| • | About this document |
| • | New features |
| • | Known issues |
| • | Additional information |
| • | Finding product documentation |
Thank you for choosing this McAfee product. This document contains important information about the current release. We strongly recommend that you read the entire document.
| We do not support the automatic upgrade of a pre-release software version. To upgrade to a production release of the software, you must first uninstall the existing version. |
Here is a summary of the new and updated features included in this release of ePolicy Orchestrator software.
Now you can choose the installation option that works best for your needs: Express, Custom, or Cluster. These options simplify the decisions needed to install your ePolicy Orchestrator software.
This version of the software introduces a Guided Configuration setup tool that streamlines the process of creating a managed environment. After installation, go to the Dashboards page to use the Guided Configuration tool to perform important tasks, including:
| • | Selecting McAfee software to install and deploy to your network. |
| • | Selecting the systems your ePolicy Orchestrator server manages. |
| • | Configuring policies for your managed systems. |
The Software Manager provides a single location within the ePolicy Orchestrator console where you can review and download McAfee software, software components, and documentation. It eliminates the need to access the McAfee download website separately for new McAfee software and updates. You can also configure notifications and automatic responses to inform you about and install updates and patches.
You can deploy the McAfee Agent 4.6 to client systems running Linux Red Hat version 5.2 and Mac OS X versions Leopard (10.5) and Snow Leopard (10.6) using the ePolicy Orchestrator user interface.
| • | Use the client task catalog to manage client task objects separately from their assignments and schedules. |
| • | Assign a single client task to multiple locations, each with a unique schedule. |
| • | Share client task objects across multiple registered ePolicy Orchestrator servers. |
| • | Import and export tasks to ensure consistency across your servers while reducing the effort to create a common environment. |
Additionally, in this release you can run a client task on demand using the Run Client Task Now feature on systems where the McAfee Agent 4.6 is deployed. Similar to the existing Update Now feature, this action handles client tasks instead of software deployment. It is especially useful in performing troubleshooting tasks for individual or small sets of computers.
Tag-based policy assignments simplify policy management. You can now use tags to assign policies. You no longer need to search the System Tree for elusive policy assignments. Tags can be used to assign policies from multiple products in one step based on business need or security status.
Dashboard management has been significantly streamlined and includes these enhancements:
| • | A new Monitor Gallery from which you can drag and drop dashboard elements, configure options and refresh rates, and move and resize individual monitors. |
| • | The ability to share dashboards with groups of users, including the ability to share based on a specific permission set. |
| • | The option to configure default dashboard by permission sets. |
| • | The ability to import and export dashboards, and all associated queries. |
| • | Updated and expanded default dashboards. |
ePolicy Orchestrator software fully supports certificate-based authentication, allowing more secure forms of system access. In addition, this authentication method integrates with Active Directory for ease of configuration.
You can now create detailed reports that contain multiple queries and images, configure reports to use run-time parameters to create report templates that are populated with different data sets at runtime, and customize reports on-demand or on a customized schedule.
Three new permission set queries allow Global Administrators to easily view which users have been assigned which permissions. Permission sets can now be imported and exported.
McAfee ePO software now provides a Web API you can use to automate key ePolicy Orchestrator functionality. Use this feature to further customize and leverage ePolicy Orchestrator software in your managed environment.
| • | Tabbed System Information page — The System Information page (formerly the System Details page) now includes three dashboard monitors that you can customize to display product specific information at a glance for the products each user is interested in. |
| • | Persistent table filters — You can now create custom filters on tables of data and save them per user. |
| • | Expanded drag and drop support — More places within the user interface now support drag and drop; including queries, agent repository selection lists, the System Tree, report designer, and dashboard editing pages. |
| • | Multi-select table rows — Now you can use "Shift + Click" to select or deselect multiple table rows. |
Here is a list of known issues that we were aware of at production time.
To view an updated list of issues associated with this release, see KB65773.
| 1 | Issue — When installing your ePolicy Orchestrator software in a different domain than your ePolicy Orchestrator SQL database server, might trigger a Network Error. (Reference: 629704) Workaround — Provide the Fully Qualified Domain Name (FQDN) of your SQL server. For example, type SQLSERVER.MYDOMAIN.COM instead of SQLSERVER. |
| 2 | Issue — During installation of your ePolicy Orchestrator server or remote Agent Handler installation a syntax error might occur if you use a username containing double-byte characters when the Visual C++ 2005 Redistributable is installed. This issue is caused when Windows creates temp directories during the install process. (Reference: 626759, 617731, 640743) |
| 3 | Issue — If you use double-byte characters in your SQL server login, an error occurs and the following message is displayed on the logon page: The Apache service named reported the following error: >>> SSLCertificateFile: file 'C:/Program Files/McAfee/ePolicy Orchestrator/Apache2/conf/ ssl.crt/ahcert.crt' does not exist or is empty(Reference: 631079) Workaround — Avoid using double-byte characters for your SQL server credentials. |
| 1 | Issue — When upgrading from the Leatherman release of ePolicy Orchestrator software (version 4.5 Patch 1), you must first upgrade to version 4.5 Patch 3, then upgrade to ePolicy Orchestrator software version 4.6. During the upgrade process, the Welcome tour dashboard monitor is removed. When the upgrade is complete, any dashboard monitor that references this tour displays an empty space where the tour monitor would appear. (Reference: 582216) Workaround — There is currently no workaround for this issue. |
| 2 | Issue — When upgrading to ePolicy Orchestrator software version 4.6 from version 4.5 Patch 3 with GroupShield for Domino version 7 installed, an error occurs and the following message is displayed on the logon page: GSD7REPORTS - Error creating bean with GSD7REPORTS.type.registration: Invocation of init method failed; nested exception is java.lang.IlleglStateException: Registered Type computer already exists.(Reference: 584960) Workaround — Acquire and check in the latest patch for GroupShield for Domino version 7, or remove the existing GSD7REPORTS extension from the Extensions page in the ePolicy Orchestrator 4.6 interface. |
| 3 | Issue — When upgrading to ePolicy Orchestrator software version 4.6, some of the Issues Management permission settings for the Global Reviewer permission set are automatically set to View only from No permissions. (Reference: 646099,646158) Workaround — After the upgrade is complete, you must manually reset these permission settings. |
| • | Issue — McAfee Agents version 4.6 cannot receive broadcast messages from version 4.5 or older SuperAgents. Additionally, version 4.5 or older agents cannot receive broadcast messages from version 4.6 SuperAgents. (Reference: 631922) Workaround — You have three options to work around this issue:
|
| • | Issue — On the Agent Handler page, the Inactive Handler monitor displays the number of disabled Agent Handlers, instead of inactive Agent Handlers. (Reference: 640648) Workaround — There is currently no workaround for this issue. However, you can run the Agent Handler Status query from the Queries page to view the number of inactive Agent Handlers.
|
| • | Issue — In an IPv6 only environment, the option to register an Active Directory server using the DNS name is not successful. (Reference: 568902) Workaround — Use the Server Name option to specify the server name or IPv6 address to register the server.
|
| • | Issue — Systems where the version 4.6 non-Windows McAfee Agent is deployed appear in the Run Client Task Now page Affected Systems list even though this feature is not supported for use with non-Windows agents. (Reference: 632013) Workaround — There is currently no workaround for this issue. |
| 1 | Issue — When a server task that includes the Deploy McAfee Agent actions is exported, authentication information is saved in the export XML file in plain text. (Reference: 642466) Workaround — There is currently no workaround for this issue. |
| 2 | Issue — When creating a Data roll up report Server Task using Internet Explorer (IE), you might not be able to chain multiple tasks to include additional data types. The inability to chain multiple tasks is caused by IE Enhanced Security Configuration (ESC), which is enabled by default on Windows Server 2003 and 2008. (Reference: 630107) Workaround — To enable the ability to chain these tasks on Windows Server 2003 you must uninstall the IE ESC using the Add or Remove Programs feature. On Windows Server 2008 you can disable IE ESC using the Server Manager utility. For more information on how to perform either of these tasks, refer to your Microsoft Windows Server documentation. |
| 3 | Issue — Server task completion times and durations in the task scheduler might be reported incorrectly. This can occur when there is a discrepancy between the time reported by your ePolicy Orchestrator server and the time reported by your database server. (Reference: 648553) Workaround — Synchronize your ePolicy Orchestrator server and database server to the same time service. For more information on synchronizing the time reported by a Windows server, see the Microsoft documentation, including KB article http://support.microsoft.com/kb/816042. |
| • | Issue — The Software Manager cannot update an existing version of McAfee® VirusScan® Enterprise 8.7 software. (618551) Workaround — You must Check In the VirusScan Enterprise 8.7 product updates manually. |
| 1 | Issue — Some unicode characters are not displayed in exported PDF reports. (Reference: 623698) Workaround — Add the arialuni.ttf font file to your font directory. This font is included with most Microsoft Office Suites. If you do not have this font, you can download it here: http://www.microsoft.com/typography/fonts/font.aspx?fmid=1081 | ||||
| 2 | Issue — Importing McAfee Agent repository policies into a version 4.6 ePolicy Orchestrator server from a version 4.0 or 4.5 server does not overwrite existing policies already on the 4.6 server with duplicate names. (Reference: 541623) Workaround — Backup your existing agent repository policies by exporting a copy from your 4.6 server before importing the agent policies from an earlier version of the software. After importing the policies, manually verify that no unintended changes have been made to the existing "Repository" policies. If changes have occurred, use the backup you created to restore those policies. | ||||
| 3 | Issue — Importing a .zip file containing more than one security key causes an Invalid key file error to occur, and the import process cannot be completed. (Reference: 636752) Workaround — You can only import one set of security keys at a time. You can workaround this issue using either of the following options:
| ||||
| 4 | Issue — Importing a password protected .zip file causes an Unexpected Error to occur, and the import process cannot be completed. (Reference: 636752). Workaround — Export your data without adding a password to the .zip file, then repeat the import. | ||||
| 5 | Issue — Including non-ASCII characters in a password when exporting a .zip file causes the delivery of an inaccurate error message: "Unable to extract files with the provided password." However, the error is actually caused by the use of non-ASCII characters in the password. (Reference: 635266) Workaround — Do not use non-ASCII characters when specifying a password while exporting to a .zip file. |
| • | Issue — When using Internet Explorer (IE) 7, some Dashboards might become unresponsive, and cause your browser session to hang. Restarting your browser session does not resolve the issue, because when you reopen the ePolicy Orchestrator console, the same dashboard is displayed, and your session hangs again. This occurs because, by default, IE 7 imposes a limit of two concurrent connections to a server. (Reference: 646156) Workaround — To workaround this issue, you can configure IE to allow more concurrent connections by modifying the IE MaxConnectionsPerServer registry key. For more information on modifying this registry key, see Microsoft KB article http://support.microsoft.com/kb/282402 or McAfee KB71159. |
| 1 | Issue — Using the "Shift + Click" feature to select more than 1,500 rows in a table simultaneously might cause a spike in CPU utilization and/or trigger an error message describing a Script error. (Reference: 637829) Workaround — Limit the number of table rows you select using "Shift + Click." |
| 2 | Issue — If both the ePolicy Orchestrator console and help portal are open, and the help portal browser session times out, you're console browser session might time out as well. (Reference: 620064) Workaround — To workaround this issue, you must close both browser windows and log in to the server console again. |
| • | Issue — McAfee Firewall Enterprise ePolicy Orchestrator Extension 5.0 is not supported on ePolicy Orchestrator software version 4.6 (649181) Workaround — Take the following steps to workaround this issue:
|
| For more information on this task, see the McAfee Firewall Enterprise documentation, or the section in these release notes titled Additional information; Important upgrade information about your managed products and ePolicy Orchestrator software 4.6 . |
Review this section for important, additional information about this product release.
When upgrading your ePolicy Orchestrator software to version 4.6, some of your managed products require special consideration. For details on these managed products, and what steps to take when upgrading your server, see McAfee KB71259.
| • | The parent and child domains are used without chasing referrals. |
| • | Chasing referrals is enabled only on the parent domain. |
Accessing the ePolicy Orchestrator console using Internet Explorer (IE) with IE Enhanced Security enabled might prevent some content from loading correctly. If you are using IE with this feature enabled, add your ePolicy Orchestrator site to the IE Trusted Sites list to ensure that you can view all content correctly.
In a Microsoft Server cluster environment managed by an ePolicy Orchestrator server, agent communications might report the cluster IP address instead of the node IP address. This can cause a problem if the active node fails over and a passive node becomes active. In this scenario, when the node that failed over comes back online in the passive state, the ePolicy Orchestrator server can no longer communicate with that node because it has the wrong IP address. This issue is resolved during the next agent-server communication, when the correct IP address is reported back to the server.
ePolicy Orchestrator software 4.6 enables you to register and then query against remote databases used by other ePolicy Orchestrator managed products in your environment. To use this feature, you must check in a managed product extension that has a predefined database schema. Once a managed product that supports this feature is checked in, the option to register a remote database server automatically appears in the Registered Server builder wizard's server type drop down menu. For more information on the availability of additional supported database schemas, see your managed product documentation.
ePolicy Orchestrator software version 4.6 fully supports rollup reporting from version 4.0 and 4.5 registered servers. When configuring your rollup reporting tasks on these supported legacy ePolicy Orchestrator servers, you must ensure that you specify only those data types supported for that particular server version. Use the following table as a reference to confirm which data types can are supported for roll up reports on each version of ePolicy Orchestrator software.
McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.
| 1 | Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. | ||||||||||||||||
| 2 |
Under Self Service, access the type of information you need:
|
Copyright © 2011 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.