McAfee Application and Change Control 8.3.0 Windows Release Notes

The McAfee® Application and Change Control 8.3.0 release introduces new features and platform support.

Release details

For release dates and build numbers, see KB87944.

This release supports:

  • McAfee® ePolicy Orchestrator® (McAfee® ePO™) 5.3.0–5.3.3, 5.9.0, 5.9.1, and 5.10.0.
  • McAfee® Agent 5.0.3 or later.
    Important: You need to install McAfee Agent product update MsgBusCertsUpdater.zip if using McAfee Agent version earlier than 5.6.3.
  • Platform, environment, or operating system — Microsoft Windows 7, Windows Server 2008 R2, and subsequent platforms including Windows Server 2019 and Windows 10. For more information, see KB87944.
    Note: This release does not support Microsoft Windows Vista platform or earlier.

Upgrade support

This release supports upgrading from:

  • Solidcore extension 6.2.x, 7.0.x, 8.0.x, 8.1.x, and 8.2.x.

    When you upgrade Solidcore extension, don't change existing rules and configuration until Solidcore: Migration server task is complete. Also, the migration task can take longer than usual. Depending on the volume of inventory data in your environment, the task can take a few hours or a day to complete. For more information, see KB84651.

    If you are upgrading Solidcore extension 6.0.0 or earlier than 6.2.0, follow this order:

    1. Upgrade Solidcore extension to 6.2.0.
    2. Upgrade McAfee ePO to 5.3.0-5.3.3.
    3. Upgrade Solidcore extension from 6.2.0 to 7.x.x and then to 8.3.0.

  • Solidcore client 7.0.x, 8.0.x, 8.1.x, and 8.2.x.

    For information about the Solidcore client upgrade supported path for Windows, see KB87944.

    Note: To upgrade from 8.1.x on Windows 32-bit, see KB90785.

New or changed

Inventory mode — Inventory mode creates the inventory that contains information about the executable files and script files present on the endpoint. The information stored in the inventory includes complete file name, file size, SHA-1, SHA-256, file reputation, file type, embedded application name, certificate details, and version. This mode tracks and records each change. Also, it dynamically updates the inventory to make sure that the changed or added binaries and files are in the inventory.

Common Platform Enumeration (CPE) — Common Platform Enumeration (CPE) matches applications in the Application Control inventory with applications registered on the CPE official dictionary or Custom CPE dictionary, using different matching methods.

Trusted local group — Trusted local group provides an option to add local groups in the trust model. Application Control supports trusted users. You can add users as updaters to allow them to perform installations or update operations on a protected system. While adding the user information, you can also provide the domain details.

Known issues

For a list of current known issues, see Application Control 8.x Known Issues (KB87839) and Change Control 8.x Known Issues (KB87838).

Resolved issues

This release resolves known issues.

Solidcore extension
Category Reference Resolution
Interoperability MACC-8745 The Japanese translation for SC: Enable Client Task is now corrected.
Feature fixes MACC-8744 The correct list of Unknown Applications is now displayed on the Inventory page.
Solidcore client
Category Reference Resolution
Interoperability MACC-8406 Files operations on the winsxs\temp folder are now tracked and files are solidified when an updater process renames a binary file from that location.
Security MACC-8380 The CLI authentication to modify Application Control service private memory is no longer bypassed using the PowerShell script.
Performance MACC-8479 Paged pool memory use is now optimized.
Interoperability MACC-8396 Bug check E3 no longer happens after upgrading to Solidcore 8.3.0 or later.
Interoperability MACC-8419 and MACC-8743 The system no longer crashes after upgrading to Solidcore 8.3.0 or later.
Interoperability MACC-7386 Renaming of the folder containing solidified script files is now blocked.
Interoperability MACC-8742 The CCT events are now generated when a shared directory's file is modified from the remote system.
Interoperability MACC-8487 The SC: Enable system no longer crashes when accessing Control Panel.
Installation MACC-6651 The Solidcore client no longer hangs when it upgrades on Microsoft Windows 7.
Interoperability MACC-8711 Client systems are now displayed on the Real-Time Search page of McAfee® MVISION Endpoint Detection and Response workspace when Solidcore is in the enable mode.