Windows 10 corporate support, Mcafee VSE and WSUS status 05.08.2015

 

Windows 10, WSUS Integration

If you support Server 2012R2 and 8.1 then you have the Updates on the WSUS you will see the new Categorys straight away.

Windows 10, Mcafee VSE 8.8 with Patch 6 which should be released 26. August 2015

https://kc.mcafee.com/corporate/index?page=content&id=KB51111

https://community.mcafee.com/community/business/blog/2015/08/02/windows-10-support-updates

 

Product Version

Product
Build

Release Notes

Known Issues

Release Date

EOL Date

Comments

VSE 8.8 Patch 6 (under development)

TBD

TBD

TBD

Target July 30, 2015 for private release
Target Aug 26, 2015 for full release

n/a

Adds support for the Windows 10 platform.

NOTE: Patch 6 is currently available in managed release. To obtain the patch and participate in the managed release program, contact your Support Account Manager.

 

31.08.2015 And here comes Patch 6 and you already wait for release 7 (DLP 9.4 DOES Not work, Protection rules not visible)

 

McAfee VirusScan Enterprise (VSE) 8.8

Summary

This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article will be updated if new issues are identified post-release or if additional information becomes available. To read the Release Notes, see: PD26069

Release to World (RTW): August 26, 2015
 
Known Issues

IMPORTANT NOTES: 
  • Data Loss Prevention (DLP) customers: This release upgrades a common component used by DLP, which may cause the system to hang. Customers using DLP 9.4.0 are advised to delay installing VSE 8.8 Patch 6 until further notice. Development is in progress for updating the DLP 9.4 version to work with VSE 8.8 Patch 6. This updated release will be required prior to installing VSE 8.8 Patch 6. This article will be updated as more detail becomes available.

    To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged in to subscribe.

     
  • VirusScan Enterprise for Storage (VSES) customers: VSE 8.8 patches 5 and 6 are not supported for use with VSES. Do not deploy VSE 8.8 Patch 5 or 6 to nodes running VSES. Instead, Intel Security recommends you deploy VSE 8.8 Patch 4 to nodes running VSES.

CRITICAL: There are currently no critical known issues.
Reference Number Related Article Issue Description
1090227 KB85551 Issue: VirusScan threat events do not parse to the ePO database with VirusScan Enterprise Reports Extension 1.2.0.263.
Workaround: Check in the Patch 5 Reporting Extension (1.2.0.250) until an updated extension becomes available.
Status: Intel Security is investigating this issue. See the related article for workaround steps.


Non-critical:

Reference Number Related Article Issue Description
966892 KB84913 Issue: Access Protection rules are not visible in the ePolicy Orchestrator console after checking in the Patch 5 or Patch 6 management extension.
Resolution: See the related article. This is tentatively planned to be resolved in VSE 8.8 Patch 7, which is not currently available.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged in to subscribe.
1074199 n/a Issue: Environments using Lotus Notes mail, with the Lotus Notes mail scanner feature enabled, encounter Access Protection violations after installing Patch 6.
Resolution: Add the Lotus Notes process (NLNOTES.EXE) to the Processes to Exclude list for the Access Protection rule that is being violated (for example, Common Standard Protection:Prevent modification of McAfee files and settings).
n/a n/a Issue: Detection count is inconsistent with detections displayed in the On-Demand Scan (ODS) progress window.
Resolution: The product is functioning as designed.

If you require a change to this functionality in a future version of the product, you can submit a Product Enhancement Request (PER) by logging in at: https://mcafee.acceptondemand.com/.

To register as a new user, click McAfee Customers Register Here at the top of the page. For additional information, see KB60021.
1065335 KB84084 Issue: Modification to the Artemis FQDN field for the Network Heuristic Check feature requires a reboot on the client before the change takes effect.
Resolution: Restart the McShield service or reboot the system.
1077854 n/a Issue: Outlook closes unexpectedly (crashes) when sending mail after installing VSE 8.8 Patch 6 on systems with DLP 9.4.0 (RTW).
Resolution: Upgrade to DLP 9.4 Patch 1 (expected Q4 2015 release date) or later.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged in to subscribe.
n/a = not available

W7, 64BIT, WMI Hotfixes do date post SP1

 

WMI Hotfixes to date 29.07.2015

During IE11 projects we have seen problems with some WMI and WUSA.EXE KB installations. It sometimes seems that the WMI provider

who offers that info hangs or is out of date. Even with some command to refresh it0s stuck. This is a list of Hotfixes we found in that direction

For Existing Windows 7 64BIT Deployments with SP1.

 

IE11patch Infos:

http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx

 

YES = Installs on W7 SP1 64BIT with all Updates from WSUS do date 29.07.2015

NO = Does not install on same system

 

001 (YES)

https://support.microsoft.com/en-us/kb/2705357

2705357

Windows6.1-KB2705357-v2-x64.msu

 

002 (YES)

http://support.microsoft.com/kb/2692929

2692929

Windows6.1-KB2692929-x64.msu

 

003 (YES but choose 2617858)

Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7

http://support.microsoft.com/kb/2465990

2465990 > SUPERSEEDED > Replaced by > 2617858 (https://support.microsoft.com/en-us/kb/2617858)

2465990 > Windows6.1-KB2465990-v3-x64.msu (Older)

2617858 > Windows6.1-KB2617858-x64.msu (Newer, Superseeds the old one)

 

004 (YES)

https://support.microsoft.com/en-us/kb/2492536

2492536

Windows6.1-KB2492536-x64.msu

 

005 (NO)

https://support.microsoft.com/en-us/kb/982293

982293

Windows6.1-KB982293-x64.msu

 

 

 

Exchange 2010 SP3 RU9 / 2013 CU8, ROLLUP and Android problems

A remote mailbox user receives the following error message when he or she tries to configure Exchange Active Sync account on an Android device:

Setup could not finish

Failed to search Exchange server automatically. Enter settings manually

https://support.microsoft.com/en-us/kb/3035227?wa=wsignin1.0

http://blogs.technet.com/b/exchange/archive/2015/03/17/announcing-update-rollup-9-for-exchange-server-2010-service-pack-3.aspx

http://www.microsoft.com/en-us/download/details.aspx?id=46372

Solution:

If the MobileSyncRedirectBypass feature is causing the problem, you can turn it off by editing the web.config file for the Autodiscover protocol:

  1. Locate the web.config file for the Autodiscover protocol:
    1. For Exchange Server 2013 MBX, the file is in the following location:

      %ExchangeInstallPath%\ClientAccess\Autodiscover

    2. For Exchange Server 2010 CAS, the file is in the following location:

      %ExchangeInstallPath%\ClientAccess\Autodiscover

  2. Open the web.config in Notepad, and then change the existing string from "true" to "false."
  3. Save the file.
  4. Run IISRESET /Norecycle.

Follow these steps on all CAS servers that will receive Autodiscover queries from devices.

Internet Explorer 9/11 GPO old IE9 not visible / WMI checks

 

Problem 1, Internet Explorer Maintenance Tab not visible

 

E: Internet Explorer Maintenance Tab not visible

D: Internet Explorer Wartung nicht sichtbar (Fehlende Einstellungen der Internet Explorer-Wartung für Internet Explorer 11) (IEM-Einstellungen)

 

During an Internet Explorer 11 Migration you discover that you can see your old IE8/9 settings which you made under Internet Explorer Maintenance Tab but you can't adapt or change them.

PROXY, Favorites, Quicklinks etc.

 

Solution:

You can only modify the OLD IE7/8/9 setting on a DC or ADMIN PC where IE10/11 is NOT installed and you have the GPO management console. So during migration you need two GPO machines

  1. One for the NEW GPO with IE10/11 and RSAT Remote Administration Tools (Or Domain Controller)
  2. One for the OLD GPO with IE8/9 and RSAT Remote Administration Tools

 

TO install the RSAT GPO management console a Windows 7 Admin PC:

  1. Search and download: Windows6.1-KB958830-x64-RefreshPkg.msu (http://www.microsoft.com/de-de/download/details.aspx?id=7887) [Remoteserver-Verwaltungstools für Windows 7 mit Service Pack 1 (SP1)]
  2. Over Software / Add Windows Features install GPO Console

 

 

Now on the GPO machine you can open an edit the old parts from IE7/8/9

Problem 2, WMI Filter because you have two GPO (IE9/11)

 

Because you PC's with IE9 and IE11 as example you may have to separate the GPO.

This is best done with WMI-Filters or Active Directory user groups:

Here is how to check in WMIExplorer.

SELECT path,filename,extension,version FROM CIM_DataFile WHERE path="\\Program Files\\Internet Explorer\\" AND filename="iexplore" AND extension="exe" AND version like "9.%"

Checks if client has IE9

SELECT path,filename,extension,version FROM CIM_DataFile WHERE path="\\Program Files\\Internet Explorer\\" AND filename="iexplore" AND extension="exe" AND version like "11.%"

Checks if client has IE11

 

 

Please also see our post from MSDN Social and Blog:

http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx

 

MSDN:

Fehlende Einstellungen der Internet Explorer-Wartung für Internet Explorer 11

https://msdn.microsoft.com/de-de/library/dn338129.aspx

Microsoft HAS made a list what goes where this FROM IE9 to (IEAK or/AND NEW SETTINGS). Most can be done with a clean and good IEAK setup.

https://technet.microsoft.com/de-de/library/jj890998.aspx (Where goes what)

Below is for people or team WHO don't know how to use IEAK (Please be carefull if you don't NEED to change Favorites or PROXY every month)

there is NO need to do the Regsitry HKCU things metioned. This can setup in IEAK 11 setup and then the regular GPO things.

 

https://thommck.wordpress.com/2013/11/08/the-new-way-to-configure-internet-explorer-proxy-settings-with-group-policy/

http://www.alexheer.co.uk/it-blog/configuring-ie11-settings-via-group-policy

http://blogs.msdn.com/b/asiatech/archive/2014/05/12/how-to-apply-the-content-of-ie-settings-in-gpo-which-used-iem-ie-maintenance-before-ie10-to-ie10-version-since-iem-has-been-deprecated-begin-from-ie10.aspx

 http://www.windowspro.de/wolfgang-sommergut/zentrale-ie-konfiguration-internet-explorer-wartung-vs-gpo-vs-ieak

http://blogs.msdn.com/b/asiatech/archive/2014/12/16/how-to-apply-favorites-amp-links-to-ie10-ie11-in-gpo-without-iem.aspx

 

 

WSUS: Windows Fonts Update February KB3013455 (MS15-010) FIXED with 3037639

 

After you install security update 3013455 you may notice some text quality degradation in certain scenarios.

This problem occurs on computers that are running the following operating systems:

  • Windows Server 2008 Service Pack 2 (SP2)
  • Windows Server 2003 SP2
  • Windows Vista SP2

 

Patch defect Fonts:                  KB3013455 (Patchday February 2015 / MS15-010)

Patch corrected Fonts:            KB3037639 (https://support.microsoft.com/kb/3037639/en)

 

http://answers.microsoft.com/en-us/windows/forum/windows_vista-windows_update/kb3013455-ms15-010-causes-font-corruption/8640d38d-19bd-46b6-9af0-6213c05107d3

You may have to get rid of Patch if you're Windows Update or WSUS-Client already downloaded it to your system.

 

Path: "C:\Windows\SoftwareDistribution\Download"

Find following file with:

dir *3013455*.* /s

dir windows6.1-kb3013455-x64-express.cab /s

 

Just delete the Directory in which you find the File under C:\Windows\SoftwareDistribution\Download

To uninstall on 2008 if you did install already and made the Reboot:

wusa /uninstall /kb:3013455 /quiet /norestart

On 2003 and Vista use Software/ADD-Remove