Resolved issues

The current release of the product resolves these issues. For a list of issues fixed in earlier releases, see the Release Notes for the specific release.

Installation

Reference Resolution
1203657 Endpoint Security now deletes the plug-in keys of previous Endpoint Security versions during an upgrade so that previous versions don't appear in McAfee ePO properties.

Migration

Reference Resolution
1209113 Environments with large McAfee® Host Intrusion Prevention DNS Blocking policies now successfully migrate to Endpoint Security on McAfee ePO 5.9.
1214578 The Export Table functionality for previewing policy migration now correctly exports the table contents.
1216105 User-based policy migration now ignores errors from user account validation.
1220975 The Endpoint Security Migration server task now correctly calculates the percent complete.
1222085 McAfee® VirusScan® Enterprise Access Protection policies with these types of rules now successfully migrate to Endpoint Security:
  • Include process list contains double quotes.
  • Exclude process list does not contain double quotes.

Common

Reference Resolution
1193471 When a domain controller is installed on the McAfee ePO server, the rule compiler now works with a list of users based on the user profiles instead of the entire list of users. This prevents Endpoint Security from hanging during startup.
1201828 The mfeesp.exe process no longer crashes if the encrypted McAfee GTI password is missing from the GTIBL.xml file.
1213541 Microsoft Windows 10 no longer crashes when calculating the hash of files larger than 4 GB.
1213665 Starting Endpoint Security services no longer prevents the successful start of services from other vendors.
1218889 This release resolves a system hang that might occur when Endpoint Security is installed with third-party filter drivers.
1229081 The "Failed to finalize reputation for file error" text that appears in the EndpointSecurityPlatform_Errors.log for error code 0xc030002f now says, "Reputation already finalized."
1230235 After upgrading, the Self Protection and Access Protection activity logs now show the correct information. Also, the language in activity logs now matches the client system language when Activity logging language is set to Automatic.

Threat Prevention

Reference Resolution
1204964 Internet browsers no longer hang due to invalid file paths for exclusions. This fix applies to exclusions in the Access Protection, Exploit Prevention, Dynamic Application Containment, and Self Protection interfaces.
1208784 The Endpoint Security installation no longer resets the Quarantine directory to the default directory when AMCore is upgraded.
1211627 Saving an Access Protection policy now takes less time.
1212209 Endpoint Security now reports the second status of a Clean action as "successful" on both the Endpoint Security Client and McAfee ePO if the first status is "delete pending."
1213197 On-Access Scan policy settings now correctly apply empty high-risk and low-risk process lists.
1214409 Local computers no longer hang when On-Access Scan is enabled and an RDP session is established.
1216350 McAfee ePO now correctly synchronizes edited rules with a second McAfee ePO server.
1216575 Policy settings in McAfee ePO now allow you to enter full path process exclusions.
1218165 This release improves scan engine and file I/O handling to increase performance during local file copy operations.
1218572 Access Protection is now disabled on the client system if it's disabled in McAfee ePO policy settings.
1219673 Exploit Prevention rule 6015 no longer reports events when it's disabled, and the text strings of digital signatures are now normalized so that exclusions work correctly.
1220432 A bugcheck 133 no longer randomly occurs on systems with high network use. See KB89771 for more information.
1221244 You can now enter full file paths, file paths with wildcard for files (*), and file paths with wildcard for multi-level directories (**) for high-risk and low-risk processes.
1221247 A crash no longer occurs when On-Demand Scan client tasks are changed while a running on-demand scan is ending.
1224709 A bugcheck 135 associated with the mfencbdc.sys driver no longer occurs.
1226318 Network traffic no longer causes a blue screen when Endpoint Security is installed on a system that is also running Panda Security software.
1230279 Pool allocations made by mfehidk.sys, the registered anti-malware driver used by Endpoint Security, were leaking memory during each process creation done under the Windows Subsystem for Linux. This release resolves this issue.
1231037 The on-demand scanner no longer becomes unresponsive, leading to incomplete scans. Threat Prevention now successfully reports properties, such as the AMCore content version, back to McAfee Agent.

Firewall

Reference Resolution
1181041 Connection isolation in Location Aware Groups now successfully works with local networks.
1188093 Websites now take less time to load.
1197596 Location Aware Groups with local networks now work correctly.
1203899 Pointmgr.exe, a third-party application, now work correctly when Firewall is enabled.
1205110 Firewall no longer blocks IPv6 connectivity if McAfee GTI is not reachable unless there is a firewall rule blocking it.
1207770 Network connectivity now successfully continues when switching from Wi-Fi to a docked LAN network.
1208966 VPN connections no longer intermittently disconnect when Location Aware Groups are used with the DNS server.
1212178 Adaptive mode rules now include all signer details and file description information.
1215721 Only one instance of a location now appears in the Firewall Catalog, regardless of how many groups contain the location.
1216361 Firewall now allows exclusion-specific IP addresses from McAfee GTI lookups, but still includes the IP addresses to process against Firewall rules.
1217352 The Allow bridged traffic setting now work correctly.
1217942 Location Aware Groups now correctly work when the system is connected to both wired and wireless networks.
1219285 Firewall events are now correctly parsed by McAfee ePO.
1221732 Log entries and events for blocked traffic are now successfully generated when Network Intrusion Prevention is enabled.
1221865 Inbound McAfee GTI high-risk connections now correctly override McAfee GTI rating blocks when the remote IP address is a trusted network.
1221887 Access to certain firewall rule data structures is now serialized, preventing potential crashes in MFEFW.exe.
1226742 When Firewall tests whether the McAfee ePO server is reachable, the test now looks at all Agent Handlers in the list, instead of only the first one. Previously, if the first Agent Handler was offline, the reachability test failed.
1229607 The McAfee ePO reachability test now succeeds in cases where the number of Agent Handlers previously exceeded a limited buffer size.

Adaptive Threat Protection

Reference Resolution
1195161 Adaptive Threat Protection now correctly checks the McAfee® Threat Intelligence Exchange (TIE) server for reputation information.
1197643 File reputation changes are now applied locally and reputation attributes are now correctly refreshed after a reputation change.
1204453 The View installed updates section in Programs and Features now shows the Adaptive Threat Protection hotfix name as McAfee Endpoint Security Adaptive Threat Protection instead of Display Name.
1224492 The mfeesp.exe service no longer crashes due to incorrect Adaptive Threat Protection event dates, and Adaptive Threat Protection now uses the correct date for events.
1224673 The Product Version (Endpoint Security Adaptive Threat Protection) column is now displayed in the McAfee ePO Query Builder.
1228240 When Adaptive Threat Protection is in Observe mode, Dynamic Application Containment events no longer generate if processes/paths are excluded by a Dynamic Application Containment exclusion.

Web Control

Reference Resolution
1216383 Web Control now correctly works with Firefox version 56 and later.