Endpoint Security 10.7.0 February 2021 Update

Every update release is cumulative and includes all features and fixes from the previous release. We recommend that you always upgrade to the most current update.

Rating

Critical—This release is critical for all environments. Failure to apply it might result in severe business impact.

Release details

This release includes the following build numbers:

Component Version
McAfee® Endpoint Security Platform 10.7.0.2421
McAfee® Endpoint Security Platform extension 10.7.0.839
McAfee® Endpoint Security Threat Prevention 10.7.0.2522
McAfee® Endpoint Security Threat Prevention extension 10.7.0.946
McAfee® Endpoint Security Firewall 10.7.0.1686
McAfee® Endpoint Security Firewall extension 10.7.0.843
McAfee® Endpoint Security Web Control 10.7.0.2080
McAfee® Endpoint Security Web Control extension 10.7.0.897
McAfee® Endpoint Security Adaptive Threat Protection (ATP) 10.7.0.2714
McAfee® Endpoint Security Adaptive Threat Protection (ATP) extension 10.7.0.865
McAfee® Endpoint Security Migration extension 10.7.0.394
McAfee® Endpoint Security Threat Detection Reporting extension 1.0.0.668

For more details about the product versions listed in Control Panel, see KB92355.

For information regarding the latest Security Bulletin updates, please see Product Security Bulletins.

What’s new in the 10.7.0 February 2021 Update release

This update includes fixes and resolutions for several issues, as well as cumulative fixes from the previous monthly updates.

Feature Enhancements

Control time zone of local McAfee® Endpoint Security logging via McAfee® ePolicy Orchestrator® (McAfee® ePO™) Policy

The time zone used can be configured using both McAfee ePO policy and local UI. The default setting is UTC. This ability provides administrators with required flexibility when reviewing logs across multiple systems or applications. Changing the time zone affects new and future logging, it will not transpose past log entries.

Cancel or Pause On-Demand Scan using McAfee ePO Client Task

On-Demand Scan Cancel Client Task—Cancel the current running On-Demand Scan(s) on the selected endpoints. This will not impact scans scheduled to run in the future and will not modify task assignment. Any future instances of the scan task will start over as if the cancelled instance of the task had not started.

On-Demand Scan Pause Client Task—Pause the current running On-Demand Scan(s) on the selected endpoints. The scan (s) will remain paused until future instances of the same task are executed or if the endpoint is re-booted. Once either of these triggers are encountered, the scan will resume and will continue scanning from where it previously left off.

Self Protection of Enhanced Remediation is now a part of McAfee® Endpoint Security Adaptive Threat Protection (ATP) Self Protection

Previously, self protection of Enhanced Remediation was not configurable and was self-managed by its engine. It is now configurable and is enabled or disabled when ATP's self protection setting is enabled or disabled. This is to provide administrative flexibility and allows the $ MfeDeepRem folder to be modified, if disabled. The default setting for self protection is enabled. McAfee does not recommend disabling self protection for long periods of time nor for reasons other than temporary troubleshooting or administrative needs.

Enhanced Remediation's $MfeDeepRem folder is now a hidden folder

The folder is now only visible to users if the Windows Explorer View setting Hidden items is enabled. This change is made at the request of our customers, to reduce visibility of this folder to standard users.

Hardware Support

Compatibility support for Intel® Control-flow Enforcement Technology (Intel® CET)

Intel® CET requires certain versions of Intel chipsets. For more information regarding Intel® CET, see https://newsroom.intel.com/editorials/intel-cet-answers-call-protect-common-malware-threats/

Known issues

For a list of current known issues, see Endpoint Security 10.x Known Issues (KB82450).

Resolved issues

This update resolves known issues.

Platform
Category Reference Resolution
Feature Fix ENSW-107701

Resolves an issue where the Signer data is not accepted as a valid distinguished name in McAfee® Endpoint Security Threat Prevention and McAfee® Endpoint Security Firewall policies when it contains a P.O. Box (Postal Office).

Performance ENSW-107655 Resolves an issue where the mfevtps.exe service displays high CPU utilization during AMCore content update.
Performance ENSW-107606 Resolves a BugCheck 133 caused by mfeaack.sys driver.
Performance ENSW-108955, ENSW-106358 Resolves a BugCheck 3b caused by mfencbdc.sys driver.
Interoperability ENSW-108846 Resolves an issue where Hyper-V Live migration fails when McAfee® Endpoint Security Threat Prevention is enabled.
Installation ENSW-108178 Resolves an issue where Trend Micro Office Scan Agent 11 is not getting uninstalled during McAfee® Endpoint Security installation on 32 - bit systems.
Performance ENSW-108040 Resolves a Non-Paged pool memory leak in MFE0 tag when network files are monitored.
Performance ENSW-107898 Resolves an issue where mfevtps.exe is deadlocked which leads to a system hang.
Feature Fix ENSW-107835 Resolves an issue where Japanese text is not rendered properly in the McAfee® Endpoint Security client UI.
Performance ENSW-104906 Resolves a BugCheck D5 caused by mfehidk.sys.
Feature Fix ENSW-102030 Resolves an issue where an AMCore content update, triggered by a McAfee® Endpoint Security Threat Prevention installation, is cancelled during standalone installation of McAfee® Endpoint Security Threat Prevention and McAfee® Endpoint Security Adaptive Threat Protection (ATP) modules.
Feature Fix ENSW-100159 Resolves an issue where compile-time on Jenkins server increases with McAfee® Endpoint Security installation.
Performance ENSW-99171 Resolves an issue where FRP encrypted files in a network share take longer time to open when OAS is enabled.
Installation ENSW-107834 Resolves an issue where AMCore installer can be executed to uninstall AMCore from the system, this used to break Endpoint Security functionality in the system.
Installation ENSW-106766 Resolves an issue where Logcfg folder is not marked for deletion during Endpoint Security major upgrades. This prevents upgrade failure and reboot requirements during the upgrades.
Threat Prevention
Category Reference Resolution
Feature Fix ENSW-108435 Resolves an issue where FRP encrypted files in a network share take longer time to open when OAS is enabled.
Feature Fix ENSW-107741 Resolves an issue where 4656 Event IDs are no longer generated, during ODS, when Audit Handle Manipulation and File System is enabled in System Audit policy.
Feature Fix ENSW-107320 Resolves an issue where Pause Scan and Cancel Scan buttons are enabled even when the User can pause and cancel scans option is not selected.
Feature Fix ENSW-96273 Resolves an issue where Exploit Prevention gets disabled in the client even though it is enabled in policy.
Adaptive Threat Protection
Category Reference Resolution
Performance ENSW-108097 Resolves a deadlock in McAfee® Endpoint Security Adaptive Threat Protection (ATP) when Story Graph feature is enabled. Side effects of this deadlock are PowerShell not running, McAfee® Endpoint Security console not opening and so on.
Feature Fix ENSW-107980 Resolves an issue where $ MfeDeepRem folder is created in all drives. From this release the folder is created only in fixed drives.
Performance ENSW-107902 Resolves an issue where McAfee® Endpoint Security Adaptive Threat Protection (ATP) service repeatedly crashes when Enhanced Remediation is enabled.
Feature Fix ENSW-97539 Resolves an issue where McAfee® Endpoint Security is not updating the remediation field in the update_metadata request to TIE server, after a file is detected in the Endpoint.
Feature Fix ENSW-106553 Resolves an issue where the Application Protection Rules exclusions are not honored after Exploit prevention content update is successful.
Firewall
Category Reference Resolution
User Interface ENSW-108044 Resolves an issue where CIDR notation for IPv6 addresses is not being accepted under Networks section while adding a Rule in McAfee® Endpoint Security Firewall extension.
Feature Fix ENSW-104368 Resolves an issue where McAfee® Endpoint Security Firewall used to block legitimate traffic when there was a third party Winsock provider registered on the system.
Feature Fix ENSW-106909 Resolves an issue where FQDN entry with a dash in the Trusted Network policy does not allow network traffic properly.
Web Control
Category Reference Resolution
Feature Fix ENSW-107345 Resolves an issue where McAfee® Endpoint Security Web Control search annotations are not displayed in the search.
Feature Fix ENSW-108138 Resolves an issue where annotations for Yahoo searches are not being displayed in Firefox browser.
User Interface ENSW-107865 Resolves an issue where roll up tasks between McAfee® ePolicy Orchestrator® (McAfee® ePO™) servers used to fail due to a missing column in McAfee® Endpoint Security Web Control RollUp table.
Feature Fix ENSW-106937 Resolves an issue where the license status for all the modules shows invalid when the username is a Double Byte character.