| Reference Number | Related Article | Found In Version |
Fixed In Version |
Issue Description |
| EPO-937000 | SB10352 | 5.9.1 Hotfix EPO-937000 |
Issue: Vulnerabilities issues:
|
|
| SAGEPO-894 | SB10332 | 5.9.0 | 5.9.1 Hotfix EPO-919400 |
Issue: Java security advisory for the following vulnerabilities:
|
| SAGEPO-898 | 5.9.0 | 5.9.1 Hotfix EPO-919400 |
Issue: Apache (Tomcat) security advisory for the following vulnerabilities:
|
|
| SAGEPO-536 | - | 5.9.0 | 5.9.1 Hotfix EPO-888900 |
Issue: Traffic between an Agent Handler and SQL is not encrypted when |
| EPO-6172 1262152 |
KB92747 | 5.9.0 | 5.9.1 Hotfix EPO-888900 |
Issue: McAfee Agent receives a sitelist that contains only the ePO server, and excludes all remote agent handlers. Workaround: See the related article. |
| EPOSAG-879 | SB10315 | 5.9.0 | 5.9.1 Hotfix EPO-87900 |
Issue: Security advisory for JRE to 1.8.0.241 vulnerabilities issues:
|
| EPOSAG-878 | SB10300 | 5.9.0 | 5.9.1 Hotfix EPO-87800 |
Issue: Security advisory issues by Oracle for Java vulnerability for:
|
| 1267793 | SB10286 | 5.9.0 | 5.9.1 Hotfix 1267793 |
Issue: TLS issue between ePO Agent Handler and SQL Server (CVE-2019-3619). Traffic between the Agent Handler and the SQL Server is not encrypted when:
|
| 1271813 | KB91486 | 5.9.0 | 5.9.1 Hotfix 1271813 |
Issue: Security advisory issued by Oracle for Java vulnerability CVE-2019-2602. For details, see https://www.oracle.com/security-alerts/cpuapr2019.html#AppendixJAVA Resolution: This hotfix updates ePO JRE to 1.8.0.212. |
| 1264466 | KB91404 | 5.9.0 | 5.10.0 | Issue: Periodic application crash on apache.exe when forwarding events to a syslog server. |
| 1262303 | KB91138 | 5.9.1 Hotfix 1260432 | 5.9.1 Hotfix 1260432 (Repost) |
Issue: The following error is displayed at the ePO Logon page after you install HF1260432 and restart the ePO services:
|
| 1241081 | KB90862 | 5.9.0 | 5.10.0 | Issue: Unable to access the ePO console logon page, when debug level logging is enabled on the Orion.log. |
| 1248224 | KB90770 | 5.9.1 5.3.3 |
5.9.1 5.3.3 Hotfix 1248224 |
Issue: On July 17, 2018, Oracle issued a security advisory outlining multiple vulnerabilities that affect Java SE version 1.8.0_172 or earlier. From the list, the following two are related to ePO: CVE-2018-2942 and CVE-2018-2952. Resolution: This hotfix updates ePO JRE to v1.8.0_181. |
| 1094844 | KB85924 | 5.3.0 | 5.10.0 5.9.x Hotfix 1241557 |
Issue: When deleting a policy assignment, the request can be inadvertently submitted twice. Resulting in the next policy assignment in the inheritance tree being deleted. Resolution: To prevent this issue from occurring, apply ePO 5.9.x Hotfix 1241557 or ePO 5.10 Workaround: For how to address the issue if it has already occurred. See the related article for details. NOTE: The referenced content is available only to logged in ServicePortal users. To view the content, click the link and log in when prompted. |
| 1222593 | KB90182 | 5.9.1 | 5.10.0 5.9.1 Hotfix 1226775 |
Issue: Agent-server communication fails after migrating Agent Handler certificates from SHA-1 to SHA-2. Solution: See the related article. |
| 1223092 | KB90271 | 5.9.0 | 5.10.0 5.9.1 Hotfix 1226775 |
Issue: The apache.exe application crashes after assigning a large policy when MA 4.8 is present in the environment. Solution: See the related article. |
ePolicy Orchestrator 5.9.x Known Issues
Articles techniques ID:
KB87673
Date de la dernière modification : 7/15/2021
Date de la dernière modification : 7/15/2021
Environnement
McAfee ePolicy Orchestrator (ePO) 5.9.x
Synthèse
Recent updates to this article
Release Information
1 {GENRTS)
NOTE: Any future product functionality or releases mentioned in the Knowledge Base are intended to outline our general product direction and should not be relied on, either as a commitment, or when making a purchasing decision.
Known Issues
IMPORTANT: The Java Runtime Environment in ePolicy Orchestrator changed on November 30, 2017.
For details about the affected versions and mitigation, see KB89799 - Legacy ePolicy Orchestrator installs are distributed without a Java Runtime Environment.
Contents
Click to expand the section you want to view:
Back to top
| Date | Update |
| July 15, 2021 | Minor formatting update. No content changes. |
| July 2, 2021 | Correction implemented in reference EPOSAG-879. Changed fixed 5.9.1 Hotfix EPO-937000 to 5.9.1 Hotfix EPO-87900. |
| June 30, 2021 | Correction implemented in reference EPOSAG-879. Changed fixed 5.9.1 Hotfix EPO-8790, to 5.9.1 Hotfix EPO-937000. The data now synchronizes with content in SB10315. |
| April 13, 2021 | Added ePO 5.9.1 Hotfix EPO-937000 details |
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
Release Information
| ePO Version |
Release Date
|
MVISION Cloud Bridge (CB) 2.x |
|
| MVISION CB 2.1 for ePO | December 18, 2019 |
ePolicy Orchestrator 5.9.x |
|
| ePO 5.9.1 Hotfix EPO-937000 (GA) | March 25, 2021 |
| ePO 5.9.1 Hotfix EPO-919400 (GA) | November 19, 2020 |
| ePO 5.9.1 Hotfix EPO-888900 (GA) | August 11, 2020 |
| ePO 5.9.1 Hotfix EPO-888900 (RTS)1 | July 31, 2020 |
| ePO 5.9.1 Hotfix EPO-87900 (GA) | May 12, 2020 |
| ePO 5.9.1 Hotfix EPO-87800 (GA) | November 12, 2019 |
| ePO 5.9.1 Hotfix 1267793 (GA) (HF1267793) |
July 5, 2019 |
| ePO 5.9.1 Hotfix 1271813 (GA) (HF1271813) |
July 2, 2019 |
| ePO 5.9.1 Hotfix 1260432 (GA) (HF1260432) |
December 13, 2018 (Repost) November 27, 2018 |
| ePO 5.9.1 and 5.3.3 Hotfix 1248224 (GA) (HF1248224) |
August 14, 2018 |
| ePO 5.9.1 Hotfix 1226775 (GA) (HF1226775) |
February 15, 2018 |
| 5.9.1 (GA) | November 30, 2017 |
| 5.9.0 Hotfix 1202868 (GA) (HF1202868) |
July 27, 2017 |
| 5.9.0 Hotfix 1193951 (GA) (HF1193951) |
May 18, 2017 |
| 5.9.0 (GA) | March 15, 2017 |
1 {GENRTS)
NOTE: Any future product functionality or releases mentioned in the Knowledge Base are intended to outline our general product direction and should not be relied on, either as a commitment, or when making a purchasing decision.
Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.
Known Issues
IMPORTANT: The Java Runtime Environment in ePolicy Orchestrator changed on November 30, 2017.
For details about the affected versions and mitigation, see KB89799 - Legacy ePolicy Orchestrator installs are distributed without a Java Runtime Environment.
Contents
Click to expand the section you want to view:
| Reference Number | Related Article | Found In Version |
Fixed In Version |
Issue Description |
| TSET-6887 | KB93716 | 5.9.1 Hotfix 919400 |
- | Issue: Users can't log on to the ePO console, after installation of ePO 5.9.1 Hotfix 919400. The issue is specific to those customers who have enabled 'Advanced Windows Authentication'. Workaround: See Related Article for details. |
| EPO-5711 | - | 5.9.0 | 5.9.1 Hotfix EPO-88900 |
Issue: Active Directory (AD) sync fails after upgrading to ePO 5.9. |
| EPO-6565 | - | 5.9.1 HF1267793. |
5.9.1 Hotfix EPO-88900 |
Issue: AD sync fails after applying ePO 5.9.1 Hotfix 1267793 [ePO591HF1267793] |
| 1247027 | KB91371 | 5.9.1 | 5.10.0 Update 3 |
Issue: Using a permission set-based user to modify multi-slot policy assignment results in an unexpected error. Workaround: Modify the multi-slot policy assignment using an account with global administrator rights. |
| 1184021 | KB88818 | 5.9.0 | 5.10.0 | Issue: If you fail over a clustered installation, the new active node on the cluster is unable to authenticate to the ePO database. The issue applies to ePO 5.3.1, 5.3.2, or 5.9.0. You must access the core/configuration page and enter the database password. |
| 1179253 | - | 5.9.0 | 5.10.0 | Issue: The IP address tag criteria selection does not work for "On each agent-server communication." Workaround: This issue was observed with IP address criteria only. Edit the tag criteria, and apply the same criteria (IP address) again. The tag is successfully applied on the next agent-server communication. |
| 1178820 | - | 5.9.0 | 5.10.0 | Issue: The Apache Version in Server Info is blank if ePO is installed on a non-system drive. Workaround: If you select the Server Settings, Server Info page, the version is displayed as expected and saved. The issue will not occur the next time you edit the page. |
| 1128442 | - | 5.9.0 | 5.10.0 | Issue: Unable to use the default Getting Started page if you previously deleted the My Group group from the System Tree. Workaround: Use an alternative workflow, such as product deployment client tasks. |
| 1121302 | - | 5.9.0 | 5.10.0 | Issue: When a Simplified Deployment task is flagged for uninstall, McAfee Agent is also flagged for uninstall. Workaround: Use another workflow, such as deployment tasks, to uninstall products. |
| 1173268 | - | 5.3.1 | 5.10.0 | Issue: Users can delete events generated by systems to which they do not have access. Workaround: Use a global administrator account to purge events. |
| 115744 | - | 5.9.0 | 5.10.0 | Issue: The Help file included with ePO 5.9.0 includes an Archive Events section. But this product feature was not implemented in ePO 5.9.0, and the corresponding product guides have all been updated to remove this section. Workaround: Ignore this section of the Help, as it is in error. Help will be updated in a future release to remove this section. NOTE: The Archive Events feature might or might not be introduced in a future release of ePO. |
| 1228073 | - | 5.9.1 | 5.10.0 | Issue: Group query in ENSTP event based on source process Signer results in an error. |
| 1226662 | - | 5.9.0 5.9.1 |
5.9.0 5.9.1 HF1241557 |
Issue: Assigned Multi-Slot Policies go missing when set to Disable. Category disappears from the Assigned policies list, with no means to return the Category to the list. Resolution: HF1241557 is posted to the download site. See the Related Information section of this article for details. |
| 1217471 | - | 5.9.0 5.9.1 |
5.9.0 5.9.1 HF1241557 |
Issue: Hidden audit policies are unexpectedly appearing on the Policy Catalog page. Resolution: HF1241557 is posted to the download site. See the Related Information section of this article for details. |
| 1241557 | - | 5.3.0 | 5.3.0 To 5.9.1 HF1241557 |
Issue: Deleting a policy assignment on a single system, resulted in the same product policy or category getting its policy assignment deleted from the My Organization level. This action leads to client systems receiving the My Default policy inherited from the Global Root. Resolution: HF1241557 is posted to the download site. See the Related Information section of this article for details. |
| 1177554 | KB89317 | 5.3.0 | 5.3.3 5.9.1 |
Issue: ePolicy Orchestrator can't communicate with a SQL Server if TLS 1.0 is disabled. |
| 1205176 | KB90276 | 5.9.0 | 5.9.1 | Issue: In ePO 5.9.0, "EPOAGENT" displays in the system properties instead of the correct property values. |
| 1197173 | KB89218 | 5.9.0 5.3.2 |
5.9.1 | Issue: A clean install or upgrade of ePO from version 5.3.2 to 5.9 fails with the following error:
The following is recorded in the MSI log: McAfee\ePolicy Orchestrator\Server\extensions\ installed\EPOCore\5.9.0.732\install.xml:778: The following error occurred while executing this line: EPO590CALog: epoST.err: C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\extensions\installed\ EPOCore\5.9.0.732\install.xml:181: java.sql.SQLException: User 'XXXXXXX' does not have permission to run DBCC freeproccache. |
| 1213009 | KB90948 | 5.9.0 | 5.10 | Issue: The 'Reported Date' for an installed product in ePO 5.9.x displays incorrect date information. Workaround: McAfee investigated this issue and a Proof of Concept (POC) build is available to resolve this issue for ePO 5.9.x. See the related article for details. |
| 1170042 | - | 5.3.2 | - | Issue: "Fixed" type product deployments can't have client tasks associated to a specific System Tree group. Workaround: Use an alternative workflow such as a deployment task or a continuous product deployment. |
| 817898 | - | 5.1.0 | - | Issue: User-based Policy Assignment Rules are not enforced for users in child domains. |
| 1034328 1030333 |
KB84628 | 5.9.0 | n/a | Issue: The new Java installation does not have the correct certificates in the Java trusted certificates store when you:
|
| 1103325 | - | 5.9.0 | n/a | Issue: The wrong catalog version is downloaded from ePO as part of manifest.xml. Resolution: Use a lazy-cached super-agent-repository to avoid this issue. |
| 1069278 | - | 5.9.0 | n/a | Issue: The agent installation URL generated using the remote command ComputerMgmt.createAgentDeploymentUrlCmd fails to allow file download. Resolution: Use the graphical user interface to generate the agent installation URL. |
| 1163947 | KB88000 | 5.9.0 | n/a | Issue: You see the following error during ePO installation: Resolution: See the related article. |
| 1173148 | - | 5.9.0 | n/a | Issue: Unable to group by event product code. Resolution: After you upgrade to a new version of ePO, some of the columns can be renamed or removed. In such scenarios, the upgrade flow edits existing query definitions in the database. The queries that are already exported to a file have older definitions, and do not work in newer versions of ePO. You must create a query in such scenarios. |
| 1063461 | KB85013 | 5.1.1 | n/a | Issue: A client task might continue to report as In Progress, even after the task has completed. Resolution: This behavior is expected. See the related article. |
| 1082176 1081917 |
KB90800 | 5.1.1 | n/a | Issue: When you check in bundles with extension dependencies, the dependent extensions can be indefinitely listed as updating. The extension installation is successful. But, because the extension is labeled as updating, you receive an error when you try to uninstall the extension using the Software Manager. Resolution: To remove the updating status, see the related article. |
| 968675 | - | 5.1.1 | n/a | Issue: The client task object structure changed in ePO 5.1.1. The EPOTaskObject table in the ePO database now has a different set of columns from all previous versions. This change was made to support newly added parameters for the new architecture. As a result, client task sharing is not supported from ePO 5.1.1 or later to any earlier version of ePO (for example, 5.1.x, 5.0.x). Client task sharing still works between ePO 5.1.1 servers and later. Resolution: Disable client task sharing until all McAfee ePO server are migrated to ePO 5.1.1 (or later). Then re-enable sharing. |
| 917943 | KB77920 | 5.1.0 | n/a | Issue: Page buttons display in the ePO 5.x System Tree after upgrading from ePO 4.6.4 or later. Resolution: Clear browser cache. See the related article for details. |
| 913365 | - | 5.1.0 | n/a | Issue: It is not explicitly stated in the Custom URL Viewer monitor dialog that only input that contains the full URL is acceptable. Resolution: Type the full URL into the Custom URL Viewer monitor dialog. |
| 848248 | - | 5.1.0 | n/a | Issue: VirusScan Enterprise Access Protection blocks the function of the Upgrade Compatibility Utility. Resolution: If you have VirusScan Enterprise on your source or target systems, disable the Access Protection feature during the installation. |
| 823342 | - | 5.1.0 | n/a | Issue: The Software Manager features 'Check in all' and 'Automatic Product Download' do not support product extension packages that contain multiple ZIP components. For example, Host Intrusion Prevention and MRA. So, users might assume that all extensions are up to date when they are not. Resolution: Download the extensions for Host Intrusion Prevention and MRA and install them manually. |
| 816475 | - | 5.1.0 | n/a | Issue: The McAfee ePO server Snapshot status does not change to the orange Snapshot is Out of Date status when you remove an Agent Handler from a remote system. Resolution: The issue resolves itself within five minutes. |
| 813461 | - | 5.1.0 | n/a | Issue: When you cancel the migration utility before a migration is complete, the Resolution: Delete the ePO installation folder and the registry keys from the target system. |
| 780095 | - | 5.1.0 | n/a | Issue: When you use a web browser to access the Web API directly, the browser caches credentials. This action can potentially lead to a privilege escalation. If a privilege escalation occurs, users might be granted access to data or commands for which they are not authorized. Resolution: The purpose of the Web API is for programmatic automation of tasks. If you choose to use a web browser to access the Web API directly (for example, https://servername:port/remote/core.help), close your browser window after you have purged your cached credentials. |
| 763783 | - | 5.1.0 | n/a | Issue: When you check in a different major product version, and an existing product hotfix is checked in to ePO 5.3. The hotfix is deleted. Resolution: Move the hotfix to a different branch before you check in a new package. Or, you could reinstall the hotfix back into the repository after you check in the major version. |
Back to top
| Reference Number | Related Article | Found In Version |
Fixed In Version |
Issue Description |
| EPO-1427 EPO 668 |
- | 2.0.0.290 | 2.1 | Issue: Client systems send data from beta account tenancy, after moving to production account (paid account). Resolution When the extension is uninstalled, the currently linked tenancy’s IAM credentials are deprovisioned. They are deprovisioned, so that agents can no longer send POST trace data with this tenancy. |
| SEC-12463 | - | 2.0.0.290 | 2.1 | Issue: MVISION Cloud Bridge can't relink accounts when there is a proxy configured: The following error is displayed:
|
| EPM-4507 | - | 2.0.0.290 | Issue: A user account that is associated with more than one tenancy can't be used for linking in Cloud Bridge. The user gets a response that says: Example: A user signs up for an MVISION account and accepts an invitation from another MVISION user, who belongs to a different tenancy. The account is now associated with two different tenancies. Such accounts can't be used for linking in MVISION Cloud Bridge. Resolution: Link single |
Produits affectés
Langues :
Cet article est disponible dans les langues suivantes :
GermanEnglish United States
Spanish Spain
French
Italian
Japanese
Portuguese Brasileiro
Chinese Simplified
Glossaire des termes techniques
Mettez en surbrillance les termes du glossaire
Prenez un moment pour consulter notre Glossaire des termes techniques.
