Release Notes

McAfee ePolicy Orchestrator 4.6.7 Software

About this release
Resolved issues
Installation instructions
Known issues
Find product documentation

About this release

This document contains important information about the current release. We strongly recommend that you read the entire document.

ImportantWe do not support upgrading from pre-release or Beta versions. To upgrade to a production release of the software, uninstall the existing pre-release version first.

Release date December 18, 2013

Release build 4.6.7.278

This release was developed for use with these McAfee® ePolicy Orchestrator® releases:

McAfee ePO 4.5 Patch 3 (build 937) or later
McAfee ePO 4.6 (build 1029) or later

Purpose

This release of McAfee ePO fixes issues and provides support for features in upcoming managed product releases.

Rating

Mandatory — McAfee requires this release for all environments. This update must be applied immediately to avoid a potential security breach, and to maintain a viable and supported product.

For more information about patch ratings, see McAfee KnowledgeBase article KB51560.

Resolved issues

These issues are resolved in this release of the product. For a list of issues fixed in earlier releases, see the Release Notes for the specific release.

Agent-server communication

If a McAfee Agent has no IP address (such as agents on mobile devices), the default site list is sent to the McAfee ePO server. The message, "The agent has no defined IP," is logged as information instead of as an error. ( 831752 )
Replicating a SuperAgent repository uses the virtual IP address of the cluster instead of the physical IP address of the active node. ( 878860 )

This release includes McAfee Agent version 4.8 Patch 1. (916842)

During upgrades, the McAfee Agent Key Updater and the McAfee Agent extension are automatically updated to this version. However, the McAfee Agent package is not automatically updated. You must manually check in the McAfee Agent package to the Master Repository in order to push out the new version to your managed systems.

Agent Handlers

All services are up and running after installation, and users can log on to the McAfee ePO server without seeing a message that the Agent Handler service is not running. ( 902428 )
The default port for communication between Agent Handlers and the McAfee ePO server was changed from port 8444 to port 8443. (906996)
Agent Handler calls to the McAfee ePO server use a port that doesn't require client certificate authentication until the Agent Handler gets or creates the needed certificates. (906980)

Authentication

This release addresses excessive synchronization around permission sets and groups, and includes updated .jar files to accelerate database access. The long LDAP requests previously generated by the excessive permission set synchronization could slow the McAfee ePO server and the processing of logon credentials. ( 831594 )
This release updates the RSA SSL-J library to version 5.0.2.3. This version of the RSA SSL-J library fixes a known issue that prevented SSL proxy connections when a client relied on a proxy for DNS lookups. (787092)
LDAP server DNS names are resolved by SRV record. If an SRV record response doesn't include an A record, the McAfee ePO server recognizes the hostname-only response. (840468)

Previously, the McAfee ePO server required the LDAP server A record, and if it wasn't provided, the client systems sent a full list of product properties back to the McAfee ePO server, slowing the server down and preventing logon attempts.

You can no longer log on to the McAfee ePO console from port 8444. (819643)
This version of McAfee ePO supports Common Access Card authentication. (383214)

Client and server tasks

This release changes the date format to prevent truncating data when the day of the month value exceeds 12. Truncated data prevented the purging of closed issues, and generated the exception: "CommandException: Data truncation." (820361)
This version of McAfee ePO fixes a finalize method that caused database connections to leak from the collection pool and prevented server tasks from succeeding. (833467, 891763)
The XML parser libraries that occasionally prevented importing server task XML files were replaced. (884665, 888434)
When you select the Exclude empty containers and Delete the systems from the System Tree options, empty Active Directory nodes have the corresponding group and systems deleted from the System Tree at the next AD synchronization task. (898064)
The McAfee ePO server no longer becomes unresponsive when the deleteClientTask API command is called from different threads. (874403)
Rollup tasks succeed without generating "Violation of PRIMARY KEY constraint 'PK_EPORollup_ProductProperties'" messages. (849032)
The McAfee ePO server distinguishes between versions of managed products when displaying task information. (884729)
The McAfee ePO server shows all versions of managed products when displaying task information if no filters are selected. (913027)
When you use the clienttask.find command, the McAfee ePO server displays results for the managed products you have permissions for, instead of displaying an error message if you lack permissions for every installed product. (883474)
This release reduces the amount of time it takes to terminate managed system rollup tasks. (907008)

Dashboards and monitors

The McAfee ePO server applies colors to all eligible child nodes when generating stacked bar charts. (839326)
The German version of the user interface correctly displays the number of systems assigned to each Agent Handler. (875604)

Events and responses

This release correctly logs certain unhandled exceptions that previously stopped automatic responses. (839429)
All events are successfully processed. Events only appear in the Debug directory if they cannot be parsed, or if the system runs out of memory or disk space. (893075)
Adding a Host IPS property to an automatic response prevents the response from triggering an SNMP trap. (851029)
When you create an automatic response rule and use the "is any of" comparison for the EventID, the rule triggers as expected. (908465)
NoteIf you created automatic response rules with this comparison before upgrading to this version of McAfee ePO, you must edit the rule and save it again for the "is any of" comparison to work correctly.
This release resolves an issue where an "Application Server service terminated" message unexpectedly appears in the system event log. (877746)
By default, purging event data occurs in batches of 1,000. In large environments, purging only 1,000 events at once can take a very long time. Expert users can override this default size limit. Doing so requires modifying XML files and creating a new SQL query. Contact your support provider for details. (897531)

Policy management

You can cancel your policy modifications when accessing the McAfee ePO interface from a Mozilla Firefox browser. (846386)
You can't assign multi-slot policies to a single node when using the Assign Policy action. This restriction prevents duplicate assignments. (892612).
When editing a policy assignment rule, selected subgroups remain selected until you deselect them. (895302)
Exporting and importing Policy Catalog lists works in Internet Explorer 10 without generating an invalid character error. (919969)

Queries and reports

This release successfully and correctly exports multi-group summary queries to HTML or PDF format. ( 840439 )
This release ensures proper handling on null objects when running reports that include multi-group summary tables or bar charts. Previously, these reports did not generate, and this message appeared: "Report.pdf does not contain any data." (903201)
Users retain access to shared query groups after the query groups are renamed. (901422)
Report generation succeeds for reports that use a query with the Show Total option deselected. (886267)

Repositories

If the Automatically allow clients to access newly-added repositories option is deselected, new repositories are not automatically enabled in the Agent Repositories policy. (850618)
When you edit a repository, the repository isn't automatically enabled. (905814)
You can install the Repository Management extension without stopping the McAfee ePO server. (885895)
When you check a package in to the Master Repository, the correct notifications are sent to the Agent Handler. (910094)

System Tree

Agents that are behind an Aventail VPN client have unique entries in the System Tree. Previously, agents behind an Aventail VPN client overwrote the entries for other similar agents. (897773)
The Move Systems action on a Test Sort handles system selection correctly, instead of moving only the deselected systems. (891815)
The System Details page properly displays retrieved system information. (898101)
This release reduces the likelihood of the McAfee ePO console becoming unresponsive when large numbers of systems are deleted from the System Tree at one time. (879824)
The My Organization System Tree group is correctly translated into Chinese and Korean in the New Subgroup window. (910276)
This release fixes a slow javascript command that caused the System Tree view to take several minutes to display. (911742)

Other issues

When using the German version of the user interface, the View Assigned Policies action appears in German instead of English. (877789 )
The remote command system.find works for McAfee Agent GUIDs and MAC addresses. (900420)
This release improves database performance when submitting large amounts of tabular data. (909099)
This version of McAfee ePO removes duplicate .jar files that made the McAfee ePO console unresponsive in certain circumstances. (907039)
When you upload a managed product extension for installation, the McAfee ePO server extracts the extension directly into the appropriate extension directory, instead of extracting the extension into a temporary directory, then moving or copying the contents to the destination folder. This change helps ensure extension installations succeed. (907088)
When you edit server settings, hitting the ESC key no longer generates a "Document Expired" message. (843551)
This release uses JRE version 1.7.0_45. (920026)

Installation instructions

For information about installing or upgrading ePolicy Orchestrator, see the McAfee ePolicy Orchestrator Installation Guide.

ImportantBefore proceeding with the upgrade process, see McAfee KnowledgeBase article KB71825 for important steps to take before this upgrade

Known issues

For a list of known issues in this product release, see this McAfee KnowledgeBase article: KB79208.

Find product documentation

McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.

Task
1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.
2 Under Self Service, access the type of information you need:
To access... Do this...
User documentation
1Click Product Documentation.
2Select a product, then select a version.
3Select a product document.
KnowledgeBase
Click Search the KnowledgeBase for answers to your product questions.
Click Browse the KnowledgeBase for articles listed by product and version.