 Release Notes for McAfee(R) VirusScan(R) Enterprise
                    Version 8.5i
                       Patch 1
           Copyright (C) 2007 McAfee, Inc.
                 All Rights Reserved


==========================================================

Patch Release:    22 February 2007

This release was developed and tested with:

- VirusScan Enterprise:8.5i
- DAT Version:         4961, February 12 2007
- Engine Version:      5.1.00

Make sure you have installed these versions before
using this release.

==========================================================


Thank you for using VirusScan(R) Enterprise
software. This file contains important information
regarding this release. We strongly recommend that
you read the entire document.


The attached files are provided as is, and with no
warranty either expressed or implied as to their
suitability for any particular use or purpose.
McAfee, Inc. assumes no liability for damages
incurred either directly or indirectly as a result
of the use of these files, including but not limited
to the loss or damage of data or systems, loss of
business or revenue, or incidental damages arising
from their use. Patch files should be applied only
on the advice of McAfee Technical Support, and only
when you are actually experiencing the issue being
addressed by the Patch. Patch files should not be
proactively applied in order to prevent potential
product issues. You are responsible for reading and
following all instructions for preparation,
configuration, and installation of Patch files.
Patch files are not a substitute or replacement for
product Service Packs which may be released by
McAfee, Inc. It is a violation of your software
license agreement to distribute or share these files
with any other person or entity without written
permission from McAfee, Inc. Further, posting of
McAfee Patch files to publicly available Internet
sites is prohibited. McAfee, Inc. reserves the right
to refuse distribution of Patch files to any company
or person guilty of unlawful distribution of McAfee
software products. Questions or issues with McAfee
Patch files should be directed to McAfee Technical
Support.



__________________________________________________________
WHAT'S IN THIS FILE

-   About This Release
   -   Purpose
   -   Resolved Issues
   -   Known Issues
   -   Files Included With This Release
-   Installation
   -   Installation Requirements
   -   Installation Steps
   -   Installation Steps via ePolicy Orchestrator
   -   Verifying the Installation
   -   Removing the Patch
-   Contact Information
-   Copyright & Trademark Attributions
-   License Information


__________________________________________________________
ABOUT THIS RELEASE


PURPOSE

This release contains updated binaries in a single
Microsoft Patch installer to address all items
listed in "Resolved Issues" below.


RESOLVED ISSUES

1.  ISSUE:
    Applications that perform operations with
    temporary files, such as printing, generate a
    "file missing" error.

    RESOLUTION:
    The link driver has been updated to correctly
    handle file operations that use the
    DeleteOnClose flag.

2.  ISSUE:
    When McAfee Policy Enforcer is pushed out to a
    system with VirusScan Enterprise 8.5i, McAfee
    trusted processes might trigger Access
    Protection rules. A reboot is required to
    correct the problem.

    RESOLUTION:
    The link driver has been revised to ensure
    trusted policies are propagated between
    instances of loaded drivers.

3.  ISSUE:
    Some files remain locked indefinitely.
    Third-party tools indicate that McShield.exe was
    leaking handles, thereby locking the file.

    RESOLUTION:
    The link driver has been updated to detect and
    handle the oplock break-in-progress status code
    and ensure file locks are released.


4.  ISSUE:
    Under certain conditions, VirusScan Enterprise
    scanner for Lotus Notes can mistakenly deny
    access to the Lotus Notes internal processes, if
    another Note is being accessed by the user. The
    message "You are not authorized to perform that
    operation" is displayed for the user.

    RESOLUTION:
    The Lotus Notes scanner binaries have been
    updated to resolve the issue.

5.  ISSUE:
    For non-English platforms, a control ID is
    displayed in the Status field of the On-Access
    Messages window, rather than the localized
    strings.

    RESOLUTION:
    The resource binary for the On-Access Scanner
    service has been updated to resolve this issue.

6.  ISSUE:
    When VirusScan Enterprise 8.5i is installed to
    Windows Vista 32-bit platforms, the Buffer
    Overflow Protection feature is not available.

    RESOLUTION:
    This Patch enables Buffer Overflow Protection
    for Windows Vista 32-bit environments.

7.  ISSUE:
    When a scheduled On-Demand Scan task fails to
    authenticate to a specified location, the user
    receives an erroneous error asking that
    VirusScan Enterprise be reinstalled.

    RESOLUTION:
    The localized binaries file has been updated to
    handle the specific event.

8.  ISSUE:
    ePolicy Orchestrator could fail to replicate
    distributed repositories when VirusScan
    Enterprise 8.5i is installed.

    RESOLUTION:
    The Common Shell binary has been updated to
    allow sharing of files with other processes.

9.  ISSUE:
    Users without local administrative rights are
    not able to use the Help file unless it was
    previously downloaded by an administrator.

    RESOLUTION:
    Non-administrative users can now download and
    use the current Help file.

10. ISSUE:
    Not all VirusScan Enterprise events can be
    filtered in ePolicy Orchestrator reporting.

    RESOLUTION:
    The extended reports NAP file has been updated
    to allow filtering of all VirusScan Enterprise
    events.

11. ISSUE:
    In certain circumstances, when a state change
    occurs with Access Protection, the On-Access
    Scanner cannot be disabled/enabled, and some
    Access Protection rules fail to log messages.

    RESOLUTION:
    The McTaskManager Service and Access Protection
    binaries have been updated to resolve this
    issue.

12. ISSUE:
    When resuming from the hibernate state, the
    system tray icon might be in the disabled state,
    reflecting the status of the On-Access Scanner.
    However, the scanner service is functioning
    normally.

    RESOLUTION:
    The system tray icon should always reflect the
    correct state of the On-Access Scanner when
    resuming from hibernation.


KNOWN ISSUES

1.  Adding the Patch to a McAfee Installation
    Designer custom package causes the VirusScan
    installation to fail. For Patch 1, custom
    packages that include the patch package are not
    supported.

2.  Installing the Patch and specifying a log file
    path using the Microsoft Installer (MSI) switch
    "/L" does not log to the specified path. A log
    file capturing full data is logged to the folder
    "McAfeeLogs" under the Temp folder.

3.  If the Lotus Notes client is open when this
    release is installed, the installation completes
    successfully, but a reboot is required to
    replace the McAfee Lotus scanner files. The new
    files are not used until after a reboot.

4.  Uninstalling VirusScan Enterprise patches is now
    possible for computers running Windows Installer
    v3.x or later.  This technology is not fully
    integrated for Windows 2000 operating systems,
    so there is no option to remove the Patch in
    Add/Remove programs.  Please see instructions
    under "Removing the Patch" for removal via
    command-line options.

5.  Uninstall of VirusScan patches is not available
    for Windows NT platforms, as Windows Installer
    v3.x is not supported on this platform. The
    patch still installs to all platforms supported
    by VirusScan Enterprise 8.5i.

6.  Patches for VirusScan Enterprise 8.5i can only
    be uninstalled via Add/Remove programs, not via
    ePolicy Orchestrator or Protection Pilot.


FILES INCLUDED WITH THIS RELEASE

This release consists of a package called
VSE85P1.ZIP, which contains the following files:

    PKGCATALOG.Z =
       Package catalog file
    PATCH1.TXT =
       This text file
    VSE850DET.MCS =
       VirusScan Enterprise detection script
    SETUP.EXE =
       Installer for this release
    SETUP.INI =
       Initialization file for SETUP.EXE
    PATCH1.MSP =
       Microsoft Installer Patch file
    VSE850REPORTS.NAP =
       Reporting NAP file


    The following files are installed to client
    systems:
       MFEHIDK.SYS		13.3.0.120
       MCSHIELD.DLL		13.3.1.101
       NCEXTMGR.DLL		8.5.0.830
       NCSCAN.DLL		8.5.0.830
       STRINGS.BIN		No version
       MYTILUS2.DLL		13.3.2.101
       VSODSCPL.DLL		8.5.0.830
       SHUTIL.DLL		8.5.0.830
       MCUPDATE.EXE		8.5.0.830
       BBCPL.DLL		8.5.0.830
       OASCPL.DLL		8.5.0.830
       VSTSKMGR.EXE		8.5.0.830
       SHSTAT.EXE		8.5.0.830
       MCSHIELD.EXE		13.3.2.101
       LOGPARSER.EXE		13.3.2.101
       CSSCAN.EXE		1.2.0.131

    The following files are checked in to the
    ePolicy Orchestrator or Protection Pilot
    repository:
       VSE850REPORTS.NAP	3.0.0.781


__________________________________________________________
INSTALLATION AND REMOVAL


INSTALLATION REQUIREMENTS

To use this release, you must have VirusScan
Enterprise 8.5i software installed on the computer
you intend to update with this release.

    NOTES:
   -   This release does not work with earlier
       versions of VirusScan software.

   -   A reboot is needed in order to fully load the
       system drivers into memory. The package
       install does not force the reboot.




INSTALLATION STEPS

1.  Extract the Patch files from VSE85P1.ZIP to a
    temporary folder on your hard drive.

2.  Double-click the file SETUP.EXE inside the
    temporary folder created in Step 1.

3.  Follow the instructions of the installation
    wizard.


INSTALLATION STEPS FOR ePOLICY ORCHESTRATOR

1.  On the computer where the ePolicy Orchestrator
    3.x console resides, extract the Patch files and
    folders from VSE85P1.ZIP to a temporary folder
    on your hard drive.

2.  Open the ePolicy Orchestrator 3.x console and
    add the package from the temporary folder
    created in Step 1 to your repository.

    Consult "Checking in Package" in the ePolicy
    Orchestrator 3.0 online Help, or "Checking in
    PKGCATALOG.Z product packages to the master
    repository" in the ePolicy Orchestrator 3.5
    online Help, for instructions on adding a
    package to the repository. The package type for
    this Patch is "Products or Updates."

    The next time an agent update task runs, the
    VirusScan Enterprise client automatically
    downloads and installs the Patch.

3.  In the ePolicy Orchestrator console, add the
    VSE850Reports.NAP file using the "Check in NAP"
    wizard.


VERIFYING THE INSTALLATION

Always reboot prior to validating that a Patch has
installed successfully.

    NOTE:
    Patch releases do not display or report that the
    Patch is installed if an error occurred during
    installation, or if a file or files did not
    install correctly.

1.  Open the VirusScan Console and choose "About"
    from the "Help" menu. The "About VirusScan
    Enterprise" window "Installed Patches" displays
    "1."

    After property information has been collected by
    ePolicy Orchestrator and Protection Pilot
    agents, the client systems show that Patch 1 is
    installed as the "Hotfix" version. If the value
    "HotfixVersions" appears, it is a temporary
    value and will be removed after a full property
    collection from the client.

2.  Confirm that the expected files are installed by
    checking the version number of individual files.
    File versions should match the list in "FILES
    INCLUDED WITH THIS RELEASE," above.


REMOVING THE PATCH

Windows Installer 3.x and later now supports the
rolling back of patches.  This can be done one of
two ways.

-   For Windows XP, Windows 2003, and Windows Vista
    operating systems, the Patch can be removed
    manually via Add/Remove Programs if the user has
    administrative rights to the local system.

-   For all operating systems that support Windows
    Installer 3.x, a command-line option can be used
    to remove the Patch silently.

    Example:
       Msiexec /I {35C03C04-3F1F-42C2-A989-A757EE691F65}
       MSIPATCHREMOVE={4CCB970E-17BC-4E7E-8BB1-022C629CAED4} /q

    NOTE:  The GUID information used here will
    change from one Patch to another, so please use
    the information in the Release Notes from the
    latest patch.


__________________________________________________________
CONTACT INFORMATION


THREAT CENTER:  McAfee Avert(R) Labs
Homepage
http://www.mcafee.com/us/threat_center/default.asp

Avert Labs Threat Library
http://vil.nai.com/

Avert Labs WebImmune & Submit a Sample (Logon
credentials required)
https://www.webimmune.net/default.asp

Avert Labs DAT Notification Service
http://vil.nai.com/vil/signup_DAT_notification.aspx

DOWNLOAD SITE
Homepage
http://www.mcafee.com/us/downloads/

   -   Product Upgrades (Valid grant number
       required)
   -   Security Updates (DATs, engine)
   -   HotFix and Patch Releases
       -   For Security Vulnerabilities (Available
           to the public)
       -   For Products (ServicePortal account and
           valid grant number required)
   -   Product Evaluation
   -   McAfee Beta Program

TECHNICAL SUPPORT
Homepage
http://www.mcafee.com/us/support

KnowledgeBase Search
http://knowledge.mcafee.com/

McAfee Technical Support ServicePortal (Logon
credentials required)
https://mysupport.mcafee.com/eservice_enu/start.swe

CUSTOMER SERVICE
   Web:       http://www.mcafee.com/us/support/index.html
              http://www.mcafee.com/us/about/contact/index.html

   Phone:     +1-888-VIRUS NO or +1-888-847-8766
              Monday-Friday, 8 a.m.-8 p.m., Central
              Time
              US, Canada, and Latin America
              toll-free

PROFESSIONAL SERVICES
   -   Enterprise:
       http://www.mcafee.com/us/enterprise/services/index.html

   -   Small & Medium Business:
       http://www.mcafee.com/us/smb/services/index.html


SOFTWARE & HARDWARE Technical Support
    Home Page
http://www.mcafee.com/us/support

    Knowledge Search
https://knowledgemap.nai.com/

    McAfee Technical Support ServicePortal (Logon
    credentials required)
https://mysupport.mcafeesecurity.com

    McAfee Security Alerting Service (MSAS)
       http://mysupport.nai.com/supportinfo/psvans_info.asp

Customer Service
   Web:       http://www.mcafee.com/us/support/index.html

   Phone:     +1-888-VIRUS NO or +1-888-847-8766
              Monday-Friday, 8am-8pm, Central Time
              US, Canada, and Latin America
              toll-free



McAfee Beta Program
    Download Site -- Enterprise:
       http://www.mcafee.com/us/enterprise/downloads/beta/index.html

    Download Site -- Small & Medium Business:
       http://www.mcafee.com/us/smb/downloads/beta/index.html

    E-mail to Submit Beta Feedback:
       mcafee_beta@mcafee.com


PROFESSIONAL SERVICES
       http://www.mcafee.com/us/enterprise/services/index.html


Worldwide Offices
    For addresses and phone numbers of worldwide
    offices:
       http://www.mcafee.com/us/about/contact/index.html


_____________________________________________________
COPYRIGHT AND TRADEMARK ATTRIBUTIONS

Copyright (C) 2007 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced,
transmitted, transcribed, stored in a retrieval
system, or translated into any language in any form
orbyany means without the written permission of
McAfee, Inc., or its suppliers or affiliate
companies.


TRADEMARKS

ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY
(AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN
(STYLIZED E), DESIGN (STYLIZED N), ENTERCEPT,
EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE,
GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA),
INTRUSHIELD, INTRUSION PREVENTION THROUGH
INNOVATION, MCAFEE, MCAFEE (AND IN KATAKANA), MCAFEE
AND DESIGN, MCAFEE.COM, MCAFEE VIRUSSCAN, NET TOOLS,
NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD,
NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER,
THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM,
VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA),
WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are
registered trademarks or trademarks of McAfee, Inc.
and/or its affiliates in the US and/or other
countries. The color red in connection with security
is distinctive of McAfee brand products. All other
registered and unregistered trademarks herein are
the sole property of their respective owners.


_____________________________________________________
LICENSE & PATENT INFORMATION

LICENSE AGREEMENT

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE
LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU
PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND
CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF
YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE
ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED
LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT
ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE
RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A
BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE
AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED
THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF
THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL
THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE
PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A
FULL REFUND.


LICENSE ATTRIBUTIONS

This product includes or may include:
*Software developed by the OpenSSL Project for use
in the OpenSSL Toolkit (http://www.openssl.org/).
*Cryptographic software written by Eric A. Young
and software written by Tim J. Hudson. *Some
software programs that are licensed (or sublicensed)
to the user under the GNU General Public License
(GPL) or other similar Free Software licenses which,
among other rights, permit the user to copy, modify
and redistribute certain programs, or portions
thereof, and have access to the source code. The GPL
requires that for any software covered under the
GPL, which is distributed to someone in an
executable binary format, that the source code also
be made available to those users. For any such
software covered under the GPL, the source code is
made available on this CD. If any Free Software
licenses require that McAfee provide rights to use,
copy or modify a software program that are broader
than the rights granted in this agreement, then such
rights shall take precedence over the rights and
restrictions herein. *Software originally written
by Henry Spencer, Copyright 1992, 1993, 1994, 1997
Henry Spencer. *Software originally written by
Robert Nordier, Copyright (C) 1996-7 Robert Nordier.
*Software written by Douglas W. Sauder. *Software
developed by the Apache Software Foundation
(http://www.apache.org/). A copy of the license
agreement for this software can be found at
www.apache.org/licenses/LICENSE-2.0.txt.
*International Components for Unicode ("ICU")
Copyright (C)1995-2002 International Business
Machines Corporation and others. *Software
developed by CrystalClear Software, Inc., Copyright
(C)2000 CrystalClear Software, Inc. *FEAD(R)
Optimizer(R) technology, Copyright Netopsystems AG,
Berlin, Germany. *Outside In(R) Viewer Technology
(C)1992-2001 Stellent Chicago, Inc. and/or Outside
In(R) HTML Export, (C) 2001 Stellent Chicago, Inc.
*Software copyrighted by Thai Open Source Software
Center Ltd. and Clark Cooper, (C) 1998, 1999, 2000.
*Software copyrighted by Expat maintainers.
*Software copyrighted by The Regents of the
University of California, (C) 1996, 1989, 1998-2000.
*Software copyrighted by Gunnar Ritter. *Software
copyrighted by Sun Microsystems, Inc., 4150 Network
Circle, Santa Clara, California 95054, U.S.A., (C)
2003. *Software copyrighted by Gisle Aas. (C)
1995-2003. *Software copyrighted by Michael A.
Chase, (C) 1999-2000. *Software copyrighted by Neil
Winton, (C)1995-1996. *Software copyrighted by RSA
Data Security, Inc., (C) 1990-1992. *Software
copyrighted by Sean M. Burke, (C) 1999, 2000.
*Software copyrighted by Martijn Koster, (C) 1995.
*Software copyrighted by Brad Appleton, (C)
1996-1999.  *Software copyrighted by Michael G.
Schwern, (C)2001. *Software copyrighted by Graham
Barr, (C) 1998. *Software copyrighted by Larry Wall
and Clark Cooper, (C) 1998-2000. *Software
copyrighted by Frodo Looijaard, (C) 1997. *Software
copyrighted by the Python Software Foundation,
Copyright (C) 2001, 2002, 2003. A copy of the
license agreement for this software can be found at
www.python.org. *Software copyrighted by Beman
Dawes, (C) 1994-1999, 2002. *Software written by
Andrew Lumsdaine, Lie-Quan Lee, Jeremy G. Siek (C)
1997-2000 University of Notre Dame. *Software
copyrighted by Simone Bordet & Marco Cravero, (C)
2002. *Software copyrighted by Stephen Purcell, (C)
2001. *Software developed by the Indiana University
Extreme! Lab (http://www.extreme.indiana.edu/).
*Software copyrighted by International Business
Machines Corporation and others, (C) 1995-2003.
*Software developed by the University of
California, Berkeley and its contributors.
*Software developed by Ralf S. Engelschall
<rse@engelschall.com> for use in the mod_ssl project
(http:// www.modssl.org/). *Software copyrighted by
Kevlin Henney, (C) 2000-2002. *Software copyrighted
by Peter Dimov and Multi Media Ltd. (C) 2001, 2002.
*Software copyrighted by David Abrahams, (C) 2001,
2002. See http://www.boost.org/libs/bind/bind.html
for documentation. *Software copyrighted by Steve
Cleary, Beman Dawes, Howard Hinnant & John Maddock,
(C) 2000. *Software copyrighted by Boost.org, (C)
1999-2002. *Software copyrighted by Nicolai M.
Josuttis, (C) 1999. *Software copyrighted by Jeremy
Siek, (C) 1999-2001. *Software copyrighted by
Daryle Walker, (C) 2001. *Software copyrighted by
Chuck Allison and Jeremy Siek, (C) 2001, 2002.
*Software copyrighted by Samuel Krempp, (C) 2001.
See http://www.boost.org for updates, documentation,
and revision history. *Software copyrighted by Doug
Gregor (gregod@cs.rpi.edu), (C) 2001, 2002.
*Software copyrighted by Cadenza New Zealand Ltd.,
(C) 2000. *Software copyrighted by Jens Maurer,
(C)2000, 2001. *Software copyrighted by Jaakko
Jrvi (jaakko.jarvi@cs.utu.fi), (C)1999, 2000.
*Software copyrighted by Ronald Garcia, (C) 2002.
*Software copyrighted by David Abrahams, Jeremy
Siek, and Daryle Walker, (C)1999-2001. *Software
copyrighted by Stephen Cleary (shammah@voyager.net),
(C)2000. *Software copyrighted by Housemarque Oy
<http://www.housemarque.com>, (C) 2001. *Software
copyrighted by Paul Moore, (C) 1999. *Software
copyrighted by Dr. John Maddock, (C) 1998-2002.
*Software copyrighted by Greg Colvin and Beman
Dawes, (C) 1998, 1999. *Software copyrighted by
Peter Dimov, (C) 2001, 2002. *Software copyrighted
by Jeremy Siek and John R. Bandela, (C) 2001.
*Software copyrighted by Joerg Walter and Mathias
Koch, (C) 2000-2002. *Software copyrighted by
Carnegie Mellon University (C) 1989, 1991, 1992.
*Software copyrighted by Cambridge Broadband Ltd.,
(C) 2001-2003. *Software copyrighted by Sparta,
Inc., (C) 2003-2004. *Software copyrighted by
Cisco, Inc and Information Network Center of Beijing
University of Posts and Telecommunications, (C)
2004. *Software copyrighted by Simon Josefsson, (C)
2003. *Software copyrighted by Thomas Jacob, (C)
2003-2004. *Software copyrighted by Advanced
Software Engineering Limited, (C) 2004. *Software
copyrighted by Todd C. Miller, (C) 1998. *Software
copyrighted by The Regents of the University of
California, (C) 1990, 1993, with code derived from
software contributed to Berkeley by Chris Torek.


V3.1.4


