Release Notes

McAfee ePolicy Orchestrator 4.6.5 Software

About this release
Known issues
Resolved issues
Installation instructions
Find product documentation

About this release

Thank you for choosing this McAfee product. This document contains important information about the current release. We strongly recommend that you read the entire document.

ImportantWe do not support the automatic upgrade of a pre-release software version. To upgrade to a production release of the software, you must first uninstall the existing version.

General information

Release date: January 15, 2013

Release build:

This release was developed for use with the following McAfee® ePolicy Orchestrator® ( McAfee ePO™ ) versions.
ePolicy Orchestrator 4.0 Patch 7 (build 1363 or later)
ePolicy Orchestrator 4.5 Patch 3 (build 937 or later)
ePolicy Orchestrator 4.6 (build 1029 or later)
ePolicy Orchestrator 4.6.1 (build 1192 or later)
ePolicy Orchestrator 4.6.2 (build 201 or later)
ePolicy Orchestrator 4.6.3 (build 197 or later)
ePolicy Orchestrator 4.6.4 (build 202 or later)


Recommended. McAfee recommends this release for all environments. Apply this update at the earliest convenience.

For more information about patch ratings, refer to McAfee KnowledgeBase article KB51560.


This release includes the following enhancements.

Agent-server communication

You can now push the McAfee® Agent to managed systems that share the same NetBios name, as long as the managed systems are on different domains.

Previously, when pushing the agent to managed systems, your McAfee ePO server would identify systems by NetBios name. Now, the McAfee ePO server identifies systems by the following push credentials, in order:
1Fully qualified domain name (FQDN)
2NetBios name on the push credential domain
3NetBios name
4IP address

Issues and ticketing

This release includes the following improvements to issue and ticketing functionality.

The Issues table includes a Ticket Server Name column. This column is hidden by default, but you can make it visible using the Choose Columns action.
NoteThe TicketServerName field applies only to ePolicy Orchestrator instances that use an external ticketing server.
The following commands are new or modified:
createIssue — Creates issues manually.
listIssues — Lists all issues in the system, retrieves a list of tickets by issue, and executes queries to pull issues.
updateIssue — Edits parameters for the issue with the specified issue ID.
removeIssue — Removes the issue with the specified issue ID.

For more information on these commands, use the command.

CautionThese commands may not be compatible with extensions that add components to issue and ticketing functionality.

Known issues

For a list of known issues specific to this release, see McAfee KnowledgeBase article KB76688 .

Resolved issues

This release corrects the following issues.

This patch includes resolved issues released in earlier patches. For a list of previously resolved issues, see the release notes for a specific patch.

NoteMcAfee doesn't disclose the nature of security-related issues and their resolutions.
1Issue: Tag-based policy assignment rules are incorrectly shared between McAfee ePO servers. (Reference: 762508)
Resolution: Tag-based policy assignment rules are imported and exported using tag names instead of system-dependent IDs.
Note Tag-based policy assignment rules created and exported from an earlier software version cannot be imported to a McAfee ePO server at version 4.6.5 or later. If a specified tag is not found during the import process, the McAfee ePO server skips the EPOPolicyRule element and provides a warning message in the log file.
2Issue: The repository cache on remote Agent Handlers can get into a state where repository requests aren't successful until the Agent Handler is restarted. (Reference: 776580, 798980)

Resolution: Agent Handler repository caches no longer reach this state.

3Issue: In some locales, the Event Parser service lists the incorrect ePolicy Orchestrator version. (Reference: 788564)

Resolution: The Event Parser service shows the correct version number.

4Issue: The Product Properties table can sometimes contain multiple entries for each product extension. (Reference: 789756)

Resolution: The Product Properties table can't contain more than one entry per product.

5Issue: When using the Server Task wizard to create or edit a server task, searching for systems by tag sometimes causes unexpected changes to the task. (Reference: 792787)

Resolution: Searching for systems no longer interferes with the Server Task wizard.

6Issue: New McAfee® Host Intrusion Prevention 8.0 IPS signatures don't appear in Host Intrusion Prevention policies after the McAfee ePO server is renamed. (Reference: 799417)

Resolution: Host Intrusion Prevention 8.0 IPS rules populate properly when checking new Host Intrusion Prevention IPS content into the master repository after renaming the McAfee ePO server.

7Issue: Users are unable to roll up data for McAfee ePO servers with previous software versions. (Reference: 803978)

Resolution: Rolling up data for a managed server with a previous software version works correctly.

8Issue: When adding System Tree Access permissions to a new user, a Foreign Key constraint error appears, and the permissions aren't applied. (Reference: 804071)

Resolution: System Tree Access permission can be applied to users normally.

9Issue: The ePolicy Orchestrator SNMP server fails to increment Engine Time values. (Reference: 784336)

Resolution: The server sends SNMPv3 traps with the correct Boot Count and Engine Time values.

10Issue: Managed product policies can't be selected when creating server tasks with the Assign Policy subaction. (Reference: 788134)

Resolution: Options for managed product policies appear in the selection list.

11Issue: After removing the Host Intrusion Prevention extension, editing a Purge Threat Event Log server task fails. (Reference: 789093)

Resolution: Editing the Purge Threat Event Log server task works as expected.

12Issue: Replication tasks delete files from the Replication Log when the file isn't deleted because it is in use during replication. (Reference: 791556)

Resolution: Replication tasks don't delete files from the log when the files aren't deleted.

13Issue: Data channel tasks such as McAfee Agent wake-up calls or Run Now tasks expire until the service is restarted. (Reference: 796122)

Resolution: Data channel tasks are performed normally.

14Issue: The navigation trail to editing policy on a single system is presented incorrectly. (Reference: 797502)

Resolution: The correct navigation trail is displayed.

15Issue: Users can view parts of the System Tree they can't access. (Reference: 806456)

Resolution: Users can't view the parts of the System Tree they lack permissions for.

16Issue: System Tree access permissions are not always saved correctly. (Reference: 809045)

Resolution: System Tree access permission sets are saved correctly.

17Issue: Server tasks hang when certain data channel tasks fail to expire. (Reference: 810843, 725685)

Resolution: Tasks that fail to expire are cleared from the data channel.

18Issue: In some cases, third-party tokens are not accepted for certificate authentication by the McAfee ePO server. (Reference: 773208)

Resolution: Third-party tokens are accepted.

19Issue: Server tasks for queries that include a drill-down option don't produce results due to the addition of an empty "or" clause in the S-expression. (Reference: 800169)

Resolution: Empty "or" clauses are not added to the S-expression. Server tasks for queries that include drill-down options succeed as expected.

20Issue: In certain rare cases, when upgrading to the latest ePolicy Orchestrator version, the amount of memory specified by the default Java memory (JvmMx) value isn't available, preventing the upgrade. (Reference: 777590)

Resolution: A new command-line switch allows users to specify an alternative JvmMx value.

The new command-line switch is:

setup.exe JVMMX=nnn

where nnn is the JvmMx value in megabytes.

21Issue: When using Internet Explorer to view the McAfee Labs dashboard, the drop-down menu button that displays shortcuts is displayed too far to the left, overlapping some shortcuts. (Reference: 811210)

Resolution: The drop-down menu button appears only when necessary, and appears in the correct location.

22Issue: The version of Apache being used is outdated. (Reference: 810017)

Resolution: Apache was upgraded to version 2.2.22.

23Issue: Lists take a long time to populate when a user drills down to a list view with fewer rows than the current scroll location. (Reference: 812235)

Resolution: Lists populate correctly when list parameters change.

24Issue: Automatic Responses without filters must occur before Automatic Responses with filters or both responses won't occur. This is due to a generated where clause that includes an erroneous "or" when it passes a list of variables to generate a SQL string. (Reference: 632045)

Resolution: A check for null conditions was added to prevent the "or" from being added. Automatic Responses occur as expected.

25Issue: If a user disables Event Filtering for a managed product event, then uninstalls and reinstalls the managed product extension, the disabled event remains disabled even after it is re-enabled. (Reference: 676945)

Resolution: Disabled managed product events don't persist after the managed product extension is uninstalled.

26Issue: When performing an Update All action, the Software Manager fails to check in all packages. (Reference: 753477)

Resolution: The Software Manager correctly checks in multiple items.

27Issue: Users can't edit or save the System Tree Access component in permission sets. (Reference: 771087)

Resolution: Users can edit and save permission sets with any combination of selected components.

28Issue: Users can browse the LDAP server even with insufficient permissions. (Reference: 792537)

Resolution: Users can't browse the LDAP server without the correct permissions.

29Issue: After upgrading the McAfee ePO server to the latest version, Null Pointer Exception errors appear in the log. (Reference: 795128)

Resolution: The incorrect errors don't appear in the post-upgrade log.

30Issue: After upgrading the McAfee ePO server to the latest version, threat notifications errors appear in the log. (Reference: 806311)

Resolution: The incorrect threat notification errors don't appear in the post-upgrade log.

31Issue: When a series of messages is added to the McAfee ePO server by the Agent Handler, the server delivers only the last message to the McAfee Agent. (Reference: 806880)

Resolution: The McAfee ePO server sends all messages added by the Agent Handler.

32Issue: Navigating quickly across pages in the ePolicy Orchestrator interface might log off users. (Reference: 722353)

Resolution: Quick navigation doesn't cause user log-off.

33Issue: The Purge action for the Threat Event Log and the Audit Log might not delete all records specified in the purge criteria. (Reference: 776012, 778980)

Resolution: All records matching the purge criteria are deleted.

34Issue: When duplicating dashboards, an "X" appears in the Filtering section of the control panel monitor. (Reference: 790558)

Resolution: No "X" appears when duplicating dashboards.

35Issue: Running the Permission Set Membership query results in a ClassCastException. (Reference: 799125)

Resolution: The Permission Set Membership query runs as expected.

36Issue: The Java Runtime Environment (JRE) isn't current. (Reference: 810799)

Resolution: ePolicy Orchestrator uses the latest version of the JRE: 1.6.0_37.

37Issue: The word "registry" is misspelled in the Threat Events by Threat Category query, providing empty results. (Reference: 807269)

Resolution: The word "registry" is correctly spelled, and the query provides the expected results.

38Issue: When you view Synchronization Settings for a branch of the System Tree, the Push Agent page doesn't display saved Agent Handler data. (Reference: 811408)

Resolution: The Push Agent page displays the saved Agent Handler data correctly.

39Issue: The navigation path for nested System Tree groups is displayed inaccurately. (Reference: 812998)

Resolution: The navigation path is displayed correctly.

40Issue: When running an Active Directory Synchronization task with the option to deploy the McAfee Agent afterward, the agent isn't deployed, even when clients that should receive the agent are identified. (Reference: 813974)

Resolution: The McAfee Agent is deployed to unmanaged clients when the task is run.

41Issue: A case change in the FQDN of a SuperAgent Distributed Repository results in that repository being dropped from the repository list, then added to the list again, as disabled. (Reference: 808538)

Resolution: A case change in a SuperAgent FQDN no longer removes the SuperAgent from the repository list.

42Issue: Client system information doesn’t appear when the system is in a System Tree group that has a name that starts with a lowercase "u" or "x". (Reference: 814877)

Resolution: Client information appears correctly regardless of System Tree Group name.

43Issue: The McAfee® VirusScan® Enterprise for Offline Virtual Images 2.1.0 extension prevents ePolicy Orchestrator upgrades from succeeding. (Reference: 770444)

Resolution: The ePolicy Orchestrator installer blocks upgrades when version 2.1.0 or earlier of VirusScan Enterprise for Offline Virtual Images is present. Users can remove the extension, or replace it with Offline Virtual Images 2.1.1 or later.

44Issue: The version of OpenSSL that is being used isn't current. (Reference: 804268)

Resolution: ePolicy Orchestrator uses the latest version of OpenSSL: 1.0.1c.

45Issue: Using SSL LDAP connections with user-based policies causes agent communication to fail until the Apache service is restarted. (Reference: 814818)

Resolution: Agent communication succeeds when using SSL LDAP connections with user-based policies.

46Issue: Dragging systems between System Tree groups is slow. (Reference: 819566)

Resolution: The database query that checks to see if a system resides in the destination location is optimized. Dragging systems between groups happens faster.

47Issue: Nested database connections and unnecessary database calls caused the ServiceAMT to stop processing requests. (Reference: 820269)

Resolution: This release removes nested database connections and optimizes database calls when the record set isn't necessary.

Installation instructions

For information on installing or upgrading ePolicy Orchestrator software, see the McAfee ePolicy Orchestrator Installation Guide.

Important Before proceeding with the upgrade process, see McAfee KnowledgeBase article KB71825 for important steps to take before this upgrade.

Find product documentation

McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.

1 Go to the McAfee Technical Support ServicePortal at
2 Under Self Service, access the type of information you need:
To access... Do this...
User documentation
1Click Product Documentation.
2Select a product, then select a version.
3Select a product document.
Click Search the KnowledgeBase for answers to your product questions.
Click Browse the KnowledgeBase for articles listed by product and version.