1 Release Notes for ESM 11.1.x are cumulative. Scroll down to see information for earlier versions.
Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.
CRITICAL:
There are no critical known issues.
Non-critical:
Reference Number
Component
Related Article
Found in Version
Resolved in Version
Issue Description
SIEM-12686
Snowflex
11.2.0 HF4
11.3.0, 11.2.1 HF7 and 11.2.0 HF7
Issue: After you upgrade to SIEM 11, 3xxx errors occur and indicate issues retrieving query results from the new database architecture.
SIEM-11330
ESM
11.1.3
11.2.0 HF5
Issue: The Event Forwarding functionality experiences performance issues in SIEM 11. Solution: Upgrade to ESM 11.2.0 HF 5 or later.
1273430
ESM
11.1.3
Issue: Invalid data sources might be created when including leading zero's in the octets of the IP address.
1266321
ESM
11.1.3
10.4.0 and 11.2.0
Issue: Manual interaction with the appliance is needed when reboots occur during the upgrade process to ESM 10.3.4 or 11.1.3. Workaround: If Technical Support has previously directed you to change to an earlier kernel version, follow the steps below before you upgrade to ESM 10.3.4 or 11.1.3. These steps allow you to avoid the need to manually interact with the appliance during reboots in the upgrade process.
Revert any previously modified grub screen/kernel selection to allow for an unattended upgrade:
Create a grub config backup by running the command cp /boot/grub/grub.cfg ~/grub.cfg.bak.
Set the grub config kernel default back to use the first kernel in the list by running the following commands: NOTE: The newest kernel must always be first in the list.
vi /etc/default/grub
Edit the GRUB_DEFAULT value and change it to GRUB_DEFAULT=0
Regenerate grub config using the newly modified default. Run the command grub-mkconfig -o /boot/grub/grub.cfg.
Continue with upgrading devices
1266312
SIEM-11269
ESM
11.1.3
Issue: Under certain network conditions, keying a device from either the Add Device wizard or the Key Management properties of ESM 11.1.3 (hosted in AWS or Azure) can result in an error message. This result can happen even though the operation completed successfully. Workaround: To acknowledge the error, click OK and then click the X in the top-right corner of the window to dismiss the screen instead of clicking the Cancel button. Click refresh on the system tree and the device is ready.
1264218
SIEM-11238
ESM
11.1.3
Issue: Upgrading a DSB using a file uploaded through the “ESM File Maintenance” option prevents the upgrade from starting.
Workaround: Upload the file for the DSB during the upgrade process.
1257763
User Interface: HTML5 (new UI)
10.3.2
11.1.2
Issue: Can't search by File_hash in HTML5 (but works in Flash). Error "Invalid GUID value. Must be hexadecimal digits (0–9 A-F). Dashes are also allowed. Must contain 32 digits.".
1256391
ESM: System Properties
10.3.2
Issue: [ER254] VM data addition is successful, but the UI reports an error when trying to view it.
1255805
ESM: Redundant ESM (RESM)
10.3.2
11.1.2
Issue: Several ESM Redundancy fixes.
1255653, 1256255, 1255512
ESM: Reports
11.0.1
Issue: Exporting to CSV from Dashboard incorrectly shows usersource.
1255652
1259176
ESM: Views
11.0.3
11.1.2
Issue:Snowflex issues in 11.0.3 Update 3 and 11.1.1. Can't run views during background rebuild + 238.
1255633
Receiver
10.3.1
Issue: cURL data source is changed to syslog by “Write.”
1255151
ESM
11.0.3
11.1.0
Issue: EC238 errors seen after you upgrade to 11.0.3 Update 3.
1254749
ESM: Alarms
10.3.2
11.1.2
Issue: Wrong device_ip was added to the watchlist.
1254592
Other
10.3.2
11.1.3
Issue: RESM/PESM using wrong key to talk to ELM.
1254585
ESM: Redundant ESM (RESM)
10.3.2
11.1.1
Issue: RESM fails to get notified of RELM failover.
1254583 SIEM-11205
ELM: Redundant ELM (RELM)
10.3.2
11.3.0
Issue: ELM search results that are saved as links are not copied to RELM.
1254543
ELM: Redundant ELM (RELM)
10.2.0
11.1.3
Issue: UI shows wrong data storage device for the MGTDB.
1254216
Receiver
10.3.2
10.3.4
11.1.3
Issue: HA Receiver deletes community for SNMP Request in /etc/snmp/snmpd.conf after return to service.
1253684
Databus
11.0.3
11.1.2
Issue: No events in UI on ENMELM with 0 Alerts loaded, but the Alerts table is growing.
1253623
Database
11.0.3
11.1.0
Issue: [ER-1][ER238] Errors in Flash and HTML5 with errorcode=238.
1253595
ESM: Alarms
10.2.0
11.1.3
Issue: Specified Event Rate alarms do not work as expected.
1253508
ACE
10.3.2
11.1.1
Issue: Some correlated files get marked as bad.
1253439
Receiver
9.6.1 MR1
11.1.2
Issue: Refresh device button throws an error after you upgrade to ePO 5.10.
1253247
User Interface: HTML5
10.2.0
11.1.2
Issue: No data when filtering Palo Alto on some rule_name on HTML5.
1252818
ESM
10.2.0
11.1.1
Issue: ELM Integrity Check Function Broken.
1252673
ESM: Case Management
10.2.0
11.1.1
Issue: JSON API to close case causes it to be deleted in SIEM UI.
1252531
ELS
10.3.0
10.4.0
11.2.0
Issue: ELS fills up disk with elastic search logs.
1252041
ELM
11.0.3
Issue: Unable to migrate the ELM mgtdb a second time.
1251834
Receiver
11.0.3
11.1.1
Issue: Issues with SetClusterConfig and start of active collectors in HA after upgrade to v11.
1250991
ESM: Redundant ESM (RESM)
10.2.0
11.1.1
Issue: Primary is unable to complete Sync to redundant (log table).
1250483
Receiver
10.3.1
11.1.1
Issue: Directory /usr/local/ace/incoming/bad is growing to a large size on the Receiver without correlation engine.
1250794
ELM
11.0.3
11.1.2
Issue: ELM Kernel panic RIP: kmem_cache_alloc+0X00/0x140 RSP: fffc900004439f0 boots into new kernel.
1249322
ESM
11.0.3
11.1.1
Issue: [EC-1][ER238][ER1387] Server errors seen after you upgrade to 11.0.3.
1248631
ESM: Data Enrichment
10.3.1
Issue: In SIEM-MAR Integration, Active Response appears only for five seconds in the drop-down list of the 'Type' option in the Source tab for the Data Enrichment Wizard.
1248451
ESM
10.2.0
11.1.1
Issue: Over-used allocation reporting available space in exabytes.
1248382
ESM
11.0.2
11.1.2
Issue: Last Event times in Device Summary Reports are not accurate.
1247952
Receiver
10.3.1
11.1.1
Issue: The /usr/local/ace/incoming/bad folder fills after upgrade to 10.3.1.
1247149
ACE
10.2.0
10.4.0
11.2.0
Issue: Correlation Rule with Flows Nested Variable not working correctly.
1247141
ESM
10.2.1
11.1.2
Issue: Table component shows No Results at Physical Display Level.
1245611
Receiver
11.0.3
11.1.1
Issue: Kafka topics are not created on a recently installed ENMELM combo (data is not sent).
1243534
ACE
10.2.0
Issue: Sometimes a correlated event could not be triggered.
1235498
ELM: Redundant ELM (RELM)
10.2.0
11.2.0
Issue: Data written to the mount point without a mounted mirror is not copied correctly to the mirror.
1234565
UI: HTML5
11.0.0
10.3.2
11.1.0
Issue: In CyberScorecard, Severity values on the Executive view are not changed properly.
1234993
Upgrade
11.0.0
Issue: After you upgrade from 10.2.0, ELS tries to connect to the local kafka. Solution: Follow the proper upgrade procedure documented in current release notes.
1234797
SIEM-11171
ELM
10.2.0
Issue: Unable to remove DAS from mirror.
1234302
ESM: Reports
11.0.0
Issue: Bar charts are not included in the exported reports.
1233936
SIEM-11166
ESM: Alarms
11.0.0
Issue: When viewing the Event Time Mismatch report, no devices are selected by default.
1233089
ESM
11.0.0
Issue: In FIPS mode, users who have Key and Certificate permission can't download or view certificates.
1233043
UI: HTML5
11.0.0
10.3.4
11.1.2
Issue: After you add or delete a data source in the HTML5 dashboard, the device tree on the Physical Device tab does not refresh.
1232284
L10N
11.0.0
11.1.0
Issue: Some localized UI elements are truncated in the ELS Search history.
1232282
L10N
11.0.0
11.1.3
Issue: In some languages, when creating Benchmark group names, a corrupted character is introduced at the end of the name.
1232247
L10N
11.0.0
11.1.0
Issue: When selecting devices, some display strings are not localized.
1231157
ESM
10.2.0
11.2.0
Issue: "Possible Event Time Mismatch" alarm triggers when a device is not selected.
1229417
Receiver
11.0.0
11.1.1
Issue: Turning data source parsing off while ELS logging is on disables the data source.
1227617
Receiver
10.2.0
11.2.0
Issue: NTP servers are still queried by Devices when "Use NTP servers for time synchronization and save settings" is not selected.
1225160
ESM: Redundant ESM (RESM)
10.2.0
11.2.0
Issue: Communication Troubleshooting Help does not mention proper devices.
1222461
ESM
10.2.0
11.1.3
Issue: HTML5, Custom type name is not displayed correctly on the dashboard unless the database is restarted.
1222182
Receiver
10.2.0
11.1.3
Issue: Sourcefire estreamer stopped collecting because of an error.
1221397
Other
10.1.0
Issue: You can't add datasources with a FIPS-enabled ENMELM VM. Workaround: Log on to the ESM database back-end, update the IPSversion field of the Local-Receiver in the IPS table, and restart the system.
1219107
ESM
11.0.0
11.2.0
Issue: CreateAndExecuteCommands run one database query for each record returned, which slows performance.
