Loading...

Knowledge Center


Endpoint Security for Linux Threat Prevention 10.x Known Issues
Technical Articles ID:   KB87518
Last Modified:  10/8/2019
Rated:


Environment

McAfee Endpoint Security for Linux Threat Prevention (ENSLTP) 10.6.x, 10.5.x, 10.2.x

For ENSLTP supported environments, see KB87073.

Summary

Recent updates to this article
Date Update
October 8, 2019 Added ENSLTP 10.6.6 to the "ENSLTP product release information" section.
September 10, 2019 Added ENSLTP 10.6.5 to the "ENSLTP product release information" section.
August 13, 2019 Added ENSLTP 10.6.4 to the "ENSLTP product release information" section.
July 2, 2019 Added ENSLTP 10.6.3 to the "ENSLTP product release information" section.
May 7, 2019 Added ENSLTP 10.6.2 to the "ENSLTP product release information" section.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

Contents
Click to expand the section you want to view:
Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.
 
ENSLTP Version Released to Support (RTS) General Availability (GA) Release Notes
10.6.6 N/A October 8, 2019 Release Notes
10.6.5 N/A September 10, 2019 PD28481
10.6.4 N/A August 13, 2019 PD28446
10.6.3 N/A July 2, 2019 PD28395
10.6.2 N/A May 7, 2019 PD28331
10.6.1 N/A April 9, 2019 PD28292
10.6.0 N/A March 12, 2019 PD28256
10.5.5 N/A February 12, 2019 PD28199
10.5.4 N/A January 8, 2019 PD28169
10.5.3 N/A November 13, 2018 PD28099
10.5.2 N/A October 9, 2018 PD27993
10.5.1 Hotfix 1251617 (HF1251617) N/A September 11, 2018 PD27967
10.5.1 N/A August 14, 2018 PD27891
10.5.0 N/A May 8, 2018 PD27549
10.2.3 Hotfix 1251530 (HF1251530) N/A September 11, 2018 PD27966
10.2.3 Hotfix 1244379 (HF1244379) July 10, 2018

NOTE: This hotfix is available only from Technical Support.
See the Related Information section below for contact details.
N/A Available from Technical Support
10.2.3 Hotfix 1240853 (HF1240853) June 12, 2018

NOTE: This hotfix is available only from Technical Support.
See the Related Information section below for contact details.
N/A Available from Technical Support
10.2.3 April 12, 2018 May 8, 2018 PD27674
10.2.2 Hotfix 1230337 (HF1230337) March 13, 2018

NOTE: This hotfix is available only from Technical Support.
See the Related Information section below for contact details.
N/A PD27626
10.2.2 Hotfix 1224120 (HF1224120) N/A February 13, 2018 PD27600
10.2.2 Hotfix 1220887 (HF1220887) N/A January 23, 2018 PD27477
10.2.2 N/A September 28, 2017 PD27257
10.2.1 Hotfix 1195156 (HF1195156) N/A July 12, 2017 PD27163
10.2.1 N/A March 27, 2017 PD26991
10.2.0 N/A September 8, 2016 PD26514

Back to top
Reference Number Related Article ENSLTP Found Version ENSLTP Resolved Version Issue Description
1246666   10.2.3
10.5.1
10.5.3 Issue: The Isectpd process consumes large amounts of memory during DAT initialization and DAT update. In some circumstances, this large amount could lead to a system crash.

Resolution: This issue is resolved in ENSLTP 10.5.3.
1206456   10.2.2   Issue: When the on-demand scan (ODS) policy option Use the scan cache is enabled, and an infected archive file is cached as clean, the ODS does not detect the archive file. This issue occurs even if the ODS archive scan setting is enabled. It is the result of the disabled On-Access Scan archive scan setting. 
1196653   10.2.1 10.2.2 Issue: The file access module is not being loaded for On-Access Scanning. This issue happens only in a Red Hat Enterprise Linux Workstation 6.x environment.
 
Resolution: This issue is resolved in ENSLTP 10.2.2.
1197443 KB89627 10.2.1 10.2.1 Hotfix 1195156 Issue: The isectpd service intermittently fails to start on startup. This failure results in the registration with ESP failing, and isecav commands fail. This issue could occur in a Red Hat 7.x or CentOS 7.x environment.
 
Resolution: This issue is resolved in ENSLTP 10.2.1 Hotfix 1195156. See the related article for more information.
1176541
1213012
  10.2.0 10.2.1 Issue: In an ePO managed environment, lots of threat events with IDs 1046 and 1048 are incorrectly created in certain situations. (ID 1046 indicates File I/O error; ID 1048 indicates Scan reports general system error.) They are reported if Write scan is enabled in the On-Access Scan policy.

Resolution: This issue is resolved in ENSLTP 10.2.1.
1170958   10.2.0 10.2.1 Hotfix 1195156 Issue: Red Hat 6.x crashes intermittently when On-Access Scan is enabled. The reason is because of a faulty memory reference by the fileaccess_mod kernel driver of ENSLTP. This issue might also affect CentOS 6.x and Oracle 6.x. The message buffer (dmesg output or vmcore-dmsg file) reports the following signature:
 
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
<1>IP: [] netlink_workQueue_msg_send+0x127/0x780 [fileaccess_mod]

 
This issue does not affect ENSLTP using Fanotify on systems such as Red Hat 7.x, CentOS 7.x, SUSE Linux Enterprise Server (SLES) 11.x, and SLES 12.x.
 
Resolution: This issue is resolved in ENSLTP 10.2.1 Hotfix 1195156.
 1170855 KB88495 10.2.0 10.2.1 Issue: In an ePO managed environment, threat events or client events are not sent to ePO when ENSLTP acts on a threat locally. Example acts are a quarantine or delete. Some occurrences of LPC registration failure for McAfee Agent can cause this issue. 

Workaround: Restart the isectpd service manually.

Resolution: This issue is resolved in ENSLTP 10.2.1. See the related article for more information.

Back to top
Reference Number Related Article ENSLTP Found Version ENSLTP Resolved Version Issue Description
ESFL-1182   10.6.1   Issue: Update to the ENSL 10.6.1 packages fails through the ePO Software Download Manager if the option Move existing packages in the Current branch to the Previous branch is selected.

Workaround: Do not select the option Move existing packages in the Current branch to the Previous branch when you update to the ENSL 10.6.1 packages using ePO Software Download Manager. If any of the ENSL 10.6.0 packages are already in the Previous or Evaluation branch, remove them from the respective branches.
1265665   10.6.0   Issue: Policy enforcement from ePO fails after restarting McAfee Agent 5.6.0.
ESFL-1007   10.6.0 10.6.1 Issue: On Ubuntu, after upgrading from ENSLTP 10.5.1 HF1251617 to 10.6.0, the ENSLTP version is shown incorrectly in ePO.

Workaround: Upgrade from ENSLTP 10.5.1 HF1251617 to 10.5.5, and then upgrade from 10.5.5 to 10.6.0.

Resolution: This issue is resolved in ENSLTP 10.6.1.
ESFL-868   10.6.0   10.6.1 Issue: After uninstallation, cgroup information is not removed. There is no functional impact.

Resolution: This issue is resolved in ENSLTP 10.6.1.
1268945   10.5.3/10.5.4 10.6.0
10.5.5
Issue: Upgrading from ENSLTP 10.5.3/10.5.4 to the latest version leaves the AAC netlink socket open in the kernel, which results in a kernel panic after the upgrade.

Workaround:  Before upgrading from ENSLTP 10.5.4 or earlier, disable access protection, and then perform the upgrade.
  1.  Before upgrading, disable access protection.
    • For ePO manage systems, push policy to disable access protection.
    • For standalone systems, run the following command to disable access protection:

      #/opt/isec/ens/threatprevention/bin/isecav --setapstatus disable
       
  2. Upgrade to ENSLTP 10.5.5 or 10.6.x.
  3. After a successful upgrade, re-enable access protection.
    • For ePO manage systems, push policy to enable access protection.
    • For standalone systems, run the following command to enable access protection:

      #/opt/isec/ens/threatprevention/bin/isecav --setapstatus enable
Resolution: This issue is not present in ENSLTP 10.5.5 and 10.6.x.
1239200   10.5.0 10.5.1 Issue: isectpd fails to start because of corruption in the configuration file under specific stress conditions.

Resolution: This issue is resolved in ENSLTP 10.5.1.
1225881   10.5.0   Issue: Access Protection rules fail to resolve Linux paths with a "//".
1219764   10.5.0 10.5.1 Issue: The command line interface autocomplete feature for Access Protection rules does not work.

Resolution: This issue is resolved in ENSLTP 10.5.1.
1211530   10.2.2 10.5.1 Issue: Upgrade of ENSLTP 10.2.2 through yum install ISecTP does not update the dependency packages such as ISecRT, ISecESP, and ISecFileaccess.

Workaround: Perform the yum upgrade to ENSLTP 10.2.2 from the command line with the following commands:
 
# yum install ISecRt
# yum install ISecESP
# yum install ISecESPFileAccess
# yum install ISecTP

Resolution: This issue is resolved in ENSLTP 10.5.1.
1213439   10.2.1 10.2.2 Hotfix 1220887 Issue: Threat event ID 1282/1290/1051, detected by the on-demand scan (ODS), is created as Severity - Information, which is incorrect.

Resolution: This issue is resolved in ENSLTP 10.2.2 Hotfix 1220887.
1213012   10.2.1 10.2.2 Issue: Threat event ID 1282/1290/1051, detected by the on-access scan (OAS), is created as Severity - Information, which is incorrect.

Resolution: This issue is resolved in ENSLTP 10.2.2.
1184680 KB89034 10.2.1 Will Not Fix Issue: In a non-ePO-managed environment, there is no way to remove a repository that was added using the command line.

Resolution: This issue will not be resolved. Instead of removing the repository, disable the repository so that the agent does not have access to the repository. For the specific command-line option, see the Man Page in the software or see the related article as a reference
1187292   10.2.0 10.5.1 Issue: The following description in the Endpoint Security for Linux Threat Prevention 10.2.0 Product Guide (PD26513) and the Endpoint Security for Linux Threat Prevention 10.5.0 Product Guide (PD27640) for the log retention policy is partially incorrect:
 
When the file size exceeds the limit, the current file is backed up and a new log file is created. The software retains the last 5 versions of the log files.

Workaround: More than the last five versions of log files are kept. Older log files are deleted when the log directory size exceeds an internal threshold. The internal threshold is calculated based on the option "Limit size (MB) of each of the activity log files" in the Endpoint Security Common policy. (The default size is 10 MB.)

You can safely delete older log files manually from the directory. For the location of log files, see KB88812.

Resolution: This issue is resolved in the Endpoint Security for Linux Threat Prevention 10.5.1 Product Guide (PD27916).
1184885   10.2.0 10.2.1 Issue: The built-in default local client update task initiates but stops in the "Initiated" status if the task is scheduled to start at 00:00. The cause is that it conflicts with the McAfee Agent built-in internal certificate update task scheduled at 00:00 and the ENSLTP local task fails to continue normally. This issue could happen in both an ePO managed environment and non-managed environment.
  
Workaround: Avoid scheduling a local client update task at 00:00. Use a larger margin for setting the start time, for example, set it to 00:15 rather than 00:03.
 
Resolution: This issue is resolved in ENSLTP 10.2.1.
1183815   10.2.0   Issue: The "Log files location" is shown as a configurable setting for the Linux platform in the Endpoint Security Common policy extension. This display is not correct. The ENSLTP log files location is not configurable.
1174609   10.2.0 10.2.1 Issue: In the ePO Software Manager, "Checked In Version" and "Additional Check in Details" for the component "McAfee Endpoint Security for Linux Threat Prevention 10.2 - ePO Package" remain blank. Also, the "Action" column continues to show "Check In", even after the package is checked in to the Master Repository.  
 
Resolution: This issue is resolved in ENSLTP 10.2.1.
1165947   10.2.0 10.2.1 Issue: The Scan Network feature in On-Access Scan does not work for NFS version 4 mounted filesystems if ENSLTP uses a FileAccess kernel module. Examples of such a module are Red Hat Enterprise Linux 6.x, CentOS 6.x, and Oracle Enterprise Linux 6.x.

Workaround: Use an NFS version 3 mount. 

Resolution: This issue is resolved in ENSLTP 10.2.1.
  KB89034 10.2.0 10.2.1 Issue: In a non-ePO-managed environment, there is no way to add a repository other than the default common update site. 

Resolution: ENSLTP 10.2.1 has introduced new a command-line option 'addrepository' to specify repositories. See the Man Page in the software or see the related article as a reference.
1161374   10.2.0 10.2.1 Issue: The ENSLTP kernel module logs the following error repeatedly in dmesg output or in Syslog. This logging happens when the current cache count exceeds the maximum limit.
 
FILEACCESS_ERROR   : scanCacheRecordPtr is NULL in removeCacheEntry

Resolution: This issue is resolved in ENSLTP 10.2.1.

Back to top

Previous Document ID

KB84530

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Spanish Spain
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.