McAfee released Patch 2 for VirusScan Enterprise 8.7i. This update is deemed High Priority and we recommend to roll it out at the soonest opportunity.

Improvements in Patch 2

1. Improvements were made to the way that the CommonShell scanner interacts with file I/O. This improves performance with on-access scanners within the product.
2. VirusScan Enterprise 8.7i Patch 2 now has the ability to report compliance to the newer versions of Windows Security Center.
3. The VirusScan Enterprise 8.7i extension has improved support for ePolicy Orchestrator 4.5 with Firefox 3.0 and Internet Explorer 8.0.
4. Several modification were made to the way that VirusScan Enterprise's system tray icon interacts with the new functionality of McAfee Agent 4.5.
5. The file extension .txt was added to the SmoothWritesExtension registry value to increase performance in handling text files.
6. Russian language support was added to the VirusScan Enterprise user interface, NAP file, and extension.

NOTE: See items #3 and #4 under Known Issues for further information about this topic.

Resolved issues in Patch 2:

1. Issue: Processes that ended were still listed in Task Manager. (Reference: 482720)
   Resolution: The link driver no longer retains the handles to processes that have closed.
2. Issue: On a system using large quantities of handles, particularly busy servers, VirusScan would cache excessive amounts of data in non-paged pool memory. (Reference: 492541)
   Resolution: The link driver has been updated to reduce the amount of overhead in the data used for operations.
3. Issue: In high I/O environments where Access Protection is enabled, a performance degradation symptom could be encountered, appearing as a hang. Internal processing by VirusScan drivers occurred serially, contributing to a bottleneck when large volumes of I/O were filtered. (Reference: 497580)
   Resolution: The link and mini-firewall drivers no longer cause a sequential release of objects containing gathered information on the I/O request. This should increase performance on multi-processor environments.
4. Issue: The setting in Email Scan for Heuristic network check for suspicious files was not being updated based on the user interface or policy changes. (Reference: 493594)
   Resolution: The setting now updates the proper registry location to reflect the change in the user interface.
5. Issue: To support ePolicy Orchestrator's Countermeasures functionality, the properties collection was modified for the new data. The section title was not named correctly to reflect the new functionality. (Reference: 487603)
   Resolution: The section in the computer properties was updated to Countermeasures for ePolicy Orchestrator to use the data properly.
6. Issue: On systems with Symantec's SVS Client software installed, the on-access scan features did not load. (Reference: 441670)
   Resolution: The On-Access Scanner service now communicates with our filter drivers on systems where SVS Client software is installed.
7. Issue: The Patch installer registered ScriptScan libraries, even when the user interface had the feature set as disabled. (Reference: 498347
   Resolution: The Patch installer no longer runs the ScriptScan registration function, in order to prevent the setting from being changed.
8. Issue: When Access Protection and Buffer Overflow were disabled in an attempt to improve performance, the drivers were still loaded, although not active, causing little change in performance. (Reference: 465506)
   Resolution: Disabling the Access Protection and Buffer Overflow drivers now yields the expected performance increase.
9. Issue: The on-access scanner did not properly time out when scanning large archives. This could lead to the system failing to copy files. (Reference: 464768)
   Resolution: The on-access scanner service now successfully times out at the interval specified in the user interface.
10. Issue: When the on-delivery Outlook scanner received emails to scan, some keyboard entries could be lost. (Reference: 480992)
    Resolution: The Outlook scanner now handles the on-delivery scan of an email with Microsoft Outlook 2007, and caches the keys entered during that time.
11. Issue: When VirusScan Enterprise 8.7i was installed on a system running Windows 2008, uninstall fails. (Reference: 496609)Resolution: The Microsoft Patch (MSP) installer corrects a custom action that was preventing the reenabling of Microsoft Windows Defender.
12. Issue: When VirusScan Enterprise 8.7i is installed on a system running Windows 2000, where the installation was customized using McAfee Installation Designer, a subsequent patch update might fail to install. (Reference: 489712)
    Resolution: The MSP installer modifies the cached MSI for VirusScan Enterprise 8.7i, on Windows 2000, in order to correct the source of failure.
13. Issue: Silent installations might fail on hard drives that are designated as dynamic. The on-access scanner service fails to start, and the installation rolls back. (Reference: 443669)
    Resolution: The Patch 1 Repost and later installation packages now install to a dynamic disk, silently.

Known issues

Known issues in this release of the software are described below:

1. Issue: In some situations, the product switches over to using the normal copy of the DAT files, instead of the runtime DATs:

• If the McAfee AntiSpyware Enterprise module is installed after VirusScan Enterprise 8.7i Patch 1 is on the system, some of the new registry settings, which are new for the runtime functionality, were changed back. This resolves itself with a restart of the McTaskManager service or with a reboot.
• If one of the scanners is busy on a large file when the AutoUpdate process posts the revised copy of the DATs, the process of refreshing the runtime copy of the DATs times out. All scanners use the normal DATs until the next successful update.
• The VirusScan Modules* will not use the runtime DAT functionality until they received their next Patch.

1. Issue: With the improved functionality of the on-access scanner memory scan, lower and middle ranged systems may see a performance impact at startup and after a successful AutoUpdate of the engine or DATs.
   Currently the Process on enable option is enabled by default on the shipping version of VirusScan Enterprise 8.7i. McAfee recommends that in a managed environment, disable this option prior to deployment of the Patch, until the impact of memory scanning can be determined for your environment. It is not possible to maintain both the more comprehensive scanning that comes with Patch 1 and later, and the former level of scanning. Therefore, only the more comprehensive scan is used.
2. Issue: With the introduction of support for Russian, you might need to remove the previous version of the extension from ePolicy Orchestrator before adding the new extension. If you do not, some of the interface might be displayed in the original language.
3. Issue: McAfee Agent 4.0 Patch 2 and later include support for displaying status and logs in Russian. Older versions display this information in English by default.
4. Issue: Since VirusScan Enterprise 8.7i Patch 2 and later include the new interface for reporting status to Windows Security Center, uninstalling the Patch removes this function -- without reintroducing the older expired function. This means that Windows Security Center does not report VirusScan Enterprise 8.7i being installed until Patch 2 or later is implemented.
5. Issue: When you remove the McAfee AntiSpyware Module, the status in Windows Security Center is not updated.
6. Issue: In deployments of VirusScan Enterprise 8.7i Patch 2 with McAfee Agent 4.5, the VirusScan tray plugin does not appear until after a restart of the McAfee system tray icon. If VirusScan is uninstalled, the VirusScan tray plug-in is still visible until a similar restart.
7. Issue: This Patch adds needed support for McAfee VirusScan Enterprise for Offline Virtual Images 2.0, and should not be removed unless the VirusScan Module is removed first.
8. Issue: The Patch installer included an MSI deferred action to resolve an issue found when attempting to uninstall the Patch on some newer operating systems. The deferred.mfe file updated the cached MSI of the currently installed VirusScan 8.7i product. If the Patch is included in a McAfee Installation Designer customized package, the deferred.mfe file was not included, and therefore the Patch might not be able to be uninstalled in some newer operating systems.
9. Issue: If you installed this release interactively and cancelled the installation on a system where a previous Patch was installed, after the rollback was complete, the previous Patch might no longer reported to ePolicy Orchestrator or appeared in the About VirusScan Enterprise window.
10. Issue: Installing the Patch and specifying a log file path using the Microsoft Installer (MSI) switch "/L" did not log to the specified path. A log file capturing full data was logged to the folder "McAfeeLogs" under the Temp folder.
11. Issue: If Host Intrusion Prevention 6.x or later was installed and disabled prior to installing VirusScan Enterprise, it was necessary to re-enable Host Intrusion Prevention and disable it again, in order for VirusScan Buffer Overflow Protection to be properly enabled.
12. Issue: Uninstalling VirusScan Enterprise Patches is possible for computers running Windows Installer v3.x or later. This technology is not fully integrated for Windows 2000 operating systems, so there is no option to remove the Patch in Add/Remove programs. See instructions under Removing the Patch for removal via command-line options.
13. Issue: Patches for VirusScan Enterprise 8.7i can only be uninstalled via Add/Remove programs, not via ePolicy Orchestrator.