Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.
CRITICAL:
Reference Number
Related Article
Found in Version
Issue Description
NSPMGR-3948
9.2
Issue: Some detected attacks are displayed as unknown during importing signature set.
Solution: This issue will be fixed in NSP 9.1 Update 6.
Issue: After you upgrade to Manager version 9.1.7.77, the Manager service fails to start.
Workaround: Perform the following steps before you upgrade your Manager:
Stop the Manager and Watchdog services.
Open Control Panel, Administrative Tools, Services.
In the Services window, view the Network Security Manager services and the Java processes.
Stop any that are running.
Run the Manager version 9.1.7.77 installer (setup.exe).
Solution: This issue will be fixed in NSP 9.1 Update 6.
1248430
9.1
Issue: You perform an operation in the Manager, but your changes are not implemented or the NSM fails to perform the actions.
For example, when you try to click New, Copy, Edit, or Delete in the IPS Policy Editor, the click is not registered and nothing happens.
Workaround:
Open NSM.
Click Manager, <Admin Domain Name>, Users and Roles, My Account.
Click Reset GUI Representation.
Click OK for all pop-up messages from the Manager IP address.
This step restores any changes made to the column or panel presentation to its default setting.
Either log off and then log on to the account again, or refresh your browser to apply the changes of the reset.
1119525
8.3
Issue: No Flow usage graph is displayed when scanning UDP traffic. A graph must be displayed on the Flow usage tab when monitoring UDP traffic.
1087489
8.2
Issue: Unable to reboot or shut down VM100 Sensor from the Manager.
1026921
8.1
Issue: Host Threat Factor value shows as NULL on the High-risk Hosts dashboard.
Non-critical:
Reference Number
Related Article
Found in Version
Issue Description
NSPMGR-9229
9.1.21.33
Issue: You configure the Name Server and Proxy settings in the Gateway Anti-Malware (GAM) updating page. But even though the settings are correct, you see the error:
Error retrieving the latest version information from the update server.
NSPMGR-8733
9.1
Issue: Auto deployment of signature set is unexpectedly triggered when NSM and Sensor have different Callback Detector DAT versions.
You see the sigset continuously updated. Auto deployment does not update the Callback Detector DAT version.
Workaround: Update the Sensor's Callback Detector DAT, so the NSM and Sensor use the same version.
Solution: This issue will be fixed in NSP 9.1 Update 6.
NSPMGR-8343
9.1
Issue: Extra ".com" is added after saving of Email sender setting.
Workaround: This issue is cosmetic. No workaround is needed.
Solution: This issue will be fixed in NSP 9.1 Update 6.
NSPMGR-3243
9.1
Issue: Channel status remains as Down even after you recover the channel.
NSPMGR-3677
9.1
Issue: System Health and Device Summary are not shown on the Dashboard. Cause: Domain cache receives a NULL value from either Root or Child domain when a race condition occurs. Workaround: To re-create the domain cache, restart the Manager service. Solution: This issue will be fixed in NSP 9.1 Update 6.
NSPMGR-8295
9.1.7.77
Issue: 9.1.7.77 does not list faults in Manager, Reporting, Configuration Reports, even though faults logs are included in Manager, Troubleshooting, System Faults.
NSPMGR-3999
9.1
Issue: Interconnect ports are displayed at Available Ports section on each setting. This issue only occurs in NS-3x00 or NS-5x00.
NSPMGR-2996
9.1
Issue: Reports downloaded in .pdf format using the Google Chrome browser can't be opened.
Workaround: McAfee recommends you to use Firefox or Internet Explorer browser for downloading reports.
1268868
9.1
Issue: After you perform a retrust, the SSL decryption setting is not returned back to the previous configured setting. Workaround: Re-enable the SSL decryption setting from the Manager.
1228758
9.1
Issue: When your account password expires, you are not redirected to the password reset page.
Issue: Unable to customize the Reconnaissance Policies in NSM 9.1 for 8.1 Sensors. Solution: Upgrade Sensor software to a version later than 8.1 and then upgrade NSM to the latest 9.1 release.
1220348
9.1
Issue: The Attack Log page fails to display correlated information of IPS attack and endpoint executables. This information includes the name, hash, and malware confidence.
1220328
9.1
Issue: You can't integrate NTBA with the NSM because the NTBA Direction drop-down list displays a blank value. This issue might happen when you add an NTBA to the Manager.
Workaround:
Delete the NTBA from the Manager.
Run the deinstall command from the NTBA CLI.
Add the NTBA to the Manager.
Re-establish the trust between the Manager and NTBA with the command set sensor sharedsecretkey from the NTBA CLI.
1220266
9.1
Issue: Update to an UDS is successful even if the UDS has an error.
1213651
9.1
Issue: In the Attack Log page, the ePolicy Orchestrator (ePO) console option in the Summary tab does not redirect to the proper ePO page.
1213608
9.1
Issue: The attack log displays the "label.NetworkObject.undefined" error message in the alert details panel under the Summary tab.
1211665
9.1
Issue: The following categories of Next Generation Report do not work in NSM 9.1:
Top Services by Bandwidth
Default - Top 10 Conversations
Default - Top Most Recent Connections
Default - Top 10 Exporter Interfaces
1211323
9.1
Issue: The Attack count is not incremented for any blacklisted executable in the Endpoint Executables page.
1209208
9.1
Issue: [Manager Appliance Linux] The following diagnostic tools do not work in the Manager Appliance Linux:
AlertStatistics
DiagCollect
FaultGen
RuleEngineSensorInstall
1208237
9.1
Issue: [Manager Appliance Linux] When you execute dbadmin.sh, an exception is generated and database backup/restore fails.
1207832
9.1
Issue: [Manager Appliance Linux] Integration with McAfee Vulnerability Manager not supported in Manager Appliance Linux.
1202643
9.1
Issue: While you try to reboot Virtual IPS Sensors from the Manager, the reboot fails.
1201735
9.1
Issue: When multiple Controller upgrade files are downloaded, the file name usually has a numeric suffix. If this suffix contains a space in the file name, the controller upgrade fails. Workaround: The Controller upgrade download file must not contain any space or numerals.
1201310
9.1
Issue: When you disable the Packet Log Encryption feature, the channel flaps. Workaround: You must keep the Packet Log Encryption option enabled. Select Devices, <Admin Domain Name>, Devices, <Device Name>, Setup, Advanced,Alerting Options. Make sure that the Packet Log Encryption option is enabled.
1197570
9.1
Issue: The Manager does not display properly on Microsoft Edge and Firefox v57 browsers.
Workaround: Disable the touch-screen feature on your system.
To disable the touch-screen feature on your Windows system, perform the following steps:
Go to Device Manager.
Search for Human Interface Devices.
Right-click on HID-compliant touch screen and from the list of options displayed, click Disable.
Close the browser instance and start again.
Refresh the Manager and log on.
1196389
9.1
Issue: In an AWS MDR pair, the Controller communicates with the Secondary Manager even after you convert the Manager to standalone.
1184565
9.1
Issue: After you quarantine the host, the quarantine page displays the vNSP Cluster name instead of the Virtual IPS Sensor name.
1183813
9.1
Issue: After a .jar upgrade, the Manager logon session ends. The logon page shows after the NTBA Appliance reboots from the NTBA page. Workaround: Even when the Manager is logged out, the NTBA Appliance reboots in the background. Manual reboot of the NTBA Appliance is not required.
1179954
8.3
Issue: Policy update at domain level for Default Detection policy does not work.
1176563
8.3
Issue: The Scheduler intermittently fails to pick files submitted to the cloud to get the report.
1175848
8.3
Issue: Port module removed from the Sensor is displayed in the Physical Ports page while you create a failover pair.
1174187
8.4
Issue: The information "i" icon does not appear in the Malware Files page against the malware confidence. Workaround: This information is available in the Attack Log page.
1171604
8.4
Issue: Callback Activity alerts generated before an upgrade will not appear after you upgrade to 9.1.
1170425
8.3
Issue: The Tag Endpoints option in the Other Actions menu in the Attack Log displays OSC instead of ISC.
1162743
8.3
Issue: The option to collect a diagnostic trace is not available.
1161012
8.4
Issue: Names of the data type are sorted. But, the sort arrow is not displayed in the Traffic Received / Sent tab when you go to the Devices, <Admin Domain Name>, Devices, Troubleshooting, Traffic Statistics page.
1160967
8.3
Issue: Performance charts for Throughput and Flow Usage do not display data when Performance Monitoring is enabled.
1114216
8.3
Issue: Gateway Anti-Malware (GAM) 2013 is shown as the active version even when no Gateway Anti-Malware engine is configured on the Sensor.
1113349
8.3
Issue: The malware files are not deleted when the Manager is in standby mode. Workaround: Delete the malware files directly from NSM_INSTALL_DIR\App\temp\tftpin\malware while in standby mode.
947790
8.1
Issue: When the Manager forwards alert messages to the syslog server, Host sweep alerts display a mismatch in the Network Protocol ID.
897937
7.5
Issue: The Manager does not trigger alerts for custom rules that use the ssl_versionfield.
832573
7.5
Issue: The Last Event column on the dashboard of the suspicious host, incorrectly lists the risk score scheduler time.
Issue: After you upgrade to 9.1, you see latency issues with FTP traffic passing through the Sensor. Workaround: Create ignore rules for FTP traffic in your Sensor Firewall Policy.
1274233
9.1
Issue: [NS9300-HA] When the Sensor is put in layer 2 mode, packets directed to the affected port pairs are sent from both of the same numbered ports on the HA side. They are sent via the interconnect link. This condition causes a traffic loop. This issue is only seen in 9.1.5.63.
Affected Ports: This problem is seen in port numbers 1–2 and 5–6 of G2 module only, which is G2/1-2 and G2/5-6.
Solution: This issue is resolved with sensor hotfix 9.1.5.64. All subsequent sensor software releases contain the fix.
Issue: On Sensors that run 9.1.5.56, the Sensor might become unresponsive and enter a hung state or suddenly reboot. Or, you see the Sensor display errors at boot and can't continue further.
Cause: Sensor logs related to internal port transactions fill up the disk space and can't be deleted.
Solution: See the Related Article.
1272706
9.1
Issue: [NS9X00] NSM displays the error:
SSL: Connections Exhausted alerts in the Attack Log page.
With 100% SSL flows allocation, the SSL tasks in the Sensor remain inactive after the Sensor comes up, and SSL flow decryption is not performed.
Workaround: Reduce the total number of SSL supported flows to 80% and reboot the Sensor.
1116819
9.1
Issue: Incorrect ATD counter values are displayed when you execute the CLI command show malware engine stats.
1116440
9.1
Issue: When you execute the show malware engine statsCLI command, the ATD counter increments by a value of two. It increments by two for suspicious files when the result data is retrieved from the cache. This counter must only increment by 1.
1178511
Issue: When you turn off the Sensor and then quickly power it back up, the Sensor might fail to boot, report errors, or respond and handle traffic.
Solution: When you turn off the Sensor, always wait a minimum of two minutes for it to completely shut down before you power it back up.
Non-critical:
Reference Number
Related Article
Found in Version
Issue Description
NSPSNSR-5009
9.1
Issue: When the SSL decryption feature is enabled, the total number of TCB decreases more than expected.
NSPSNSR-8861
9.1
Issue: In certain rare conditions, the Sensor reboots due to a watchdog timeout.
NSPSNSR-5180
9.1
Issue: In certain rare conditions, you must reboot the Sensor to reflect changes to the monitoring ports speed/duplex settings.
1264590
9.1
Issue: Sensor returns an invalid SNMP value for OID 1.3.6.1.4.1.8962.2.1.3.1.1.6.1.17.2.
1271559
9.1
Issue: When you install the network interface module (IAC-4P10NET-MODA) into the G2 slot of an NS7x50 Sensor, the Monitoring ports never come up.
Solution: This issue will be fixed in NSP 9.1 Update 6.
1198188
9.1
Issue: GTI File Reputation stops working with high traffic load.
1185957
9.1
Issue: The count of attacks detected during SSL flow is always displayed as zero.
1116785
Issue: Invalid string is seen in Layer 7 data alerts generated for office engine.
1114124
Issue: The value of the Cache Nodes utilized counter is not reduced when the Advanced Threat Defense cache purge is started.
1083605
Issue: Hitless reboot does not work because multiple datapath processors stop responding (crash).
1083506
Issue: In rare scenarios, some files are not processed for malware scanning.
1082986
Issue: Packet (pkt) direction is not set correctly when flow information is sent from the front-end processor to the datapath processor. The direction is unknown.
1025365
Issue: APK files with extension vnd.android.package-delta are not processed for malware detection.
1019974
Issue: During split file download, XDP files are not extracted.
940106
Issue: Redirection to the Guest Access portal fails for inter-VLAN routing.
847172
Issue: Connection limiting host count is as low as 128k, whereas it must be more than 256k for NS-Series Sensors.
783323
Issue: RX/TX counters are updated slowly.
537012
Issue: [Snort] The Sensor does not raise an alert when a space is part of the content matching rule. Workaround: Separate into multiple content keywords in a single rule.
Issue: Sensor returns invalid SNMP value for OID 1.3.6.1.4.1.8962.2.1.3.1.1.6.1.17.2.
1255284
Issue: After the virtual probe is restarted, Windows Firewall settings are restored to the configuration that was applied at the time of probe installation.
Example: Windows firewall is disabled. You install the probe with the firewall disabled, complete the probe installation, and enable the firewall. But, if the virtual probe is restarted, the firewall is again disabled. NOTE: The Virtual Probe restart can be triggered manually or due to a vNSP Controller restart.
Workaround:
Open File Explorer on the Windows computer that experiences the issue.
Navigate to C:\Program\Files\McAfee\zasa\firewall.
Delete firewall.bk.
1203688
9.1
Issue: At times, the OVA file for Virtual IPS Sensor returns an error while it is deployed with VMware Center. Workaround: First deploy the latest Virtual IPS Sensor 8.3 OVA, and then upgrade the Virtual IPS Sensor to 9.1.
CRITICAL:
Reference Number
Related Article
Found in Version
Issue Description
1116819
9.1
Issue: Incorrect Advanced Threat Defense counter values are displayed for show malware engine statsCLI command.
1084586
Issue: [M-series, Mxx30-series] In rare scenarios, the datapath processor becomes unresponsive, which causes the Sensor to enter auto-recovery mode.
Non-critical:
Reference Number
Related Article
Found in Version
Issue Description
1264590
9.1
Issue: Sensor returns invalid SNMP value for OID 1.3.6.1.4.1.8962.2.1.3.1.1.6.1.17.2.
1116764
Issue: The non-default value for atdcache purge intervaldoes not work.
1114347
Issue: The ATD cache is not displayed in the output of the malwarecache status CLI command.
1114124
Issue: The value of the Cache Nodes utilized counter is not reduced when the ATD cache purge is started.
1082383
Issue: [M-series] Two flows on the M-3050 Sensor are stuck in the time wait state for over 23 days.
1025365
Issue: APK files with the vnd.android.package-delta extension are not processed for malware detection.
1019974
Issue: [M-series, Mxx30-series] During split file download, XDP files are not extracted.
917539
Issue: [M-series, Mxx30-series] DNS object-based rule does not work post auto-recovery with thelayer 7 processor suspended to trigger the recovery.
914684
Issue: [M-series, Mxx30-series] Layer7 DDoS JavaScript challenge does not work.
713210
Issue: [M-series, Mxx30-series] SSL attacks are detected while running IPv6 traffic, but without VLAN tags.
691838
Issue: [M-series, Mxx30-series] ARP packets are continuously sent to the NTBA Appliance when the Sensor is switched to Layer 2 mode.
537012
Issue: [Snort] The Sensor does not raise an alert when a space is part of the content matching rule. Workaround: Separate into multiple content keywords in a single rule.
CRITICAL:
Reference Number
Related Article
Found in Version
Issue Description
1185552
9.1
Issue: After you upgrade the Manager from SHA-1 to SHA-2, the alert channel connected to the NTBA Appliance goes to a state of:
Error in mutual trust.
Workaround:
Log on to the NTBA Appliance command line with administrator credentials.
Type deinstall and press Enter.
Type set sensor sharedsecretkey and press Enter to re-establish the trust between NTBA and Manager. When the NTBA Appliance comes up, the integration between NTBA and IPS is de-established.
Perform a configuration update to the NTBA Appliance from the Manager.
Use the Sensor CLI to confirm if the McAfee NTBA Communication status is up.
Issue: To upgrade to NTBA 9.1, you must upgrade to NTBA 8.3.4.58 first before you perform the 9.1 upgrade. Solution: See the release notes listed in the Related Article column for further information.
1234108
Issue: When you initially deploy NTBA with a T-VM Appliance on ESXi 5.1, you see the error MySQL went away in the NTBA sensor.dgb logs. Workaround: Reboot the NTBA Appliance and then run the installdbcommand from the NTBA command line.
1208616
9.1
Issue: After you upgrade to the latest version of NTBA Appliance software, the trust between NTBA and Manager fails. Workaround: Log on to NTBA with administrator credentials, type set sensor sharedsecretkey and press Enter.
Now update the NTBA configuration from the Manager. The NTBA Communication status is now re-established.
1167939
9.1
Issue: After you upgrade to the latest version of NTBA Appliance software, Gateway Anti-Malware Engine DAT files must be downloaded manually because of the software upgrade. Workaround: Log on to NTBA with administrator credentials, type download antimalware updates and press Enter.
1111146
9.1
Issue: The NTBA callback activity alerts are not displayed in Attack Log.
1119003
9.1
Issue: The DNS name is not displayed in the Threat Explorer page under the Top Applications panel.
936666
9.1
Issue: When you execute the installntba command, T-600 and T-1200 NTBA appliances take about 15–17 minutes to reboot for the first time after fresh installation from a USB drive.
737171
9.1
Issue: The Illegal File policy violation alert is not triggered even when configured criteria are met.
694869
9.1
Issue: NetFlow direction is incorrectly processed. The result is invalid reporting of the illegal website access alert for URL-related communication rules.
Non-critical:
Reference Number
Related Article
Found in Version
Issue Description
NSPMGR-8281
9.1
Issue: The Attack Log, Description tab, Alert Details panel, does not display details for the NTBA Communication rule match alert.
NSPMGR-8285
9.1
Issue: When you click the information icon for an NTBA alert in the alert details panel in the Attack Log page, the Vulnerability Assessment and Endpoint Security Events tabs are displayed twice.
1210758
9.1
Issue: The Top URL monitor in the Dashboard page does not show data for all given time frames.
1206315
9.1
Issue: When the NTBA database is corrupted, if you select the Endpoint Executables tab, it displays the following error:
error loading executable
1168345
9.1
Issue: The system health status is displayed as Uninitialized state after you execute installdb in NTBA. Workaround:
Execute reset-config and then re-establish trust between the Manager and NTBA.
To re-establish the trust between NTBA and Manager, log on to NTBA with admin credentials, type resetconfigset sensor sharedsecretkey, and press Enter.
1114429
Issue: The Threat Explorer page shows unrelated Top Malware files when any hyperlink is clicked.
918977
Issue: NTBA fails to show the current host IP address under load when you click View Agent Connectivity.
917256
Issue: NTBA fails to start ratinglib when DNS is unreachable as the NTBA Appliance is booted.
813375
Issue: Host Threat Factor value does not increase in accordance with the triggered antimalware alerts.
