Adding details for TIEm for VSE 1.0.3 Hotfix 20190212. (General Availability release)
Hotfix resolved issues: 1231158, 1243547 and 1230992.
March 8, 2018
Updated to add expand/collapse titles.
February 15, 2018
Multiple new entries added, and tagged resolved, with TIEm for VSE 1.0.3.
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article will be updated if new issues are identified post-release, or if additional information becomes available. To read the Release Notes, see:
Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.
Issue: After a successful extensions upgrade, all TIEm for VSE policies are blank in ePO. The Orion.log records the following error:
Attempted to install extension that is already installed: JTIClientMETA.
1231158
-
1.0.3
1.0.3
Hotfix 20190212
Issue: TIEm for VSE events with MD5 and SHA-1 hash data is never parsed in ePO.
1243547
-
1.0.3
1.0.3
Hotfix 20190212
Issue: TIEm for VSE detects Portable Executable (PE) files as an unrecognized file type (value = 0). Because of this problem, the TIE Server fails to forward the results to Advanced Threat Defense (ATD).
Issue: An ePolicy Orchestrator (ePO) Restore from quarantine task fails, because the detection names in the ePO Threat Event logs and Quarantine Manager do not match.
Issue: Upgrade of TIEm from version 1.0.1 to 1.0.2 (build 1.0.2.178) fails because self-protection blocks the creation of the TIEm uninstall key during the upgrade.
Workaround: Disable TIE self-protection before you perform the upgrade. For configuration changes to TIEm, see the Threat Intelligence Exchange 1.3.0 Product Guide.
1167721
-
1.0.1
1.0.3
Issue: The TIE client installation could fail because of a mismatch in the name of the setup executable JTISetup64.exe and its name in the installation script.
1194946
-
1.0.1
1.0.3
Issue: The TIE client makes unexpected file reputation requests when it tries to get the JCM_ITEM_ID_GTI_CERTIFICATE_REVOKED attribute.
1199194
-
1.0.2
1.0.3
Issue: The TIE client does not honor scan exclusions for the VSE on-access scanner (OAS). TIEm continues to monitor files despite OAS exclusion.
1168011
-
1.0.1
1.0.3
Issue: A delay of 30–40 seconds in starting an application can occur after a system restart. There is a problem when saving or loading certificate reputation information from the cache.
Issue: A system with VSE and TIEm for VSE 1.0.1.140 experiences infrequent performance issues such as hangs or freeze-like symptoms. These issues require a hard reboot to recover the affected system. Before the hang, you observe that the McShield service has stopped working entirely (crashed).
Resolution: This issue is resolved in TIEm for VSE 1.0.2. See the Knowledge Base article for details.
Issue: TIEm for VSE blocks Known Trusted files, including files with a Known Trusted enterprise reputation. The rule reported is TIEM/Suspicious.rule0. The TIEMVE.log shows the MD5 hash calculation failed with an entry similar to:
[E] [0x1c94] CHashDataProvider: Failed to calc MD5 for C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api 1359
The issue occurs when the environment is set to block items with an Unknown reputation. When the MD5 hash calculation fails, the reputation is Unknown for the transaction even when a Portable Executable (PE) file has a Known Trusted enterprise reputation.
Resolution: This issue is resolved in TIEm for VSE 1.0.2. See the Knowledge Base article for details.
Issue: When you try to open PDF email attachments, Outlook errors similar to the following display:
Cannot open file: C:\users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Ou.... The file may not exist, you may not have permission to open item or it may be open in another program. Right-click the folder and then click the Properties to check your permissions for the folder
We can't open 'C:\users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content....' It's possible the file is already open, or you don't have permissions to open it.
Resolution: This issue is resolved in TIEm for VSE 1.0.1.140. See the Knowledge Base article for details.
1115944
1.0.1
1.0.1.137
Issue: You observe high CPU use in McShield.exe, followed by McShield.exe generating a system error (crash), when you try to start or stop the service. The corresponding event is recorded as McLogEvent Event ID 5019.
Resolution: This issue is resolved in TIEm for VSE 1.0.1.137.
1020118
1.0.1
1.0.1 Hotfix 0630151
Issue: After you uninstall McAfee Agent and reboot, TIEm for VSE does not initialize.
Resolution: McAfee Agent must be installed for TIEm for VSE to initialize. Starting with TIEm for VSE 1.0.1 Hotfix 0630151, the TIE client disables itself if McAfee Agent is removed.
