McAfee epolicy Orchestrator Release Notes

Similar documents
McAfee epolicy Orchestrator Release Notes

McAfee epolicy Orchestrator Update 2

McAfee VirusScan and McAfee epolicy Orchestrator Administration Course

McAfee epolicy Orchestrator 5.x

McAfee Security for Microsoft Exchange Hotfix Release Notes

McAfee Data Protection for Cloud 1.0.1

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0

Deploying the hybrid solution

McAfee Gateway Appliance Patch 7.5.3

McAfee Red and Greyscale

McAfee Network Security Platform 9.1

Release Notes McAfee Application Control 6.1.0

McAfee Client Proxy Product Guide

Product overview. McAfee Web Protection Hybrid Integration Guide. Overview

McAfee Network Security Platform 8.1

McAfee Endpoint Upgrade Assistant 1.5.0

Release Notes McAfee Change Control 8.0.0

McAfee Network Security Platform 9.1

Endpoint Intelligence Agent 2.2.0

McAfee Firewall Enterprise epolicy Orchestrator Extension

McAfee File and Removable Media Protection Installation Guide

Resolution: The DataChannel servlet no longer stops working, regardless of the state of the DataChannel extension.

Network Security Platform 8.1

McAfee MVISION Mobile epo Extension Product Guide

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

Network Security Platform 8.1

McAfee Security for Microsoft SharePoint Hotfix

Mcafee epo. Number: MA0-100 Passing Score: 800 Time Limit: 120 min File Version: 1.0

Product Guide. McAfee Performance Optimizer 2.2.0

NGFW Security Management Center

McAfee Endpoint Security

McAfee Performance Optimizer 2.1.0

McAfee Network Security Platform

Interface Reference. McAfee Application Control Windows Interface Reference Guide. Add Installer page. (McAfee epolicy Orchestrator)

McAfee Network Security Platform 8.3

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0

NGFW Security Management Center

McAfee Web Gateway Administration

Network Security Platform 8.1

Network Security Platform 8.1

McAfee Drive Encryption Administration Course

McAfee Network Security Platform 9.1

McAfee Security-as-a-Service

Network Security Platform 8.1

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

Network Security Platform 8.1

Data Loss Prevention Endpoint

McAfee MVISION Endpoint 1811 Installation Guide

Stonesoft Management Center. Release Notes Revision C

McAfee Network Security Platform 8.3

NGFW Security Management Center

NGFW Security Management Center

McAfee Data Loss Prevention 9.3.2

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

NGFW Security Management Center

McAfee Endpoint Security

NGFW Security Management Center

Firewall Enterprise epolicy Orchestrator

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee Application Control/ McAfee Change Control Administration

Release Notes McAfee Change Control 7.0.0

McAfee Data Loss Prevention Endpoint

Release Notes McAfee Vulnerability Manager 7.5.8

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator)

Revision A. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0)

McAfee Data Loss Prevention Endpoint 10.0

McAfee Advanced Threat Defense Release Notes

MA0-100.exam.83q MA0-100 McAfee Certified Product Specialist-ePO

McAfee Endpoint Security

POC Installation Guide for McAfee EEFF v4.2.x using McAfee epo 4.6 and epo New Deployments Only Windows Deployment

Clearspan Hosted Thin Call Center R Release Notes JANUARY 2019 RELEASE NOTES

Five9 Plus Adapter for Agent Desktop Toolkit

McAfee Network Security Platform 8.3

Network Security Platform 8.1

Stonesoft Management Center. Release Notes Revision A

NGFW Security Management Center

McAfee MVISION Endpoint 1808 Installation Guide

McAfee epolicy Orchestrator Installation Guide

This document contains important information about the current release. We strongly recommend that you read the entire document.

McAfee Network Security Platform 8.3

McAfee Data Loss Prevention 9.2.2

NGFW Security Management Center

McAfee Rogue Database Detection For use with epolicy Orchestrator Software

McAfee Network Security Platform

McAfee File and Removable Media Protection Product Guide

McAfee Host Intrusion Prevention Administration Course

McAfee Network Security Platform 9.1

McAfee Network Security Platform 8.1

McAfee Network Security Platform 8.3

McAfee Data Loss Prevention 9.3.3

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

Network Security Platform 8.1

Table of Contents. Configure and Manage Logging in to the Management Portal Verify and Trust Certificates

NGFW Security Management Center

McAfee Network Security Platform 8.3

McAfee File and Removable Media Protection 6.0.0

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

Transcription:

Revision B McAfee epolicy Orchestrator 5.3.3 Release Notes Contents About this release Enhancements Resolved issues Known issues Installation instructions Getting product information by email Find product documentation About this release This document contains important information about the current release. We recommend that you read the whole document. Release build 5.3.3 Purpose This repost includes all McAfee epolicy Orchestrator (McAfee epo ) 5.3.3 fixes and enhancements, and also resolves the following issue: When restoring McAfee epo from a Disaster Recovery snapshot, the McAfee epo Application Server service (Tomcat) now loads more quickly. (1240977) Upgrade paths At the time of the current release, you can upgrade these versions to McAfee epo 5.3.3: McAfee epo 4.6.9 McAfee epo 5.1.3 McAfee epo 5.1.0 McAfee epo 5.3.1 1

McAfee epo 5.1.1 McAfee epo 5.3.2 McAfee epo 5.1.2 Upgraded components The current release upgrades these components. Component New version Apache Http Server 2.4.26 Apache Tomcat 7.0.79 Java Runtime 1.8.0_144 OpenSSL 1.0.2k Supported platforms The current release is compatible with these platforms. Operating System and Agent Handler Support Windows 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Database Microsoft SQL Server and SQL Express Edition 2008 SP1 Microsoft SQL Server and SQL Express Edition 2008 R2 Microsoft SQL Server and SQL Express Edition 2012 Microsoft SQL Server and SQL Express Edition 2014 Microsoft SQL Server and SQL Express Edition 2016 Browser Support Internet Explorer 8.0 or Later (including full support for compatibility mode) Firefox 24.0 or later Chrome 30.0 or later Safari 7.0 or later Microsoft Edge (Spartan browser) This version of McAfee epo 5.3.3 requires enabling TLS 1.1 or 1.2 support on your browser. 2

Enhancements The current release of the product includes these enhancements. Replaced Oracle Java SDK with AZUL JAVA SDK The current release replaces the Oracle Java SDK with the AZUL Java SDK in McAfee epo. Removed SQL Express 2008 from McAfee epo installer The outdated version of SQL Express was removed from the installation package to speed up download and installation times. If you still want to use Microsoft SQL Express for evaluation purposes, you can download the latest version from Microsoft. Interface changes to Software Manager This graphic shows the changes to the Software Manager interface. Added License Key, Edit link At the bottom of the Product Categories tree, next to License Key, click Edit to navigate to the Edit License Key page. There you can edit and save your software license key. The actions that previously appeared in the component description are moved to blue bar above the component list table. Interface changes to Master Repository This graphic shows the changes to the Master Repository interface. 3

Added checkboxes To change multiple packages at once, click the checkbox next to each package, then select an action from Actions. Preset now filters based on Package Type instead of Repository Branch. Added a Create Deployment Task action to the Actions list to create a Product Deployment project. Added a Quick find filter Above the Components list, you can type a string and click Apply to search for specific packages in the list. Interface changes to Product Deployment This graphic shows the changes to the New Deployment interface. 4

Choose the type of deployment These configuration settings were removed and the setting is now configured automatically. In Select your software, the + and were replaced with the + Add another package link at the bottom of the section. In Select the systems, Select Individual Systems, and Select by Tag or Group to display options for selecting systems. 5

Select Deployment was added and includes: Auto Update Previously part of Choose the type of deployment. Allow end users to postpone this deployment (Windows only) Previously part of Select the systems. Maximum number of postponements allowed Previously part of Select the systems. Option to postpone expires after (seconds) Previously part of Select the systems. Display this text Previously part of Select the systems. Reworded option Select a start time to Start time. Interface changes to Dashboards This graphic shows the changes to the Dashboards interface. A bell icon appears in the title bar, next to Log Off. A red icon indicates that software updates are available to download. By default, the icon is grey. Click the icon and the Software Manager page opens. Hover over the bell icon to show the software update status. Database Flattened the DB views The current release has reduced the number of database tables. Resolved issues The current release of the product resolved these issues. For a list of issues fixed in earlier releases, see the Release Notes for the specific release. 6

Security fixes This release addresses an exploitable blind SQL injection vulnerability. (1178482) This release addresses a vulnerability to an XMLE External Entity attack vector. (1172163) This release incremented OpenSSL to 1.0.2k to address several vulnerabilities. See McAfee SB10197, epolicy Orchestrator is vulnerable to Sweet32 vulnerability (CVE-2016-2183), for details. (1179805) This release addresses several cross-site scripting (XSS) vulnerabilities. (1164201, 1129029, 1176815, 1164200, 1191816, 1146936) This release updates the RSA BSAFE libraries to mitigate several vulnerabilities. (1165495, 1143825, 1126375, 1206799, 1156886) This release improves session security for REST APIs. (1192801) This release addresses a vulnerability to a clickjacking attack vector. For details, see McAfee epo Sustaining Statement SSC1605241. (1136306) This release addresses a vulnerability to a file upload attack vector. For details, see McAfee Security Bulletin SB10196. (1192756) The sitemgr.xml file stored in the database is no longer unnecessarily written to the McAfee epo installation directory. (1181918) This release updated the Apache Tomcat Server.xml file with more secure ciphers. (1082477, 1184229) This release signs files with an SHA-2 certificate. (1172676) In some browsers, credentials to push agent installations are stored in a server task that can be cached and displayed in plain text. This release fixes the issue so that the credentials are no longer displayed. (118936) McAfee epo used Apache Http Server version 2.4.16. This release uses Apache Http Server version 2.4.25. (1192216) This release addresses the Windows Alternate Data Streams vulnerability. (1199165) Fixed SQL Injection in getbyquery implementation for Tag Selection workflow. (1199537) This release addresses several Apache Http Server vulnerabilities. (1203850) This release addresses a blind command injection vulnerability. (1204296) This release adds TLS 1.2 support for McAfee epo outbound connections. (1177554) Client and server tasks If any server task to synchronize shared policies between McAfee epo servers failed to synchronize any policies on any one of the McAfee epo server databases, then none of the servers could be reached. Now synchronization failure does not cause connection failures. (1164882) Server tasks configured to run client tasks on the results of a query are no longer marked as "failed" if the query returned no results. (1190210) Database Small queries running for long periods no longer fill the TempDB database in the SQL database, which caused data channel connection failures and other symptoms. (1194021) In the McAfee epo database, many objects were created with QUOTED_IDENTIFIER set as OFF. Usually this was not a problem. Now all QUOTED_IDENTIFIER set as ON. (1190626) 7

Queries and reports An unexpected error occurred no longer appears when, running a query and the data appears, you select any data row, and click Show Related Systems. (1168845) Queries run in the McAfee epo console no longer hang and always return results. (1184150) When you run certain queries from the McAfee epo console, the results are now returned successfully, as they are when running the same query using the SQL database. (1147149, 1154903) A custom logo in the report header now scales correctly to the output page size. (1111758) In the Queries and Reports page, you no longer see the same group listed twice in the System Tree under My Groups. (1161177) Upgrades and installation After an upgrade to McAfee epo 5.3.2, the Application Server Service (tomcat) no longer crashes when replicating to a UNC repository. (1183834, 1184383) Upgrades no longer fail after running the VerifyMFSSCoreStarted.cmd. (1149615) When restoring McAfee epo from a Disaster Recovery snapshot, the McAfee epo Application Server service (Tomcat) now loads more quickly. (1240977) User interface When you create a Simplified Deployment task using the Product Deployment page, and check the task Start Date, the correct date appears. (1178734) In the Tag Catalog Preview page, the option Reset X manually tagged and excluded systems is now grayed out if you create a Tag with no criteria, manually create a computer object, and assign the tag to the computer. (1192233) Other fixes Reviewers are no longer given Global Administrator permissions after upgrading from 4.6.x to 5.1.x, or after exporting permissions from 4.6.x to 5.1.x. (1165842) An error no longer occurs when rebuilding the server.keystore that can cause sustained high CPU use by eventparser.exe when parsing HDLP events. (1145404) The eventparser no longer crashes several times and eventually hangs and stops parsing events. (1145604) When the event parser showed "COM Error 0x8007000E, source=(null), desc=(null), msg=not enough storage is available to complete this operation" in the Event Parser Log, it closed and started up with a new ProcessID continuously, then eventually hung. Now this behavior does not occur. (1145604) When using the "checkinpackage" API command with a non-global Administrator account, an "Authorization fails" error no longer appears. (1146906) In the System Tree, when you tested sorting, you could only see systems with sorting enabled. Now all systems remain visible. (1166071) McAfee epo no longer provides an incorrect policy in rare circumstances when system-based policy assignments are used. (1161057) The stored procedure, EPODirSort_SearchCreateComputer, associates Audit Log entries, and the correct user appears when a new system is added to the System Tree. (1127969) Excess Notify Agent errors no longer appear in the Audit Log after a deployment using DXL. (1149282) The Server Task page no longer takes 2 3 minutes to display in some circumstances. (1157280) 8

When changing assignment criteria for the Policy Assignment Rule criteria, long request parameters no longer cause unexpected errors. (1162479) When you check in the McAfee Endpoint Encryption version 7.X package and extensions to McAfee epo, the Audit logs no longer contain many 'Delete policy object: "EE System -...' log entries. (1163797) An Apache out-of-memory condition no longer causes a failure to process data channel requests that resulted in agent-server communication failures with "Connection refused" and "Server busy" error messages. (1165874) Agents now show the "LDAP Location" under System Tree. (1166479) New user policies appear faster. (1166555) An SQL exception no longer appears in the Orion log when retrieving product settings for some extensions. (1167417) After importing a global reviewer permission set, users are no longer granted some global administration permissions. (1169577) If you configure custom properties on a McAfee Agent with the command msaconfig -CustomProps3 "MyCustomProp3", then wake up the agent, or collect and send the properties from the McAfee Agent, clicking Action Agent Set Description, no longer deletes the configured custom properties. (1192911) When editing policies, policies are no longer listed twice after renaming or duplicating a policy until the screen is refreshed. (1116241) You can now successfully browse for new users in a User-based Policy Assignment Rule with Internet Explorer 11. (1130526) After importing a permission set, the user no longer has access to product policies or tasks. (1135467) Exclusion tags assigned to a deployment task are no longer removed. (1138683) When editing policies, the Save and OK buttons are accessible, as expected. (1144868) The Delay this task setting is preserved in the run at startup schedule for client tasks. (1160942) McAfee epo administrators can no longer obtain unauthorized read and write access to McAfee epo via URL manipulation. (1164199) When McAfee DXL is installed on the client, a push installation of the McAfee Agent expired immediately without trying the installation. Now the installation starts as expected. (1167998) After importing Master Repository security keys packages, the repositories are no longer incorrectly marked as unsigned. (1169042) The task ownership page took 20 30 minutes to open if there were many Windows NT users to list. Now it opens quickly. (1169803) When Active Directory synchronization runs, some computers are no longer populated to unexpected locations in the System Tree. (1171403, 1198592) The Microsoft Visual C++ 2005 Redistributable Package is no longer installed or required by McAfee epo. (1183184) Excess Notify Agent errors no longer appear in the Audit Log after upgrading McAfee epo. (1183215) Agent-server communication no longer fails due to a maximum connection state when running an AD Sync task that is synchronizing many computer objects. (1195175) Server tasks no longer stop running when a McAfee epo server is offline. Instead, the tasks continue to the next server. (1198424) Manually assigned permission sets are visible to all administrators. (1110599) 9

Adding or deleting a user to the UserDirectory no longer takes a long time to complete. (1124003) The LDAP sync server task no longer deletes user and group events for users that are still referenced by other groups. (1203000) Known issues For a list of known issues in this product release, see this McAfee KnowledgeBase article: KB82675. Installation instructions The current release of the product has specific installation requirements and best practices. For information about installing or upgrading epolicy Orchestrator software, see the McAfee epolicy Orchestrator Installation Guide. Best practice: Run the Pre-Installation Auditor Before you upgrade McAfee epo, run the McAfee epo Pre-Installation Auditor to reduce or prevent upgrade issues. Running the auditor automates many of the verification tasks included in the upgrade process. Task 1 Download the McAfee epo Pre-Installation Auditor from the McAfee epo Downloads page: secure.mcafee.com/apps/downloads/my-products/login.aspx 2 Double-click epip.exe to start the auditor, then follow the prompts. For more information, see the McAfee epo Pre-Installation Auditor Release Notes. Requirements for installation or upgrade if using SSL connection to SQL Server Your installation or upgrade might fail if you use an SSL connection between your McAfee epo 5.3.3 server and your SQL database. This release of McAfee epo updated the RSA libraries that have additional security requirements for communication with the database. To meet the new compatibility requirements, install all available Windows updates on your McAfee epo server and the SQL Server before starting the installation or upgrade. For details, see McAfee KB87731 article, Installation or upgrade to epolicy Orchestrator 5.3.3 and 5.9 fails when using SSL connection for SQL Server. Enable TLS 1.1 or 1.2 on your browser This version of McAfee epo 5.3.3 requires enabling TLS 1.1 or 1.2 support on your browser. To provide additional security for the communications between your web browser and your McAfee epo server, you must enable TLS 1.1 or 1.2 support on your browser. See the documentation for your browser to enable TLS 1.1 or 1.2 support. 10

Getting product information by email The Support Notification Service (SNS) delivers valuable product news, alerts, and best practices to help you increase the functionality and protection capabilities of your McAfee products. To receive SNS email notices, go to the SNS Subscription Center at https://sns.secure.mcafee.com/signup_login to register and select your product information options. Find product documentation On the ServicePortal, you can find information about a released product, including product documentation, technical articles, and more. Task 1 Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab. 2 In the Knowledge Base pane under Content Source, click Product Documentation. 3 Select a product and version, then click Search to display a list of documents. Copyright 2018 McAfee, LLC McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. 0B00

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback