| Reference Number |
Related Article |
Found in Version |
Issue Description |
| NSPMGR-9560 |
|
9.2 |
Issue: In ePO, the trust establishment between the Network Security Manager and the HIP Sensor trust fails when extension is stopped and restarted. |
| NSPMGR-8341 |
|
9.2 |
Issue: Assigning capacity license and editing a stack can't be performed from the secondary Manager in an MDR pair. Perform these actions only from the primary Manager. |
| NSPMGR-8312 |
|
9.2 |
Issue: If you have modified the proxy SSL decryption settings at the domain level, you must select the SSL key option for configuration update at the device level. |
| NSPMGR-8256 |
|
9.2 |
Issue: The clear ssl proxy stats CLI command does not clear all SSL proxy related statistics. |
| NSPMGR-3895 |
|
9.2 |
Issue: When you swap a member Sensor from one stack to another stack within the same Manager, the older stack must be deleted in the Manager. |
| NSPMGR-3800 |
|
9.2 |
Issue: The Device Manager page does not load when any of the member Sensors in a stack goes down for the first time. |
| NSPMGR-3791 |
|
9.2 |
Issue: After you create a stack in the Manager, you can't manage the stack unless all member Sensors have established trust with the Manager. |
| NSPMGR-3751 |
|
9.2 |
Issue: You must manually deploy the changes when certain configurations for the stack are changed. |
| NSPMGR-3686 |
|
9.2 |
Issue: Port Throughput Usage functionality might not work because a static ports list is shown. |
| NSPMGR-3646 |
|
9.2 |
Issue: During high malware traffic, alerts from the Sensor are only listed in the Manager Attack Log after a delay. |
| NSPMGR-8286 |
|
9.2 |
Issue: [AWS] The protected group allows you to remove all subnets. Any subnet added after this action is not saved.
Workaround:
- Delete the protected group.
- Re-create the protected group.
- Add the required subnets.
|
| 1261987 |
|
9.1 |
Issue: If you log on with a read-only user ("Policy Read only" applied, but not "Policy Edit") you can't view Inspection Policy. |
| 1268013 |
|
9.2 |
Issue: In the System Faults page, the informational fault does not specify the Interface Module type after inserting the QSFP28 100 gigabit Interface Module. |
| 1264290 |
|
9.2 |
Issue: You see Unsupported response port R1 displayed in the Manager Port Details tab in the Physical Ports page. |
| 1263784 |
|
9.2 |
Issue: The alert channel flaps when the Sensor capacity is changed.
You see the exception:
The “<Sensor name> Experience a SNMP error during set/get, Change the STATUS to DISCONNECTED” in the ems.log.
Workaround:
- On the NSM, open File Explorer and navigate to C:\Program Files\McAfee\Network Security Manager\App\config.
- Locate the ems.properties file. Right-click and open it in Windows Notepad.
- Scroll down to the end of the file and add the line:
iv.core.ControlChannel.maxInitialSNMPACKWaitTime=10000
- Save your changes to the ems.properties file and restart the Manager service.
|
| 1248213 |
|
9.2 |
Issue: When you use the 4-port RJ-45 Interface Module, you see the unsupported Inline Fail Open – Active operational mode displayed. |
| 1231371 |
|
9.2 |
Issue: After upgrading to 9.2, Snort engine configurations are not inherited at Admin Domain level. |
| 1229614 |
|
9.2 |
Issue: [Azure] When you push the Private GTI Cloud Certificate to NSP running in an Azure environment, you see the error:
CANNOT Found the ne HA-cluster from NE cache by name. Return null.
|
| 1229584 |
|
9.2 |
Issue: The file hashes page crashes when deleting records from the blacklist or whitelist when the number of entries exceeds 159 entries. |
| 1229033 |
|
9.2 |
Issue: UDS validation result fails when importing only snort rules. |
| 1228758 |
|
9.1 |
Issue: When your account password expires, you are not redirected to the password reset page. |
| 1228391 |
|
9.2 |
Issue: After upgrading the Manager, the private GTI configurations can't be updated to the Sensor. |
| 1225280 |
|
9.2 |
Issue: [Azure, AWS] New HA controllers can't be created with the same name as previously terminated HA controllers. |
| 1223943 |
|
9.2 |
Issue: After importing chain certificates, incorrect key length for the parent certificates is displayed. |
| 1223906 |
|
9.2 |
Issue: [Azure] When two HA controllers are rebooted at the same time, the service IP address is disassociated and fails to associate again. |
| 1222161 |
|
9.1 |
Issue: The Attack Log page does not display the IP address for the Too many inbound TCP SYN attack. |
| 1220348 |
|
9.1 |
Issue: The Attack Log page fails to display correlated information of IPS attack and endpoint executables. This information includes the name, hash, and malware confidence. |
| 1220328 |
|
9.1 |
Issue: You can't integrate NTBA with the Manager because the NTBA Direction drop-down list displays a blank value. This issue might happen when you add an NTBA to the Manager.
Workaround:
- Delete the NTBA from the Manager.
- Run the deinstall command from the NTBA CLI.
- Add the NTBA to the Manager.
- Re-establish the trust between the Manager and NTBA using the command set sensor sharedsecretkey from the NTBA CLI.
|
| 1220266 |
|
9.1 |
Issue: Update to an UDS is successful even if the UDS has an error. |
| 1213651 |
|
9.1 |
Issue: In the Attack Log page, the ePolicy Orchestrator (ePO) console option in the Summary tab does not redirect to the proper ePO page. |
| 1213616 |
|
9.1 |
Issue: The Manager does not generate a Host Intrusion Prevention event and the event details are not displayed in the Threat Explorer page. |
| 1213608 |
|
9.1 |
Issue: The attack log displays the "label.NetworkObject.undefined" error message in the alert details panel under the Summary tab. |
| 1211665 |
|
9.1 |
Issue: The following categories of Next Generation Report do not work in Manager 9.1:
- Top Services by Bandwidth
- Default - Top 10 Conversations
- Default - Top Most Recent Connections
- Default - Top 10 Exporter Interfaces
|
| 1211323 |
|
9.1 |
Issue: The Attack count is not incremented for any blacklisted executable in the Endpoint Executables page. |
| 1209208 |
|
9.1 |
Issue: [Manager Appliance Linux] The following diagnostic tools do not work in the Manager Appliance Linux:
- AlertStatistics
- DiagCollect
- FaultGen
- RuleEngineSensorInstall
|
| 1208237 |
|
9.1 |
Issue: [Manager Appliance Linux] When executing dbadmin.sh, an exception is generated and database backup and restore fails. |
| 1207832 |
|
9.1 |
Issue: [Manager Appliance Linux] Integration with McAfee Vulnerability Manager not supported in Manager Appliance Linux. |
| 1202643 |
|
9.1 |
Issue: While trying to reboot Virtual IPS Sensors from the Manager, the reboot fails. |
| 1201735 |
|
9.1 |
Issue: When multiple Controller upgrade files are downloaded, the file name usually has a numeric suffix. If this suffix contains a space in the file name, the controller upgrade fails.
Workaround: The Controller upgrade download file must not contain any space or numerals. |
| 1201310 |
|
9.1 |
Issue: When you disable the Packet Log Encryption feature, the channel flaps.
Workaround: You must keep the Packet Log Encryption option enabled. Select Devices, <Admin Domain Name>, Devices, <Device Name>, Setup, Advanced, Alerting Options. Make sure that the Packet Log Encryption option is enabled. |
| 1197570 |
|
9.1 |
Issue: The Manager does not display properly on Microsoft Edge and Firefox v57 browsers.
Workaround: Disable the touch-screen feature on your system.
To disable the touch-screen feature on your Windows system, perform the following steps:
- Go to Device Manager.
- Search for Human Interface Devices.
- Right-click on HID-compliant touch screen and from the list of options displayed, select Disable.
- Close the browser instance and start again.
- Refresh the Manager and log on.
|
| 1196389 |
|
9.1 |
Issue: In an AWS MDR pair, the Controller communicates with the Secondary Manager even after converting the Manager to standalone. |
| 1184565 |
|
9.1 |
Issue: After you quarantine the host, the quarantine page displays the vNSP Cluster name instead of the Virtual IPS Sensor name. |
| 1183813 |
|
9.1 |
Issue: After a .jar upgrade, the Manager logon session ends and shows the logon page after rebooting the NTBA Appliance from the NTBA page.
Workaround: Even when the Manager is logged out, the NTBA Appliance reboots in the background. Manual reboot of the NTBA Appliance is not required. |
| 1179954 |
|
|
Issue: Policy update at domain level for Default Detection policy does not work. |
| 1176563 |
|
|
Issue: The Scheduler intermittently fails to pick files submitted to the cloud to get the report. |
| 1175848 |
|
|
Issue: Port module removed from the Sensor is displayed in the Physical Ports page while creating a failover pair. |
| 1174187 |
|
|
Issue: The information "i" icon does not appear in the Malware Files page against the malware confidence.
Workaround: This information is available in the Attack Log page. |
| 1171604 |
|
|
Issue: Callback Activity alerts generated before an upgrade will not appear after upgrading to 9.1. |
| 1170425 |
|
|
Issue: The Tag Endpoints option in the Other Actions menu in the Attack Log displays OSC instead of ISC. |
| 1162743 |
|
|
Issue: The option to collect a diagnostic trace is not available. |
| 1161012 |
|
|
Issue: Names of the data type are sorted but the sort arrow is not displayed in the Traffic Received / Sent tab when you go to the Devices, <Admin Domain Name>, Devices, Troubleshooting, Traffic Statistics page. |
| 1160967 |
|
|
Issue: Performance charts for Throughput and Flow Usage do not display data when Performance Monitoring is enabled. |
| 1114216 |
|
|
Issue: Gateway Anti-Malware (GAM) 2013 is shown as the active version even when no Gateway Anti-Malware engine is configured on the Sensor. |
| 1113349 |
|
|
Issue: The malware files are not deleted when the Manager is in standby mode. |
| 947790 |
|
|
Issue: When the Manager forwards alert messages to the syslog server, Host sweep alerts display a mismatch in the Network Protocol ID. |
| 905270 |
|
|
Issue: Submission ID for Advanced Threat Defense (ATD) reports are not displayed on the Malware Detections page. |
| 897937 |
|
|
Issue: The Manager does not trigger alerts for custom rules that use the ssl_version field. |
| 832573 |
|
|
Issue: The Last Event column on the dashboard of the suspicious host, incorrectly lists the risk score scheduler time. |
