Loading...

Knowledge Center


Threat Intelligence Exchange Module for VirusScan Enterprise 1.0.x Known Issues
Technical Articles ID:   KB84487
Last Modified:  2/12/2019

Environment

McAfee Threat Intelligence Exchange Module (TIEm) for VirusScan Enterprise (VSE) 1.0.x

Summary

Recent updates to this article:
Date Update
February 12, 2019 Adding details for TIEm for VSE 1.0.3 Hotfix 20190212. (General Availability release)
Hotfix resolved issues: 1231158, 1243547 and 1230992.
March 8, 2018 Updated to add expand/collapse titles.
February 15, 2018 Multiple new entries added, and tagged resolved, with TIEm for VSE 1.0.3.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article will be updated if new issues are identified post-release, or if additional information becomes available. To read the Release Notes, see:
 
TIEm for VSE Version Release Date Release Notes End of life
TIEm 1.0.3 Hotfix 20190212 (GA)
(HF20190212) 
February 12, 2019 PD28222 -
TIEm 1.0.3 (GA) February 9, 2018 PD27533 -
TIEm 1.0.2 (GA) September 14, 2016 PD26651 -
TIEm 1.0.1.140 (GA) February 17, 2016 n/a EOL
TIEm 1.0.1.137 (GA) January 25, 2016 n/a EOL
TIEm 1.0.1 (GA) April 27, 2015 n/a EOL
General Availability (GA)
Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.

Click to expand the section you want to view:

Reference
Number
Related
Article
Found
Version
Resolved
Version
Issue Description
1184195 KB89611 1.0.1 1.0.3 Issue: High memory usage on systems with the Threat Intelligence Exchange Module for VSE 1.0.2 or 1.0.1.

Reference
Number
Related
Article
Found
Version
Resolved
Version
Issue Description
1230992 KB90413 1.0.3 1.0.3
Hotfix
20190212
Issue: After a successful extensions upgrade, all TIEm for VSE policies are blank in ePO. The Orion.log records the error "Attempted to install extension that is already installed: JTIClientMETA."
1231158 - 1.0.3 1.0.3
Hotfix

20190212
Issue: TIEm for VSE events with MD5 and SHA-1 hash data never get parsed in ePO.
1243547 - 1.0.3
1.0.3
Hotfix

20190212
Issue: TIEm for VSE is detecting Portable Executable (PE) files as an unrecognized file type (value = 0). Due to this problem, the TIE Server fails to forward the results to Advanced Threat Defense (ATD).
1168438 KB88096 1.0.1 1.0.3 Issue: An ePolicy Orchestrator (ePO) Restore from quarantine task fails, because the detection names in the ePO Threat Event logs and Quarantine Manager do not match.
1186543 KB89512 1.0.2 1.0.3 Issue: Upgrade from TIEm from version 1.0.1 to 1.0.2 (build 1.0.2.178) fails, because self-protection is blocking the creation of the TIEm uninstall key during the upgrade.

Workaround: Disable TIE self-protection before performing the upgrade. For configuration changes to TIEm, see the Threat Intelligence Exchange 1.3.0 Product Guide - PD26441.
1167721 - 1.0.1 1.0.3 Issue: The TIE client installation could fail due to a mismatch in the name of the setup executable JTISetup64.exe and its name in the installation script.
1194946 - 1.0.1 1.0.3 Issue: The TIE client makes unexpected file reputation requests when trying to get the JCM_ITEM_ID_GTI_CERTIFICATE_REVOKED attribute.
1199194 - 1.0.2 1.0.3 Issue: The TIE client does not honor scan exclusions for the VSE on-access scanner (OAS). TIEm continues to monitor files despite OAS exclusion.
1168011 - 1.0.1 1.0.3 Issue: A delay of 30–40 seconds in starting an application can occur after a system restart, due to a problem when saving or loading certificate reputation information from the cache.
1147879 KB87510 1.0.1.140 1.0.2 Issue: A system with VSE and TIEm for VSE 1.0.1.140 experiences infrequent performance issues such as hangs or freeze-like symptoms, which requires a hard reboot to recover the affected system. Preceding the hang, you observe that the McShield service has stopped working entirely (crashed).
 
Resolution: This issue is resolved in TIEm for VSE 1.0.2. See the Knowledge Base article for details.
1133652 KB87439 1.0.1 1.0.2 Issue: TIEm for VSE blocks Known Trusted files, including files with a Known Trusted enterprise reputation. The rule reported is TIEM/Suspicious.rule0. The TIEMVE.log shows the MD5 hash calculation failed with an entry similar to:
 
[E] [0x1c94] CHashDataProvider: Failed to calc MD5 for C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api 1359
 
The issue occurs when the environment is set to block items with an Unknown reputation. When the MD5 hash calculation fails, the reputation is Unknown for the transaction even when a Portable Executable (PE) file has a Known Trusted enterprise reputation.
 
Resolution: This issue is resolved in TIEm for VSE 1.0.2. See the Knowledge Base article for details.
1129086 KB87436 1.0.1 1.0.2 Issue: When you close a Remote Desktop Protocol (RDP) session, you see an error dialog for a fatal exception in tiestatus.exe:

STATUS_INVALID_PARAMETER_msvcr110!__crtCreateThreadpoolWait+1b

Resolution: This issue is resolved in TIEm for VSE 1.0.2. See the Knowledge Base article for details.
1117781 KB86515 1.0.1 1.0.1.140 Issue: When trying to open PDF email attachments, Outlook errors similar to the following display:
 
Cannot open file: C:\users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Ou.... The file may not exist, you may not have permission to open item or it may be open in another program. Right-click the folder and then click the Properties to check your permissions for the folder

We can't open 'C:\users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content....' It's possible the file is already open, or you don't have permissions to open it.

 
Resolution: This issue is resolved in TIEm for VSE 1.0.1.140. See the Knowledge Base article for details.
1115944 KB86632 1.0.1 1.0.1.137 Issue: You observe high CPU in McShield.exe, followed by McShield.exe generating a system error (crash), when you try to start or stop the service. The corresponding event is recorded as McLogEvent Event ID 5019.

Resolution: This issue is resolved in TIEm for VSE 1.0.1.137. See the Knowledge Base article for details.
1020118   1.0.1 1.0.1 Hotfix 0630151 Issue: After uninstalling McAfee Agent and rebooting, TIEm for VSE will not initialize.

Resolution: McAfee Agent must be installed for TIEm for VSE to initialize. Starting with TIEm for VSE 1.0.1 Hotfix 0630151, the TIE client disables itself if McAfee Agent is removed.


Back to top

Rate this document

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.