Added ENSLTP 10.7.7 to the "ENSLTP product release information" section.
July 28, 2021
Added ENSLTP 10.7.6 to the "ENSLTP product release information" section.
May 11, 2021
Added ENSLTP 10.7.5 to the "ENSLTP product release information" section.
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
Contents
Click to expand the section you want to view:
Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.
Issue: The Isectpd process consumes large amounts of memory during DAT initialization and DAT update. In some circumstances, this large amount could lead to a system crash.
Resolution: This issue is resolved in ENSLTP 10.5.3.
1206456
10.5.0
Issue: When the on-demand scan (ODS) policy option Use the scan cache is enabled, and an infected archive file is cached as clean, the ODS doesn’t detect the archive file. This issue occurs even if the ODS archive scan setting is enabled. It’s the result of the disabled On-Access Scan archive scan setting.
Issue: The McScript.log file on a Linux system doesn’t adhere to the specified log size set in the McAfee Agent policy. All other log files rotate once the limit is reached.
Resolution: This issue is resolved in ENSLTP 10.7.1. See the related article for more information.
Issue: The operating system might get into a hang state, after installation or upgrade to ENSLTP 10.7.1 and later. For this issue to trigger, all these conditions must exist:
ENSLTP is configured to run using Fanotify mode.
On-access scan (OAS) is configured to scan file read operations.
The operating system boot configuration uses the option ipv6.disable=1, which disables IPv6.
Workaround: Disable Global Threat Intelligence in the OAS policy, make sure that only Scan on write is configured, or set the option ipv6.disable to off in the kernel boot configuration.
Resolution: This issue is resolved in ENSLTP 10.7.3. See the related article for more information.
Application and Change Control extension 8.3.1.111
Issue: Application and Change Control with extension 8.3.0.225 or earlier blocks an ENSLTP engine upgrade when Application and Change Control is managed and locked down.
Workaround: Add the following processes to the updaters list in the Application Control policy:
/opt/McAfee/ens/tp/bin/mfetpd
/opt/McAfee/ens/esp/bin/mfeespd
/opt/isec/ens/threatprevention/bin/isectpd
Resolution: The issue is resolved in Application and Change Control extension 8.3.1.111. See the related article for more information.
Issue: When ENSLTP 10.6.5 initially starts, one or more of the following errors display in the messages log. Also, ENSLTP fails to start:
isectpd: error: Failed to initialize NSS library
isectpd: error: no dbpath has been set
isectpd: message repeated 10 times: [error: no dbpath has been set]
systemd: isectpd.service stop-sigterm timed out. Killing.
systemd: isectpd.service: main process exited, code=killed, status=9/KILL
systemd: Stopped McAfee Endpoint Security for Linux Threat Prevention.
systemd: Unit isectpd.service entered failed state.
systemd: isectpd.service failed.
Resolution: This issue is resolved in ENSLTP 10.6.7. See the related article for more information.
Issue: Access Protection can't be enabled in ENSLTP. The system isn’t able to detect the correct kernel on the system in some Linux distributions. The modinfo isn't able to find the installed kernel-devel, because the directory isn't the same in each distribution.
Example error from the isecespd.log:
XXXX ERROR AACKMInterface [13559] Unable to open kernel module directory - /opt/isec/ens/esp/modules/aac/kernel/2.6.32-754.27.1.el6.x86_64
XXXX ERROR AacControl [13559] InitException (Failed to load kernel module. - KEXT_LOAD_ERROR)
XXXX ERROR AACRegistration [13559] AAC control creation failed with error code : 1
XXXX ERROR AccessProtection [13559] Access protection failed to initialize due to failure in creating AAC control object
XXXX ERROR AccessProtection [13559] Failed to enable Access Protection while initializing AAC
XXXX ERROR TpAPPolicy [13559] Failed to enable Access Protection
Resolution: This issue is resolved in ENSLTP 10.6.4. See the related article for more information.
ESFL-1182
10.6.1
Issue: Update to the ENSL 10.6.1 packages fails through the ePO Software Download Manager if the option Move existing packages in the Current branch to the Previous branch is selected.
Workaround: Don’t select the option Move existing packages in the Current branch to the Previous branch when you update to the ENSL 10.6.1 packages using ePO Software Download Manager. If any of the ENSL 10.6.0 packages are already in the Previous or Evaluation branch, remove them from the respective branches.
1265665
10.6.0
McAfee Agent 5.6.2
Issue: Policy enforcement from ePO fails after restarting McAfee Agent 5.6.0.
Resolution: This issue is resolved in McAfee Agent 5.6.2.
ESFL-1007
10.6.0
10.6.1
Issue: On Ubuntu, after upgrading from ENSLTP 10.5.1 HF1251617 to 10.6.0, the ENSLTP version is shown incorrectly in ePO.
Workaround: Upgrade from ENSLTP 10.5.1 HF1251617 to 10.5.5, and then upgrade from 10.5.5 to 10.6.0.
Resolution: This issue is resolved in ENSLTP 10.6.1.
ESFL-868
10.6.0
10.6.1
Issue: After you uninstall, cgroup information isn’t removed. There’s no functional impact.
Resolution: This issue is resolved in ENSLTP 10.6.1.
Issue: You see the following message recorded in the syslog (located in /var/log/messages). A line containing [fileaccess_mod] and [scanCache_init] appears in the call trace:
Nov 6 20:03:02 hostname kernel: FILEACCESS_ERROR : Failed to create mempool memory for scan cache record
Nov 6 20:03:02 hostname kernel: FILEACCESS_ERROR : Failed to restart event processing services.
Resolution: This issue is resolved in ENSLTP 10.6.1. See the related article for more information.
1268945
10.5.3/10.5.4
10.6.0
10.5.5
Issue: Upgrading from ENSLTP 10.5.3/10.5.4 to the latest version leaves the AAC netlink socket open in the kernel, which results in a kernel panic after the upgrade.
Workaround: Before upgrading from ENSLTP 10.5.4 or earlier, disable access protection, and then perform the upgrade.
Before upgrading, disable access protection.
For ePO manage systems, push policy to disable access protection.
For standalone systems, run the following command to disable access protection:
Issue: A race condition might occur on a system in the following scenarios:
A DAT update and an on-demand scan run simultaneously.
A DAT update and policy enforcement occur simultaneously.
As a result, the isectpd process runs out of file-descriptors and stops responding or slows down in responding. This scenario results in the timeout of file event requests at fileaccess_mod kernel-module, eventually causing the system to enter a hung state.
Resolution: This issue is resolved in ENSLTP 10.5.1 Hotfix 1251617. See the related article for more information.
1239200
10.5.0
10.5.1
Issue: The isectpd process fails to start because of corruption in the configuration file under specific stress conditions.
Resolution: This issue is resolved in ENSLTP 10.5.1.
1225881
10.5.0
Issue: Access Protection rules fail to resolve Linux paths with a "//".
1219764
10.5.0
10.5.1
Issue: The command line interface Autocomplete feature for Access Protection rules doesn’t work.
Resolution: This issue is resolved in ENSLTP 10.5.1.
Issue: The Red Hat Enterprise Linux server crashes intermittently when on-access scan is enabled. This issue might also affect CentOS and Oracle Linux.
Resolution: This issue is resolved in ENSLTP 10.5.1. See the related article for more information.
1211530
10.5.0
10.5.1
Issue: Upgrade of ENSLTP through yum install ISecTP doesn’t update the dependency packages such as ISecRT, ISecESP, and ISecFileaccess.
Workaround: Perform the yum upgrade from the command line with the following commands:
Issue: In a non-ePO-managed environment, there’s no way to remove a repository that was added using the command line.
Resolution: This issue won’t be resolved. Instead of removing the repository, disable the repository so that the agent doesn’t have access to the repository. For the specific command-line option, see the Man Page in the software or see the related article as a reference
1183815
10.5.0
Issue: The "Log files location" appears as a configurable setting for the Linux platform in the Endpoint Security Common policy extension. This display isn’t correct. The ENSLTP log files location isn’t configurable.
If you are a registered user, type your User ID and Password, and then click Log In.
If you are not a registered user, click Register and complete the fields to have your password and instructions emailed to you.
NOTE: Any future product functionality or releases mentioned in the Knowledge Base are intended to outline our general product direction and should not be relied on, either as a commitment, or when making a purchasing decision.
