant Solidcore Agent section includes only noncompliant agent properties.
Workaround: When adding new columns for an endpoint, click Actions, Choose columns, Solidcore Client Properties instead of Actions, Choose columns, noncompliant Solidcore Agent.
695769
5.2.0
Issue: Under the Content Change Tracking feature, the view file page goes blank for a file size of around 1 MB.
800014
6.1.0
Issue: Extra events are reconciled when manual reconciliation is performed from custom queries.
Workaround: To perform the manual reconciliation for multiple events, select either All in this page or Select All in all pages. Then, open the Solidcore events page directly by clicking Menu, Reporting, Solidcore Events.
NOTE: This option doesn't work well if you reach Solidcore Events by drilling down from a Query page.
882821
6.1.1
Issue: Sorting isn't supported on the Last Modification Time column on the Content Change Tracking page.
1033281
6.2.0
Issue: Upgrading to Solidcore Extension 6.2.0 might fail immediately after the extension restart while performing an upgrade from a version older than 6.1.2.
985336
6.2.0
Issue: The event pages in ePO might not work properly if you're using Mozilla Firefox version 3.5.
Workaround: If you encounter issues, we recommend using Mozilla Firefox version 3.6 or later or Internet Explorer 6.0 or later.
1043052
6.2.0
Issue: You can't upgrade the Solidcore help extension from previous versions to 6.2.
Workaround: Uninstall the old help extension and install the new one.
Issue: The Original user name reported in events is the same as the user name.
600805
4.7.0
Issue: While opening a write-protected network share in Windows Explorer, a few deny-write errors are observed.
603747
4.8.0
Issue: The trusted, solidified, and write-protect features don't work correctly for folder-mounted volumes.
Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes.
608036
5.0.0
Issue: Mapped drive names can't be used in commands issued by remote users or ePO.
598002
4.5.0
Issue: Registry key protection doesn't work for all registry key hives, it works only for HKEY_LOCAL_MACHINE.
599240
4.5.3
Issue: A subkey registry doesn't get added to a protected registry key when using the reg command.
601500
4.7.0
Issue: Creating a shortcut in a read-protected directory isn't allowed.
602122
4.7.0
Issue: Any file operation performed on a read-protected file generates deny-read events that correspond to the file even when the file operation is allowed.
603032
4.8.0
Issue: Changes to folder-mounted volumes that don't have an associated drive letter can't be monitored.
Workaround: Assign a drive letter to a volume before mounting it on any other folder.
603628
4.8.0
Issue: On 64-bit platforms, ACL change events aren't generated when the update mechanism supersedes the deny-write policies for registries.
605371
4.8.3
Issue: When you try to read a read-protected file with certain file flags set through Windows Explorer, read-denied events might not be written to the event viewer. The events are recorded in the Solidcore Agent log file.
606496
4.9.0
Issue: Only full long names are supported with commands that accept file or folder names. For example, names such as c:\myPackages\SETUP-~1.EXE aren't supported.
606532
4.9.0
Issue: Virtual drive paths aren't supported as path values in Solidcore Agent commands, such as write-protect, read-protect, and monitor.
600748
4.6.4
Issue: Multiple deny-write events might be generated for a single deny-write action. For example, on deletion of a file using Windows Explorer, up to eight file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting in an event for each attempt.
691196
5.2.0
Issue: For a file where you track content changes, you receive an unknown error if connectivity issues occur while sending metadata for the file from the endpoint to the ePO console.
Workaround: When network connectivity resumes, the next change to the file is reflected accurately on the ePO console.
724796
5.2.0
Issue: Although you can track content changes for a read-protected file, you can't view the actual changes. The reason is because the read protection rule prevents the software from fetching file contents from the endpoint.
799559
6.1.0
Issue: If you exclude the .bat extension from monitoring, events for batch file operations are generated.
812964
6.1.0
Issue: If the Updater flag is removed for a cert rule in ePO, the certificate is listed as an Updater on the endpoint.
876430
6.1.1
Issue: For monitoring and change control rules with *, the longest path rule isn't given precedence for conflicting rules.
881480
6.1.1
Issue: Revisions aren't reported for Content Change tracking if user events are filtered using the filter rules.
Workaround: Exclude the user from event filtering and apply advanced filters for the user excluding unwanted events for files and directories.
894237
6.1.1
Issue: For a directory-based Content Change Tracking rule, renaming of the directory or its subdirectory generates spurious monitor events.
Issue: During manual installation of the Solidcore Agent on Windows 2008 R2 (64-bit), a Windows installer encountered a validation error message displays for the msiexec.exeand kernelbase.dllfiles.
Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation.
Windows 2008 (64 bit)
Reference
Related
Article
Found in version
Resolved in Version
Description
609780
5.0.2
Issue: On Windows 2008 (64-bit), the rundll32.exefile crashes if an application is uninstalled using Add or Remove Programs after the SetupInstallFromInfSection()function is used to install the application.
Windows 7 (64 bit)
Reference
Related
Article
Found in version
Resolved in Version
Description
708226
5.1.5
Issue: Change Control is functionally incompatible with Avecto Privilege guard.
Windows XP
Reference
Related
Article
Found in version
Resolved in Version
Description
601738
4.7.0
Issue: On Windows XP SP2, deny-write errors with two different file names or folder names are logged when a file or folder is created under a write-protected folder.
604834
4.8.1
Issue: On Windows XP, NTFS junction points are supported only when junctions are created for volumes and not for folders.
Issue: Write/read protection doesn't work on files added via cachefs/lofs.
607024
4.0.0-5920
Won't fix
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to the Solidcore agent. But, it's effective only after the deny-read feature is enabled on the Solidcore agent.
607245
4.9.0-246
Won't fix
Issue: No events are generated for changes to a file with the string solidcore.log in its name (example: mysolidcore.log)
610254
5.0.1-1
Won't fix
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gz file is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
5.1.0-6817
Won't fix
Issue: Localized strings aren't consistent. Partial localization occurs in some events and messages.
762449
6.1.0-9301
Won't fix
Issue: Events are generated if a special device file is renamed.
797291
6.1.0-9323
Won't fix
Issue: After Dynamic Kernel Module compilation, an empty file named 2 gets created in the dksdirectory.
797363
6.1.0-9323
Issue: The sadmin xray command doesn't list the attr specific configurations for the running process.
798843
6.1.0-9323
Won't fix
Issue: You might observe unexpected behavior if a process exits without closing one or more changed files.
807180
6.1.0-9402
Won't fix
Issue: Installation on a non pre-compiled kernel fails if you run the installer from a Windows share that's mounted with CIFS.
Mount the Windows share using NFS.
811983
6.1.0
Issue: Property collection on ePO and the endpoint might show different versions of Solidifier if the system isn't rebooted after upgrade.
812578
6.1.0-9434
Will not fix
Issue: On some kernels, error messages related to scdrv are displayed in the console during system boot.
818828
6.1.0-9463
Issue: With VirusScan Enterprise for Linux (VSEL) 1.7 installed, the VSEL service stops with errors on the CLI.
989865
6.1.5-224
Won't fix
Issue: Installation of Solidifier shouldn't occur in a symbolic link path.
Issue: After upgrading to Change Control 6.1.7, new advanced exclusion filters (AEF) or updaters and attr rules aren't added as default rules.
1053355
6.1.7-192
Won't fix
Issue: If you erroneously try to stop the Solidcore service by using the systemctl command in Enabled mode, a subsequent attempt to stop the service in Disabled mode might fail.
To stop the service in Disabled mode, use the following commands:
Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow.
Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the Solidcore Agent Deployment Package to a local directory on the ePO server. Access the ePO console through a browser window on the ePO server. Upload the file from the local path. Then, the upload happens from the ePO server to ePO and avoids network delays.
607452
Issue: ePO 4.6 reports and dashboard entries aren't removed after the Solidcore Extension is uninstalled.
Workaround: If you're uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling and before reinstalling.
607517
Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347
Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304
Issue: It's not possible to export data from the Reporting, Solidcore Events page.
Workaround: Use Queries (Reporting, Queries) to export event data.
636769
Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table aren't migrated to the ePO Events table.
636352
Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554
Issue: Solidcore policies can't be duplicated using the Policy Details page because the OK button is disabled.
Workaround: Use the Policy Catalog page to duplicate policies.
643854
Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button isn't enabled when changes are made to Solidcore Policies.
Workaround: Edit the policy using the Policy Catalog without using Guided Configuration.
608374
Issue: When you try to enable an already enabled Solidcore Agent, the error displayed isn't translated.
607908
Issue: It's not possible to export more than 50,000 records from any table or report.
608025
Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU isn't added.
609911
Issue: Export of rule groups doesn't work in Internet Explorer when opened from the ePO server.
Workaround: Use Internet Explorer from a different computer to export rule groups.
610303
Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0.
Workaround: Technical Support recommends using Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).
608753
Issue: Sometimes, using the username field of reported events on the ePO server as a trusted user might not work if the client system is part of an AD domain. The reason is because the domain name reported in the events isn't the full AD domain.
Workaround: Use the environment variable USERDNSDOMAINas the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete username to specify as the trusted user.
608390
Issue: When viewing an Integrity Monitor policy, the My Rules tab isn't translated.
669563
Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5,000 hosts), the Systems with Unauthorized changes page doesn't open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and the user is logged off the ePO console.
656518
Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working.
Workaround: Upgrade the required DLL with the following command: https://<ePO_IP_address: port>remote/scor.upgradeEventParser.do
661203
Issue: If you're using reconciliation with Solidcore Extension 5.1.1 or earlier and upgrade to Solidcore Extension 5.1.2 or later, you can't access the older reconciliation data.
607950
Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486
Issue: When using the ePO 4.6 console, navigating quickly through the Events and Inventory pages logs off the user.
714176
Issue: On ePO 4.6 Update 1 or 2, if you add multiple commands to a Run Commands client task while you create the task, you can't remove the commands from the saved client task later.
719796
Issue: Global Catalog search for AD groups isn't supported.
Workaround: Search for a group in a specific AD server instead of using the Global Catalog.
To add a specific group:
Log on to the ePO 4.x console.
Add the AD server with the group as a Registered Server.
Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
Add the group to a policy as a trusted group.
722045
Issue: Adding new columns, such as Solidcore Status and Solidification Status,for an endpoint by clicking Actions, Choose columns, noncompliant Solidcore Agent might not display values for all endpoints. The reason is because the noncompliant Solidcore Agent section includes only noncompliant agent properties.
Workaround: When adding new columns for an endpoint, click Actions, Choose columns, Solidcore Client Properties instead of Actions, Choose columns, noncompliant Solidcore Agent.
695769
Issue: Under the Content Change Tracking feature, the view file page goes blank for a file size of around 1 MB.
800014
Issue: Extra events are reconciled when you perform manual reconciliation from custom queries.
Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page directly by clicking Menu, Reporting, Solidcore Events.
NOTE: This option doesn't work well if you reach Solidcore Events by drilling down from a Query page.
882821
Issue: Sorting isn't supported on the Last Modification Time column on the Content Change Tracking page.
937037
Issue: You can't upgrade Solidcore help extension from previous versions.
Workaround: Uninstall the old help extension and install the new one.
Issue: Application Control or Change Control 6.1.7 are not compatible with VSEL 2.0.
900761
Issue: When Change Control is placed in a Disabled state and the endpoint isn't rebooted, an upgrade of Change Control doesn't successfully complete. The reason is because the driver isn't unloaded.
Workaround: Reboot the endpoint (after disabling Change Control) and perform the upgrade task again.
608671
Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO isn't supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. Technical Support recommends that you uninstall the existing version and then install the new version using ePO.
608737
Issue: If the partition with the/opt/McAfee/cmadirectory has insufficient space, events might not be generated. Also, a Failed to generate event xml error message is added to the solidcore.logfile. Free up space in partition with the /opt/McAfee/cma directory.
601728
Issue: According to the NFS protocol, if a file present on the NFS share is opened once on the NFS client, it can't be reopened until the file attributes are changed. If a read-protected file on an NFS share is opened on the client in Update mode, the user can read it on the client. They can read it in Enabled mode (after coming out of the Update mode) until the file attributes are changed on the server.
601734
Issue: Changing a hard link might cause the name of the link or program to display in events.
601914
Issue: For daemon processes, the reported username and original username are the same.
602653
Issue: A write-protected file can be changed through its hard link if the hard link has already been created.
602772
Issue: Scripts without the #! tag can't act as updaters.
602977
Issue: For loopback file systems, some features, such as updater and monitoring, don't work correctly when the loopback path is used instead of the physical path in the sadmin commands. For instance, if /optis mounted as a loopback file system at/mnt, to add/mnt/abcas an updater, you must add the path /opt/abcas an updater.
602990
Issue: Some features, such as updaters and mon-proc-exec, don't work properly for unsupported file formats. Only executable binaries and#!scripts are supported file formats.
603462
Issue: The BOOTING_ENABLED and BOOTING_UPDATE_MODE events aren't added to the system log.
Workaround: At boot time, start the syslog service before the Solidcore Agent service.
603490
Issue: You observe the following issues when an updater calls another updater:
If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.
604780
Issue: For processes that aren't directly associated with a terminal, the original_user field is the same as the user field. For example, when you run a script through Runlevel/initscripts, original_useris same as the user.
605062
Issue: The mmap system call at the NFS client doesn't work if the file is read-protected.
606674
Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.
607014
Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.
607024
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to Solidcore Agent, but it's effective only after the deny-read feature is enabled on the Solidcore Agent.
607245
Issue: No events are generated for changes to a file with the stringsolidcore.log in its name, for example, mysolidcore.log.
601763
Issue: Process information can't be determined for processes that are invoked before the Solidcore Agent driver is loaded. This issue has the following implications:
If such a process makes file changes, these changes might not be reported.
For processes that start before the driver is loaded, only the partial program names are reported.
For NFS, the changes made by the client, and the change events displaying on the server have only the relative name for the NFS daemon (in other words, nfsd or nfsktcpd).
No Process Start and Process Stop events are generated for already running processes.
On only the AIX platform, Change Tracking or Prevention on file systems mounted by such processes might or might not work. System calls executed by already running processes can't be trapped because of differences in the way system calls are implemented for the AIX platform. As a workaround, you can restart such processes.
604604
Issue: Write or read protection doesn't work on files added via cachefs/lofs.
613214
Issue: If the installation path is a mount point, forcibly unmounting (for example, using the umount –fcommand) might lead to non-deterministic behavior.
603386
Issue: The Solidcore Agent can't be installed, upgraded, or uninstalled through init scripts that run at system boot time.
Workaround: Add the following two statements in the init script before invoking the installer:
HOME=""/"" export HOME
613205
Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For example, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.
613213
Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls and multiple FILE_MODIFIED events are generated at the NFS server.
610254
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gzfile is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
Issue: Localized strings aren't consistent. Partial localization occurs in some events and messages.
708279
Issue: For RHEL5/RHEL6 (kernels earlier than 2.6.32-220) and kernels of SLES 10/SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over an NFSv4 partition.
762449
Issue: Events are generated if a special device file is renamed.
797291
Issue: After Dynamic Kernel Module compilation, an empty file named 2 gets created in the dksdirectory.
797363
Issue: TheSadmin Xray command doesn't list the attr specific configurations for the running process.
798843
Issue: You might observe unexpected behavior if a process exits without closing one or more changed files.
807180
Issue: Installation on a non pre-compiled kernel fails if you run the installer from a Windows share that's mounted using CIFS.
Workaround: Mount the Windows share using NFS.
811983
Issue: Property collection on ePO and the endpoint might show different versions of Solidifier if the system isn't rebooted after upgrade.
812578
Issue: On some kernels, error messages related to scdrv are displayed in the console during system boot.
818828
Issue: With VSEL 1.7 installed, the VSEL service stops with errors on the CLI.
989865
Issue: Installation of Solidifier shouldn't occur in a symbolic link path.
Issue: After upgrading to Change Control 6.1.7, new advanced exclusion filters (AEF) or updaters and attr rules aren't added as default rules.
1053355
Issue:If you erroneously try to stop the Solidcore service by using the systemctlcommand in Enabled mode, a subsequent attempt to stop the service in Disabled mode might fail.
Workaround: To stop the service in Disabled mode, use the following commands:
Issue: When you log on to a solidified system using Telnet as a non-root user, the original_user name displays as root.
602981
Issue: When you mount a single share on more than one mount point and perform a file operation from any of these mount points, events that show the path name might refer to any of those shares.
1009579
Issue: On a protected system running Red Hat Enterprise Linux (RHEL) 5 with kernel 2.6.18-308.EL5 or later, the deny-read feature doesn't work on an NFSv4 mounted partition.
1211104
Issue: After running the automated testing tool (Solomon), there's a crash in UBUNTU 16.04 x86 platform with kernel 4.4.0-47-generic.
1224787
Issue: The ACC service stops working after running the command sadmin disable and restarting the Solidcore service.
Workaround: To complete entering the disabled mode, reboot the system. After you reboot the system, it operates as expected.
Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow.
Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the Solidcore Agent Deployment Package to a local directory on the ePO server. Open a browser window on the ePO server, access the ePO console, and upload the file from the local path. The upload happens from the ePO server to ePO avoiding network delays.
607452
Issue: ePO 4.6 reports and dashboard entries aren't removed after the Solidcore Extension is uninstalled.
Workaround: If you're uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling, and before reinstalling.
607517
Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347
Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304
Issue: It's not possible to export data from the Reporting, Solidcore Events page.
Workaround: Use Queries (Reporting, Queries) to export event data.
636769
Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table aren't migrated to the ePO Events table.
636352
Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554
Issue: Solidcore policies can't be duplicated using the Policy Details page because the OK button is disabled.
Workaround: Use the Policy Catalog page to duplicate policies.
643854
Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button isn't enabled when changes are made to Solidcore Policies.
Workaround: Edit the policy using the Policy Catalog without using Guided Configuration.
608374
Issue: When you try to enable an already enabled Solidcore Agent, the error displayed isn't translated.
607908
Issue: It's not possible to export more than 50,000 records from any table or report.
608025
Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU isn't added.
609911
Issue: Export of rule groups doesn't work in Internet Explorer when opened from the ePO server.
Workaround: Use Internet Explorer from a different computer to export rule groups.
610303
Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0.
Workaround: Technical Support recommends using Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).
608753
Issue: Sometimes, using the username field of reported events on the ePO server as a trusted user might not work if the client system is part of an AD domain. The reason is because the domain name reported in the events isn't the full AD domain.
Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete username to specify as the trusted user.
608759
Issue: If ePO is installed on the Japanese version of Windows, exporting the dashboard data to HTML format fails if the generated HTML file name contains digits.
608390
Issue: When viewing an Integrity Monitor policy, the My Rules tab isn't translated.
669563
Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5,000 hosts), the Systems with Unauthorized changes page doesn't open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and the user is logged off the ePO console.
656518
Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working.
Workaround: Upgrade the required DLL with the following command: https://<ePO_IP_address: port>remote/scor.upgradeEventParser.do
661203
Issue: If you use reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you can't access the older reconciliation data.
607950
Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486
Issue: When using the ePO 4.6 console, navigating quickly through the Events and Inventory pages logs off the user.
714176
Issue: On ePO 4.6 Update 1 or 2, if you add multiple commands to a Run Commands client task while you create the task, you can't remove the commands from the saved client task later.
719796
Issue: Global Catalog search for AD groups isn't supported.
Workaround: Search for a group in a specific AD server instead of using the Global Catalog.
To add a specific group:
Log on to the ePO 4.x console.
Add the AD server with the group as a Registered Server.
Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
Add the group to a policy as a trusted group.
722045
Issue: Adding new columns, such as Solidcore Status and Solidification Status,for an endpoint by clicking Actions, Choose columns, noncompliant Solidcore Agent might not display values for all endpoints. The reason is because the noncompliant Solidcore Agent section includes only noncompliant agent properties.
Workaround: When adding new columns for an endpoint, click Actions, Choose columns, Solidcore Client Properties instead of Actions, Choose columns, noncompliant Solidcore Agent.
695769
Issue: Under the Content Change Tracking feature, the view file page goes blank for a file size of around 1 MB.
800014
Issue: Extra events are reconciled when you perform manual reconciliation from custom queries.
Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page directly by clicking Menu, Reporting, Solidcore Events.
NOTE: This option doesn't work well if you reach Solidcore Events by drilling down from a Query page.
882821
Issue: Sorting isn't supported on the Last Modification Time column on the Content Change Tracking page.
937037
Issue: You can't upgrade Solidcore help extension from previous versions to 6.1.2.020.
Workaround: Uninstall the old help extension and install the new one.
Issue: For an unsupported kernel, the Build property of the endpoint on the ePO properties screen displays as Compiled.
944538
Issue: Application Control or Change Control 6.1.4 are not compatible with VSEL 2.0.
900761
Issue: When the endpoint is Disabled and not rebooted, the product upgrade isn't successful. The reason is because the driver isn't unloaded.
Workaround: Reboot the endpoint system and perform the upgrade task again.
The following issues are from the Change Control 6.1.0 Linux/UNIX release.
608671
Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO isn't supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. Technical Support recommends that you uninstall the existing version and then install the new version using ePO.
608737
Issue: If the partition with the/opt/McAfee/cmadirectory has insufficient space, events might not be generated. Also, a Failed to generate event xml error message is added to the solidcore.logfile. Free up space in partition with the /opt/McAfee/cma directory.
601728
Issue: According to NFS protocol, if a file present on the NFS share is opened once on the NFS client, it can't be reopened until the file attributes are changed. If a read-protected file on an NFS share is opened on the client side in update mode, the user can read it on the client. It can be read in enable mode (after coming out of the update mode) until the file attributes are changed on the server.
601734
Issue: Changing a hard link might cause the name of the link or program to display in events.
601914
Issue: For daemon processes, the reported username and original username are the same.
602653
Issue: A write-protected file can be changed through its hard link if the hard link has already been created.
602772
Issue: Scripts without the #! tag can't act as updaters.
602977
Issue: For loopback file systems, some features, such as updater and monitoring, don't work correctly when the loopback path is used instead of the physical path in the sadmin commands. For instance, if /optis mounted as a loopback file system at/mnt, to add/mnt/abcas an updater, you must add the path /opt/abcas an updater.
602990
Issue: Some features, such as updaters and mon-proc-exec, don't work properly for unsupported file formats. Only executable binaries and#!scripts are supported file formats.
603462
Issue: The BOOTING_ENABLEDand BOOTING_UPDATE_MODEevents aren't added to the system log.
Workaround: At boot time, start the syslog service before the Solidcore Agent service.
603490
Issue: The following issues are observed when an updater calls another updater:
If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.
604780
Issue: For processes that aren't directly associated with a terminal, the original_user field is the same as the user field. For example, when you run a script through Runlevel/initscripts, original_useris same as the user.
605062
Issue: The mmap system call at the NFS client doesn't work if the file is read-protected.
606674
Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.
607014
Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.
607024
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to Solidcore Agent. But, it's effective only after the deny-read feature is enabled on the Solidcore Agent.
607245
Issue: No events are generated for changes to a file with the stringsolidcore.log in its name, for example, mysolidcore.log.
601763
Issue: Process information can't be determined for processes that are invoked before the Solidcore Agent driver is loaded. This issue has the following implications:
If such a process makes file changes, these changes might not be reported.
For processes that start before the driver is loaded, only the partial program names are reported.
For NFS, the changes done by the client, and the change events displaying on the server have only the relative name for the NFS daemon (in other words, nfsd or nfsktcpd).
No Process Start and Process Stop events are generated for already running processes.
On only the AIX platform, Change Tracking or Prevention on file systems mounted by such processes might or might not work. System calls executed by already running processes can't be trapped because of differences in the way system calls are implemented for the AIX platform. As a workaround, you can restart such processes.
604604
Issue: Write or read protection doesn't work on files added via cachefs/lofs.
613214
Issue: If the installation path is a mount point, forcibly unmounting (for example, using the umount –f command) might lead to non-deterministic behavior.
603386
Issue: The Solidcore Agent can't be installed, upgraded, or uninstalled through init scripts that run at system boot time.
Workaround: Add the following two statements in the init script before invoking the installer:
HOME=""/"" export HOME
613205
Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For example, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.
613213
Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls and multiple FILE_MODIFIED events are generated at the NFS server.
610254
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gzfile is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
Issue: Localized strings aren't consistent. Partial localization occurs in some events and messages.
708279
Issue: For RHEL5 or RHEL6 (Kernel less than 2.6.32-220) and kernels of SLES 10/SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over an NFSv4 partition.
762449
Issue: Events are generated if a special device file is renamed.
797291
Issue: After Dynamic Kernel Module compilation, an empty file named 2 gets created in the dks directory.
797363
Issue: The Sadmin Xraycommand doesn't list the attr specific configurations for the running process.
798843
Issue: Unexpected behavior might be observed if a process exits without closing one or more changed files.
802433
Issue: If the volume is unsolidified, it's not listed as unsolidified in the output of sadmin status.
807180
Issue: Installation on a non pre-compiled kernel fails if you run the installer from a Windows share that's mounted using CIFS.
Workaround: Mount the Windows share using NFS.
811983
Issue: Property collection on ePO and the endpoint might show different versions of Solidifier if the system isn't rebooted after upgrade.
812578
Issue: On some kernels, error messages related to scdrv are displayed in the console during system boot.
818828
Issue: With VSEL 1.7 installed, the VSEL service stops with errors on the CLI.
989865
Issue: Installation of Solidifier shouldn't occur in a symbolic link path.
Issue: When you log on to a solidified system using Telnet as a non-root user, the original_user name displays as the root.
602981
Issue: When a single share is mounted on more than one mount point and a file operation is performed from any of these mount points, events that show the pathname might refer to any of those shares.
1009579
Issue: On a protected system running Red Hat Enterprise Linux 5 with kernel 2.6.18-308.EL5 or later, the deny-read feature doesn't work on an NFSv4 mounted partition.
Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow.
Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Access the ePO console on the ePO server and upload the file from the local path. This method avoids possible network delays.
607452
Issue: ePO 4.6 reports and dashboard entries aren't removed after the Solidcore Extension is uninstalled.
Workaround: If you're uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling and before reinstalling.
607517
Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347
Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304
Issue: It's not possible to export data from the Reporting, Solidcore Events page.
Workaround: Use Queries (Reporting, Queries) to export event data.
636769
Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table aren't migrated to the ePO Events table.
636352
Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554
Issue: Solidcore policies can't be duplicated using the Policy Details page because the OK button is disabled.
Workaround: Use the Policy Catalog page to duplicate policies.
643854
Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button isn't enabled when changes are made to Solidcore Policies.
Workaround: Edit the policy using the Policy Catalog without using Guided Configuration.
608374
Issue: When you try to enable an already enabled Solidcore Agent, the error displayed isn't translated.
607908
Issue: It's not possible to export more than 50,000 records from any table or report.
608025
Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU isn't added.
609911
Issue: Export of rule groups doesn't work in Internet Explorer when opened from the ePO server.
Workaround: Use Internet Explorer from a different computer to export rule groups.
610303
Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0.
Workaround: Technical Support recommends Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).
608753
Issue: Sometimes, using the username field of reported events on the ePO server as a trusted user might not work if the client system is part of an AD domain. The reason is because the domain name reported in the events isn't the full AD domain.
Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete username to specify as the trusted user.
608759
Issue: If ePO is installed on a Japanese version of Windows, exporting the dashboard data to HTML format fails if the generated HTML file name contains digits.
608390
Issue: When viewing an Integrity Monitor policy, the My Rules tab isn't translated.
669563
Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5,000 hosts), the Systems with Unauthorized changes page doesn't open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and the user is logged off the ePO console.
656518
Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working.
Workaround: Upgrade the required DLL with the following command: https://<ePO IP address:port>/remote/scor.upgradeEventParser.do
661203
Issue: If you're using reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you can't access the older reconciliation data.
607950
Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486
Issue: When using the ePO 4.6 console, navigating quickly through the Events pages logs off the user.
714176
Issue: On ePO 4.6 Update 1 or Update 2, if you add multiple commands to a Run Commands client task while creating the task, you can't remove the commands from the saved client task later.
719796
Issue: Global Catalog search for AD groups isn't supported.
Workaround: Search for a group in a specific AD server instead of using the Global Catalog. To add a specific group, perform the steps below:
Log on to the ePO 4.x console.
Add the AD server with the group as a registered server.
Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
Add the group to a policy as a trusted group.
722045
Issue: Adding new columns, such as Solidcore Status and Solidification Status,for an endpoint by clicking Actions, Choose columns, noncompliant Solidcore Agent might not display values for all endpoints. The reason is because the noncompliant Solidcore Agent section includes only noncompliant agent properties.
Workaround: When adding new columns for an endpoint, click Actions, Choose columns, Solidcore Client Properties instead of Actions, Choose columns, noncompliant Solidcore Agent.
695769
Issue: Under the Content Change Tracking feature, the view file page goes blank for a file size of around 1 MB.
800014
Issue: Extra events are reconciled when manual reconciliation is performed from custom queries.
Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page. Navigate to Menu, Reporting, Solidcore Events.
NOTE: This option doesn't work well if you reach Solidcore Events by drilling down from a Query page.
882821
Issue: Sorting isn't supported on the Last Modification Time column on the Content Change Tracking page.
937037
Issue: You can't upgrade Solidcore help extension from previous versions to 6.1.2.020.
Workaround: Uninstall the old help extension and install the new one.
Issue: The Original username reported in events is the same as the username.
595051
Issue: Multiple operating systems on the same computer aren't supported. Product features work only on the operating system it's installed on.
599812
Issue: Uninstallation fails if the uninstallation process is canceled before it completes.
600805
Issue: While opening a write-protected network share in Windows Explorer, a few deny-write errors are observed.
603747
Issue: The trusted, solidified, and write-protect features don't work correctly for folder-mounted volumes.
Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes.
604153
Issue: Post installation script customization isn't available during upgrades. It can be used only during a fresh installation of the Solidcore Agent.
608036
Issue: Mapped drive names can't be used in commands issued by remote users or ePO.
634733
Issue: If the database tables are corrupted, the Solidcore Agent upgrade fails and you see the following error message:
""Database: . Could not load table 'Control' in SQL query: SELECT `Control`,
`Type`, `X`, `Y`, `Width`, `Height`, `Attributes`, `Property`, `Text`,
`Control_Next`, `Help` FROM `Control` WHERE `Dialog_`=?"""
Workaround: Use silent installation instead of UI mode installation.
605369
Issue: When an agent installer runs the Solidcore Agent installer with the/? argument, a series of unwanted dialog boxes display because of a bug in the third-party packaging software. You can ignore these dialog boxes.
609311
Issue: Manual uninstallation of the Solidcore Agent (deployed from ePO) fails on a client computer with MA version 4.0 (or earlier).
Workaround: Contact Technical Support for assistance if you've already tried manual uninstallation.
598002
Issue: Registry key protection doesn't work for all registry key hives, it works only for HKEY_LOCAL_MACHINE.
599240
Issue: A subkey registry doesn't get added to a protected registry key when using the reg command.
601500
Issue: Creating a shortcut in a read-protected directory isn't allowed.
602122
Issue: Any file operation performed on a read-protected file generates deny-read events that correspond to the file even when the file operation is allowed.
603032
Issue: Changes to folder-mounted volumes that don't have an associated drive letter can't be monitored.
Workaround: Assign a drive letter to a volume before mounting it on any other folder.
603628
Issue: On 64-bit platforms, ACL change events are not generated when the update mechanism supersedes the deny-write policies for registries.
605371
Issue: When you try to read a read-protected file with certain file flags set through Windows Explorer, read-denied events might not be written to the event viewer. The events are recorded in the Solidcore Agent log file.
606496
Issue: Only full long names are supported with commands that accept file or folder names. For example, names such as c:\myPackages\SETUP-~1.EXE aren't supported.
606532
Issue: Virtual drive paths aren't supported as path values in Solidcore Agent commands, such as write-protect, read-protect, and monitor.
600748
Issue: Multiple deny-write events might be generated for a single deny-write action. For example, on deletion of a file using Windows Explorer, up to eight file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting in an event for each attempt.
608639
Issue: After you uninstall the Solidcore client from the Windows (64-bit) operating system, the Solidcore folder (c:\program files(x86)\solidcore) and Registry link (HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates) remain on the endpoint.
691196
Issue: For a file where you're tracking content changes, you receive an unknown error if connectivity issues occur while sending metadata for the file from the endpoint to the ePO console.
Workaround: When network connectivity resumes, the next change to the file is reflected accurately on the ePO console.
685124
Issue: If you're running VSE 8.8 with the Access Protection Level set to Maximum, you can't deploy Solidcore on the endpoint.
724796
Issue: Although you can track content changes for a read-protected file, you can't view the actual changes. The reason is because the read protection rule prevents the software from fetching file contents from the endpoint.
726020
Issue: If you upgrade from an earlier release to the 6.0 release and use a command added or changed in the 6.0 release without restarting the endpoint, you might receive a Msg not found error.
Workaround: Restart the endpoint to make sure that all commands added or changed in the 6.0 release work correctly.
770524
Issue: The scormcpl.dll displays an older version in the inventory after it's upgraded.
799559
Issue: If you exclude the .bat extension from monitoring, events for batch file operations are generated.
812964
Issue: If the Updater flag is removed for a cert rule over ePO, the certificate is listed as the updater on the endpoint.
656298
Issue: Upgrade via a hotfix build fails in Update mode if initiated through an ePO Product Update Task.
876430
Issue: For monitoring and change control rules with *, the longest path rule isn't given precedence for conflicting rules.
881480
Issue: Revisions aren't reported for Content Change tracking if user events are filtered using the filter rules.
Workaround: Exclude the user from event filtering and apply advanced filters for the user, excluding unwanted events for files and directories.
894237
Issue: For a directory-based Content Change Tracking rule, renaming of the directory or its subdirectory generates spurious monitor events.
919290
Issue: The Registry Name in mon events is inconsistent.
Issue: During manual installation of the Solidcore Agent on Windows 2008 R2 (64-bit), a Windows installer encountered a validation error message displays for the msiexec.exeand kernelbase.dllfiles.
Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation.
Windows 2008 (64 bit)
Reference
Description
609780
Issue: On Windows 2008 (64-bit), therundll32.exefile crashes if an application is uninstalled via Add/Remove Programs after the SetupInstallFromInfSection()function is used to install the application.
Windows 7 (64 bit)
Reference
Related
Article
Found in version
Resolved in Version
Description
708226
Issue: Change Control is functionally incompatible with Avecto Privilege guard.
Windows XP
Reference
Description
601738
Issue: On Windows XP SP2, deny-write errors with two different file names or folder names are logged when a file or folder is created under a write-protected folder.
604834
Issue: On Windows XP, NTFS junction points are supported only when junctions are created for volumes and not for folders.
Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO isn't supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. Technical Support recommends that you uninstall the existing version and then install the new version using ePO.
608737
Issue: If the partition with the /opt/McAfee/cma directory has insufficient space, events might not be generated and the Failed to generate event xml error message is added to the solidcore.log file. Free up space in the partition with the/opt/McAfee/cmadirectory.
601728
Issue: According to NFS protocol, if a file present on the NFS share is opened once on the NFS client, it can't be reopened until the file attributes are changed. A read-protected file on an NFS share opened on the client side in Update mode can be read on the client. It can be read even in Enable mode (after coming out of the Update mode) until the file attributes are changed on the server.
601734
Issue: Changing a hard link might cause the name of the link or program to be displayed in events.
601914
Issue: For daemon processes, the reported username and original username are the same.
602653
Issue: A write-protected file can be changed through its hard link if the hard link has already been created.
602772
Issue: Scripts without a #! tag can't act as updaters.
602977
Issue: For loopback file systems, some features such as updater and monitoring, don't work correctly when the loopback path is used instead of the physical path in the sadmin commands. For instance, if /optis mounted as a loopback file system at/mnt, to add/mnt/abcas an updater, you must add the path /opt/abcas an updater.
602990
Issue: Some features like updaters and mon-proc-exec don't work properly for unsupported file formats. Only executable binaries and#!scripts are supported file formats.
603462
Issue: The BOOTING_ENABLEDand BOOTING_UPDATE_MODEevents aren't added to the system log.
Workaround: At boot time, start the syslog service before the Solidcore Agent service.
603490
Issue: The following issues are observed when an updater calls another updater:
If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.
604780
Issue: For processes that aren't directly associated with a terminal, the original_user field is the same as the user field.
For example, when you run a script through Runlevel/initscripts, original_user is the same as the user.
605062
Issue: The mmap system call at the NFS client doesn't work if the file is read-protected.
606674
Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.
607014
Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.
607024
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to the Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.
607245
Issue: No events are generated for changes to a file with the stringsolidcore.log in its name. For example, mysolidcore.log.
601763
Issue: Process information can't be determined for processes that are invoked before the Solidcore Agent driver is loaded. This issue has the following implications:
If these processes make file changes then the changes might not be reported.
For processes that started before the driver was loaded, only the partial program names are reported.
For NFS, the changes done by the client and the change events displayed on the server have only the relative name for the NFS daemon (in other words, nfsd or nfsktcpd).
No Process Start and Process Stop events are generated for already running processes.
On only the AIX platform: Change Tracking or Prevention on file systems mounted by these processes might or might not work. System calls executed by already running processes can't be trapped owing to differences in the way system calls are implemented. As a workaround, you can restart such processes.
604604
Issue: Write or read protection doesn't work on files added via cachefs/lofs.
613214
Issue: If the installation path is a mount point, forcibly unmounting (Example: Using the umount –fcommand) might lead to non-deterministic behavior.
603386
Issue: The Solidcore Agent can't be installed, upgraded, or uninstalled through init scripts that run at system boot time.
Workaround: Add the following two statements in the init script before invoking the installer:
HOME=""/"" export HOME
613205
Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For example, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.
613213
Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls and multiple FILE_MODIFIED events are generated at the NFS server.
610254
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gzfile is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
Issue: Localized strings aren't consistent. Partial localization occurs in some events and messages.
708279
Issue: For RHEL5 or RHEL6 (kernels earlier than 2.6.32-220) and kernels of SLES 10/SUSE11 (excluding SLES11 SP2), FILE_CREATEDevents are incorrectly reported as FILE_ATTR_MODIFIEDover an NFSv4 partition.
762449
Issue: Events are generated if a special device file is renamed.
797291
Issue: During Dynamic Kernel Module compilation, an empty file named 2 is created in the dks directory.
797363
Issue: The Sadmin Xraycommand doesn't list the attr specific configurations for the running process.
798843
Issue: Unexpected behavior might be observed if a process exits without closing one or more changed files.
802433
Issue: If the volume is unsolidified, it's not listed as unsolidified in the output of ‘sadmin status.’
807180
Issue: Installation on a non-pre-compiled kernel fails if the installer runs from a Windows share that's mounted using CIFS.
Workaround: Mount the Windows share using NFS.
811983
Issue: Property collection on ePO and the endpoint might show different versions of solidifier if the system isn't rebooted after upgrade.
812578
Issue: On some kernels, you see error messages related to scdrv in the console during system boot.
818828
Issue: With VSEL 1.7 installed, the VSEL service stops with errors on the CLI.
Issue: When you log on to a solidified system using Telnet as a non-root user, the original_user name displays as root.
602981
Issue: When a single share is mounted on more than one mount point and a file operation is performed, events that show the pathname might refer to any of those shares.
Issue: The Parent Process name might be incorrect in events if it can't be resolved properly.
605854
Issue: For file truncation operations, only a FILE_MODIFICATION event is generated. The behavior that occurs on an AIX platform differs on other UNIX platforms.
605639
Issue: For files that exist on an unsupported volume or processes that start from an unsupported volume, only the basename (not the complete path) displays in some events.
605819
Issue: For a user in the system WPAR with a UID that doesn't exist on the global environment, the user name can't be determined. Events for this user are raised with username: UNKNOWN and original username: UNKNOWN.
605899
Issue: The Solidcore Agent isn't supported in Trusted Execution Environment.
649574
Issue: When you run the Enable client task from ePO for the AIX platform, the task is incorrectly listed as a failed task on the Client Task Log page.
Workaround: The Enable client task runs successfully, so you can ignore the task status on the Client Task Log page.
664439
Issue: Files in an autofs file-system are reported with/? at the beginning. This issue has the following implications:
Events have/? at the beginning of the path.
rp/wp doesn't work on such files.
649731
Issue: If you use McAfee Agent (MA) 4.5 (earlier than Update 3) on the AIX 6.1 (64-bit) platform, upgrade via ePO to Solidcore 5.1.1 fails. Complete the following steps to manually upgrade to 5.1.1 on AIX 6.1:
Stop the CMA service using the /usr/sbin/cma stop command.
Uncompress the SOLIDCOR511-7505_AIX.zip file.
Execute the slibclean command.
Execute mapkg_install.sh (sh mapkg_install.sh) from the output directory of the .zip file.
Complete one of the following steps:
If upgraded in Update mode, restart the system.
If upgraded in Disabled mode, start the CMA service (/usr/sbin/cma start).
777090
Issue: Under stress conditions, the event service is restarted, although there's no loss in functionality. This issue applies to AIX update 6.0.1.
Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow.
Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Access the ePO console on the ePO server and upload the file from the local path. This workaround avoids possible network delays.
607452
Issue: ePO4.6 - Reports and dashboard entries aren't removed after the Solidcore Extension is uninstalled.
Workaround: If you're uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling and before reinstalling.
607517
Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347
Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304
Issue: It's not possible to export data from the Reporting, Solidcore Events page.
Workaround: Use Queries (Reporting, Queries) to export event data.
636769
Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table aren't migrated to the ePO Events table.
636352
Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554
Issue: Solidcore policies can't be duplicated by using the Policy Details page because the OK button is disabled.
Workaround: Use the Policy Catalog page to duplicate policies.
643854
Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button isn't enabled when changes are made to Solidcore Policies.
Workaround: Edit the policy by using the Policy Catalog without using Guided Configuration.
608374
Issue: When you try to enable an already enabled Solidcore Agent, the error displayed isn't translated.
607908
Issue: It's not possible to export more than 50,000 records from any table or report.
608025
Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU isn't added.
609911
Issue: Export of rule groups doesn't work in Internet Explorer when opened from the ePO Server.
Workaround: Use Internet Explorer from a different computer to export rule groups.
610303
Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0.
Workaround: Technical Support recommends the use of Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).
608753
Issue: Sometimes, using the username field of reported events on the ePO as a trusted user might not work if the client system is part of an AD domain. The reason is because the domain name reported in the events isn't the full AD domain.
Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete username to specify as the trusted user.
608759
Issue: If ePO is installed on a Japanese version of Windows, exporting the dashboard data to HTML format fails if the generated HTML file name contains digits.
608390
Issue: When viewing an Integrity Monitor policy, the My Rules tab isn't translated.
669563
Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5000 hosts), the Systems with Unauthorized changes page doesn't open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and user is logged off the ePO console.
656518
Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working.
Workaround: Upgrade the required DLL with the following command:
https://[ePO IP address:port]/remote/scor.upgradeEventParser.do
661203
Issue: If you're using reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you can't access the older reconciliation data.
607950
Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486
Issue: When using the ePO 4.6 console, navigating quickly through the Events pages logs off the user.
714176
Issue: On ePO 4.6 Update 1 or Update 2, if you add multiple commands to a Run Commands client task while creating the task, you can't later remove the commands from the saved client task.
719796
Issue: Global catalog search for AD groups isn't supported.
Workaround: Search for a group in a specific AD server instead of using the Global Catalog. To add a specific group, perform the steps below:
Log on to the ePO 4.x console.
Add the AD server with the group as a registered server.
Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
Add the group to a policy as a trusted group.
722045
Issue: Adding new columns, such as Solidcore Status and Solidification Status for an endpoint by clicking Actions, Choose columns, noncompliant Solidcore Agent might not display values for all endpoints. The reason is because the noncompliant Solidcore Agent section includes only noncompliant agent properties.
Workaround: When adding new columns for an endpoint, click Actions, Choose columns, Solidcore Client Properties instead of Actions, Choose columns, noncompliant Solidcore Agent.
695769
Issue: Under Content Change Tracking feature, the view file page goes blank for a file size of around 1 MB.
800014
Issue: Additional events are reconciled when manual reconciliation is done from custom queries.
Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page. Navigate to Menu, Reporting, Solidcore Events.
NOTE: This option doesn't work well if you reach Solidcore Events by drilling down from a Query page.
882821
Issue: Sorting isn't supported on the Last Modification Time column on the Content Change Tracking page.
921436
Issue: ePO 5.0 - File upload functionality doesn't work when the file is uploaded from Internet Explorer 10 browser. The following action might not work when ePO 5.0 is used with Internet Explorer 10 browser.
Click Menu, Configuration.
Click Solidcore Rules, Rule Groups Page.
Workaround: Perform this action using other browsers (Example: Firefox, Chrome).
937037
Issue: Can't upgrade Solidcore help extension from previous versions to 6.1.2.020.
Workaround: Uninstall the old help extension and install the new one.
Issue: Original username reported in events is the same as username.
595051
Issue: Multiple operating systems on the same computer aren't supported. Product features work only on the operating system that it's installed on.
599812
Issue: Uninstallation fails if the uninstallation process is canceled before it completes.
600805
Issue: While opening a write-protected network share in Windows Explorer, few deny-write errors are observed.
603747
Issue: The trusted, solidified, and write-protect features don't work correctly for folder-mounted volumes.
Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes.
604153
Issue: Post install script customization isn't available during upgrades. It can only be used during fresh installation of the Solidcore Agent.
608036
Issue: Mapped drive names can't be used in commands issued by remote users or ePO.
634733
Issue: If the database tables are corrupted, the Solidcore Agent upgrade fails and you see the following error message:
""Database: . Could not load table 'Control' in SQL query: SELECT `Control`,
`Type`, `X`, `Y`, `Width`, `Height`, `Attributes`, `Property`, `Text`,
`Control_Next`, `Help` FROM `Control` WHERE `Dialog_`=?"""
Workaround: Use silent installation instead of UI mode installation.
605369
Issue: When an agent installer runs the Solidcore Agent installer with the/? argument, a series of unwanted dialog boxes display due to a bug in the third-party packaging software. You can ignore these dialog boxes.
609311
Issue: Manual uninstallation of the Solidcore Agent (deployed from ePO) fails on a client computer with MA version 4.0 (or earlier).
Workaround: Contact Technical Support for assistance if you've already tried manual uninstallation.
598002
Issue: Registry key protection doesn't work for all registry key hives, it works only for HKEY_LOCAL_MACHINE.
599240
Issue: A subkey registry doesn't get added to a protected registry key when using the reg command.
601500
Issue: Creating a shortcut in a read-protected directory isn't allowed.
602122
Issue: Any file operation performed on a read-protected file generates deny-read events that correspond to the file even when the file operation is allowed.
603032
Issue: Changes to folder-mounted volumes that don't have an associated drive letter can't be monitored.
Workaround: Assign a drive letter to a volume before mounting it on any other folder.
603628
Issue: On 64-bit platforms, ACL change events aren't generated when the update mechanism supersedes the deny-write policies for registries.
605371
Issue: When you try to read a read-protected file with certain file flags set through Windows Explorer, read-denied events might not be written to the event viewer. The events are recorded in the Solidcore Agent log file.
606496
Issue: Only full long names are supported with commands that accept file or folder names. For example, Names such as c:\myPackages\SETUP-~1.EXEaren't supported.
606532
Issue: Virtual drive paths aren't supported as path values in Solidcore Agent commands, such as write-protect, read-protect, and monitor.
607024
Issue: The deny-read feature is disabled by default. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.
600748
Issue: Multiple deny-write events might be generated for a single deny-write action. For example, on deletion of a file using Windows Explorer, up to eight file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting in an event for each attempt.
608639
Issue: After you uninstall the Solidcore client from the Windows (64-bit) operating system, the Solidcore folder (c:\program files(x86)\solidcore) and Registry link (HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates) remain on the endpoint.
691196
Issue: For a file where you're tracking content changes, you receive an unknown error if connectivity issues occur while sending metadata for the file from the endpoint to the ePO console.
Workaround: When network connectivity resumes, the next change to the file is reflected accurately on the ePO console.
685124
Issue: If you're running VSE 8.8 with the Access Protection Level set to Maximum, you can't deploy Solidcore on the endpoint.
724796
Issue: Although you can track content changes for a read-protected file, you can't view the actual changes. The reason is because the read protection rule prevents the software from fetching file contents from the endpoint.
726020
Issue: If you upgrade from an older release to the 6.0 release and use a command added or changed in the 6.0 release without restarting the endpoint, you might receive a Msg not found error.
Workaround: Restart the endpoint to make sure that all commands added or changed in the 6.0 release work correctly.
770524
Issue: The scormcpl.dlldisplays an older version in the inventory after it's upgraded.
799559
Issue: If you exclude the .bat extension from monitoring, events for batch file operations are generated.
812964
Issue: If the Updater flag is removed for a cert rule over ePO, the certificate is listed as updater on the endpoint.
656298
Issue: Upgrade via hotfix build fails in Update Mode if initiated through an ePO Product Update Task.
876430
Issue: For monitoring and change control rules with '*', the 'longest path' rule isn't given precedence for conflicting rules.
881480
Issue: Revisions aren't reported for Content Change tracking if user events are filtered using the filter rules.
Workaround: Exclude the user from event filtering and apply advanced filters for the user for exclusion of unwanted events for files and directories.
894237
Issue: For a directory-based Content Change Tracking rule, renaming of the directory or its subdirectory generates spurious monitor events.
919290
Issue: The Registry Names in mon events are inconsistent.
Issue: During manual installation of the Solidcore Agent on Windows 2008 R2 (64-bit), the Windows installer encountered a validation error messagedisplays for the msiexec.exeand kernelbase.dllfiles.
Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation.
Windows 2008 [64 bit]
Reference
Description
609780
Issue: On Windows 2008 (64-bit), therundll32.exefile crashes if an application is uninstalled via the Add or Remove Programs after the SetupInstallFromInfSection()function is used to install the application.
Windows 7 [64 bit]
Reference
Description
708226
Issue: Change Control is functionally incompatible with Avecto Privilege guard.
Windows XP
Reference
Description
601738
Issue: On Windows XP SP2, deny-write errors with two different file names or folder names are logged when a file or folder is created under a write-protected folder.
604834
Issue: On Windows XP, NTFS junction points are supported only when junctions are created for volumes and not for folders.
Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO isn't supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. Technical Support recommends that you uninstall the existing version and then install the new version using ePO.
608737
Issue: If the partition with the /opt/McAfee/cma directory has insufficient space, events might not be generated and the Failed to generate event xml error message is added to the solidcore.log file. Free up space in partition with the/opt/McAfee/cmadirectory.
601728
Issue: According to NFS protocol, if a file present on the NFS share is opened once on the NFS client, it can't be reopened until the file attributes are changed. A read-protected file, on an NFS share, opened on the client side in update mode can be read on the client. It can be read even in enable mode (after coming out of the update mode) until the file attributes are changed on the server.
601734
Issue: Changing a hard link might cause the name of the link or program to be displayed in events.
601914
Issue: For daemon processes, the reported username and original username are the same.
602653
Issue: A write-protected file can be changed through its hard link if the hard link has already been created.
602772
Issue: Scripts without a #! tag can't act as updaters.
602977
Issue: For loopback file systems, some features such as updater and monitoring don't work correctly when the loopback path is used instead of a physical path in the sadmin commands. For instance, if /optis mounted as a loopback file system at/mnt, to add/mnt/abcas an updater, you must add the path /opt/abcas an updater.
602990
Issue: Some features like updaters and mon-proc-exec don't work properly for unsupported file formats. Only executable binaries and#!scripts are supported file formats.
603462
Issue: The BOOTING_ENABLEDand BOOTING_UPDATE_MODEevents aren't added to the system log.
Workaround: At boot time, start the syslog service before the Solidcore Agent service.
603490
Issue: The following issues are observed when an updater calls another updater:
If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.
604780
Issue: For processes that aren't directly associated with a terminal, the original_user field is the same as the user field.
For example, when you run a script through Runlevel/initscripts, original_useris same as the user.
605062
Issue: The mmap system call at the nfs client doesn't work if the file is read-protected.
606674
Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.
607014
Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.
607024
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.
607245
Issue: No events are generated for changes to a file with the string“solidcore.log” in its name. For example, mysolidcore.log.
601763
Issue: Process information can't be determined for processes that are invoked before the Solidcore Agent driver is loaded. This fact has the following implications:
If these processes make file changes then the changes might not be reported.
For processes that start before the driver is loaded, only the partial program names are reported.
For NFS, the changes made by the client, and the change events displayed on the server have only the relative name for the NFS daemon (in other words, nfsd or nfsktcpd).
No Process Start and Process Stop events are generated for already running processes.
On only the AIX platform: Change Tracking or Prevention on file systems mounted by these processes might or might not work. System calls executed by already running processes can't be trapped because of differences in the way system calls are implemented. As a workaround, you can restart such processes.
604604
Issue: Write or read protection doesn't work on files added via cachefs/lofs.
613214
Issue: If the install path is a mount point, forcibly unmounting (Example: Using the umount –fcommand) might lead to non-deterministic behavior.
603386
Issue: The Solidcore Agent can't be installed, upgraded, or uninstalled through init scripts that run at system boot time.
Workaround: Add the following two statements in the init script before invoking the installer:
HOME=""/""
export HOME
613205
Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For instance, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.
613213
Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls, and multiple FILE_MODIFIED events are generated at the NFS server.
610254
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gzfile is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
Issue: Localized strings aren't consistent. Partial localization is seen in some events and messages.
708279
Issue: For RHEL5 or RHEL6 (kernel less than 2.6.32-220) and kernels of SLES 10 or SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over NFSv4 partition.
762449
Issue: Events are generated if a special device file is renamed.
797291
Issue: During Dynamic Kernel Module compilation, an empty file named 2 is created in the dks directory.
797363
Issue: The Sadmin Xraycommand doesn't list the attr specific configurations for the running process.
798843
Issue: Unexpected behavior might be observed if a process exits without closing one or more changed files.
802433
Issue: If the volume is unsolidified, it's not listed as unsolidified in the output of ‘sadmin status’.
807180
Issue: Installation on a non pre-compiled kernel fails if the installer runs from a Windows share that's mounted using CIFS.
Workaround: Mount the Windows share using NFS.
811983
Issue: Property collection on ePO and endpoint might show different versions of solidifier if the system isn't rebooted after Upgrade.
812578
Issue: On some kernels, you see error messages related to scdrv in the console during system boot.
818828
Issue: With VSEL 1.7 installed, the VSEL service stops with errors on CLI.
Issue: When you log on to a solidified system using telnet as a non-root user, the original_user name displays as root.
602981
Issue: When a single share is mounted on more than one mount point and a file operation is performed, events that show the pathname might refer to any of those shares.
Issue: The Parent Process name might be incorrect in events if it can't be resolved properly.
605854
Issue: For file truncation operations, only a FILE_MODIFICATION event is generated. The behavior that occurs on AIX platforms is different on other UNIX platforms.
605639
Issue: For files that exist on an unsupported volume or processes that start from an unsupported volume, only the basename (not the complete path) displays in some events.
605819
Issue: For a user in system WPAR with a UID that doesn't exist on the global environment, the user name can't be determined. Events for this user are raised with user name: UNKNOWN and original user name: UNKNOWN.
605899
Issue: The Solidcore Agent isn't supported in Trusted Execution Environment.
649574
Issue: When you run the Enable client task from ePO for the AIX platform, the task is incorrectly listed as a failed task on the Client Task Log page.
Workaround: The Enable client task runs successfully, so you can ignore the task status on the Client Task Log page.
664439
Issue: Files in an autofs file system are reported with/? at the beginning. This issue has following implications:
Events have/? at the beginning of the path.
rp/wp doesn't work on such files.
649731
Issue: If you use MA 4.5 (earlier than Update 3) on the AIX 6.1 (64-bit) platform, upgrade via ePO to Solidcore 5.1.1 fails. Complete the following steps to manually upgrade to 5.1.1 on AIX 6.1:
Stop the CMA service using the following command: /usr/sbin/cma stop
Uncompress the SOLIDCOR511-7505_AIX.zipfile.
Execute the slibclean command.
Execute mapkg_install.sh (sh mapkg_install.sh) from the output directory of the .zip file.
Complete one of the following steps:
If upgraded in update mode, restart the system.
If upgraded in disabled mode, start the CMA service (/usr/sbin/cma start).
777090
Issue: Under stress conditions, the event service is restarted, although there's no loss in functionality. This issue applies to AIX update 6.0.1.
Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow.
Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Access the ePO console on the ePO server and upload the file from the local path. This workaround avoids possible network delays.
607452
Issue: Reports and dashboard entries aren't removed after the Solidcore Extension is uninstalled.
Workaround: If you're uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling and before reinstalling.
607517
Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347
Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304
Issue: It's not possible to export data from the Reporting, Solidcore Events page.
Workaround: Use Queries (Reporting, Queries) to export event data.
636769
Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table aren't migrated to the ePO Events table.
636352
Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554
Issue: Solidcore policies can't be duplicated by using the Policy Details page because the OK button is disabled.
Workaround: Use the Policy Catalog page to duplicate policies.
643854
Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button isn't enabled when changes are made to Solidcore Policies.
Workaround: Edit the policy by using the Policy Catalog without using Guided Configuration.
608374
Issue: When you try to enable an already enabled Solidcore Agent, the error displayed isn't translated.
607908
Issue: It's not possible to export more than 50,000 records from any table or report.
608017
Issue: The Configuration page allows users to create a group with the name My Rules.
608025
Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU isn't added.
609911
Issue: Export of rule groups doesn't work in Internet Explorer when opened from the ePO Server.
Workaround: Use Internet Explorer from a different computer to export rule groups.
610303
Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0.
Workaround: McAfee recommends the use of Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).
608753
Issue: Sometimes, using the username field of reported events on the ePO as a trusted user might not work if the client system is part of an AD domain. The reason is because the domain name reported in the events isn't the full AD domain.
Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete user name to specify as the trusted user.
608759
Issue: If ePO is installed on a Japanese version of Windows, exporting the dashboard data to HTML format fails if the generated HTML file name contains digits.
608390
Issue: When viewing an Integrity Monitor policy, the My Rules tab isn't translated.
669563
Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5000 hosts), the Systems with Unauthorized changes page doesn't open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and user is logged off the ePO console.
656518
Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working.
Workaround: Upgrade the required DLL with the following command:
https://[ePO IP address:port]/remote/scor.upgradeEventParser.do
661203
Issue: If you're using reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you can't access the older reconciliation data.
607950
Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486
Issue: When using the ePO 4.6 console, navigating quickly through the Events pages logs off the user.
714176
Issue: On ePO 4.6 Update 1 or Update 2, if you add multiple commands to a Run Commands client task while creating the task, you can't remove the commands from the saved client task later.
719796
Issue: Global catalog search for AD groups isn't supported.
Workaround: Search for a group in a specific AD server instead of using the Global Catalog. To add a specific group, perform the steps below:
Log on to the ePO 4.x console.
Add the AD server with the group as a registered server.
Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
Add the group to a policy as a trusted group.
722045
Issue: Adding new columns, such as Solidcore Status and Solidification Status for an endpoint by clicking Actions, Choose columns, noncompliant Solidcore Agent might not display values for all endpoints. The reason is because the noncompliant Solidcore Agent section includes only noncompliant agent properties.
Workaround: When adding new columns for an endpoint, click Actions, Choose columns, Solidcore Client Properties instead of Actions, Choose columns, noncompliant Solidcore Agent.
695769
Issue: Under Content Change Tracking feature, the view file page goes blank for a file size of around 1 MB.
800014
Issue: Extra events are reconciled when manual reconciliation done from custom queries.
Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page. Navigate to Menu, Reporting, Solidcore Events.
NOTE: This option doesn't work well if you reach Solidcore Events by drilling down from a Query page.
882821
Issue: Sorting isn't supported on Last Modification Time column on the Content Change Tracking page.
Issue: Original username reported in events is the same as username.
595051
Issue: Multiple operating systems on the same computer aren't supported. Product features work only on the operating system that it's installed on.
599812
Issue: Uninstallation fails if the uninstallation process is canceled before it completes.
600805
Issue: While opening a write-protected network share in Windows Explorer, few deny-write errors are observed.
603747
Issue: The trusted, solidified, and write-protect features don't work correctly for folder-mounted volumes.
Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes.
604153
Issue: Post install script customization isn't available during upgrades. It can only be used during fresh installation of the Solidcore Agent.
608036
Issue: Mapped drive names can't be used in commands issued by remote users or ePO.
634733
Issue: If the database tables are corrupted, the Solidcore Agent upgrade fails and the following error message is displayed:
""Database: . Could not load table 'Control' in SQL query: SELECT `Control`,
`Type`, `X`, `Y`, `Width`, `Height`, `Attributes`, `Property`, `Text`,
`Control_Next`, `Help` FROM `Control` WHERE `Dialog_`=?"""
Workaround: Use silent installation instead of UI mode installation.
605369
Issue: When an agent installer runs the Solidcore Agent installer with the/? argument, a series of unwanted dialog boxes display due to a bug in the third-party packaging software. You can ignore these dialog boxes.
609311
Issue: Manual uninstallation of the Solidcore Agent (deployed from ePO) fails on a client computer with MA version 4.0 (or earlier).
Workaround: Contact Technical Support for assistance if you've already tried manual uninstallation.
598002
Issue: Registry key protection doesn't work for all registry key hives, it works only for HKEY_LOCAL_MACHINE.
599240
Issue: A subkey registry doesn't get added to a protected registry key when using the reg command.
601500
Issue: Creating a shortcut in a read-protected directory isn't allowed.
602122
Issue: Any file operation performed on a read-protected file generate deny-read events that correspond to the file even when the file operation is allowed.
603032
Issue: Changes to folder-mounted volumes that don't have an associated drive letter can't be monitored.
Workaround: Assign a drive letter to a volume before mounting it on any other folder.
603628
Issue: On 64-bit platforms, ACL change events aren't generated when the update mechanism supersedes the deny-write policies for registries.
605371
Issue: When you try to read a read-protected file with certain file flags set through Windows Explorer, read-denied events might not be written to the event viewer. The events are recorded in the Solidcore Agent log file.
606496
Issue: Only full long names are supported with commands that accept file or folder names. For example, Names such as c:\myPackages\SETUP-~1.EXEaren't supported.
606532
Issue: Virtual drive paths aren't supported as path values in Solidcore Agent commands, such as write-protect, read-protect, and monitor.
607024
Issue: The deny-read feature is disabled by default. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.
600748
Issue: Multiple deny-write events might be generated for a single deny-write action. For example, on deletion of a file using Windows Explorer, up to eight file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting in an event for each attempt.
608639
Issue: After you uninstall the Solidcore client from the Windows (64-bit) operating system, the Solidcore folder (c:\program files(x86)\solidcore) and Registry link (HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates) remain on the endpoint.
691196
Issue: For a file where you are tracking content changes, you receive an unknown error if connectivity issues occur while sending metadata for the file from the endpoint to the ePO console.
Workaround: When network connectivity resumes, the next change to the file is reflected accurately on the ePO console.
685124
Issue: If you're running VSE 8.8 with the Access Protection Level set to Maximum, you can't deploy Solidcore on the endpoint.
724796
Issue: Although you can track content changes for a read-protected file, you can't view the actual changes. The reason is because the read protection rule prevents the software from fetching file contents from the endpoint.
726020
Issue: If you upgrade from an older release to the 6.0 release and use a command added or changed in the 6.0 release without restarting the endpoint, you might receive a Msg not found error.
Workaround: Restart the endpoint to make sure that all commands added or changed in the 6.0 release work correctly.
770524
Issue: The scormcpl.dlldisplays an older version in the inventory after it's upgraded.
799559
Issue: If you exclude the .bat extension from monitoring, events for batch file operations are generated.
812964
Issue: If the Updater flag is removed for a cert rule over ePO, the certificate is listed as an updater on the endpoint.
656298
Issue: Upgrade via a hotfix build fails in Update Mode if initiated through an ePO Product Update Task.
876430
Issue: For monitoring and change control rules with '*', the 'longest path' rule isn't given precedence for conflicting rules.
881480
Issue: Revisions aren't reported for Content Change tracking if user events are filtered using the filter rules.
Workaround: Exclude the user from event filtering and apply advanced filters for the user for exclusion of unwanted events for files and directories.
894237
Issue: For a directory-based Content Change Tracking rule, renaming of the directory or its subdirectory generates spurious monitor events.
Issue: During manual installation of the Solidcore Agent on Windows 2008 R2 (64-bit), the Windows installer encountered a validation error displays for the msiexec.exeand kernelbase.dllfiles.
Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation.
Windows 2008 [64 bit]
Reference
Description
609780
Issue: On Windows 2008 (64-bit), therundll32.exe file crashes if an application is uninstalled via the Add or Remove Programs after the SetupInstallFromInfSection()function is used to install the application.
Windows 7 [64 bit]
Reference
Description
708226
Issue: Change Control is functionally incompatible with Avecto Privilege guard.
Windows XP
Reference
Description
601738
Issue: On Windows XP SP2, deny-write errors with two different file names or folder names are logged when a file or folder is created under a write-protected folder.
604834
Issue: On Windows XP, NTFS junction points are supported only when junctions are created for volumes and not for folders.
Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO isn't supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. We recommend that you uninstall the existing version and then install the new version using ePO.
608737
Issue: If the partition with the /opt/McAfee/cma directory has insufficient space, events might not be generated and the Failed to generate event xml error message is added to the solidcore.log file. Free up space in partition with the/opt/McAfee/cmadirectory.
601728
Issue: According to NFS protocol, if a file present on the NFS share is opened once on the NFS client, it can't be reopened until the file attributes are changed. A read-protected file, on an NFS share, opened on the client side in update mode, can be read on the client. It can be read in enable mode (after coming out of the update mode) until the file attributes are changed on the server.
601734
Issue: Changing a hard link might cause the name of the link or program to display in events.
601914
Issue: For daemon processes, the reported username and original username are the same.
602653
Issue: A write-protected file can be changed through its hard link if the hard link has already been created.
602772
Issue: Scripts without a #! tag can't act as updaters.
602977
Issue: For loopback file systems, some features such as updater and monitoring don't work correctly when the loopback path is used instead of a physical path in the sadmin commands. For instance, if /opt is mounted as a loopback file system at/mnt, to add/mnt/abcas an updater, you must add the path /opt/abcas an updater.
602990
Issue: Some features like updaters and mon-proc-exec don't work properly for unsupported file formats. Only executable binaries and #! scripts are supported file formats.
603462
Issue: The BOOTING_ENABLED and BOOTING_UPDATE_MODE events aren't added to the system log.
Workaround: At boot time, start the syslog service before the Solidcore Agent service.
603490
Issue: The following issues are observed when an updater calls another updater:
If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.
604780
Issue: For processes that aren't directly associated with a terminal, the original_user field is the same as the user field.
For example, when you run a script through Runlevel/initscripts, original_user is same as the user.
605062
Issue: The mmap system call at the nfs client doesn't work if the file is read-protected.
606674
Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.
607014
Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.
607024
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.
607245
Issue: No events are generated for changes to a file with the string "solidcore.log" in its name. For example, mysolidcore.log.
601763
Issue: Process information can't be determined for processes that are invoked before the Solidcore Agent driver is loaded. This issue has the following implications:
If these processes make file changes, the changes might not be reported.
For processes that start before the driver is loaded, only the partial program names are reported.
For NFS, the changes done by the client, and the change events displayed on the server have only the relative name for the NFS daemon (that is, nfsd or nfsktcpd).
No Process Start and Process Stop events are generated for already running processes.
On only the AIX platform: Change Tracking or Prevention on file systems mounted by these processes might or might not work. System calls executed by already running processes can't be trapped owing to differences in the way system calls are implemented. As a workaround, you can restart such processes.
604604
Issue: Write or read protection doesn't work on files added via cachefs/lofs.
613214
Issue: If the install path is a mount point, forcibly unmounting (Example: Using the umount –f command) might lead to non-deterministic behavior.
603386
Issue: The Solidcore Agent can't be installed, upgraded, or uninstalled through init scripts that run at system boot time.
Workaround: Add the following two statements in the init script before invoking the installer:
HOME=""/""
export HOME
613205
Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For instance, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.
613213
Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls, and multiple FILE_MODIFIED events are generated at the NFS server.
610254
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gzfile is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
Issue: Localized strings aren't consistent. Partial localization is seen in some events and messages.
708279
Issue: For RHEL5 or RHEL6 (kernel less than 2.6.32-220) and kernels of SLES 10 or SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over NFSv4 partition.
762449
Issue: Events are generated if a special device file is renamed.
797291
Issue: During Dynamic Kernel Module compilation, an empty file named 2 is created in the dks directory.
797363
Issue: The Sadmin Xraycommand doesn't list the attr specific configurations for the running process.
798843
Issue: Unexpected behavior might be observed if a process exits without closing one or more changed files.
802433
Issue: If the volume is unsolidified, it's not listed as unsolidified in the output of 'sadmin status.'
807180
Issue: Installation on a non pre-compiled kernel fails if the installer runs from a Windows share that's mounted using CIFS.
Workaround: Mount the Windows share using NFS.
811983
Issue: Property collection on ePO and endpoint might show different versions of the solidifier if the system isn't rebooted after Upgrade.
812578
Issue: On some kernels, error messages related to scdrv are displayed in the console during system boot.
818828
Issue: With VSEL 1.7 installed, the VSEL service stops with errors on CLI.
Issue: When you log on to a solidified system using telnet as a non-root user, the original_user name displays as root.
602981
Issue: When a single share is mounted on more than one mount point and a file operation is performed, events that show the pathname might refer to any of those shares.
AIX
Reference
Description
605295
Issue: The Parent Process name might be incorrect in events if it can't be resolved properly.
605854
Issue: For file truncation operations, only a FILE_MODIFICATION event is generated. This behavior on the AIX platform is different from behavior on other UNIX platforms.
605639
Issue: For files that exist on an unsupported volume or processes that start from an unsupported volume, only the basename (not the complete path) displays in several events.
605819
Issue: For a user in system WPAR with a UID that doesn't exist on the global environment, the username can't be determined. Events for this user are raised with username: UNKNOWN and original username: UNKNOWN.
605899
Issue: The Solidcore Agent isn't supported in Trusted Execution Environment.
649574
Issue: When you run the Enable client task from ePO for the AIX platform, the task is incorrectly listed as a failed task on the Client Task Log page.
Workaround: The Enable client task runs successfully, so you can ignore the task status on the Client Task Log page.
664439
Issue: Files in an autofs file-system are reported with/? at the beginning. This issue has following implications:
Events have/? at the beginning of the path.
rp/wp doesn't work on such files.
649731
Issue: If you use MA 4.5 (earlier than Update 3) on the AIX 6.1 (64-bit) platform, the upgrade via ePO to Solidcore 5.1.1 fails. Complete the following steps to manually upgrade to the 5.1.1 version on AIX 6.1:
Stop the CMA service using the following command: /usr/sbin/cma stop
Uncompress the SOLIDCOR511-7505_AIX.zipfile.
Execute the slibclean command.
Execute mapkg_install.sh (sh mapkg_install.sh) from the output directory of the .zip file.
Complete one of the following steps:
If upgraded in update mode, restart the system.
If upgraded in disabled mode, start the CMA service (/usr/sbin/cma start).
777090
Issue: Under stress conditions, the event service is restarted, although there's no loss in functionality. This issue applies to AIX update 6.0.1.
Issue: The Solidcore 6.1 Extension isn't supported in ePO versions 4.5 Update 2 (and earlier).
Resolution: The 6.1 Extension is supported in ePO 4.5 Update 3 (and later).
608556
608557
Issue: Solidcore Extension doesn't install on ePO if the database back-end is SQL Server 2000. It supports SQL Server 2005 with a DB compatibility level of 90 and above.
608618
Issue: When you try to upload the Windows Solidcore Agent Deployment Package (~100 MB) to ePO through Internet Explorer, the file upload times out if the network upload speed is slow.
Workaround: If this error displays in Internet Explorer 6, try using Internet Explorer 7 (or later). If you encounter the error in Internet Explorer 7 or later, copy the package to a local directory on the ePO server. Then, access the ePO console on the ePO server and upload the file from the local path. This workaround avoids possible network delays.
607452
Issue: Reports and dashboard entries aren't removed after the Solidcore Extension is uninstalled.
Workaround: If you're uninstalling and reinstalling the Solidcore extension, remove the reports and dashboards manually after uninstalling and before reinstalling.
607517
Issue: PDF reports have minor data display and formatting issues if more than 50,000 records are reported.
608347
Issue: The Solidcore Policies Applied on Hosts report displays all policies derived from the root, regardless of the SKUs enabled on the platform.
609304
Issue: It's not possible to export data from the Reporting, Solidcore Events page.
Workaround: Use Queries (Reporting, Queries) to export event data.
636769
Issue: If you upgrade from Solidcore 5.1.0 to 5.1.1 (or later), existing Solidcore events in the Solidcore Events table aren't migrated to the ePO Events table.
636352
Issue: After removing the Solidcore Extension, all Solidcore-related events are retained in the ePO table. When you view the events in the Threat Event Log, some fields might display erroneous data.
607554
Issue: Solidcore policies can't be duplicated by using the Policy Details page because the OK button is disabled.
Workaround: Use the Policy Catalog page to duplicate policies.
643854
Issue: When you use the Guided Configuration page on the ePO 4.6 console, the Save Policy button isn't enabled when changes are made to Solidcore Policies.
Workaround: Edit the policy by using the Policy Catalog without using Guided Configuration.
608374
Issue: When you try to enable an already enabled Solidcore Agent, the error displayed isn't translated.
607908
Issue: It's not possible to export more than 50,000 records from any table or report.
607963
Issue: An incorrect message (Monitor Failure) displays in ePO 4.5 when a user without the required permissions tries to access a dashboard.
608017
Issue: The Configuration page allows users to create a group with the name My Rules.
608025
Issue: Reports, tasks, and policies for all SKUs are listed even if the license for that SKU isn't added.
609911
Issue: Export of rule groups doesn't work in Internet Explorer when opened from the ePO Server.
Workaround: Use Internet Explorer from a different computer to export rule groups.
610303
Issue: The Server Task pages on ePO might not work properly if you use Mozilla Firefox version 3.0.
Workaround: Technical Support recommends Mozilla Firefox version 3.6 (or later) or Internet Explorer 6.0 (or later).
608753
Issue: Sometimes, using the username field of reported events on the ePO as a trusted user might not work if the client system is part of an AD domain. The reason is because the domain name reported in the events isn't the full AD domain.
Workaround: Use the environment variable USERDNSDOMAIN as the domain name for AD clients. You can also review the properties of the My Computer icon to identify the complete username to specify as the trusted user.
608759
Issue: If ePO is installed on a Japanese version of Windows, exporting the dashboard data to HTML format fails if the generated HTML file name contains digits.
608390
Issue: When viewing an Integrity Monitor policy, the My Rules tab isn't translated.
669563
Issue: If you run reconciliation on a setup with millions of unauthorized changes (for about 5000 hosts), the Systems with Unauthorized changes page doesn't open. When you select the Systems with Unauthorized changes link (on the Risk and Compliance, Change Control Reconciliation page), the page times out and the user is logged off the ePO console.
656518
Issue: If you install Solidcore Extension 5.1.2 (or later) on an existing ePO 4.5 system and then upgrade to ePO version 4.6 FIPS mode, the event parser stops working.
Workaround: Upgrade the required DLL with the following command: https://[ePO IP address:port]/remote/scor.upgradeEventParser.do
661203
Issue: If you're using reconciliation with Solidcore Extension 5.1.1 (or earlier) and upgrade to Solidcore Extension 5.1.2 (or later), you can't access the older reconciliation data.
607950
Issue: User-defined system variables in policies are resolved at the endpoint only after the endpoint is restarted.
707486
Issue: When using the ePO 4.6 console, navigating quickly through the Events pages logs off the user.
714176
Issue: On ePO 4.6 Update 1 or Update 2, if you add multiple commands to a Run Commands client task while creating the task, you can't remove the commands from the saved client task later.
719796
Issue: Global catalog search for AD groups isn't supported.
Workaround: Search for a group in a specific AD server instead of using the Global Catalog. To add a specific group, perform the steps below:
Log on to the ePO 4.x console.
Add the AD server with the group as a registered server.
Search for the group by selecting the registered AD server. Make sure that the Global Catalog Search option is deselected.
Add the group to a policy as a trusted group.
722365
Issue: If a non-administrative user changes the displayed columns for an endpoint and adds any new columns, other endpoints (on which Change Control or Application Control is not installed) might be removed from the System Tree.
722045
Issue: Adding new columns, such as Solidcore Status and Solidification Status for an endpoint by clicking Actions, Choose columns, noncompliant Solidcore Agent might not display values for all endpoints. The reason is because the noncompliant Solidcore Agent section includes only noncompliant agent properties.
Workaround: When adding new columns for an endpoint: Click Actions, Choose columns, Solidcore Client Properties instead of Actions, Choose columns, noncompliant Solidcore Agent.
695769
Issue: Under Content Change Tracking feature, the view file page goes blank for a file size of around 1 MB.
800014
Issue: Extra events are reconciled when manual reconciliation is done from custom queries.
Workaround: To perform the manual reconciliation for multiple events by selecting either All in this page or Select All in all pages, open the Solidcore events page. Navigate to Menu, Reporting, Solidcore Events.
NOTE: This option doesn't work well if you reach Solidcore Events by drilling down from a Query page.
Issue: Original username reported in events is the same as username.
595051
Issue: Multiple operating systems on the same computer aren't supported. Product features work only on the operating system that it's installed on.
599812
Issue: Uninstallation fails if the uninstallation process is canceled before it completes.
600805
Issue: While opening a write-protected network share in Windows Explorer, few deny-write errors are observed.
603747
Issue: The trusted, solidified, and write-protect features don't work correctly for folder-mounted volumes.
Workaround: Contact Technical Support for assistance if the setup uses folder-mounted volumes.
604153
Issue: Post install script customization isn't available during upgrades. It can only be used during fresh installation of the Solidcore Agent.
608036
Issue: Mapped drive names can't be used in commands issued by remote users or ePO.
634733
Issue: If the database tables are corrupted, the Solidcore Agent upgrade fails and the following error message is displayed:
""Database: . Could not load table 'Control' in SQL query: SELECT `Control`,
`Type`, `X`, `Y`, `Width`, `Height`, `Attributes`, `Property`, `Text`,
`Control_Next`, `Help` FROM `Control` WHERE `Dialog_`=?"""
Workaround: Use silent installation instead of UI mode installation.
605369
Issue: When an agent installer runs the Solidcore Agent installer with the/? argument, a series of unwanted dialog boxes display due to a bug in the third-party packaging software. You can ignore these dialog boxes.
609311
Issue: Manual uninstallation of the Solidcore Agent (deployed from ePO) fails on a client computer with MA version 4.0 (or earlier).
Workaround: Contact Technical Support for assistance if you've already tried manual uninstallation.
598002
Issue: Registry key protection doesn't work for all registry key hives, it works only for HKEY_LOCAL_MACHINE.
599240
Issue: A subkey registry doesn't get added to a protected registry key when using the reg command.
601500
Issue: Creating a shortcut in a read-protected directory isn't allowed.
602122
Issue: Any file operation performed on a read-protected file generates deny-read events that correspond to the file even when the file operation is allowed.
603032
Issue: Changes to folder-mounted volumes that don't have an associated drive letter can't be monitored.
Workaround: Assign a drive letter to a volume before mounting it on any other folder.
603628
Issue: On 64-bit platforms, ACL change events aren't generated when the update mechanism supersedes the deny-write policies for registries.
605371
Issue: When you try to read a read-protected file with certain file flags set through Windows Explorer, read-denied events might not be written to the event viewer. The events are recorded in the Solidcore Agent log file.
606496
Issue: Only full long names are supported with commands that accept file or folder names. For example, Names such as c:\myPackages\SETUP-~1.EXE aren't supported.
606532
Issue: Virtual drive paths aren't supported as path values in Solidcore Agent commands, such as write-protect, read-protect, and monitor.
607024
Issue: The deny-read feature is disabled by default. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.
600748
Issue: Multiple deny-write events might be generated for a single deny-write action. For example, on deletion of a file using Windows Explorer, up to eight file deletion events are reported. When the application denies deletion of a file, Windows Explorer tries multiple methods to delete the file, resulting in an event for each attempt.
608639
Issue: After you uninstall the Solidcore client from the Windows (64-bit) operating system, the Solidcore folder (c:\program files(x86)\solidcore) and Registry link (HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates) remain on the endpoint.
691196
Issue: For a file where you're tracking content changes, you receive an unknown error if connectivity issues occur while sending metadata for the file from the endpoint to the ePO console.
Workaround: When network connectivity resumes, the next change to the file is reflected accurately on the ePO console.
685124
Issue: If you're running VSE 8.8 with the Access Protection Level set to Maximum, you can't deploy Solidcore on the endpoint.
724796
Issue: Although you can track content changes for a read-protected file, you can't view the actual changes. The reason is because the read protection rule prevents the software from fetching file contents from the endpoint.
726020
Issue: If you upgrade from an older release to the 6.0 release and use a command added or changed in the 6.0 release without restarting the endpoint, you might receive a Msg not found error.
Workaround: Restart the endpoint to make sure that all commands added or changed in the 6.0 release work correctly.
770524
Issue: The scormcpl.dlldisplays an older version in the inventory after it's upgraded.
799559
Issue: If you exclude the .bat extension from monitoring, events for batch file operations are generated.
812964
Issue: If the Updater flag is removed for a cert rule over ePO, the certificate is listed as an updater on the endpoint.
656298
Issue: Upgrade via hotfix build fails in Update Mode if initiated through an ePO Product Update Task.
Issue: During manual installation of the Solidcore Agent on Windows 2008 R2 (64-bit), the Windows installer encountered a validation error displays for the msiexec.exeand kernelbase.dllfiles.
Workaround: Click Ignore once or Ignore always on the error pop-up to continue installation.
Windows 2008 [64 bit]
Reference
Description
609780
Issue: On Windows 2008 (64-bit), therundll32.exefile crashes if an application is uninstalled via the Add or Remove Programs after the SetupInstallFromInfSection()function is used to install the application.
Windows 7 [64 bit]
Reference
Description
708226
Issue: Change Control is functionally incompatible with Avecto Privilege guard.
Windows XP
Reference
Description
601738
Issue: On Windows XP SP2, deny-write errors with two different file names or folder names are logged when a file or folder is created under a write-protected folder.
604834
Issue: On Windows XP, NTFS junction points are supported only when junctions are created for volumes and not for folders.
Issue: If Solidcore Agent is installed in a non-default path, upgrading via ePO isn't supported. Such an upgrade might leave the Solidcore Agent in an inconsistent state. Technical Support recommends that you uninstall the existing version and then install the new version using ePO.
608737
Issue: If the partition with the /opt/McAfee/cma directory has insufficient space, events might not be generated and the Failed to generate event xml error message is added to the solidcore.log file. Free up space in partition with the/opt/McAfee/cmadirectory.
601728
Issue: According to the NFS protocol, if a file present on the NFS share is opened once on the NFS client, it can't be reopened until the file attributes are changed. A read-protected file on an NFS share, opened on the client side in update mode, can be read on the client. It can be read in enable mode (after coming out of the update mode) until the file attributes are changed on the server.
601734
Issue: Changing a hard link might cause the name of the link or program to display in events.
601914
Issue: For daemon processes, the reported username and original username are the same.
602653
Issue: A write-protected file can be changed through its hard link if the hard link has already been created.
602772
Issue: Scripts without a #!tag can't act as updaters.
602977
Issue: For loopback file systems, some features such as updater and monitoring don't work correctly when the loopback path is used instead of a physical path in the sadmin commands. For instance, if /optis mounted as a loopback file system at/mnt, to add/mnt/abcas an updater you must add the path/opt/abcas an updater.
602990
Issue: Some features like updaters and mon-proc-exec don't work properly for unsupported file formats. Only executable binaries and#! scripts are supported file formats.
603462
Issue: The BOOTING_ENABLED and BOOTING_UPDATE_MODE events aren't added to the system log.
Workaround: At boot time, start the syslog service before the Solidcore Agent service.
603490
Issue: The following issues are observed when an updater calls another updater:
If the child process is added as an updater, the non-inheritable option (-d) of the parent process is overridden.
If the parent process is added as an updater, the non-inheritable option (-d) of the child is overridden.
604780
Issue: For processes that aren't directly associated with a terminal, the original_user field is the same as the user field.
For example, when you run a script through Runlevel/initscripts, original_user is same as the user.
605062
Issue: The mmap system call at the nfs client doesn't work if the file is read-protected.
606674
Issue: A write-protected file can be changed or deleted if the file system is mounted to a different directory.
607014
Issue: Adding a script as an updater twice (once on its own and again with its parent) might lead to unexpected behavior.
607024
Issue: By default, the deny-read feature is disabled. A read-protect rule is immediately applied to Solidcore Agent but is effective only after the deny-read feature is enabled on the Solidcore Agent.
607245
Issue: No events are generated for changes to a file with the string "solidcore.log" in its name. For example, mysolidcore.log.
601763
Issue: Process information can't be determined for processes that are invoked before the Solidcore Agent driver is loaded. This issue has the following implications:
If these processes make file changes, the changes might not be reported.
For processes that start before the driver is loaded, only the partial program names are reported.
For NFS, the changes done by the client, and the change events displayed on the server have only the relative name for the NFS daemon (that is, nfsd or nfsktcpd).
No Process Start and Process Stop events are generated for already running processes.
On only the AIX platform: Change Tracking or Prevention on file systems mounted by these processes might or might not work. System calls executed by already running processes can't be trapped because of differences in the way system calls are implemented. As a workaround, you can restart such processes.
604604
Issue: Write or read protection doesn't work on files added via cachefs/lofs.
613214
Issue: If the install path is a mount point, forcibly unmounting (Example: Using the umount –f command) might lead to non-deterministic behavior.
603386
Issue: The Solidcore Agent can't be installed, upgraded, or uninstalled through init scripts that run at system boot time.
Workaround: Add the following two statements in the init script before invoking the installer:
HOME=""/""
export HOME
613205
Issue: For a file with multiple hard links, the change event contains the name of any one of the hard links as the file name. For instance, if a file named test has test1 and test2 as hard links, the event generated when the file is changed can contain any of the three names by which the file is known.
613213
Issue: Because of NFS protocol behavior, a large write request to the NFS client goes to the NFS server in the form of multiple RPC calls, and multiple FILE_MODIFIED events are generated at the NFS server.
610254
Issue: When you run the Debug Info client task for a UNIX system, the log states that the gatherinfo.tar.gzfile is generated. The name of the generated file is suffixed with the host name and time stamp. For example, gatherinfo-hpj-03-07-08-10_14-37-45.tar.gz.
616089
Issue: Localized strings aren't consistent. Partial localization is seen in some events and messages.
708279
Issue: For RHEL5 or RHEL6 (kernel less than 2.6.32-220) and kernels of SLES 10 or SUSE11 (excluding SLES11 SP2), FILE_CREATED events are incorrectly reported as FILE_ATTR_MODIFIED over NFSv4 partition
762449
Issue: Events are generated if a special device file is renamed.
797291
Issue: During Dynamic Kernel Module compilation, an empty file named 2 is created in the dks directory.
797363
Issue: The Sadmin Xraycommand doesn't list the attr specific configurations for the running process.
798843
Issue: Unexpected behavior might be observed if a process exits without closing one or more changed files.
802433
Issue: If the volume is unsolidified, it's not listed as unsolidified in the output of 'sadmin status.'
807180
Issue: Installation on a non-pre-compiled kernel fails if the installer runs from a Windows share that's mounted using CIFS.
Workaround: Mount the Windows share using NFS.
811983
Issue: Property collection on ePO and endpoint might show different versions of the solidifier if the system is not rebooted after Upgrade.
812578
Issue: On some kernels, error messages related to scdrv are displayed in the console during system boot.
818828
Issue: With VSEL 1.7 installed, the VSEL service stops with errors on CLI.
Issue: When you log on to a solidified system using telnet as a non-root user, the original_user name displays as root.
602981
Issue: When a single share is mounted on more than one mount point and a file operation is performed, events that show the pathname might refer to any of those shares.
AIX
Reference
Description
605295
Issue: The Parent Process name might be incorrect in events if it can't be resolved properly.
605854
Issue: For file truncation operations, only a FILE_MODIFICATION event is generated. This behavior on the AIX platform is different from the behavior on other UNIX platforms.
605639
Issue: For files that exist on an unsupported volume or processes that start from an unsupported volume, only the basename (not the complete path) displays in several events.
605819
Issue: For a user in system WPAR with a UID that doesn't exist on the global environment, the username can't be determined. Events for this user are raised with username: UNKNOWN and original username: UNKNOWN.
605899
Issue: The Solidcore Agent isn't supported in Trusted Execution Environment.
649574
Issue: When you run the Enable client task from ePO for the AIX platform, the task is incorrectly listed as a failed task on the Client Task Log page.
Workaround: The Enable client task runs successfully, so you can ignore the task status on the Client Task Log page.
664439
Issue: Files in an autofs file-system are reported with/? at the beginning. This issue has following implications:
Events have/? at the beginning of the path.
rp/wp doesn't work on such files.
649731
Issue: If you use MA 4.5 (earlier than Update 3) on the AIX 6.1 (64-bit) platform, the upgrade via ePO to Solidcore 5.1.1 fails. Complete the following steps to manually upgrade to 5.1.1 on AIX 6.1:
Stop the CMA service using the following command:/usr/sbin/cma stop
Uncompress the SOLIDCOR511-7505_AIX.zipfile.
Execute the slibclean command.
Execute mapkg_install.sh (sh mapkg_install.sh) from the output directory of the .zip file.
Complete one of the following steps:
If upgraded in update mode, restart the system.
If upgraded in disabled mode, start the CMA service (/usr/sbin/cma start).
777090
Issue: Under stress conditions, the event service is restarted, although there's no loss in functionality. This issue applies to AIX update 6.0.1