Knowledge Center

Enterprise Security Manager 10.x.x Known Issues
Technical Articles ID:   KB88184
Last Modified:  11/5/2019


McAfee SIEM Enterprise Security Manager (ESM) 10.x.x


Recent updates to this article

Date Update
November 6, 2019 Updated product category tags
June 25, 2019 Added 10.4.0 known issues and release information.
February 12, 2019 Added 10.3.4 release information.
Added issue 1266321 to the Non-critical known issues section.
November 13, 2018 Added 10.3.3 and 10.3.2 release information. Added 10.3.3 known issues.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

Click to expand the section you want to view:

ESM Version General Availability (GA) Release Notes
10.4.0 June 25, 2019 PD28356
10.3.4 February 12, 2019 PD28090
10.3.3 November 13, 2018 PD28090
10.3.2 August 14, 2018 PD27904
10.3.1 June 12, 2018 PD27810
10.3.0 May 8, 2018 PD27744
10.2.0 November 21, 2017 PD27420
10.1.4 October 30, 2017 PD27331
10.1.3 October 5, 2017 PD27286
10.1.2 September 15, 2017 PD27248
10.1.1 July 12, 2017 PD27161
10.1.0 June 26, 2017 PD27122
10.0.3 June 7, 2017 PD27095
10.0.2 May 17, 2017 PD27085
10.0.1  March 23, 2017 PD26974
10.0.0 MR1 February 14, 2017 PD26903
10.0.0 January 23, 2017 PD26816

Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.
There are currently no known critical issues.
Component/Area Related Article Found in version Resolved in version Issue Description
1165768 New HTML5 UI       Issue: The word "Menu" in the ESM navigation pane is not localized correctly for several languages.
1172460 New HTML5 UI       Issue: Logoff on Internet Explorer generates an error.
1172959 New HTML5 UI       Issue: Filter for Compliance ID does not produce a drop-down list to select compliance in the HTML5 UI.
1172980 ESM: Watchlists       Issue: Incomplete prompts are shown when you create the ESM Rule Name watchlist.
1173164 New HTML5 UI       Issue: Filter for custom type with a data type of "time" fails to work in the HTML5 UI.
1173594 New HTML5 UI       Issue: Geolocation map does not zoom properly in Internet Explorer.
1173710 ESM: Asset Management       Issue: Asset tab - Export and Import fails to work as expected.
1173956 ESM: Views       Issue: "stringss" errors handling invalid time string in "timeprocessingunit."
1174112 New HTML5 UI       Issue: Application behaves unexpectedly when logging off and logging back on.
1174330 New HTML5 UI       Issue: CSRF Token transition logs out user.
1175228 New HTML5 UI       Issue: Filter section generates errors on Imported view of DAM Event summary.
1175585 ESM       Issue: Newly keyed Receiver becomes out of sync.
1175765 New HTML5 UI       Issue: CSS, HTML, and JSON resources are not minified.
1175982 Redundant ESM       Issue: The "restart" pop-up dialog does not appear after you set Shared Queries and use the same session.
1175986 New HTML5 UI       Issue: Imported Flash view contains different data to the original Flash view.
1176018 ESM       Issue: Deleting and fixing a broken binding causes a Circular Binding error.
1176120 New HTML5 UI       Issue: The "more than," "greater than," and "equals" operands are unavailable when setting the
Threat Severity, Asset Max Risk Score, and Threat Overall Risk Score.
1176121 New HTML5 UI       Issue: Tag filtering for asset queries does not work in the HTML5 UI.
1176181 ESM: Alarms       Issue: Malformed text appears when manually syncing real-time alarms.
1176743 New HTML5 UI       Issue: You are unable to move folders into other folders.
1177256 ESM       Issue: Long Device Name is not formatted correctly.
1178608 New HTML5 UI       Issue: Alarms pane and new Notifications pane do not update immediately after you acknowledge an alarm.
1178631 New HTML5 UI       Issue: "Look-around" feature in the HTML5 UI (User Interface) does not work after changing the time format.
1180066 Upgrade KB88572     Issue: You are unable to upgrade an ELMERC combo device to Enterprise Security Manager version 10.0.
Workaround: See the related article.
1182432 Upgrade KB88781     Issue: You are unable to add a data source to a storage pool after upgrading to ESM 10.0.0 MR1.
Status: See the related article.
1223564 Receiver   10.1.0 10.3.4 Issue: Office 365 Collection cannot keep up.
1242870 ELM   10.3.0 10.3.3 Issue: ELM with SAN will not boot after upgrade to 10.3.
1246623 Receiver   10.3.1 10.3.3 Issue: Error retrieving events. Could not get file from device after SIEM upgrade (kernel issue).
1249796 ESM   10.3.1 10.3.3 Issue: Writing out datasources is not updating thirdparty.conf.
1249825 Receiver   10.3.1 10.3.3 Issue: Error retrieving events. Could not get file from device after SIEM upgrade (kernel issue).
1253329 ESM   10.3.1 10.3.3 Issue: Intermittent SSH connection error between ESM and other components.
1253425 ESM   10.3.2 10.3.3 Issue: Temporary network failure observed several times after upgrading to 10.3.2.
Redundant ESM   10.3.1 10.3.3 Issue: Getting sync 178 error when running a redundant synchronization.
1254134 Receiver   10.3.2 10.3.3 Issue: ESM get events from the Receiver time out with a new Linux kernel.
1254508 ELM   10.3.1 11.1.2 Issue: Synchronization issue between primary and redundant ELM.
1255215 Redundant ESM   10.3.0 10.3.3 Issue: ESM Redundancy SYCN stopped.
1255332 ESM   10.3.2 11.1.2 Issue: Geo Source ID /ASN data is not being pulled after the upgrade from 10.3.1 to 10.3.2.
1255805 Redundant ESM   10.3.2 11.1.2 Issue: Several ESM redundancy fixes.
1256212 Receiver   10.3.2 10.3.3 Issue: Error retrieving events. Could not get file from device after SIEM upgrade (kernel issue).
1266321 ESM   10.3.4   Issue: Manual interaction with the appliance is needed when reboots occur during the upgrade process to ESM 10.3.4 or 11.1.3.
Workaround: If Technical Support has previously directed you to change to an earlier kernel version, follow the steps below before upgrading to ESM 10.3.4 or 11.1.3. These steps allow you to avoid having to manually interact with the appliance during reboots in the upgrade process.

Revert any previously modified grub screen/kernel selection to allow for an unattended upgrade:
  1. Create a grub config backup by running the command cp /boot/grub/grub.cfg ~/grub.cfg.bak.
  2. Set the grub config kernel default back to use the first kernel in the list by running the following commands:
    NOTE: The newest kernel should always be first in the list.
vi /etc/default/grub
Edit the GRUB_DEFAULT value and change it to GRUB_DEFAULT=0 
  1. Regenerate grub config using the newly modified default. Run the command grub-mkconfig -o /boot/grub/grub.cfg.
  2. Continue with upgrading devices.
1259007     10.2.1   Issue: Reducing the retention period on an ELM doesn’t free any of the used disk space.
1263793     10.1.0   Issue: When setting up mirroring to alleviate a lack of space on the local disk, the disk fills and the mirror process fails. A better resolution would be to move the data without mirroring to free up space.
1266544     10.3.2   Issue: The test connection for data sources might fail even though the connection is functional.
    10.3.4   Issue: Some geolocation data is incorrect.
1269773     10.3.2   Issue: After editing or creating a checkpoint data source, the check point collector might fail to run after write out.  The workaround is to create or edit a dummy syslog data source and perform the data source write out again.
1270139     10.3.2   Issue: A full backup might fail to start, giving an ER113 error, even though there is sufficient disk space.
1272254     10.3.2   Issue: CIFS connections do not allow whitespace characters for dynamic watchlists.  ER234 occurs.
1272951     10.3.4   Issue: Some alarms or correlation rules that use watchlist in a filter component might show a default value of "[object Object]".
1273176     10.3.4   Issue: Child data sources are sometimes not displayed in the auto rollout dialog.
1273513     10.3.4   Issue: In some instances, report layouts might not sync to the redundant ESM during the initial sync process.
1273660     10.3.4   Issue: After increasing the management database size on an ELM, healthmon might still show a drive full warning.
1273915     10.3.4   Issue: In the case where the eth0 management ports fails eth1 is NOT able to be used as the primary management port on an ESM.

Rate this document

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.