Adding details for TIEm for VSE 1.0.3 Hotfix 20190212. (General Availability release)
Hotfix resolved issues: 1231158, 1243547 and 1230992.
March 8, 2018
Updated to add expand/collapse titles.
February 15, 2018
Multiple new entries added, and tagged resolved, with TIEm for VSE 1.0.3.
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article will be updated if new issues are identified post-release, or if additional information becomes available. To read the Release Notes, see:
Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.
Issue: After a successful extensions upgrade, all TIEm for VSE policies are blank in ePO. The Orion.log records the error "Attempted to install extension that is already installed: JTIClientMETA."
1231158
-
1.0.3
1.0.3
Hotfix 20190212
Issue: TIEm for VSE events with MD5 and SHA-1 hash data never get parsed in ePO.
1243547
-
1.0.3
1.0.3
Hotfix 20190212
Issue: TIEm for VSE is detecting Portable Executable (PE) files as an unrecognized file type (value = 0). Due to this problem, the TIE Server fails to forward the results to Advanced Threat Defense (ATD).
Issue: An ePolicy Orchestrator (ePO) Restore from quarantine task fails, because the detection names in the ePO Threat Event logs and Quarantine Manager do not match.
Issue: Upgrade from TIEm from version 1.0.1 to 1.0.2 (build 1.0.2.178) fails, because self-protection is blocking the creation of the TIEm uninstall key during the upgrade.
Workaround: Disable TIE self-protection before performing the upgrade. For configuration changes to TIEm, see the Threat Intelligence Exchange 1.3.0 Product Guide - PD26441.
1167721
-
1.0.1
1.0.3
Issue: The TIE client installation could fail due to a mismatch in the name of the setup executable JTISetup64.exe and its name in the installation script.
1194946
-
1.0.1
1.0.3
Issue: The TIE client makes unexpected file reputation requests when trying to get the JCM_ITEM_ID_GTI_CERTIFICATE_REVOKED attribute.
1199194
-
1.0.2
1.0.3
Issue: The TIE client does not honor scan exclusions for the VSE on-access scanner (OAS). TIEm continues to monitor files despite OAS exclusion.
1168011
-
1.0.1
1.0.3
Issue: A delay of 30–40 seconds in starting an application can occur after a system restart, due to a problem when saving or loading certificate reputation information from the cache.
Issue: A system with VSE and TIEm for VSE 1.0.1.140 experiences infrequent performance issues such as hangs or freeze-like symptoms, which requires a hard reboot to recover the affected system. Preceding the hang, you observe that the McShield service has stopped working entirely (crashed).
Resolution: This issue is resolved in TIEm for VSE 1.0.2. See the Knowledge Base article for details.
Issue: TIEm for VSE blocks Known Trusted files, including files with a Known Trusted enterprise reputation. The rule reported is TIEM/Suspicious.rule0. The TIEMVE.log shows the MD5 hash calculation failed with an entry similar to:
[E] [0x1c94] CHashDataProvider: Failed to calc MD5 for C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api 1359
The issue occurs when the environment is set to block items with an Unknown reputation. When the MD5 hash calculation fails, the reputation is Unknown for the transaction even when a Portable Executable (PE) file has a Known Trusted enterprise reputation.
Resolution: This issue is resolved in TIEm for VSE 1.0.2. See the Knowledge Base article for details.
Issue: When trying to open PDF email attachments, Outlook errors similar to the following display:
Cannot open file: C:\users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Ou.... The file may not exist, you may not have permission to open item or it may be open in another program. Right-click the folder and then click the Properties to check your permissions for the folder
We can't open 'C:\users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content....' It's possible the file is already open, or you don't have permissions to open it.
Resolution: This issue is resolved in TIEm for VSE 1.0.1.140. See the Knowledge Base article for details.
Issue: You observe high CPU in McShield.exe, followed by McShield.exe generating a system error (crash), when you try to start or stop the service. The corresponding event is recorded as McLogEvent Event ID 5019.
Resolution: This issue is resolved in TIEm for VSE 1.0.1.137. See the Knowledge Base article for details.
1020118
1.0.1
1.0.1 Hotfix 0630151
Issue: After uninstalling McAfee Agent and rebooting, TIEm for VSE will not initialize.
Resolution: McAfee Agent must be installed for TIEm for VSE to initialize. Starting with TIEm for VSE 1.0.1 Hotfix 0630151, the TIE client disables itself if McAfee Agent is removed.
