McAfee Agent 4.8.0 Patch 3 Release Notes

Release Notes
McAfee Agent 4.8.0 Patch 3
About this release
Known Issues
Resolved Issues
Installation instructions
Find product documentation
About this release
Thank you for choosing this McAfee product. This document contains important information about the current release. We
strongly recommend that you read the entire document.
General information
Released: February 17, 2015
Release Builds:
McAfee® Agent
McAfee Agent Extension
For a list of compatible products, see KnowledgeBase KB83734
Make sure that you have installed the correct product versions before using this release.
Recommended. McAfee recommends this release for all environments. Apply this update at the earliest convenience.
For more information, see Ratings for Hotfixes and Patches in KnowledgeBase article KB51560.
Known Issues
For known issues in this product release, see KnowledgeBase article KB83733.
Resolved Issues
These issues are resolved in this release of the product. For a list of issues fixed in earlier releases, see the Release Notes for
the specific release.
1. Issue: When a Super Agents that has the "Accept connections only from the ePO server" policy set attempts to
validate the source of a network connection, it generates the name query network traffic. (Reference: 883258)
Resolution: Super Agents no longer generates the name query traffic when the "Accept connections only
from the ePO server" policy is set.
2. Issue: If the agent could not access the total/available space on a drive (ex. drive D:), it reported that the size was the
same as that of the previous drive (ex. drive C:). (Reference:904948)
Resolution: The agent will report that the sizes of inaccessible drives are zero.
3. Issue: Updates on a client would fail, when it downloads an FTP repository’s catalog file. The catalog file was smaller
because a package was removed from the repository. (Reference:930580)
Resolution: The client downloads the smaller catalog file correctly and the update succeeds.
4. Issue: On Ubuntu and possibly some other Unix operating systems, on systems with multiple network interfaces, the
agent sometimes reported the IP address of the wrong network interface (NIC) to ePO. (Reference:918328)
Resolution: Agent correctly reports the IP address of the network interface (NIC) to ePO.
5. Issue: The policy enforcement fails to complete during policy enforcement for the agent relay service. This resulted in
policy enforcement failure for other McAfee products running on the client system. (Reference: 925720)
Resolution: The policy enforcement completes for the agent relay service. The policy enforcement for other McAfee
products is no longer blocked.
6. Issue: The McAfee Agent 4.8 Patch 2 and lower versions failed to start on Mac OSX 10.10. (Reference: 972377)
Resolution: McAfee Agent 4.8 Patch 3 supports Mac OSX 10.10.
7. Issue: On some computers, the agent's Udaterui.exe process does not terminate when the user logged off. This causes
the screen to go black or appear to hang. (Reference: 969645)
Resolution: Udaterui.exe process terminates when a user logs off.
8. Issue: The agent would sometimes not update the date and time for the "Last agent-to-server communication:" value
in its About Box though it is connected to ePO 5.0. (Reference: 921083)
Resolution: The About Box now displays the correct date and time.
9. Issue: In some cases when the current user name contains non-ASCII characters (ex. Chinese characters) the agent
would fail to send the user name to ePO. (Reference: 974254)
Resolution: Non-ASCII characters are now handled properly in this case.
10. Issue: If you run a Run Now deployment task and the product that was deployed had not installed a plugin registry key
(by design), the deployment would be reported as Failed, even if it succeeds. (Reference: 910175)
Resolution: Run Now deployment now reports success or failure correctly.
11. Issue: Agent deployment tasks would download the and files, though they
are not required for agent deployment tasks. (Reference: 1013298)
Resolution: These two files are no longer downloaded for agent deployment tasks.
12. Issue: On a Solaris system, agent installation or upgrade failed if any of the computer's file system names had a colon.
(Reference: 977671)
Resolution: The agent installation or upgrade on Solaris is successful irrespective of the computer’s file system names.
13. Issue: When there was a deployment task with "run on every policy enforcement" set, the MA Framework Service
would hang on shutdown, which delayed shutdown by one minute. This problem was introduced in MA 4.6 patch 2 in
a fix designed to reduce how often the agent wakes up. (Reference: 961406)
Resolution: The delay in shutdown is not observed anymore. There has been no change in the "run on every policy
enforcement" deployment task feature in MA 4.8 Patch 3; it continues to work as before.
14. Issue: On Macintosh systems, the message "An update session is already running" will appear on every update
attempt in the agent log. This is due to a conflict with policy enforcement and thus will be more likely to occur when
the policy enforcement interval is set to be more frequent. (Reference: 1010054)
Resolution: The conflict with policy enforcement has been removed and this problem no longer occurs.
15. Issue: The agent service was terminated on Linux operating systems with segmentation fault because of potential
memory corruption when policy enforcement and property collection happened simultaneously. (Reference: 952841)
Resolution: The agent service is not terminated. The third party library which was causing the segmentation fault is
16. Issue: The agent would not collect any properties for any products if there was a failure in property collection in any
one product. (Reference: 924241)
Resolution: If a property collection fails for a product, the agent retries product collection for all products except the
failed product. The agent also sends an event with ID 2427 to ePO including the name of the failed product.
17. Issue: The agent reported incorrect OS Build Number for computers with Windows 8.1 and 2012 R2 as 9200, where
the actual build number is 9600. (Reference:940215)
Resolution: The agent now reports the correct OS build number.
18. Issue: When the agent can't send multiple events to ePO due to a network problem, an event package may remain in
the agent's internal package queue. This may block later agent-to-server communication, resulting in the log message
"Agent server communication already in progress. Request ignored". (Reference: 949586)
Resolution: The Agent server communication is no longer blocked in this scenario.
19. Issue: When Database Activity Monitor restarts it sends the agent wake-up messages very frequently. This caused an
Agent/Server communication failure. The symptom was uploading response package files with the same name
appearing in the agent log at the detail level and a message "failed to receive package…server is busy". The agent
would then retry communication with ePO, but only using relay sites and from the sites listed in the site list.
(Reference: 943449)
Resolution: The agent now generates different file names for the upload and response files. When Agent/Server
communication fails, agent retries the sites in both the site list and relay sites.
20. Issue: The agent service sometimes terminated when a Macintosh computer is joined to a domain, and multiple
currently logged on users are returned by the OS during property collection (Reference: 938118)
Resolution: The user names are separated correctly, and the Agent service does not terminate.
21. Issue: Sometimes on UNIX computers there would be a conflict between policy enforcement and an update such that,
the update would receive incorrect or partial policy information (e.g., which branch should agent use for the update)
(Reference: 924969)
Resolution: The agent gets updates from correct or assigned branch.
22. Issue: On Non-Windows systems, Agent GUIDs would have all zeros for the last 12 digits (e.g., C046492F-A5AA-E3119078-000000000000). (Reference: 975469)
Resolution: The last 12 digits are now a variety of numbers.
23. Issue: On AIX systems, if the entries in the /etc/filesystems file are commented, the agent service would terminate.
(Reference: 928964)
Resolution: This agent service does not terminate anymore.
24. Issue: If a McAfee product tried to send more than 10 MB of data via the agent's data channel, the agent would send
an invalid package to ePO. ePO would log the message, "Failed to parse input buffer, possible bad format". (Reference:
Resolution: The agent now produces valid packages irrespective of the package size.
25. Issue: The agent would sometimes regenerate the agent GUID unnecessarily due to the system UUID being
temporarily set to all zeros. (Reference: 960273)
Resolution: The agent no longer regenerates the agent GUID in this case.
26. Issue: When a Super-Agent computer changed its name, the agent extension would log that the computer was
removed and re-added. This would cause the extension to apply the "Automatically allow clients to access newlyadded repositories" policy to the "new" repository. This might cause the repository to become incorrectly enabled or
disabled. (Reference: 976882)
Resolution: Renaming a Super-Agent computer no longer changes the enabling or disabling of the repository. Note
that ePO 5.1.2 or 5.3 and above are also required for this fix to be effective (ePO ref 960241).
27. Issue: On Agent restart, the agent service would crash on a Mac OSX when there had been a previous problem with
updating. (Reference: 1010054)
Resolution: The agent service does not crash on agent restart.
28. Issue: On Mac OSX, the agent would sometimes return an invalid subnet mask property (ex. instead of (Reference: 992730)
Resolution: The agent reports the correct subnet mask.
29. Issue: The agent's HTML remote log feature had the "Click-Jacking" vulnerability. (Reference: 1010013)
Resolution: The agent no longer has this vulnerability. For more information on “Click-Jacking vulnerability” refer to
30. Issue: The OpenSSL Man-in-the-middle vulnerability allows an attacker to decrypt and modify traffic from the
attacked client and server on Mac OS.(Reference: 974930)
Resolution: The updated OpenSSL version, previously included in MA 4.8 Patch 2 HF974930, is now included in MA
4.8 Patch 3. For more information on “OpenSSL” vulnerability refer to SB10075.
31. Issue: McAfee Agent 4.8.x can connect to a different ePO even though all the steps required for the system transfer
are not followed (Reference: 1020615).
Resolution: The agent now connects to a different ePO server only when the steps required for the system transfer
are followed. For more information on the security aspects of this issue refer to SB10101.
32. Issue: The GNU C library (glibc) is vulnerable to buffer overflow. This allows attackers to remotely take control of the
target system without having any prior knowledge of system credentials. This vulnerability is also known as the
‘GHOST’ vulnerability. (Reference: 1037453).
Resolution: The updated GNU C library shipped with McAfee Agent runtime fixes this issue. For more information on
the GHOST vulnerability refer to SB10100.
Installation instructions
For information on installing or upgrading McAfee Agent, see McAfee Agent 4.8.0 Product Guide.
For information on supported operating systems, see KnowledgeBase article KB51573
For information on standalone installation or upgrade using Windows command-line, see KnowledgeBase article KB73389.
Find product documentation
McAfee provides the information you need during each phase of product implementation, from installation to daily use and
troubleshooting. After a product is released, information about the product is entered into the McAfee online
1 Go to the McAfee Technical Support ServicePortal at
2 Under Self Service , access the type of information you need:
To access...
Do this...
User documentation
1 Click Product Documentation.
2 Select a product, then select a version.
3 Select a product document.
Click Search the KnowledgeBase for answers to your product questions.
Click Browse the KnowledgeBase for articles listed by product and version.
Copyright © 2015 McAfee, Inc. Do not copy without permission.
McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other
names and brands may be claimed as the property of others.