Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at https://www.mcafee.com/enterprise/en-us/downloads/my-products.html.
Issue: After you upgrade to Manager version 9.1.7.77, the Manager service fails to start.
Workaround: Perform the following steps before you upgrade your Manager:
Stop the Manager and Watchdog services.
Open Control Panel, Administrative Tools, Services.
In the Services window, view the Network Security Manager services and the Java processes.
Stop any that are running.
Run the Manager version 9.1.7.77 installer (setup.exe).
Non-critical:
Reference Number
Related Article
Found in Version
Issue Description
NSPMGR-16735
9.1
Issue: The Attack Log page displays alerts even after performing alert pruning.
TSNS-10362
9.1
Issue: NSM alerting is delayed after the NSM service is up and running for 248 days.
Workaround: Restart the NSM service before the uptime reaches 248 days.
NSPMGR-9280
9.1
Issue: The following and similar errors are continuously seen in the Windows application event.
Aborted connection xxxx to db: 'lf' user: '' host: 'localhost' (Got timeout reading communication packets).
Workaround: This issue is cosmetic. No workaround is needed. But you can also stop the event output by performing the following:
Open my.ini file in NSM_INSTALL_DIR\MariaDB.
Add the following description at the end of the file. [mariadb]
log_warnings=1
Restart Database service.
NSPMGR-2618
9.1
Issue: The Attack Log page fails to display correlated information of IPS attack and endpoint executables. This information includes the name, hash, and malware confidence.
NSPMGR-7952
9.1
Issue: You can't integrate NTBA with the NSM because the NTBA Direction drop-down list displays a blank value. This issue might happen when you add an NTBA to the Manager.
Workaround:
Delete the NTBA from the Manager.
Run the deinstall command from the NTBA CLI.
Add the NTBA to the Manager.
Re-establish the trust between the Manager and NTBA with the command set sensor sharedsecretkey from the NTBA CLI.
NSPMGR-2510
9.1
Issue: In the Attack Log page, the ePolicy Orchestrator (ePO) console option in the Summary tab does not redirect to the proper ePO page.
NSPNTBA-143
9.1
Issue: The following categories of Next Generation Report do not work in NSM 9.1:
Top Services by Bandwidth
Default - Top 10 Conversations
Default - Top Most Recent Connections
Default - Top 10 Exporter Interfaces
NSPMGR-2472
9.1
Issue: The Attack count is not incremented for any blocked executable in the Endpoint Executables page.
NSPMGR-2438
9.1
Issue: [Manager Appliance Linux] The following diagnostic tools do not work in the Manager Appliance Linux:
AlertStatistics
DiagCollect
FaultGen
RuleEngineSensorInstall
NSPMGR-2411
9.1
Issue: [Manager Appliance Linux] Integration with McAfee Vulnerability Manager not supported in Manager Appliance Linux.
NSPMGR-8125
9.1
Issue: While you try to reboot Virtual IPS Sensors from the Manager, the reboot fails.
NSPMGR-8034
9.1
Issue: The Manager does not display properly on Microsoft Edge and Firefox v57 browsers.
Workaround: Disable the touch-screen feature on your system.
To disable the touch-screen feature on your Windows system, perform the following steps:
Go to Device Manager.
Search for Human Interface Devices.
Right-click on HID-compliant touch screen and from the list of options displayed, click Disable.
Close the browser instance and start again.
Refresh the Manager and log on.
NSPMGR-2335
9.1
Issue: During a configuration update, you see your FO-pair Sensors display the following error:
Geo IP location file download failure
NSPMGR-7895
9.1
Issue: After you quarantine the host, the quarantine page displays the vNSP Cluster name instead of the Virtual IPS Sensor name.
Issue: Incorrect ATD counter values are displayed when you execute the CLI command show malware engine stats.
NSPSNSR-8232
9.1
Issue: When you execute the show malware engine statsCLI command, the ATD counter increments by a value of two. It increments by two for suspicious files when the result data is retrieved from the cache. This counter must only increment by 1.
Non-critical:
Reference Number
Related Article
Found in Version
Issue Description
NSPSNSR-5009
9.1
Issue: When the SSL decryption feature is enabled, the total number of TCB decreases more than expected.
NSPSNSR-8719
9.1
Issue: GTI File Reputation stops working with high traffic load.
NSPSNSR-4061
9.1
Issue: The count of attacks detected during SSL flow is always displayed as zero.
NSPSNSR-8235
Issue: Invalid string is seen in Layer 7 data alerts generated for office engine.
NSPSNSR-8195
Issue: The value of the Cache Nodes utilized counter is not reduced when the Advanced Threat Defense cache purge is started.
NSPSNSR-7937
Issue: Hitless reboot does not work because multiple datapath processors stop responding (crash).
NSPSNSR-7935
Issue: In rare scenarios, some files are not processed for malware scanning.
NSPSNSR-7932
Issue: Packet (pkt) direction is not set correctly when flow information is sent from the front-end processor to the datapath processor. The direction is unknown.
NSPSNSR-7542
Issue: APK files with extension vnd.android.package-delta are not processed for malware detection.
NSPSNSR-6916
Issue: When the Manager forwards alert messages to the syslog server, Host sweep alerts display a mismatch in the Network Protocol ID.
NSPNAD-1721
Issue: During split file download, XDP files are not extracted.
NSPSNSR-6837
Issue: Redirection to the Guest Access portal fails for inter-VLAN routing.
NSPSNSR-3069
Issue: Connection limiting host count is as low as 128k, whereas it must be more than 256k for NS-Series Sensors.
Issue: Incorrect Advanced Threat Defense counter values are displayed for show malware engine statsCLI command.
NSPSNSR-7945
Issue: [M-series, Mxx30-series] In rare scenarios, the datapath processor becomes unresponsive, which causes the Sensor to enter auto-recovery mode.
Non-critical:
Reference Number
Related Article
Found in Version
Issue Description
NSPSNSR-8234
Issue: The non-default value for atdcache purge intervaldoes not work.
NSPSNSR-8199
Issue: The ATD cache is not displayed in the output of the malwarecache status CLI command.
NSPSNSR-8195
Issue: The value of the Cache Nodes utilized counter is not reduced when the ATD cache purge is started.
NSPSNSR-7928
Issue: [M-series] Two flows on the M-3050 Sensor are stuck in the time wait state for over 23 days.
NSPSNSR-7542
Issue: APK files with the vnd.android.package-delta extension are not processed for malware detection.
NSPSNSR-6614
Issue: [M-series, Mxx30-series] DNS object-based rule does not work post auto-recovery with thelayer 7 processor suspended to trigger the recovery.
NSPSNSR-6576
Issue: [M-series, Mxx30-series] Layer7 DDoS JavaScript challenge does not work.
713210
Issue: [M-series, Mxx30-series] SSL attacks are detected while running IPv6 traffic, but without VLAN tags.
691838
Issue: [M-series, Mxx30-series] ARP packets are continuously sent to the NTBA Appliance when the Sensor is switched to Layer 2 mode.
CRITICAL:
Reference Number
Related Article
Found in Version
Issue Description
1185552
9.1
Issue: After you upgrade the Manager from SHA-1 to SHA-2, the alert channel connected to the NTBA Appliance goes to a state of:
Error in mutual trust.
Workaround:
Log on to the NTBA Appliance command line with administrator credentials.
Type deinstall and press Enter.
Type set sensor sharedsecretkey and press Enter to re-establish the trust between NTBA and Manager. When the NTBA Appliance comes up, the integration between NTBA and IPS is de-established.
Perform a configuration update to the NTBA Appliance from the Manager.
Use the Sensor CLI to confirm if the McAfee NTBA Communication status is up.
Issue: To upgrade to NTBA 9.1, you must upgrade to NTBA 8.3.4.58 first before you perform the 9.1 upgrade. Solution: See the release notes listed in the Related Article column for further information.
1234108
Issue: When you initially deploy NTBA with a T-VM Appliance on ESXi 5.1, you see the error MySQL went away in the NTBA sensor.dgb logs. Workaround: Reboot the NTBA Appliance and then run the installdbcommand from the NTBA command line.
1208616
9.1
Issue: After you upgrade to the latest version of NTBA Appliance software, the trust between NTBA and Manager fails. Workaround: Log on to NTBA with administrator credentials, type set sensor sharedsecretkey and press Enter.
Now update the NTBA configuration from the Manager. The NTBA Communication status is now re-established.
1167939
9.1
Issue: After you upgrade to the latest version of NTBA Appliance software, Gateway Anti-Malware Engine DAT files must be downloaded manually because of the software upgrade. Workaround: Log on to NTBA with administrator credentials, type download antimalware updates and press Enter.
1111146
9.1
Issue: The NTBA callback activity alerts are not displayed in Attack Log.
1119003
9.1
Issue: The DNS name is not displayed in the Threat Explorer page under the Top Applications panel.
936666
9.1
Issue: When you execute the installntba command, T-600 and T-1200 NTBA appliances take about 15–17 minutes to reboot for the first time after fresh installation from a USB drive.
737171
9.1
Issue: The Illegal File policy violation alert is not triggered even when configured criteria are met.
694869
9.1
Issue: NetFlow direction is incorrectly processed. The result is invalid reporting of the illegal website access alert for URL-related communication rules.
Non-critical:
Reference Number
Related Article
Found in Version
Issue Description
NSPNTBA-100
9.1
Issue: When deployed in VMware ESXi server version 6.7 using an ISO image, a virtual NTBA engine's Gateway Anti-Malware and Anti-Virus DAT engines crash (stop responding).
Workaround: Configure the following when you deploy virtual NTBA engine VMware ESXi server version 6.7 using an ISO image:
In the Select a name and guest OS tab, the Compatibility option must be ESXi 6.0 virtual machine.
In the Customize settings tab, select the values as follows:
CPU - 4
Memory
T VM– 16384 MB
T-100 VM – 8192 MB
T-200 VM –16384 MB
Hard disk 1 – 250 GB
New hard disk – 350 GB
SCSI Controller 0 – LSI Logic Parallel
Network Adapter 1 – VM Network and enable the Connect checkbox.
New NetworkAdapter – VM Network and enable the Connect checkbox.
New NetworkAdapter – VM Network and enable the Connect checkbox.
New NetworkAdapter – VM Network and enable the Connect checkbox.
New NetworkAdapter – VM Network and enable the Connect checkbox.
CD/DVD Drive 1 – Datastore ISO file and enable the Connect checkbox. Video Card – Default settings
NSPMGR-8281
9.1
Issue: The Attack Log, Description tab, Alert Details panel, does not display details for the NTBA Communication rule match alert.
NSPMGR-8285
9.1
Issue: When you click the information icon for an NTBA alert in the alert details panel in the Attack Log page, the Vulnerability Assessment and Endpoint Security Events tabs are displayed twice.
1210758
9.1
Issue: The Top URL monitor in the Dashboard page does not show data for all given time frames.
1206315
9.1
Issue: When the NTBA database is corrupted, if you select the Endpoint Executables tab, it displays the following error:
error loading executable
1168345
9.1
Issue: The system health status is displayed as Uninitialized state after you execute installdb in NTBA. Workaround:
Execute reset-config and then re-establish trust between the Manager and NTBA.
To re-establish the trust between NTBA and Manager, log on to NTBA with administrator credentials, type resetconfigset sensor sharedsecretkey, and press Enter.
1114429
Issue: The Threat Explorer page shows unrelated Top Malware files when any hyperlink is clicked.
918977
Issue: NTBA fails to show the current host IP address under load when you click View Agent Connectivity.
917256
Issue: NTBA fails to start ratinglib when DNS is unreachable as the NTBA Appliance is booted.
813375
Issue: Host Threat Factor value does not increase in accordance with the triggered antimalware alerts.
