Release Notes

McAfee ePolicy Orchestrator 5.3.2

Contents
About this release
New feature
Resolved issues
Installation instructions
Known issues
Find product documentation

About this release

This document contains important information about the current release. We strongly recommend that
you read the entire document.
Release build 5.3.2.156

Upgrade paths

At the time of this release, you can upgrade these versions to McAfee ePolicy Orchestrator (McAfee
ePO ) 5.3.2:

McAfee ePO 4.6.8

McAfee ePO 5.1.2

McAfee ePO 4.6.9

McAfee ePO 5.1.3

McAfee ePO 5.1.0

McAfee ePO 5.3.0

McAfee ePO 5.1.1

McAfee ePO 5.3.1

Purpose
This release of McAfee ePO fixes issues and supports features in upcoming managed product releases.

Rating
Mandatory McAfee requires this release for all environments. This update must be applied
immediately to avoid a potential security breach, and to maintain a viable and supported product.
For more information about patch ratings, see McAfee KnowledgeBase article KB51560.

Upgraded components
This release upgrades these components.
Component

New version

Apache Http Server

2.4.16

Java Runtime

1.8.0_72

OpenSSL

1.0.1r

New feature
The release of the product includes this new feature.

Syslog integration
You can now register TLS-secure syslog servers with your McAfee ePO server.

Resolved issues
These issues are resolved in this release of the product. For a list of issues fixed in earlier releases,
see the Release Notes for the specific release.

Security

This release fixes a vulnerability in the custom logon message feature. (1106866, 1102640)

This release fixes an Apache Common vulnerability. (1110523,1106041)

This release includes JRE 1.8.0_72. (1117371)

This release updates Apache to version 2.4.16. (1082113)

This release fixes a vulnerability to a denial-of-service (DoS) attack vector. (1089300)

This release fixes a vulnerability to a cross-site scripting (XSS) attack vector. (1113511, 1112985)

This release fixes a vulnerability when creating server tasks with Deploy Agent actions. (1113510)

This release reduces the number of supported TLS ciphers used by the Apache Http Server to
eliminate less secure connections. (1106991)

This release prevents the use of TLS 1.0 by the Apache Http Server. (1087288)

This release increases resistance to downgrade, man-in-the-middle, and cookie hijacking attack
vectors. (1103872)

This release upgrades OpenSSL to version 1.0.1r. (1088557)

This release upgrades the RSA BSAFE Micro Edition Suite (MES) to version 4.1.4. (1090528)

Active Directory

All LDAP servers are now displayed on the Active Directory Groups page. (1106035)

Active Directory user accounts without permission sets are no longer created automatically.
(1108690)

If you added and then deleted an Active Directory root domain, it did not disappear as expected.
Now, deleting the root domain makes the root domain disappear as expected. (1097232)

Client tasks

If you changed a client task on one system and closed the page, then selected a second system
from the System Tree and clicked Modify Tasks on a Single System, the changes to the previous system's
client task did not appear.
Now the client tasks appear correctly in both systems. (1106730)

When configuring any client task assignment that had Locked (prevent breaking inheritance below this point)
selected, if you configured these options:

Send this task to only computers which have the following criteria.

Has any of these tags.

Select a tag that was not applied to the client system.

Select Collect and send properties to the ePO server and specify the Agent Status Monitor on the client
system.

The client task was downloaded to the client system even though the client system did not have
the tag where the task was applied.
Now the client task is not downloaded to the client system if the tags where the task is applied are
not applied to the client computer. (1105425)

When you created a client task assignment that ran immediately, the message, Unexpected schedule
property value input, was recorded in orion.log when the task was saved, viewed, or edited.
Now immediate tasks do not generate the message. (1119035)

Deployment

When you installed McAfee Endpoint Security using the installation URL, some products that could
not coexist on the same client were selected by default.

Now, products are deselected by default and you can select the products that you want. (1089037)

If you tried to deploy McAfee Agent 5.0.2 to a non-Windows system from the console, it failed and
logged a message.

Now, the McAfee Agent is deployed successfully. (1120933, 1122686)

If you used a Turkish or German system and tried to deploy agents from the System Tree (Actions |
Agent | Deploy Agent), the deployment failed. This action failed because "Current" and "Previous" were
translated incorrectly in the installation path for German and Turkish systems.
Now the deployment works as expected. (1112548)

Installation and upgrades

The Product Compatibility Check did not check for incompatible extensions if they were included in
an extension bundle.
Now the Product Compatibility Check checks for incompatibilities inside these bundles. (1087516)

Upgrades in cluster environments failed because the installer was not installing the required C++
runtimes. Now those cluster upgrades succeed. (1123802)

Policies

Editing a user-based policy assignment from the View Assigned Policies page generated an
unexpected error message.
Now, no message appears. (1119050)

If you had McAfee Host Intrusion Prevention installed, duplicate policy assignments appeared in
the System Tree root and could not be deleted.

This process is fixed now. (1096737)

If you ran Host Intrusion Prevention IPS rules or firewall rules with in large environments (over
100,000 clients), it might take 415 minutes or more to open or save the policy.
Now this process takes less time. (1108457)

If you selected a specific user that was assigned a user-based policy, that policy was not shown on
the Assigned Policies page and you received this message: An exception occurred when getting user
policy assignments.
Now, the policy appears. (1080169)

If you selected a specific system from the System Tree and clicked Actions | Directory Management | View
Assigned Policies, if that system had many assigned policies, for example over 400, and a user-based
policy in a policy assignment rule, the page might take up to 10 minutes to appear.
Now, this process occurs in less time. (1110645)

Queries and reports

This release improves the quality of the graphs that appear in Line Charts reports. (1069801)

If you ran a McAfee ePO report on the Extra.DAT names that were applied to your client systems,
the report might contain the Extra.DAT version number or file name. The data depended on
whether the report data was gathered before or after the client completed an agent-server
communication.
Now the Extra.DAT report always displays the Extra.DAT name. (1114328)

Now you can drill down into a custom chart from the chart legend, and from the chart itself.
Previously, you could only drill down into a custom chart from the chart legend. (1078294)

Carriage returns in text boxes are no longer removed when a report is imported. (1100143,
1100191)

In default McAfee groups, while viewing the queries, loading the System Tree no longer generates
errors. (1120620)

Changing a query filter to include future events returns expected results. (1074878)

When drilling down into a query, the Next and Previous buttons navigate to the next or previous event
by date or time.
Previously, these buttons took you to a random event in the list. (1108769)

Reports downloaded as .pdf files no longer display a "character to be escaped" message instead of
runtime parameters. (1111578)

Product codes are now correctly displayed in reports that contain a Product Code column, instead
of the name of the product. (1123781)

Logos used in report headers are larger. (1111758)

Server tasks

If you tried to create a purge server task, such as a task to purge product events or threat events,
the Purge option was disabled.
You can create the purge task now. (1108801)

If you tried to create a server task and selected Purge client events or Purge threat event log, you could not
click Next, because the button was disabled.
Now you can complete the server task. (1090522, 1104706)

If you created a server task that used the Purge threat event log action, this message appeared:
<Date> <Time>, 855 ERROR [http-bio-59443-exec-652] servlet.ControllerServlet - Exception thrown by
ActionBean: java.lang.NullPointerException at
com.mcafee.epo.commonevents.ui.action.PurgeEventLogsAction.setupQuerySelect(PurgeEventLogsAction.java:
160)
Now this message does not appear. (1102411)

If you created a server task by selecting Action | Purge threat event log, selected Purge by query, then ran
the server task, it might return this message:
...execution of task Event Cleanup failed com.mcafee.orion.core.cmd.CommandException: user not authorized to
access query Access Protection Events Older Than 30 Days
The server task successfully executes and purges all related events now. (1083345)

If you selected a system tag to be excluded from a server task, then ran the task, the excluded
system still appeared in the list of systems found by the server task.
Now the exclude tag configuration works as expected. (1104234)

System Tree

After clicking the [x] systems with tag link, the Next and Previous navigation buttons showed random
systems in the Tag Catalog.
Now, the next or previous system in the tagged systems list is displayed. (1108997)

In the System Tree, when you selected My organization and the preset, This Group and all Subgroups, it
might take three minutes to display all systems. Now, the systems appear in less time. (1112397)

Upgrades

During an upgrade from McAfee ePO 5.1.0 to 5.3.0, one of the upgrade events tables on the SQL
Server did not stop growing after the upgrade. Now, that table stops growing post-upgrade.
(1098965)

When upgrading McAfee ePO on a secondary cluster server, the installation failed. Now the upgrade
installs as expected. (1105462)

If you upgraded McAfee Rogue System Detection from version 5.0.1 to version 5.0.1 patch 1 and
ran the server task to update the sensors, it seemed to be successful. But, if you looked in the task
details, the sensor upgrade did not succeed and this message appeared:

Completed: Update Sensor Deployment Client Tasks (Failed to Update Sensor Deployment Client Tasks)
The upgrade works as expected now. (1052786)

User interface

On the System Tree page, if you selected a system and clicked Actions | Directory Management | View
Assigned Policies, the Products filter list did not appear.
The list appears now. (1094363)

If you clicked Help from the Dashboards page, no Help page appeared.
Now the Help opens as expected. (1107806)

When working in Japanese, if you edited an existing server task, the Data Type list displayed
Compliance History instead of client events.
Now, client events appear in the Data Type list as expected. (1121548)

On the Data Protection page, in the Import Filevault Recovery Key section, the OK button was
disabled if you selected a serial number from the drop-down list. Now the OK button works when a
serial number is selected. (916690)

In some circumstances, your changes to a private dashboard might be saved to a public dashboard
if you selected the public dashboard before the page refreshed. Now you can't alter the public
dashboard in this way. (1103160)

When logged on to the console in German, task times are now listed using a 24-hour clock.
(1105805)

The Custom URL Viewer monitor now correctly displays the specified URL, instead of invalid src text.
(1113757)

Logon attempts appear in the Audit Log. Previously, some logon attempts did not appear.
(1120837)

Other issues

When you drilled down into Audit Log entries, some entries were lacking details.
Now those entry details are populated. (1076175)

When using JConsole to monitor McAfee ePO, an error occurs due to a missing path to jconsole.jar
in jconsole.bat.
This release fixes the issue. (1112915)

The McAfee ePO Event Parser (MCAFEEEVENTPARSERSRV) might throw the exception 0xc0000417
for certain events. This error no longer appears. (1115047)

If you tried to run a remote system test sort with an invalid system ID, an exception appeared.
Now, the details for valid systems are returned as expected. (1097717)

Editing the System Details Server Setting caused the monitors on the System Details page to stop
displaying information. Now the monitors display information correctly. (1127704)

The resetInheritance=true parameter did not work with the policy.assignToGroup web API
command. Now the parameter works. (1130067)

Installation instructions
For information about installing or upgrading ePolicy Orchestrator software, see the McAfee ePolicy
Orchestrator Installation Guide, PD25506.
Before proceeding with the upgrade process, see McAfee KnowledgeBase article KB76739 for important
steps to take before this upgrade.

Known issues
For a list of known issues in this product release, see this McAfee KnowledgeBase article: KB82675.

Find product documentation

On the ServicePortal, you can find information about a released product, including product
documentation, technical articles, and more.
Task
1

Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.

In the Knowledge Base pane under Content Source, select Product Documentation.

Select a product and version, then click Search to display a list of documents.

2016 Intel Corporation

Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/
registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others.
0-00