Loading...

Knowledge Center


Endpoint Security for Linux Threat Prevention 10.x Known Issues
Technical Articles ID:   KB87518
Last Modified:  1/8/2019
Rated:


Environment

McAfee Endpoint Security for Linux Threat Prevention (ENSLTP) 10.5.x, 10.2.x

For ENSLTP supported environments, see KB87073.

Summary

Recent updates to this article
Date Update
January 8, 2019 Updated for ENSLTP 10.5.4.
November 13, 2018 Updated for ENSLTP 10.5.3.
October 9, 2018 Updated for ENSLTP 10.5.2.
September 11, 2018 Updated the "ENSLTP product release information" section with ENSLTP 10.2.3 Hotfix 1251530 and 10.5.1 Hotfix 1251617.
August 14, 2018 Updated for ENSLTP 10.5.1.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.


Contents
Click to expand the section you want to view:
Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.
 
ENSLTP Version Released to Support (RTS) General Availability (GA) Release Notes
10.5.4 N/A January 8, 2019 PD28169
10.5.3 N/A November 13, 2018 PD28099
10.5.2 N/A October 9, 2018 PD27993
10.5.1 Hotfix 1251617 (HF1251617) N/A September 11, 2018 PD27967
10.5.1 N/A August 14, 2018 PD27891
10.5.0 N/A May 8, 2018 PD27549
10.2.3 Hotfix 1251530 (HF1251530) N/A September 11, 2018 PD27966
10.2.3 Hotfix 1244379 (HF1244379) July 10, 2018

NOTE: This hotfix is available only from Technical Support.
See the Related Information section below for contact details.
N/A Available from Technical Support
10.2.3 Hotfix 1240853 (HF1240853) June 12, 2018

NOTE: This hotfix is available only from Technical Support.
See the Related Information section below for contact details.
N/A Available from Technical Support
10.2.3 April 12, 2018 May 8, 2018 PD27674
10.2.2 Hotfix 1230337 (HF1230337) March 13, 2018

NOTE: This hotfix is available only from Technical Support.
See the Related Information section below for contact details.
N/A PD27626
10.2.2 Hotfix 1224120 (HF1224120) N/A February 13, 2018 PD27600
10.2.2 Hotfix 1220887 (HF1220887) N/A January 23, 2018 PD27477
10.2.2 N/A September 28, 2017 PD27257
10.2.1 Hotfix 1195156 (HF1195156) N/A July 12, 2017 PD27163
10.2.1 N/A March 27, 2017 PD26991
10.2.0 N/A September 8, 2016 PD26514
Reference Number Related Article ENSLTP Found Version ENSLTP Resolved Version Issue Description
1206456   10.2.2   Issue: When the on-demand scan (ODS) policy option Use the scan cache is enabled, and an infected archive file is cached as clean, the ODS does not detect the archive file. This issue occurs even if the ODS archive scan setting is enabled, and is the result of the disabled On-Access Scan archive scan setting. 
1196653   10.2.1 10.2.2 Issue: The file access module is not being loaded for On-Access Scanning. This issue happens only in a Red Hat Enterprise Linux Workstation 6.x environment.
 
Resolution: This issue is resolved in ENSLTP 10.2.2.
1197443 KB89627 10.2.1 10.2.1 Hotfix 1195156 Issue: The isectpd service intermittently fails to start on startup. This failure results in the registration with ESP failing, and isecav commands fail. This issue could occur in a Red Hat 7.x or CentOS 7.x environment.
 
Resolution: This issue is resolved in ENSLTP 10.2.1 Hotfix 1195156. See the related article for more information.
1176541
1213012
  10.2.0 10.2.1 Issue: In an ePolicy Orchestrator (ePO) managed environment, lots of threat events with IDs 1046 (File I/O error) and 1048 (Scan reports general system error) are incorrectly created in certain situations. They are reported if Write scan is enabled in the On-Access Scan policy.

Resolution: This issue is resolved in ENSLTP 10.2.1.
1170958   10.2.0 10.2.1 Hotfix 1195156 Issue: Red Hat 6.x crashes intermittently when On-Access Scan is enabled because of a faulty memory reference by the fileaccess_mod kernel driver of ENSLTP. This issue might also affect CentOS 6.x and Oracle 6.x. The message buffer (dmesg output or vmcore-dmsg file) reports the following signature:
 
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
<1>IP: [] netlink_workQueue_msg_send+0x127/0x780 [fileaccess_mod]

 
This issue does not affect ENSLTP using Fanotify on systems such as Red Hat 7.x, CentOS 7.x, SUSE Linux Enterprise Server (SLES) 11.x, and SLES 12.x.
 
Resolution: This issue is resolved in ENSLTP 10.2.1 Hotfix 1195156.
 1170855 KB88495 10.2.0 10.2.1 Issue: In an ePO managed environment, threat events or client events are not sent to ePO when ENSLTP acts on a threat locally. Example acts are a quarantine or delete. Some occurrences of LPC registration failing for McAfee Agent can cause this issue. 

Workaround: Restart the isectpd service manually.

Resolution: This issue is resolved in ENSLTP 10.2.1. See the related article for more information.
Reference Number Related Article ENSLTP Found Version ENSLTP Resolved Version Issue Description
1239200   10.5.0 10.5.1 Issue: isectpd fails to start due to corruption in the configuration file under specific stress conditions.

Resolution: This issue is resolved in ENSLTP 10.5.1.
1225881   10.5.0   Issue: Access Protection rules fail to resolve Linux paths with a "//".
1219764   10.5.0 10.5.1 Issue: The command line interface autocomplete feature for Access Protection rules does not work.

Resolution: This issue is resolved in ENSLTP 10.5.1.
1211530   10.2.2 10.5.1 Issue: Upgrade of ENSLTP 10.2.2 through yum install ISecTP does not update the dependency packages such as ISecRT, ISecESP, and ISecFileaccess.

Workaround: Perform the yum upgrade to ENSLTP 10.2.2 from the command line using the following commands:
 
# yum install ISecRt
# yum install ISecESP
# yum install ISecESPFileAccess
# yum install ISecTP

Resolution: This issue is resolved in ENSLTP 10.5.1.
1213439   10.2.1 10.2.2 Hotfix 1220887 Issue: Threat event ID 1282/1290/1051, detected by the on-demand scan (ODS), is created as Severity - Information, which is incorrect.

Resolution: This issue is resolved in ENSLTP 10.2.2 Hotfix 1220887.
1213012   10.2.1 10.2.2 Issue: Threat event ID 1282/1290/1051, detected by the On-Access Scan (OAS), is created as Severity - Information, which is incorrect.

Resolution: This issue is resolved in ENSLTP 10.2.2.
1184680 KB89034 10.2.1   Issue: In a non-ePO-managed environment, there is no way to remove a repository that was added using the command line.

Workaround: Instead of removing the repository, disable the repository so that the agent does not have access to the repository. For the specific command-line option, see the Man Page in the software or see the related article as a reference
1187292   10.2.0 10.5.1 Issue: The following description in the Endpoint Security for Linux Threat Prevention 10.2.0 Product Guide (PD26513) and the Endpoint Security for Linux Threat Prevention 10.5.0 Product Guide (PD27640) for the log retention policy is partially incorrect:
 
When the file size exceeds the limit, the current file is backed up and a new log file is created. The software retains the last 5 versions of the log files.

Workaround: More than the last five versions of log files are kept. Older log files are deleted when the log directory size exceeds an internal threshold. The internal threshold is calculated based on the option "Limit size (MB) of each of the activity log files" (default is 10 MB) in the Endpoint Security Common policy.

You can safely delete older log files manually from the directory. For the location of log files, see KB88812.

Resolution: This issue is resolved in the Endpoint Security for Linux Threat Prevention 10.5.1 Product Guide (PD27916).
1184885   10.2.0 10.2.1 Issue: The built-in default local client update task gets initiated but stops in the "Initiated" status if the task is scheduled to start at 00:00. The cause is that it conflicts with the McAfee Agent built-in internal certificate update task scheduled at 00:00 and the ENSLTP local task fails to continue normally. This issue could happen in both an ePO managed environment and non-managed environment.
  
Workaround: Avoid scheduling a local client update task at 00:00. Use a larger margin for setting the start time, for example, set it to 00:15 rather than 00:03.
 
Resolution: This issue is resolved in ENSLTP 10.2.1.
1183815   10.2.0   Issue: The "Log files location" is shown as a configurable setting for the Linux platform in the Endpoint Security Common policy extension. This display is not correct. The ENSLTP log files location is not configurable.
1174609   10.2.0 10.2.1 Issue: In the ePO Software Manager, "Checked In Version" and "Additional Check in Details" for the component "McAfee Endpoint Security for Linux Threat Prevention 10.2 - ePO Package" remain blank. Also, the "Action" column continues to show "Check In", even after the package is checked in to the Master Repository.  
 
Resolution: This issue is resolved in ENSLTP 10.2.1.
1165947   10.2.0 10.2.1 Issue: The Scan Network feature in On-Access Scan does not work for NFS version 4 mounted filesystems if ENSLTP uses a FileAccess kernel module. Examples of such a module are Red Hat Enterprise Linux 6.x, CentOS 6.x, and Oracle Enterprise Linux 6.x.

Workaround: Use an NFS version 3 mount. 

Resolution: This issue is resolved in ENSLTP 10.2.1.
  KB89034 10.2.0 10.2.1 Issue: In a non-ePO-managed environment, there is no way to add a repository other than the default common update site. 

Resolution: ENSLTP 10.2.1 has introduced new a command-line option 'addrepository' to specify repositories. See the Man Page in the software or see the related article as a reference.
1161374   10.2.0 10.2.1 Issue: The ENSLTP kernel module logs the following error repeatedly in dmesg output or in Syslog. This logging happens when the current cache count exceeds the maximum limit.
 
FILEACCESS_ERROR   : scanCacheRecordPtr is NULL in removeCacheEntry

Resolution: This issue is resolved in ENSLTP 10.2.1.


Back to top

Previous Document ID

KB84530

Rate this document

Languages:

This article is available in the following languages:

English United States
Japanese

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.