Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.
Issue: After you upgrade to Manager version 9.1.7.77, the Manager service fails to start.
Workaround: Perform the following steps before you upgrade your Manager:
Stop the Manager and Watchdog services.
Open Control Panel, Administrative Tools, Services.
In the Services window, view the Network Security Manager (NSM) services and the Java processes.
Stop any that are running.
Run the Manager version 9.1.7.77 installer (setup.exe).
Non-critical:
Reference Number
Related Article
Found in Version
Issue Description
NSPMGR-16735
9.1
Issue: The Attack Log page displays alerts even after performing alert pruning.
TSNS-10362
9.1
Issue: NSM alerting is delayed after the NSM service is up and running for 248 days.
Workaround: Restart the NSM service before the uptime reaches 248 days.
NSPMGR-9280
9.1
Issue: The following and similar errors are continuously seen in the Windows application event.
Aborted connection xxxx to db: 'lf' user: '' host: 'localhost' (Got timeout reading communication packets).
Workaround: This issue is cosmetic. No workaround is needed. But you can also stop the event output by performing the following:
Open my.ini file in NSM_INSTALL_DIR\MariaDB.
Add the following description at the end of the file. [mariadb]
log_warnings=1
Restart the Database service.
NSPMGR-9181
9.1
Issue: When you enable Permitted IPv4 CIDR Blocks in Advanced Device Settings to restrict SSH Access, you see the errorError while saving the configuration.
Workaround: Perform the following query to delete all entries in the table iv_ssh_access_config.
Stop the Manager.
Run the following query. ALTER TABLE iv_ssh_access_config DROP PRIMARY KEY, ADD PRIMARY KEY(id,resourceid);
Restart the Manager.
Add a new CIDR block and save.
NSPMGR-2618
9.1
Issue: The Attack Log page fails to display correlated information of IPS attack and endpoint executables. This information includes the name, hash, and malware confidence.
NSPMGR-7952
9.1
Issue: You can't integrate NTBA with the NSM because the NTBA Direction drop-down list displays a blank value. This issue might happen when you add an NTBA to the Manager.
Workaround:
Delete the NTBA from the Manager.
Run the deinstall command from the NTBA CLI.
Add the NTBA to the Manager.
Re-establish the trust between the Manager and NTBA with the command set sensor sharedsecretkey from the NTBA CLI.
NSPMGR-2510
9.1
Issue: In the Attack Log page, the ePolicy Orchestrator (ePO) console option in the Summary tab doesn't redirect to the proper ePO page.
NSPNTBA-143
9.1
Issue: The following categories of Next Generation Report don't work in NSM 9.1:
Top Services by Bandwidth
Default - Top 10 Conversations
Default - Top Most Recent Connections
Default - Top 10 Exporter Interfaces
NSPMGR-2472
9.1
Issue: The Attack count isn't incremented for any blocked executable in the Endpoint Executables page.
NSPMGR-2438
9.1
Issue: [Manager Appliance Linux] The following diagnostic tools don't work in the Manager Appliance Linux:
AlertStatistics
DiagCollect
FaultGen
RuleEngineSensorInstall
NSPMGR-2411
9.1
Issue: [Manager Appliance Linux] Integration with Vulnerability Manager isn't supported in Manager Appliance Linux.
NSPMGR-8125
9.1
Issue: When you try to reboot Virtual IPS Sensors from the Manager, the reboot fails.
NSPMGR-8034
9.1
Issue: The Manager doesn't display properly on Microsoft Edge and Firefox v57 browsers.
Workaround: Disable the touch-screen feature on your system.
To disable the touch-screen feature on your Windows system, perform the following steps:
Go to Device Manager.
Search for Human Interface Devices.
Right-click on HID-compliant touch screen and from the list of options displayed, click Disable.
Close the browser instance and start again.
Refresh the Manager and log on.
NSPMGR-2335
9.1
Issue: During a configuration update, you see your FO-pair Sensors display the following error:
Geo IP location file download failure
NSPMGR-7895
9.1
Issue: After you quarantine the host, the quarantine page displays the vNSP Cluster name instead of the Virtual IPS Sensor name.
Issue: Speed/Duplex mismatch occurs at 100 MB Sensor ports for G3 module after you upgrade to version 9.1.5.102. You see errors such as Link Down or CRC Errors.
Resolution: Hotfix software 9.1.5.110 is available from Technical support.
NSPSNSR-8236
9.1
Issue: Incorrect ATD counter values are displayed when you execute the CLI command show malware engine stats.
NSPSNSR-8232
9.1
Issue: When you execute the show malware engine statsCLI command, the ATD counter increments by a value of two. It increments by two for suspicious files when the result data is retrieved from the cache. This counter must only increment by 1.
Non-critical:
Reference Number
Related Article
Found in Version
Issue Description
NSPSNSR-9794
9.1
Issue: The Layer 2 mode setting returns to the default setting after Sensor shut down.
Resolution: This issue is fixed in Hotfix 9.1.5.110. To obtain this hotfix, contact Technical Support.
NSPSNSR-10927
9.1
Issue: The sensor doesn't return values for the intfPortTotalBytesRecv64 64-bit mib counter on interfaces.
Resolution: This issue is fixed in Hotfix 9.1.5.105. To obtain this hotfix, contact Technical support.
NSPSNSR-5009
9.1
Issue: When the SSL decryption feature is enabled, the total number of TCB decreases more than expected.
NSPSNSR-8719
9.1
Issue: GTI File Reputation stops working with high traffic load.
NSPSNSR-8235
Issue: An invalid string is seen in Layer 7 data alerts generated for the office engine.
NSPSNSR-8195
Issue: The value of the Cache Nodes utilized counter isn't reduced when the ATD cache purge is started.
NSPSNSR-7937
Issue: Hitless reboot doesn't work because multiple datapath processors stop responding (crash).
NSPSNSR-7935
Issue: In rare scenarios, some files aren't processed for malware scanning.
NSPSNSR-7932
Issue: Packet (pkt) direction isn't set correctly when flow information is sent from the front-end processor to the datapath processor. The direction is unknown.
NSPSNSR-7542
Issue: APK files with the extension vnd.android.package-delta aren't processed for malware detection.
NSPSNSR-6916
Issue: When the Manager forwards alert messages to the syslog server, Host sweep alerts display a mismatch in the Network Protocol ID.
NSPNAD-1721
Issue: During split file download, XDP files aren't extracted.
NSPSNSR-6837
Issue: Redirection to the Guest Access portal fails for inter-VLAN routing.
NSPSNSR-3069
Issue: Connection limiting host count is as low as 128k, whereas it must be more than 256k for NS-Series Sensors.
Issue: [M-series, Mxx30-series] SSL attacks are detected while running IPv6 traffic, but without VLAN tags.
691838
Issue: [M-series, Mxx30-series] ARP packets are continuously sent to the NTBA Appliance when the Sensor is switched to Layer 2 mode.
Critical:
Reference Number
Related Article
Found in Version
Issue Description
1185552
9.1
Issue: After you upgrade the Manager from SHA-1 to SHA-2, the alert channel connected to the NTBA Appliance goes to a state of:
Error in mutual trust.
Workaround:
Log on to the NTBA Appliance command line with administrator credentials.
Type deinstall and press Enter.
Type set sensor sharedsecretkey and press Enter to re-establish the trust between NTBA and the Manager. When the NTBA Appliance comes up, the integration between NTBA and IPS is de-established.
Perform a configuration update to the NTBA Appliance from the Manager.
Use the Sensor CLI to confirm if the McAfee NTBA Communication status is up.
Issue: To upgrade to NTBA 9.1, you must upgrade to NTBA 8.3.4.58 first before you perform the 9.1 upgrade.
Resolution: See the release notes listed in the Related Article column for further information.
1234108
Issue: When you initially deploy NTBA with a T-VM Appliance on ESXi 5.1, you see the error MySQL went away in the NTBA sensor.dgb logs.
Workaround: Reboot the NTBA Appliance and then run the installdbcommand from the NTBA command line.
1208616
9.1
Issue: After you upgrade to the latest version of NTBA Appliance software, the trust between NTBA and the Manager fails.
Workaround: Log on to NTBA with administrator credentials, type set sensor sharedsecretkey and press Enter.
Now, update the NTBA configuration from the Manager. The NTBA Communication status is now re-established.
1167939
9.1
Issue: After you upgrade to the latest version of NTBA Appliance software, Gateway Anti-Malware Engine DAT files must be downloaded manually because of the software upgrade.
Workaround: Log on to NTBA with administrator credentials, type download antimalware updates and press Enter.
1111146
9.1
Issue: The NTBA callback activity alerts aren't displayed in the Attack Log.
1119003
9.1
Issue: The DNS name isn't displayed in the Threat Explorer page under the Top Applications panel.
936666
9.1
Issue: When you execute the installntba command, T-600 and T-1200 NTBA appliances take about 15–17 minutes to reboot for the first time after fresh installation from a USB drive.
737171
9.1
Issue: The Illegal File policy violation alert isn't triggered even when configured criteria are met.
694869
9.1
Issue: The NetFlow direction is incorrectly processed. The result is the invalid reporting of the illegal website access alert for URL-related communication rules.
Non-critical:
Reference Number
Related Article
Found in Version
Issue Description
NSPNTBA-100
9.1
Issue: When deployed in VMware ESXi server version 6.7 using an ISO image, a virtual NTBA engine's Gateway Anti-Malware and Anti-Virus DAT engines crash (stop responding).
Workaround: Configure the following when you deploy virtual NTBA engine VMware ESXi server version 6.7 using an ISO image:
In the Select a name and guest OS tab, the Compatibility option must be ESXi 6.0 virtual machine.
In the Customize settings tab, select the values as follows:
CPU - 4
Memory
T VM– 16384 MB
T-100 VM – 8192 MB
T-200 VM –16384 MB
Hard disk 1 – 250 GB
New hard disk – 350 GB
SCSI Controller 0 – LSI Logic Parallel
Network Adapter 1 – VM Network and enable the Connect checkbox.
New NetworkAdapter – VM Network and enable the Connect checkbox.
New NetworkAdapter – VM Network and enable the Connect checkbox.
New NetworkAdapter – VM Network and enable the Connect checkbox.
New NetworkAdapter – VM Network and enable the Connect checkbox.
CD/DVD Drive 1 – Datastore ISO file and enable the Connect checkbox. Video Card – Default settings
NSPMGR-8281
9.1
Issue: The Attack Log, Description tab, Alert Details panel, doesn't display details for the NTBA Communication rule match alert.
NSPMGR-8285
9.1
Issue: When you click the information icon for an NTBA alert in the alert details panel in the Attack Log page, the Vulnerability Assessment and Endpoint Security Events tabs are displayed twice.
1210758
9.1
Issue: The Top URL monitor in the Dashboard page doesn't show data for all given time frames.
1206315
9.1
Issue: When the NTBA database is corrupted, if you select the Endpoint Executables tab, it displays the following error:
error loading executable
1168345
9.1
Issue: The system health status is displayed as Uninitialized state after you execute installdb in NTBA."
Workaround:
Execute reset-config and then re-establish trust between the Manager and NTBA.
To re-establish trust between NTBA and the Manager, log on to NTBA with administrator credentials, type resetconfigset sensor sharedsecretkey, and press Enter.
1114429
Issue: The Threat Explorer page shows unrelated Top Malware files when any hyperlink is clicked.
918977
Issue: NTBA fails to show the current host IP address under load when you click View Agent Connectivity.
917256
Issue: NTBA fails to start ratinglib when DNS is unreachable as the NTBA Appliance is booted.
813375
Issue: Host Threat Factor value doesn't increase in accordance with the triggered antimalware alerts.
