ePolicy Orchestrator 4.0 Patch 6 Release Notes - McAfee

Release Notes for McAfee ePolicy Orchestrator 4.0 Patch 6
Thank you for using McAfee ® ePolicy Orchestrator ® software version 4.0 Patch 6. This document contains important information about
this release. We strongly recommend that you read the entire document.
Contents
About this release
Rating
Purpose
Known issues
Resolved issues
Installation Instructions
Finding documentation for McAfee enterprise products
License attributions
About this release
Patch Release: November 10, 2009
Patch Package: 4.0.0.1333
This release was developed for use with:
McAfee ePolicy Orchestrator 4.0
McAfee ePolicy Orchestrator 4.0 Patch 1
McAfee ePolicy Orchestrator 4.0 Patch 2
McAfee ePolicy Orchestrator 4.0 Patch 3
McAfee ePolicy Orchestrator 4.0 Patch 4
McAfee ePolicy Orchestrator 4.0 Patch 5
McAfee Total Protection for Endpoint
Make sure you have installed the correct version(s) before using this release.
Rating
McAfee recommends this release for all environments. This update should be applied at the earliest convenience. For more information,
see KB article KB51560.
Purpose
This document is a supplement to the McAfee ePolicy Orchestrator 4.0 Readme file in the release package, and details fixes included in
ePolicy Orchestrator 4.0 Patch 1, Patch 2, Patch 3, Patch 4, Patch 5, and Patch 6.
Refer to the online KnowledgeBase article KB65773 at https://mysupport.mcafee.com/ for the most current information regarding this
release.
Known issues
Known issues in this release of the software are described below.
Issue: Not all characters are allowed with ePolicy Orchestrator or SQL usernames and passwords, specifically regarding use with
the ePolicy Orchestrator installer. (Reference: 387883, 395890)
Workaround: Here is a list of the allowed and disallowed characters for the usernames and passwords used by the ePolicy
Orchestrator 4.0 Patch 6 installer. This list is known to be valid only for the ePolicy Orchestrator Patch 6 installer and might not
represent the character sets allowed for previous patch installers.
ePO username and password official character set for the Patch 6 installer
Allowed:
All printable characters with a hex value of 0x20 – 0x7E (ASCII 32 through 126), with exceptions listed
below.
Exceptions (for both user names and passwords, except as noted):
No leading space, trailing spaces, or passwords made up of solely spaces
No double quotes (")
No leading backslashes, trailing backslashes, or passwords made up of solely backslashes (\)
No dollar signs ($)
No percent signs (%)
Usernames cannot contain a colon (:)
Usernames cannot contain a semi-colon (;)
SQL user name and password official character set for the Patch 6 installer
Allowed:

All printable characters with a hex value of 0x20 – 0x7E (ASCII 32 through 126), with exceptions listed
below.
Exceptions (for both usernames and passwords, except as noted):
No leading space, trailing spaces, or passwords made up of solely spaces
No double quotes (")
No single quotes (')
No backslashes (\)
Usernames cannot contain a dollar sign ($)
Usernames cannot contain a colon (:)
Usernames cannot contain a semi-colon (;)
Issue: Cluster installation on Windows 2008 server is not supported.
Workaround: Cluster users should not migrate to Windows 2008 at this time.
Issue: If the master repository is locked, package check-in fails, causing the installation to fail and roll back.
Workaround: Ensure that there are no repository actions that conflict with the installer. These actions can be running or be
regularly scheduled repository pulls or replications.
Issue: If a previous Patch installation is successfully completed with a database user configured to use a non-default database
schema, the following tables are created:
.OrionExtensionsBackup
.OrionConfigurationBackup.
The existence of these files causes the Patch 6 installation to fail. (Reference: 461433)
Workaround: Delete these tables and try the installation again.
Issue: When using ePolicy Orchestrator on Windows 2008 servers, a blank “Domain” selection drop-down list appears when a
user tries to browse for systems while adding new systems to the System Tree in the ePolicy Orchestrator console. (Reference:
391040)
Workaround: On Windows 2008 servers, the McAfee ePolicy Orchestrator 4.0.0 Application Server service must have sufficient
permissions to complete the request. For more information, see KB article KB53861.
Issue: When using ePolicy Orchestrator on Windows 2008 servers, external commands are not executed. (Reference: 433570)
Workaround: On Windows 2008 servers, the McAfee ePolicy Orchestrator 4.0.0 Application Server service must have sufficient
permissions to complete the request. For more information, see KB article KB53862.
Issue: During a cluster installation, the IP address for a client system appears as 128.0.0.0 after an agent push. (Reference:
435257)
Workaround: After the first successful communication, the IP address reflects the correct address.
Issue: When the SQL Server “Nested Triggers” option is disabled, policy assignment timestamps are not updated. This causes
ePolicy Orchestrator to fail to deliver full policies to client systems. (Reference: 406765)
Workaround: Verify that the “Nested Triggers” SQL Server option is enabled for the ePolicy Orchestrator database. For more
information, see KB article KB52512.
Issue: Server tasks failed on systems using AMD processors running Windows 2000 or Windows 2003. (Reference: 468383)
Workaround: Server tasks can be evoked by removing the /usepmtimer switch from the boot.ini file.
Resolved issues
Issues that are resolved in this release are listed below.
1. Issue: The FTP replication timeout value did not prevent replication tasks from running indefinitely. (Reference: 442119, 473271)
Resolution: The FTP replication process has been updated to terminate replication tasks that will not complete and a new
registry setting has been created to configure the FTP replication timeout value in seconds. The new registry DWORD value is
called “FTPTimeout” and exists in the HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator key. The absence of a configured
registry value uses a timeout of 30 seconds.
2. Issue: Aborting an Agent Deployment Action could result in a Null Pointer Exception. (Reference: 489796)
Resolution: Now aborting an Agent Deployment Action completes without error.
3. Issue: Extra.DAT packages fail to deploy until after a DAT package has been checked-in. (Reference: 496576)
Resolution: Now extra.DAT packages can be checked-in and deployed.
4. Issue: The addresses in the “Bypass local addresses” field on the Software, Master Repository, Configure Proxy Settings pages
continued to have the proxy settings applied. (Reference: 456305)
Resolution: Addresses in the “Bypass local addresses” field no longer have the proxy settings applied.

5. Issue: Not all changes to policies were recorded in the Audit Log. (Reference: 471999, 470204, 470205)
Resolution: Now when changing a policy, the name, product, category, and feature are recorded.
6. Issue: ePolicy Orchestrator could fail to send an Agent Wake-up request to systems with names containing multi-byte
characters. (Reference: 472959)
Resolution: ePolicy Orchestrator can now send an Agent Wake-up request to systems with names containing multi-byte
characters.
7. Issue: ePolicy Orchestrator servers running on Windows 2008 platform could not deploy McAfee Agents to systems running
Microsoft Windows 2008, Microsoft Windows Vista, or Microsoft Windows 7. (Reference: 493573)
Resolution: ePolicy Orchestrator servers running on Windows 2008 platform can now deploy McAfee Agents to systems running
Microsoft Windows 2008, Microsoft Windows Vista, and Microsoft Windows 7.
8. Issue: An exported policy with a comma in its name prevented the policy from being imported. (Reference: 452606)
Resolution: An exported policy file can now include a comma in the name.
9. Issue: Point product hotfix packages were not removed properly when more than one hotfix package for the same point product
version was checked-in. (Reference: 477996)
Resolution: Point product hotfix packages are now removed properly.
10. Issue: When a system was restored from a hard drive image containing a McAfee Agent, the ePolicy Orchestrator server would
send incremental policies to the system. (Reference: 479533)
Resolution: The ePolicy Orchestrator server now sends full policies when a system is restored from a hard drive image
containing a McAfee Agent.
11. Issue: When a tag was applied to, cleared, or excluded from systems related to an event query, subsequent tag actions would
fail depending upon the number of returned events. (Reference: 494239)
Resolution: Tag actions for tags applied to, cleared, or excluded from systems related to an event query now complete
independent of the number of returned events.
12. Issue: When a tag selection criteria for an individual tag exceeds 4,000 characters, automatic tag assignments failed and no
managed systems were evaluated against the tag's criteria. (Reference: 465787, 475878)
Resolution: The tag selection criteria for an individual tag is no longer limited for ePolicy Orchestrator databases running in
Microsoft SQL Server 2005 and above.
Note: Tag selection criteria for an individual tag remains limited to 4,000 characters for ePolicy Orchestrator databases running
in Microsoft SQL Server 2000.
13. Issue: The “Stop the task if it runs for” field on the Client Task Builder Schedule page did not allow a value greater than 24
hours. (Reference: 477367)
Resolution: Now the “Stop the task if it runs for” value must be less than 999 hours and 59 minutes.
14. Issue: The ePolicy Orchestrator server memory usage grew continuously when configured to use SuperAgents. (Reference:
484154)
Resolution: The ePolicy Orchestrator server now properly manages its memory usage when configured to use SuperAgents.
15. Issue: A mirror task could fail when replicating from the ePolicy Orchestrator distributed repository, under the following
conditions (Reference: 471202):
A point product is checked-in to the Evaluation Branch.
Orchestrator is configured to replicate to a distributed repository that does not contain any point products (Site A.)
Enterprise is configured to execute a mirror task to replicate Site A to a local site.
Resolution: The ePolicy Orchestrator server now properly manages mirror tasks when replicating to a distributed repository.
16. Issue: Querying for Unmanaged Systems could result in the message “unexpected error occurred.” (Reference: 444794)
Resolution: Querying for Unmanaged Systems no longer results in an error.
17. Issue: Replication to a UNC site could fail, reporting “error code 5” when different download and replication credentials are
specified. (Reference: 497270)
Resolution: The download and UNC replication sessions have been modified to operate independently.
18. Issue: The related, target, and source systems report pages had a “Done” button that resulted in “page back” behavior.
(Reference: 471546)
Resolution: The related, target, and source systems report pages now contain both “Back” and “Done” buttons.

19. Issue: The “Affected Objects” field in the Notification Log did not report multi-byte characters. (Reference: 487076)
Resolution: The “Affected Objects” field in the Notification Log now properly reports multi-byte characters.
20. Issue: The Master Repository Master Catalog size was limited to 100 KB. (Reference: 471879)
Resolution: The Master Repository Master Catalog size is no longer limited.
21. Issue: The repository task details page did not have a “Back” button. (Reference: 475549)
Resolution: The repository task details page now contains both “Back” and “Done” buttons.
22. Issue: Identification and remediation of duplicate McAfee Agent GUIDs through ePolicy Orchestrator was difficult. (Reference:
494753)
Resolution: ePolicy Orchestrator now has preconfigured queries, actions, and server tasks to assist in managing the resolution
of duplicate McAfee Agent GUIDs.
Note: McAfee Agent versions 4.5 and 4.0 Patch 3 introduce support of the duplicated GUID regeneration request.
23. Issue: When the policy package for a managed system exceeded the maximum allowed policy size, the message, “Failed to
3DES encrypt data package” was incorrectly recorded in the server log file. (Reference: 488516)
Resolution: The message, “Package size #### exceeds maximum package size: ####” is now logged when the maximum
policy size is exceeded.
24. Issue: When configuring the “Deploy Agent” action for a server task, the Task Summary page failed to display the selected
McAfee Agent version. (Reference: 486000)
Resolution: The selected McAfee Agent version is now displayed on the Task Summary page.
25. Issue: When modifying a server task that uses the “Deploy Agents” action, the “Force installation over existing version”
checkbox failed to retain the current value. (Reference: 483874)
Resolution: When modifying a server task that uses the “Deploy Agents” action, the “Force installation over existing version”
checkbox now retains the current value.
26. Issue: When the “Mirror Host Intrusion 7.0 feature access” option was set in the Host Intrusion Prevention 6.1 permission set,
Group Admin users could not view the Notification Log. (Reference: 462518)
Resolution: Group Admin users can now view the Notification Log.
27. Issue: When modifying a task or policy for a single managed system, the reported system directory path could be incorrect.
(Reference: 472747)
Resolution: The system directory path is now correctly reported.
28. Issue: During the execution of an Active Directory synchronization task, the last character of a deleted system’s name was not
reported in the Audit log file. (Reference: 491975)
Resolution: The complete system name is now recorded in the Audit log file.
29. Issue: The install process failed to complete and the message, “Cannot open database "database name" requested by the login.
The login failed.” was recorded in the epo-patch.log file. (Reference: 511979)
Resolution: The SQL Server database option, AutoClose, is turned off at the start of the install process.
30. Issue: ePolicy Orchestrator reports displayed duplicate titles and inconsistent labeling. (Reference: 460206)
Resolution: PDF report column headings are now consistent throughout the report. All reports now have column headings
increased to two lines. Text in column headings exceeding two lines is appended with an ellipsis.
31. Issue: Exporting a query to email with the “Compress the output files” option enabled did not function in the ePolicy
Orchestrator Patch 3 release. (Reference: 462057)
Resolution: Reports are now saved to the correct directory when exported to a compressed file.
32. Issue: The ePolicy Orchestrator patch installers did not verify whether the Tomcat Shutdown server port is in use. (Reference:
472576)
Resolution: In the event a system is using the same port as the Tomcat shutdown port a new one will be automatically reassigned.
The current in use port number will increment by one until an open port is found and re-assigned for the Tomcat
shutdown port.
33. Issue: Warning messages on non-English systems incorrectly displayed extended characters. (Reference: 474957)
Resolution: Non-English warning messages now display correctly.
34. Issue: Policy Auditor waiver log details page had un-translated headers on non-English systems. (Reference: 475373)

Resolution: The Issue Activity log column headings are properly translated for all languages.
35. Issue: The installer did not allow the percent sign (%) in the database username. (Reference: 478345)
Resolution: The installer now allows the percent sign in the username when validating the database credentials.
36. Issue: The advanced filter failed to filter data on first attempt and completed successfully on subsequent attempts during the
current user session. (Reference: 478378)
Resolution: The advanced filter is now applied to data on save and update.
37. Issue: Date formats were incorrectly interpreted for the selected language during automated scheduled reports. (Reference:
480179)
Resolution: Scheduled tasks now use the date format based on language selected.
38. Issue: Graphs were incorrectly displayed with the numbers being too large to be interpreted. (Reference: 482323)
Resolution: The maximum integer limit is increased to handle larger numbers.
39. Issue: Maximum password length of the SQL user account used by ePolicy Orchestrator, did not take into account double-byte
characters. (Reference: 483709)
Resolution: The SQL user password now allows up to 40 characters in length during ePolicy Orchestrator installation.
40. Issue: Double-byte characters were not accepted when editing existing SQL credentials. (Reference: 483790)
Resolution: Double-byte characters are now allowed when editing existing SQL credentials.
41. Issue: An empty dialog box appeared when trying to export data from a query table. (Reference: 488231)
Resolution: The dialog box is now populated correctly when exporting data from a query table.
42. Issue: Exporting a report to file, the 'Overwrite' option failed to overwrite existing file when ePolicy Orchestrator is installed on a
non-system drive. (Reference: 488683)
Resolution: Report will now overwrite the existing file when the overwrite option is enabled.
43. Issue: Policy Auditor Dashboards did not display “Total” correctly on Non-English systems. (Reference: 491889)
Resolution: The word "Total" is now displayed correctly.
44. Issue: Permission sets for Issue Management appeared twice in the server settings. (Reference: 493827)
Resolution: Issue Management permission sets must now be unique when registering roles.
45. Issue: The result type summary was truncated in the Query list. (Reference: 493827)
Resolution: The table size has been increased to accommodate longer summaries.
46. Issue: Systems could not be exported to a single archive file from the system tree. (Reference: 496257)
Resolution: Systems can now be exported to a single archive file from the system tree.
47. Issue: The Core Configuration page was not accessible when the database was down and the system was configured with
network protocol IPv6. (Reference: 505933, 505983)
Resolution: A user can now access the configuration page when the database is not accessible and the system is configured
with network protocol IPv6.
Issues from the Patch 5 release of the software that are resolved in this release are listed below.
1. Issue: The product summary version information might not match the detailed product properties version information. In
particular, the detailed product properties might include a build number that is missing in the product summary version
information. (Reference: 467030)
Resolution: Product summary version information and the detailed product properties now have the correct values for products
deployed after this Patch has been installed.
Note: This patch does not correct version mismatches from prior deployments, only from deployments after the patch has been
put into place. Mismatches from prior deployments can be corrected by performing an agent wake up with full properties on
those machines reporting a version mismatch.
2. Issue: Agents calling into the ePolicy Orchestrator server with a lower sequence number than the ePolicy Orchestrator server
expects will have communication rejected without reasoning on the ePolicy Orchestrator server side.(Reference: 467325,
464319)
Note: Sequence errors occur most commonly in situations where there are duplicate agent GUIDs or where machines are
“restored” back to a previous setting (E.g. restoring to previous in snapshots on a VM that has an agent connected to an

ePolicy Orchestrator server).
Resolution: This Patch adds several new ways to aid ePolicy Orchestrator administrators in finding sequence error problems in
their network.
A new table has been added to the ePolicy Orchestrator database, called EPOAgentSequenceErrorLog. This table contains
the following fields that help ePolicy Orchestrator administrators track down systems with communication errors related to
sequence check errors:
AutoID - A unique key for the table.
AutoGUID - The agent GUID of the agent that failed the sequence number check.
NodeName - The computer name that failed the sequence number check.
IPAddress - The IP address of the computer that failed the sequence number check.
MACAddress - The MAC address of the computer that failed the sequence number check.
TheTimestamp - The server time of the sequence number check failure.
To use the following features, add the desired line to the [Server] section of Server.ini (commonly found in C:\Program
Files\McAfee\ePolicy Orchestrator\DB), then restart your ePolicy Orchestrator services.
Feature Ini file addition Example(s)
To set a limit to the
sequence errors logged in
the database on a per
hour basis. Without any
value set, there is no
hourly limit to the
number of sequence
errors that are tracked in
the database.
Note: Regardless of
this setting, all
sequence errors are
logged into the
server.log file. This
setting is only for the
database.
To set a history length
for the timespan of
sequence errors that will
be stored by the
database. Without any
value set, this table is
not purged.
Note: Sequence errors
are evaluated against
this timespan at service
start and every X days
from service start,
where X is the value of
days you have set for
error log history
purging.
To disable sequence error
checking on the ePolicy
Orchestrator server.
Note: Disabling
sequence error checking
might make your
ePolicy Orchestrator
server vulnerable to
replay attacks.
SequenceNumberErrorLogMaxErrorsPerHour
SequenceNumberErrorLogHistDays
SequenceNumberErrorLogMaxErrorsPerHour=2000
SequenceNumberErrorLogMaxErrorsPerHour=0
Note: Setting this value to zero will disable
logging to the EPOAgentSequenceErrorLog table.
SequenceNumberErrorLogHistDays=1
SequenceNumberErrorLogHistDays=4
SequenceNumberErrorLogHistDays=90
ConnectionsRequireValidSequenceNumber ConnectionsRequireValidSequenceNumber=0
3. Issue: Active Directory synchronization with the option to move systems causes the AgentGUID to become Null in the database.
(Reference: 461112)
Note: Systems with a Null AgentGUID receive new AgentGUIDs on the next agent-to-server-communication.
Resolution: The AgentGUID are now retained after a system is moved via Active Directory synchronization.
4. Issue: Windows 2000 client machines show “Free Memory” as 0 in system properties. (Reference: 450048)
Resolution: Windows 2000 machines now show the correct “Free Memory” in system properties.

5. Issue: Viewing or exporting a report can cause the console to get stuck in a loop. (Reference: 451729)
Resolution: The Close button on the export page now returns the user to a page where they can continue to navigate, without
having to log out or use the browser Back button.
6. Issue: When creating an FTP Distributed Repository in a non-English environment with the Anonymous option selected, the FTP
Distributed Repository “Anonymous” credential is displayed in localized language characters instead of “Anonymous”. (Reference:
449159)
Resolution: “Anonymous” is now correctly used for all languages in the FTP Distributed Repository credential setup.
7. Issue: ePolicy Orchestrator 4.0 does not support port IDs greater than 32767, whereas IANA allows for port numbers up to
65535. (Reference: 462087)
Resolution: All valid port values are now supported.
8. Issue: The download credentials for a source repository site cannot be modified in ePolicy Orchestrator after the site has been
created. (Reference: 450163, 480057)
Resolution: The download credentials for source repository sites can now be edited.
9. Issue: Installing a new agent package does not always update the ePolicy Orchestrator list of supported platforms correctly.
(Reference: 467664)
Resolution: Installing a new agent package correctly updates the ePolicy Orchestrator list of supported platforms.
10. Issue: In some environments, repository pulls from HTTP source repositories might never finish. (Reference: 453274)
Resolution: A new registry setting has been created to work around this issue. The new registry DWORD value is called
“RawHTTPDownloadSocketsOnly” and exists in the HLM\SOFTWARE\Network Associates\ePolicy Orchestrator key.
A value of 1 changes the HTTP pull functionality to use Windows Sockets (Winsock).
A value of 0, absence of a value, or absence of this key provides the pre-existing pull functionality using Windows Internet
(WinINet).
11. Issue: Replication of specific, selected packages to a distributed repository can intermittently fail if multiple replication tasks are
running simultaneously. (Reference: 462653)
Resolution: A concurrency problem with multiple running replication tasks has been resolved.
12. Issue: The Extra DAT package cannot be deployed to additional platforms without a patch to ePolicy Orchestrator each time
additional platform support is required. (Reference: 397874)
Resolution: The supported platform list for Extra DAT packages can now be updated without requiring a patch to ePolicy
Orchestrator.
13. Issue: The failure to push an agent causes a UNC network resource handle to be consumed. (Reference: 449780)
Resolution: UNC network resource handles are now returned to the operating system after an agent push failure.
14. Issue: The removal of non-Windows agent packages from the ePolicy Orchestrator master repository prevents agent update
tasks from detecting that a new master server key has been assigned. (Reference: 463964)
Resolution: The removal of non-Windows agent packages no longer prevents agent update tasks from detecting new master
server keys.
15. Issue: The Roll Up server task can intermittently process the same computer twice, causing failure of the task and computers
not to be imported. (Reference: 446354)
Resolution: Computers are now processed only once each, and the server task completes successfully.
16. Issue: Threat-based notification rules can be triggered for non-threat events if the product and category filters of the rules are
satisfied. (Reference: 461917)
Resolution: Threat-based notification rules now are triggered only for threat events.
17. Issue: During an Active Directory synchronization, disabled computer accounts were being imported into ePolicy Orchestrator.
(Reference: 439191)
Resolution: Disabled computer accounts are no longer imported into ePolicy Orchestrator and if so configured disabled computer
accounts will be removed from ePolicy Orchestrator as if they had been removed from the Active Directory.
18. Issue: Installation for ePolicy Orchestrator 4.0 fails if the password for SQL includes the dollar ($) character. (Reference:
461677)
Resolution: The “$” character is now an acceptable character for the SQL password. For a complete listing of allowed characters
for your ePO and SQL user names and passwords, refer to the first entry under Known Issues (above).
19. Issue: Event purge fails for Purge with 0 Days. (Reference: 471355)

Resolution: Event log will Purge with 0 days.
20. Issue: Users get a message “Exception occurred in OrionCore.dialogBoxOkHandler!” when trying to purge Notification Logs.
(Reference: 472788)
Resolution: Users no longer receive an exception message when purging the Notification Logs.
21. Issue: Items Event Group and Event Type cannot be sorted in the Response Builder.(Reference: 424139)
Resolution: Event Group and Event Type are now sortable, based on the user's locale.
22. Issue: Failed to create chart 'FSE: FoundScore Trend for Last 30 Days' when item My FoundScore is selected. (Reference:
428041)
Resolution: Chart creation fixed for 'FSE: FoundScore Trend for Last 30 Days' when item My FoundScore is selected.
23. Issue: Incorrect text appeared in options to filter data for “Description text goes here.” (Reference: 428904)
Resolution: This text has been updated to read “Build table filter criteria.”
24. Issue: The console date defaults to US format (MM/DD/YY). (Reference: 430784)
Resolution: The date is set to correspond to the system locale format.
25. Issue: The error message “Page cannot be found” is displayed when the Back button is clicked on within the Notification Log
page. (Reference: 449202)
Resolution: The Back button has now been fixed for the Notification Log page.
26. Issue: The Grouped Bar Chart report shows bars in each group, even if not applicable. (Reference: 450500)
Resolution: The Grouped Bar Charts no longer display bars with a group count of “0”.
27. Issue: Users encountered a JavaScript Error when retrieving undefined parameters of table. (Reference: 452441)
Resolution: A verification check for null parameter values has been implemented to prevent these JavaScript Errors.
28. Issue: Policy Auditor Dashboard tables incorrectly display the column title “Total” on localized builds. (Reference: 455340)
Resolution: The column title for the Grouped Summary Table has been fixed on localized builds.
29. Issue: Users, within the same admin group, can view the console of the last admin user’s session, until the page is refreshed.
(Reference: 456088)
Resolution: The Admin console session cache now uses a different method to update the cache key.
30. Issue: Users cannot use “§” in the ePolicy Orchestrator user name or password. (Reference: 457497)
Resolution: We now allow the use of “§” in ePolicy Orchestrator user name and password. For a complete listing of allowed
characters for your ePO and SQL user names and passwords, please refer to the first entry under Known Issues (above).
31. Issue: Exporting a query to email with “Compress the output files” enabled fails. (Reference: 462057)
Resolution: Exporting a query to email with “Compress the output files” enabled is now successful.
32. Issue: Titles in the export table are truncated when output to PDF format. (Reference: 462067)
Resolution: Titles in PDF format export are no longer truncated.
33. Issue: Radio buttons from one server task action alter the radio buttons for the subsequent action. (Reference: 463196)
Resolution: Radio buttons from one server task action no longer alter the radio buttons for the subsequent action.
34. Issue: DEBUG level Logging output exceptions, when they should have only been logged at ERROR level. (Reference: 465483)
Resolution: Now the correct DEBUG and ERROR level messages are logged.
35. Issue: Advanced filters are not working correctly when defined systems are selected on the page. (Reference: 472299)
Resolution: Advanced filters are now filtering systems correctly when defined systems are selected on the page.
36. Issue: Users cannot see all created dashboards if they exceed the static viewable area. (Reference: 472925)
Resolution: A scrollbar now appears on the dashboard page if the viewable area is exceeded.
Issues from the Patch 4 release of the software that are resolved in this release are listed below.
1. Issue: When an event package contained System Compliance Profiler and another point-product’s events, the System
Compliance Profiler events would not be saved to the database. (Reference: 370718, 442064)

Resolution: System Compliance Profiler events are now saved in the database when included with other point-product events.
2. Issue: Replication to a UNC site could fail reporting error code 5 when different download and replication credentials are
specified. (Reference: 411431)
Resolution: The download and UNC replication sessions have been modified to operate independently.
3. Issue: Registered executables with reserved HTML characters in their names could not be duplicated. (Reference: 414572)
Resolution: Registered executable names can now contain reserved HTML characters and be duplicated successfully.
4. Issue: Non-global administrators would receive the message “You are not authorized for this operation” when attempting to
review McAfee Agent push failures. (Reference: 420764)
Resolution: The correct permissions are now enforced, allowing authorized users to review McAfee Agent push failures.
5. Issue: When manually checking in a package to the ePolicy Orchestrator’s master repository, a copy of the package would be
abandoned in a temporary location. (Reference: 423560)
Resolution: The Patch installation removes all packages in the temporary location and prevents additional packages from being
abandoned.
6. Issue: Purge Event Log Tasks would not delete events when the selection “Purge records older than:” was chosen. (Reference:
424692)
Resolution: The Purge Event Log Tasks routine has been modified to properly delete “Purge records older than:” events.
7. Issue: The Client Task Schedule option, “Only run this task once a day,” would not remain selected or be enforced when a task
was saved. (Reference: 431479)
Resolution: The selection of Client Task Schedule option, “Only run this task once a day,” is now properly saved and enforced.
8. Issue: When a system requested full policies, the Host Intrusion Protection policies were incomplete when delivered. (Reference:
432785)
Resolution: The policy preparation routine was modified to ensure that Host Intrusion Protection policies are generated
correctly.
9. Issue: An unexpected error occurred when executing an Events type query with a specified Tag Filter. (Reference: 433592)
Resolution: The user is now able to execute Event type queries with a Tag Filter.
10. Issue: The VirusScan Enterprise DAT Deployment report would display “unexpected error occurred” when attempting to drill into
a DAT group of version “N/A.” (Reference: 437213)
Resolution: The VirusScan Enterprise DAT Deployment report has been modified to allow drilling into a DAT group of version
“N/A.”
11. Issue: Event ID 1038 was incorrectly associated with the event category, “Virus Detected but not Removed.” (Reference:
437525)
Resolution: Event ID 1038 indicates that no particular action was taken and is now associated with the event category “Noncompliance.”
12. Issue: When an installation failed and reverted to the previous version, the Site Manager file was not re-registered. (Reference:
437841)
Resolution: The installation routine has been modified to correctly re-register all critical files when reverting to the previous
version.
13. Issue: The installation routine could replace Tomcat configuration files, causing Tomcat to fail to start. (Reference: 438104)
Resolution: The installation routine has been modified to avoid replacing Tomcat configuration files.
14. Issue: Saving an Enforcement Message Policy Client Assignment could result in the message “unexpected error occurred.”
(Reference: 439548)
Resolution: The Enforcement Message Policy Client Assignment process has been modified to correctly save policy updates.
15. Issue: Improperly formatted event files resulted in prolonged Event Parser performance degradation. (Reference: 440091)
Resolution: The Event Parser has been modified to skip improperly formatted event files.
16. Issue: The installation process would fail if the SQL Server Agent service was not running. (Reference: 441846)
Resolution: The installation routine has been modified, removing the dependency on the SQL Server Agent service.
17. Issue: Changing the owner of a policy with a large number of registered users could result in error. (Reference: 442364)

Resolution: Changing the owner of a policy is no longer dependant on the number of registered users.
18. Issue: Communication with ePolicy Orchestrator would fail when a system reported its CPU Speed as greater than 32,767 MHz.
(Reference: 442734)
Resolution: The ePolicy Orchestrator system update process has been modified to limit CPU Speed properties to 32,767 MHz,
allowing the system update to succeed.
19. Issue: Setting the Filter Data option on the Event Log had no effect on the returned events. (Reference: 427905, 434696,
440692, 443370, 444508, 444813, 445867)
Resolution: The process for filtering the Event Log has been modified to include the correct Filter Data options.
20. Issue: When configuring new client tasks in the Client Task wizard, the list of available client task types included client types the
user could only view. (Reference: 443963)
Resolution: The Client Task wizard has been modified to list only the client task types the user has permission to edit.
21. Issue: When a Microsoft Windows-based McAfee Agent was uninstalled through ePolicy Orchestrator before it first communicated
with ePolicy Orchestrator, the corresponding record would not be removed from the ePolicy Orchestrator database. This system
would then continue to be included in compliance reporting, resulting in incorrect information. (Reference: 444928)
Resolution: Now when a Microsoft Windows-based McAfee Agent is uninstalled before its first communication with ePolicy
Orchestrator, the corresponding record is marked for removal and removed when necessary.
22. Issue: Adding a filter to a list of systems with a specific tag had no effect on the systems returned. (Reference: 445161)
Resolution: The process for filtering tagged systems has been modified to filter the results correctly.
23. Issue: Non-Microsoft Windows-based McAfee Agents that failed to uninstall through ePolicy Orchestrator, were manually
uninstalled and reinstalled, never reappeared in ePolicy Orchestrator. (Reference: 445488)
Resolution: Non-Microsoft Windows-based McAfee Agents are now listed in ePolicy Orchestrator as expected.
24. Issue: SuperDAT packages could not be deployed from ePolicy Orchestrator to Microsoft Windows 2008 Server and Microsoft
Windows Vista systems. (Reference: 450405)
Resolution: SuperDAT packages can now be deployed from ePolicy Orchestrator to Microsoft Windows 2008 Server and Microsoft
Windows Vista systems.
25. Issue: Under certain conditions the server was becoming non-responsive, and non-paged pool memory for apache.exe would
grow very large. (Reference: 447222)
Resolution: The condition has been addressed so that the server does not become unresponsive, but rather waits until error
handling services are running before issuing error pages.
26. Issue: The “unexpected error occurred” page would be displayed when the user clicked “Update Filter” or “Remove Filter” from
within the Notification Log Report. (Reference: 450126)
Resolution: There is no longer an error when the user clicks the “Update Filter” or “Remove Filter” links.
27. Issue: Upgrading the Issues extension to version 1.5.1 failed. (Reference: 431353)
Resolution: Upgrading the Issue extension to version 1.5.1 now is performed correctly.
28. Issue: There was a failure when trying to install a particular version of the Help files. (Reference: 450059)
Resolution: Help files are now installed without incident.
29. Issue: The ePolicy Orchestrator Help Index tab was empty after upgrading. (Reference: 446253)
Resolution: The ePolicy Orchestrator Help Index tab is now correctly populated.
30. Issue: Remote command execution was failing if the admin password included non-standard ASCII characters, HI-ASCII
characters, or double-byte characters. (Reference: 395890)
Resolution: Remote command execution now works correctly if the admin password contains any of the characters mentioned.
31. Issue: Pie charts did not have the option to limit the number of pie slices when sorting labels from A to Z or Z to A. (Reference:
428377)
Resolution: The user now has the option to select the number of pie slices when sorting labels from A to Z or Z to A in a pie
chart.
32. Issue: Dashboards that contained double quotation marks in the returned data displayed JavaScript errors when the dashboards
were rendered. (Reference: 438775)
Resolution: The dashboards are now correctly displayed if there are double quotation marks in the returned data of the
dashboard.

33. Issue: Double-byte characters were causing problems when submitted to the server on some pages. (Reference: 442581)
Resolution: The encoding has been changed so that double-byte characters do not cause a problem.
34. Issue: The file names of PDF attachments were garbled when sent to a Lotus Notes server. (Reference: 445256)
Resolution: The configuration type has been changed so that the file names are no longer jumbled.
35. Issue: An unexpected error occurred when exporting an audit log query. (Reference: 447865)
Resolution: The user is now able to export audit log queries.
36. Issue: A “Page has expired” error message would be displayed when clicking the Back button after drilling down into query
details. (Reference: 447968)
Resolution: A warning is no longer displayed when clicking the Back button after drilling down into query details.
37. Issue: If a query was exported to PDF with drill-down tables, the drill-down data was not exported to the report. (Reference:
450205)
Resolution: The drill-down data is now exported if the option is specified in the export page.
38. Issue: The Patch installer was failing when it tried to install on a previously installed version of ePolicy Orchestrator. (Reference:
447907)
Resolution: The Patch installer now installs correctly on top of ePolicy Orchestrator 4.0 and its patches.
39. Issue: A newer version of the Java Runtime Environment was available. (Reference: 442560)
Resolution: The Patch updates the Java Runtime Environment to version 1.6.0_07.
40. Issue: The Patch installer failed in clustered systems if backup files already existed on the target system. (Reference: 451959)
Resolution: The Patch installer now works correctly, regardless of whether backup files exist on the target system.
41. Issue: Filtering on a Boolean property did not work. (Reference: 426018)
Resolution: Filtering on a Boolean property now works correctly.
42. Issue: Exporting data as a result of an automated server task caused database problems. (Reference: 426432)
Resolution: Exporting data in the Comma Separated Value (csv) format during an automated server task finishes correctly.
43. Issue: Filtering in the System Tree was not working correctly. (Reference: 437587)
Resolution: Filtering in the System Tree area now works correctly.
44. Issue: The language selection was not remembered after logging out. (Reference: 438245)
Resolution: The system now remembers the language selected at the last log-on.
45. Issue: The user could not delete an automated response. (Reference: 446974)
Resolution: A user with the correct permissions can now delete an automated response.
46. Issue: The user was not able to complete the server mapping when creating a new ticketing server. (Reference: 447344)
Resolution: The user can now complete the mapping when creating a ticketing server.
47. Issue: When a user tried to assign policies by drilling down in a Compliance Summary query, the user got an “Unexpected Error”
and was unable to assign policies. (Reference: 448620)
Resolution: The user can now successfully assign policies.
48. Issue: Column selection did not work from the System Tree page. (Reference: 448653)
Resolution: Column selection on the System Tree page now works correctly.
49. Issue: An unexpected error occurred while trying to remove the filter from the query in the query page. (Reference: 450209)
Resolution: The user can now successfully remove filters from the query page.
50. Issue: Clicking the update filter button would cause an unexpected error. (Reference: 450224)
Resolution: Clicking the update filter button no longer causes an unexpected error.
51. Issue: Making modifications to the Host Intrusion Prevention events page caused JavaScript errors. (Reference: 450463)
Resolution: There are no more JavaScript errors when making modifications to the Host Intrusion Prevention events page.

52. Issue: Queries import displayed an error stating that the user was not authorized for the operation. (Reference: 451473)
Resolution: Query import is now properly validated against the user's permissions.
53. Issue: The dashboard data for one administrator was viewable by another administrator upon initial log in. (Reference: 456088,
456090)
Resolution: Users now see only the dashboard data they are authorized to view.
Issues from the Patch 3 release of the software that are resolved in this release are listed below.
1. Issue: SuperAgent Repositories on Windows Vista and Windows 2008 systems did not appear as Distributed Repositories in the
ePolicy Orchestrator console. (Reference: 371932, 405958)
Resolution: SuperAgent Repositories on Windows Vista and Windows 2008 systems now appear as Distributed Repositories in
the ePolicy Orchestrator console.
2. Issue: A synchronization point could not be created, edited, or deleted for the “My Organization” group. (Reference: 384135)
Resolution: A synchronization point for the “My Organization” group can now be created, edited, and deleted.
3. Issue: Grouped Summary Table queries could not be ordered by label values when grouped by a version number column. For
example, a group summary of managed systems grouped by group name and DAT version could not be ordered by the group
name label and then by DAT version label. (Reference: 386121)
Resolution: Grouped Summary Table queries can now be ordered by the label values when grouped by a version number
column.
4. Issue: When configuring an Active Directory synchronization group, the “Browse” button for browsing and “Add” button for
exceptions were disabled unless the user first selected an NT domain synchronization type. (Reference: 391830)
Resolution: The “Browse” and “Add” buttons are now enabled without having to first select an NT domain synchronization type.
5. Issue: Active Directory synchronization failed when a synchronized folder name included a semicolon. (Reference: 392803)
Resolution: Active Directory folder names can now contain a semicolon.
6. Issue: When viewing the system properties of a system that has never communicated with the ePolicy Orchestrator server,
clicking on the “more” link resulted in a blank page. (Reference: 398952)
Resolution: Selecting the “more” link for a managed system that has never communicated with the ePolicy Orchestrator server
no longer results in a blank page.
7. Issue: ExtraDAT packages were not updated on Windows Vista or Windows 2008 Server managed systems. (Reference: 400563)
Resolution: ExtraDAT packages are now updated on Windows Vista and Windows 2008 Server managed systems.
Note: All ExtraDAT packages in the repository must be reinstalled before this change takes effect.
8. Issue: The McAfee Agent failed to enforce Host Intrusion Protection rule policies when the rule name contained an angle bracket
character. (Reference: 400808)
Resolution: The McAfee Agent now enforces Host Intrusion Protection rule policies regardless of the rule name.
9. Issue: A client task with a “repeat starting at” schedule could have a repeat duration that was less than the repeat interval,
resulting in the client task never running. (Reference: 401301)
Resolution: New or modified client tasks with a “repeat starting at” schedule must now have a repeat duration that is greater
than or equal to the repeat interval.
10. Issue: When viewing the results of a query for Events, the “Show Related Systems” action was not available. (Reference:
402250)
Resolution: The “Show Related Systems” action is now available for Event queries.
11. Issue: Importing managed systems into the System Tree from a Unicode text file created erroneous entries in the System Tree.
(Reference: 402271)
Resolution: An error message is now displayed when non-UTF-8 encoded text files are imported, and the System Tree is
unaffected.
12. Issue: An updated version of the System Compliance Profiler 2.0 extension is available. (Reference: 404381)
Resolution: Version 2.0.2.191 of the System Compliance Profiler 2.0 extension is now installed during ePolicy Orchestrator 4.0
Patch 3.
13. Issue: Running a previous upgrade a second time, after it had been successfully installed, failed. (Reference: 405288)
Resolution: The upgrade can now be run multiple times.

14. Issue: VirusScan DAT and Engine version information was missing on Managed System Rollup queries. (Reference: 405383)
Resolution: Managed System Rollup queries now include VirusScan DAT and Engine version information.
15. Issue: In the ePolicy Orchestrator console, the option that uninstalls the McAfee Agent from managed systems was not
supported by non-Windows agents, but it was a selectable option. When this option was selected and the agents were manually
uninstalled and later reinstalled, the managed systems never reappeared in the ePolicy Orchestrator System Tree. (Reference:
405859)
Resolution: A non-Windows managed system, which successfully reinstalls the McAfee Agent after a failed agent uninstall from
the ePolicy Orchestrator console, now reappears in the ePolicy Orchestrator console System Tree.
16. Issue: An ePolicy Orchestrator 4.0 upgrade failed when the SQL Server UDP port was enabled for the initial ePolicy Orchestrator
4.0 installation and disabled before upgrading. The inverse scenario also caused the upgrade to fail. (Reference: 406814,
415166)
Resolution: The ePolicy Orchestrator 4.0 upgrade no longer fails when the SQL Server UDP port was enabled for the initial
ePolicy Orchestrator 4.0 installation and disabled before upgrading. The inverse scenario has also been corrected.
17. Issue: The Synchronization Group Agent Deployment checkbox, “Force installation over existing Version,” does not remain
selected after saving the Synchronization Group and accessing it again for editing. (Reference: 410246, 426930)
Resolution: The Synchronization Group Agent Deployment checkbox, “Force installation over existing Version,” now retains the
selected value.
18. Issue: Installations in clustered server environments incorrectly set the ePolicy Orchestrator services to start “Automatically.”
(Reference: 410543)
Resolution: Installations in clustered server environments now correctly set the ePolicy Orchestrator services to start “Manually.”
19. Issue: The managed system name is truncated to a length of 14 characters on the ePolicy Orchestrator console “Systems” tab.
(Reference: 410779)
Resolution: The column “DNS Name,” containing a “Fully Qualified Domain Name,” can now be selected as the managed system
name on the ePolicy Orchestrator console “Systems” tab.
20. Issue: The import policies process did not verify the ownership of the existing policies, which could result in policies being
overwritten by users other than the owner. (Reference: 410917)
Resolution: The import policies process now verifies the ownership of the existing policies and prevents policies from being
overwritten by users other than the owner.
21. Issue: Changes to existing policies were not recorded in the Audit Log. (Reference: 412589)
Resolution: Changes to existing policies are now recorded in the Audit Log.
22. Issue: The ePolicy Orchestrator Alerting extension, used by Rogue System Detection 2.0, was not localized. (Reference: 412661)
Resolution: The ePolicy Orchestrator Alerting extension is upgraded to a localized version, on ePolicy Orchestrator servers with
Rogue System Detection 2.0 installed.
23. Issue: The ePolicy Orchestrator server failed to respond if a corrupt package file was checked in. (Reference: 413466)
Resolution: The ePolicy Orchestrator server responds correctly when a corrupt package file is checked in.
24. Issue: Editing a client task could result in the error message “An Unexpected error occurred” being displayed in the ePolicy
Orchestrator console. (Reference: 413963)
Resolution: Editing client tasks no longer results in unexpected errors.
25. Issue: Client tasks, for managed product extensions that do not have a default policy, were not available for configuration.
(Reference: 415739)
Resolution: Client tasks, for managed product extensions that do not have a default policy, are now available for configuration.
26. Issue: An ePolicy Orchestrator 4.0 upgrade stopped installing the included managed product extensions after the first failure was
discovered. (Reference: 415974)
Resolution: An ePolicy Orchestrator 4.0 upgrade now attempts to install each of the included managed product extensions, even
if an error occurs during the installation of a previous managed product extension.
27. Issue: When the ePolicy Orchestrator server did not have a “Master Agent to Server Communication Key,” the ePolicy
Orchestrator 4.0 upgrade failed, leaving the ePolicy Orchestrator server in a non-functional state. (Reference: 419859)
Resolution: The ePolicy Orchestrator 4.0 upgrade now verifies the ePolicy Orchestrator server has a “Master Agent to Server
Communication Key” before it starts the upgrade.
28. Issue: An updated version of the Host Intrusion Prevention 7.0 extension is available. (Reference: 422819)

Resolution: Version 7.0.1.133 of the Host Intrusion Prevention 7.0 extension is installed during the ePolicy Orchestrator 4.0
upgrade.
29. Issue: The “delayload.log” file could grow without limit in the root (C:\) of the ePolicy Orchestrator server. (Reference: 425738)
Resolution: The “delayload.log” file is no longer used.
Note: The ePolicy Orchestrator 4.0 upgrade process does not remove existing “delayload.log” files.
30. Issue: Event queries could not be chained to ePolicy Orchestrator server task actions. (Reference: 427217)
Resolution: Event queries can now be chained to ePolicy Orchestrator server task actions.
31. Issue: Server tasks could not run an event query that was chained to these actions: apply, clear, or exclude tag actions.
(Reference: 427708)
Resolution: Server tasks can now run an event query chained to these actions: apply, clear, or exclude tag actions.
32. Issue: The “View Logs” button could fail to display the correct installation log files after an ePolicy Orchestrator 4.0 upgrade
failure. (Reference: 429819)
Resolution: The “View Logs” button now displays the main installation log files after an ePolicy Orchestrator 4.0 upgrade failure.
33. Issue: An initial ePolicy Orchestrator 4.0 installation, on a system with a local MSDE database and the UDP port disabled, could
result in incorrect ePolicy Orchestrator service dependencies. (Reference: 430390)
Resolution: The ePolicy Orchestrator 4.0 upgrade repairs the ePolicy Orchestrator service dependencies for systems installed
with a local MSDE database and the UDP port disabled.
34. Issue: Miscellaneous language translation and localization issues were reported. (Reference: 429847, 430581)
Resolution: The reported language translation and localization issues were addressed.
35. Issue: An updated version of the ePolicy Orchestrator Help extension is available. (Reference: 433198)
Resolution: Version 1.0.6 of the ePolicy Orchestrator Help extension is now installed during the ePolicy Orchestrator 4.0
upgrade.
36. Issue: Inconsistent event times would appear in the Server Task Log. (Reference: 417725)
Resolution: The problem of inconsistent event times appearing in the Server Task Log after applying patches has been fixed.
37. Issue: Console logons using NT authentication worked only when the ePolicy Orchestrator console was located in a domain
where a two-way trust existed between the console and ePolicy Orchestrator server domains. (Reference: 395894)
Resolution: Authentication support for multiple domain controllers has been added to the product. For more information see KB
article 616709.
38. Issue: The date formats are incorrect for the English (United Kingdom) locale. (Reference: 362588)
Resolution: A new choice of English (United Kingdom) has been added to the Language drop-down list of the ePolicy
Orchestrator Logon screen.
39. Issue: When installing managed product extensions on ePolicy Orchestrator, the installation could fail with the message:
“ERROR: java.lang.OutOfMemoryError: PermGen space.” (Reference: 407724)
Resolution: The PermGen Memory allocation size has been increased to 128 MB on clean installations and upgrades. (For more
information see KB article: 615843)
40. Issue: There was a performance bottleneck when processing a large number of unrelated dashboard requests. (Reference:
407724)
Resolution: Performance has been improved to allow many users to view the dashboard.
41. Issue: Dashboard related caching was not functioning correctly, which caused the user to see stale data. (Reference: 411646)
Resolution: Dashboard caching has been fixed so the user views the most current data.
42. Issue: An unexpected error occurred while creating a query using a Grouped Bar Chart with Boolean types of data. (Reference:
415069)
Resolution: Grouped Bar Charts now correctly display data when using any of the supported data types.
43. Issue: Drilling down into a chart, a user could see an unexpected error page if there was a null value in the returned time field.
(Reference: 413954, 419692)
Resolution: Chart drill-down now works as expected and no longer returns an error when drilling down into null time-based
reports.

44. Issue: Some international characters caused problems in the server log details page. (Reference: 411088)
Resolution: Log entries are now correctly formatted prior to being written to the server task log.
Issues from the Patch 2 release of the software that are resolved in this release are listed below.
1. Issue: When accessing the “Systems/Client Tasks” tab of the ePolicy Orchestrator console, users without Administrator rights
receive the error “An unexpected Error has Occurred.” (Reference:360915, 400549)
Resolution: Users without Administrator rights can now access the “Systems/Client Tasks” tab.
2. Issue: The Product Catalog displayed hidden policy assignments. (Reference:359111)
Resolution: The Product Catalog no longer displays hidden policy assignments.
3. Issue: New DAT detection and installation scripts are available for inclusion in the Patch. (Reference:395895)
Resolution: This Patch includes current DAT detection and installation scripts.
4. Issue: On the Actions page, the Schedule Pull server task incorrectly invoked the “Purge Server Task Log” action.
(Reference:358624)
Resolution: The Schedule Pull server task now correctly invokes the “Repository Pull” option.
5. Issue: Distributed repositories from different ePolicy Orchestrator servers could not be used as a source repository in another
ePolicy Orchestrator server. The second ePolicy Orchestrator server failed to validate the package even after importing the source
repository’s public key. (Reference:375338)
Resolution: Distributed repositories from a different ePolicy Orchestrator server can now be used as source repositories for
other ePolicy Orchestrator servers.
6. Issue: ePolicy Orchestrator extensions did not display their build number as part of their version on the Configuration/Extensions
tab. (Reference:382248)
Resolution: ePolicy Orchestrator extensions now display their product build number as part of their version number in the
Configuration/Extensions tab.
7. Issue: When an incompatible query chart type or result type was used for the Generate Compliance Event task, an error
message indicated that a query of chart type was needed. The correct required query type is a Boolean Pie Chart.
(Reference:386081)
Resolution: When an incompatible query type is used for the Generate Compliance Event task, the following error message is
now displayed: “Validation error: Invalid input from the Run Query command. The query must be of both Managed Systems
result type and Boolean pie chart type.”
8. Issue: An agent package could fail to rebuild when one of the package’s files had been updated. (Reference:391143)
Resolution: An agent package is now rebuilt for agents even after files in the package have been updated.
9. Issue: There is no way to purge the Rollup Compliance, Rollup Systems, and Compliance History tables. (Reference:364364)
Resolution: A purge action has been added for the Rollup Systems, Rollup Compliance, and Compliance History registered types.
10. Issue: An audit log entry was not created when a package was deleted from a repository. (Reference:384013)
Resolution: An audit log entry is now created when a package is deleted from a repository.
11. Issue: When exporting Systems to a CSV file, a blank window appeared and the export failed. (Reference:405890)
Resolution: Systems can now be exported to a CSV file.
12. Issue: When exporting query results, a blank dialog box was displayed due to a NullPointerException. (Reference:387413)
Resolution: Query results can now be successfully exported.
13. Issue: When exporting query results to CSV file, Tags, Operating System, and Installed Products show as numbers (Reference:
401779)
Resolution: The OS column now displays the Operating System for the system.
14. Issue: In VirusScan Enterprise, when exporting to PDF, the Detection Response Summary shows incorrect information.
(Reference: 384708)
Resolution: PDF exports now show correct information in the Detection Response Summary.
15. Issue: When clicking the Group Bar header for VirusScan Enterprise queries, “An Unexpected error” is generated. (Reference:
387594)
Resolution: The Group Bar header for VirusScan Enterprise queries no longer generates an error.

16. Issue: In reports, the graph and the drilled-down report display different information for months. (Reference: 385445, 387247)
Resolution: The graph report shows the correct month or generated events accordingly.
17. Issue: An exception is encountered while exporting to PDF, when numeric values in the file name exist. (Reference: 402642)
Resolution: The customer can now give alpha and numeric names to PDF files.
18. Issue: SQL rollback and recovery with patch upgrade failure was not implemented. (Reference: 403002)
Resolution: The database schema is now kept in synch with the server, allowing the ePolicy Orchestrator Services to start on
recovery.
19. Issue: Reinstalling a plug-in with an external library dependency causes a NoClassDefFound exception. (Reference: 384136)
Resolution: Reinstalling a plug-in with an external library dependency now works as expected.
20. Issue: The calendar popup date picker displays the wrong date. (Reference: 402135)
Resolution: The calendar popup now correctly displays 31 days for the date picker.
21. Issue: JFreeChart should be updated to version 1.0.8 to address a security advisory. (Reference: 384582)
Resolution: JFreeChart has been upgraded to the latest version.
22. Issue: When printing and exporting, the wrong IP address was displayed in the CSV Report format. (Reference: 364866)
Resolution: The IP address now converts to IPv4 correctly.
Issues from the Patch 1 release of the software that are resolved in this release are listed below.
1. Issue: A non-global administrator user was able to perform AD/Domain sync from the Synchronization Settings page.
(Reference: 360307)
Resolution: The “Synchronize now” and “Compare and Update” buttons are now disabled for non-global administrator users on
the Synchronization Settings page.
2. Issue: The Event Parser to Notifications communication was on the same port as the user interface creating contention.
(Reference: 361078)
Resolution: Event Parser to Notifications communication is now on a new secure port.
3. Issue: The performance monitor counters for Event Parser did not include “events per second.” (Reference: 363122)
Resolution: The performance monitor counters for Event Parser now include “events per second.”
4. Issue: Certain dates were not reported in a “normalized” format by extensions. (Reference: 366925)
Resolution: The process for importing dates from extensions now uses a consistent “normalized” format.
5. Issue: Individual products should have a single set of properties in the database. However, some products had duplicate sets.
(Reference: 369040)
Resolution: Individual products now have only one set of properties in the database.
6. Issue: When an extension was removed right after it was installed, an error message appeared, stating that the extension could
not be fully removed. (Reference: 373129)
Resolution: Now extensions can be removed right after being installed without generating an error.
7. Issue: In the McAfee Agent “More” properties, the Last Update property displayed the server’s time rather than Coordinated
Universal Time. (Reference: 382716)
Resolution: The Last Update property in the McAfee Agent “More” properties now displays Coordinated Universal Time.
8. Issue: In rare cases, when a user logged on to the ePolicy Orchestrator console, the Application Server Service restarted or
wrote crash information in the ePolicy Orchestrator Application Server log file. (Reference: 382685)
Resolution: A user logging on to the ePolicy Orchestrator console no longer causes the Application Server Service to restart or
write crash information in the ePolicy Orchestrator Application Server log file.
9. Issue: When downloading DATs only, the Task details incorrectly stated that additional packages were not downloaded because
“no managed product is installed.” (Reference: 361989)
Resolution: Packages not selected for download are now identified in the Server Task log file as “not selected for selective pull”
rather than displaying the message “no managed product is installed.”
10. Issue: ePolicy Orchestrator 3.6 exported policies that included McAfee default policies. When imported in to ePolicy Orchestrator
4.0, the default policies resulted in an error. (Reference: 364021)

Resolution: McAfee default policies are now ignored when importing XML-based policy files.
11. Issue: The NT Domain Sync process removed subgroups and computers defined later in the System Tree group. (Reference:
364380)
Resolution: The NT Domain Sync process no longer removes subgroups.
12. Issue: A failed SuperAgent replication was reported in the Task Log file as a GUID rather than as the system name of the failed
repository. (Reference: 382679)
Resolution: A failed SuperAgent replication is now reported in the Task Log file as the SuperAgent name (which includes the
system name), rather than as the system name of the failed repository.
13. Issue: Saving an inherited task at the subgroup level broke the task’s inheritance. (Reference: 353133)
Resolution: Saving an inherited task at the subgroup level no longer breaks the task’s inheritance.
14. Issue: When defining a Registered Server, the field for the database port was not available for user input and port 1433 was
always used. (Reference: 366558)
Resolution: When defining a Registered Server, the user is now allowed to type a database port number. This value is also
editable by the user when specifying properties for registered servers.
15. Issue: When a query for rolled-up managed systems was made from a remote server, the system details were not displayed.
(Reference: 360857)
Resolution: Now when a query for rolled-up managed systems is made from a remote server, the system details are available.
16. Issue: The audit log description entries for paste assignment actions did not include the source and destination node names.
(Reference: 363210)
Resolution: The audit log description entries for paste assignment actions now include the source and destination node names.
17. Issue: On the Server Settings | Repository Packages page, the setting for “Allow package check-in for any repository branch”
incorrectly displayed “Caution: When this setting is enabled, agent versions 3.6 and prior can only use DAT and Engine packages
located in branches other than ‘Current.’” (Reference: 364777)
Resolution: The Server Settings | Repository Packages page setting for “Allow package check-in for any repository branch” now
displays the following: “If Yes is selected, deployable packages can be checked into the Previous and Evaluation branches.
However, only agent version 4.0 and later can use the Previous and Evaluation branches for deployable files. Agent version 3.6.0
and earlier can only use the Current branch’s deployable packages, regardless of this setting.”
18. Issue: When importing policies from the Product Policy Import page, an error occurred if the user clicked “OK” more than once.
(Reference: 366333)
Resolution: When importing policies from the Product Policy Import page, the “OK” button can now be clicked only once.
19. Issue: The Event Generated Time (UTC) date and time fields on the Reporting | Event Log page were formatted using English
formatting rules rather than the formatting rules for the user-selected language. (Reference: 366751)
Resolution: The Event Generated Time (UTC) date and time fields on the Reporting | Event Log page are now formatted with
the user’s selected language.
20. Issue: The computer property “Is 64 bit OS” was shown as “unknown” on the Query Filters, Tag Criteria, and System Details
pages. (Reference: 369885)
Resolution: The computer property “Is 64 bit OS” now includes the end node state on the Query Filters, Tag Criteria, and
System Details pages for end nodes using McAfee Agent 4.0. This property continues to show “unknown” for end nodes running
Common Management Agents released prior to McAfee Agent 4.0.
21. Issue: The Group Sorting Criteria List on the System Tree did not remove duplicate IP range entries when it was saved.
(Reference: 374201)
Resolution: Saving the Group Sorting Criteria List on the System Tree now removes exact string matches for IP addresses and
IP ranges.
22. Issue: Step 2 of the Editing a Registered Server wizard did not allow the password to be changed. (Reference: 315318)
Resolution: Step 2 of the Editing a Registered Server wizard now allows the password to be changed.
23. Issue: Clicking the “Version” header on the Master Repository page does not sort the report by version. (Reference: 320509)
Resolution: Clicking the “Version” header on the Master Repository page now sorts the report by version.
24. Issue: When modifying a new Update Task (Systems | Schedule tab | Options), data can be entered even though the fields
appear disabled. (Reference: 335892)
Resolution: On the Systems | Schedule tab | Options page, data can no longer be entered in the disabled fields when modifying
a new Update Task.

25. Issue: When creating an Assign Policy Server Task, if the wrong type of query was chosen for the selected action, the message
read: “Task validation failure: Assign Policy validation fail.” (Reference: 355840)
Resolution: When creating an Assign Policy Server Task, now if the wrong type of query is chosen for the selected action, the
message reads: “The selected query returned a summary chart instead of a table of systems. The Assign Policy action can only
be used with queries that return a table of systems.”
26. Issue: When configuring UNC distributed repositories, the text “Replication UNC path” was incorrectly displayed. (Reference:
356957)
Resolution: Now the text “UNC path” is displayed when configuring UNC Distributed Repositories and “Replication UNC path” is
displayed when configuring HTTP Distributed Repositories.
27. Issue: The title bar on the Enforcement | Broken Inheritance page incorrectly displayed “.EPO_ENFORCE” and the entry in the
Assigned Policy column incorrectly displayed “EPO_ENFORCE_NO.” (Reference: 360904)
Resolution: # The title bar on the Enforcement | Broken Inheritance page is now based on the product’s Category ID and the
Assigned Policy column now displays “Not Enforcing.”
28. Issue: The “Schedule Pull” button was enabled for users with the permission set “View packages and repositories.” (Reference:
361017)
Resolution: The “Schedule Pull” button is now disabled for users with the permission set “View packages and repositories.”
29. Issue: On the Permission Sets | System Tree Access page, when “My Organization” was selected, the selected node was not
displayed. (Reference: 361205)
Resolution: Now when “My Organization” is selected, the top of the System Tree is displayed if the user has access to the root
level, and an indicator was added to highlight when the user does not have root level access.
30. Issue: When creating a distributed repository and a user correctly entered download credentials on the Credentials page, the
Summary page incorrectly displayed “Anonymous” as the Download user name. (Reference: 363162)
Resolution: Now when creating a distributed repository, the Summary page correctly displays the user name entered on the
Credentials page as the Download user name.
31. Issue: An Audit Log file entry was not created when the “Change Credentials” button was used to change a distributed
repository’s credentials. (Reference: 363173)
Resolution: An Audit Log file entry is now created when the “Change Credentials” button is used to change a distributed
repository’s credentials.
32. Issue: When a policy was imported, the Audit Log file incorrectly reported the status as “Failed” if a policy with same name
already existed in the Policy Catalog. (Reference: 363786)
Resolution: # The Audit Log file now correctly reports the status of importing a policy.
33. Issue: Clicking the “Back” button on the Change Credentials | Summary page generated an unexpected error. (Reference:
364833)
Resolution: The “Back” button on the Change Credentials | Summary page now works as expected.
34. Issue: If the “Refresh” button is clicked after deleting or importing a distributed repository, the following message appears:
“There was an error deleting the repository.” Reference: (365056, 365058)
Resolution: Now if you click the “Refresh” button after deleting or importing a distributed repository, control is passed to the
last page of the Delete and Import process.
35. Issue: An Audit Log file entry was not created when a Package was checked in to a distributed repository. (Reference: 368598)
Resolution: An Audit Log file entry is now created when a Package is checked in to a distributed repository.
36. Issue: When 20 or more IP address ranges were added to a Group for IP sorting, the message “Unknown error has occurred”
was displayed. (Reference: 372259)
Resolution: The field length limit was removed for adding IP address ranges to a Group for IP sorting.
37. Issue: The Agent Key Update Package sometimes failed to deploy to a system during an Update Task, causing agent-server
communications to fail. (Reference: 366793)
Resolution: The Agent Key Update Package now successfully deploys to systems during an Update Task.
38. Issue: After upgrading from ePolicy Orchestrator 3.6.1 to 4.0.0, agents sometimes failed to access the master and distributed
repositories before a change was made to the their configuration. (Reference: 367270)
Resolution: Following the Patch installation, the master and distributed repository configurations are rebuilt and sent to all
agents.

39. Issue: DAT versions could be reported in different formats in Product Properties and Product Update Events, causing compliance
queries to fail. (Reference: 369436)
Resolution: DAT versions in Product Properties and Product Update Events are now reported in the same format.
40. Issue: Updates to point product extensions are available. (Reference: 384955)
Resolution: The following point product extensions are upgraded to the following versions during the Patch installation:
McAfee Agent version 4.0.0.207
VirusScan Enterprise 8.0i version 8.0.0.182
VirusScan Enterprise 8.5 version 8.5.0.172
System Compliance Profiler version 2.0.1.189
41. Issue: An update to the ePO_Help extension is available. (Reference: 391464)
Resolution: The ePO_Help extension version 1.0.1 is included with this patch.
42. Issue: When a migration was performed and the System Tree was viewed in ePolicy Orchestrator 4.0, a domain group was
unnecessarily added. (Reference: 364337)
Resolution: his behavior is considered expected and is further documented in KB article 614430.
43. Issue: The ComputerMgmt.PushAgent command no longer works in the Shell Client. (Reference: 363575)
Resolution: # The ComputerMgmt.PushAgent command now works in the Shell Client.
44. Issue: Policy Settings Names were created by concatenating the Policy Name with additional internal information, resulting in
Policy Setting Names longer than 255 characters in length. Certain stored procedures truncated the Policy Settings Name at 255
characters, resulting in non-unique names. (Reference: 345541)
Resolution: # The Policy Settings Name length has been increased to 512 characters.
45. Issue: When attempting to create a Duplicate Policy Name from the “Edit Assignment” page, the message “Unhandled
OrionCore.handleResponse doSuccess Exception” was displayed.
Resolution: Creating a Duplicate Policy Name from the “Edit Assignment” page no longer results in an error.
46. Issue: The Server Task Log file incorrectly reported “Migration Failed(null)” when no Date Transformation Services packages
were selected for Event Migration. (Reference: 362050)
Resolution: # The Server Task Log file now reports “Event Migration (nothing done)” when no Date Transformation Services
packages were selected for Event Migration.
47. Issue: When creating an Export File Name for a long Policy Name, the maximum allowable Windows File Name Size was
exceeded, resulting in an error message, “An unexpected error occurred.” (Reference: 362066)
Resolution: When creating Export File Names, the Policy Name is truncated to 128 characters.
48. Issue: For users with limited access to the System Tree, the Purge Action deleted all records from the Events Table. (Reference:
363757)
Resolution: The Purge Action is now bound to user’s assigned permissions.
49. Issue: On the Synchronization Settings page for NT Domain or Active Directory, the Last synchronization message “(never
synchronized)” disappeared after the McAfee Agent Deployment page was configured. (Reference: 364376)
Resolution: The NT Domain or Active Directory Last synchronization message “(never synchronized)” is now displayed until
synchronized.
50. Issue: An Audit Log file entry was not created when systems were added through the “Compare and Update” synchronization
process. (Reference: 364561)
Resolution: An Audit Log file entry is now created when systems are added through the “Compare and Update” synchronization
process.
51. Issue: Users were allowed to move and copy “Agent Install” packages. (Reference: 364973)
Resolution: The Change Branch Link in the Packages table, the “Move” and “Copy” buttons on the Change Branch page, and the
Step 2 “Move” checkbox on the Check in Wizard page are now disabled for “Agent Install” packages.
52. Issue: Notification Rules migrated from 3.6.1 would incorrectly report “Defined At Path.” (Reference: 365524)
Resolution: Notification Rules migrated from 3.6.1 now correctly reports “Defined At Path.”
53. Issue: An Audit Log file entry was not created when a system was first “Detected” or “Created” after installation. (Reference:
367700)
Resolution: An Audit Log file entry is now created when a system is first “Detected” and “Created” after installation.

54. Issue: The “Show Agent Log” action did not display the system’s “Agent Log” file. (Reference: 369042)
Resolution: The “Show Agent Log” action now displays the system’s “Agent Log” file.
55. Issue: The computer property “Is Laptop” was shown as “Unknown” on the Query Filters, Tag Criteria, and System Details
pages. (Reference: 372294)
Resolution: The computer property “Is Laptop” now includes the end node state on the Query Filters, Tag Criteria, and System
Details pages for end nodes using the McAfee Agent 4.0. This property continues to show “Unknown” for end nodes running
Common Management Agents released prior to McAfee Agent 4.0.
56. Issue: The Event Log page displayed “an unknown error occurred” when the database was hosted on a non-English SQL server.
(Reference: 383081)
Resolution: The Event Log page now works as expected when the database is hosted on a non-English SQL server.
57. Issue: Many language translation and localization issues were reported. (Reference: 334120, 337902, 361331, 365155)
Resolution: Key language translation and localization issues were addressed.
58. Issue: SMTP Authentication failure generated an error message when an improper “Return address” was used. (Reference:
363956)
Resolution: The field’s label has been changed from “Return Address” to “From Address.” This more correctly identifies the From
Address field for customers.
59. Issue: Server task log allows deletion of both completed and active waiting tasks. (Reference: 364316)
Resolution: The purge function now purges only tasks that are in the following states: SUCCESSFUL, FAILED, TERMINATED, and
STOPPED.
60. Issue: Queries for dashboards fail if the default language used to access SQL is non-English. (Reference: 371826)
Resolution: SQL server now treats the string as ISO8601-compliant in time format, which provides accurate results in any
language.
61. Issue: Data exports from reporting to CSV format that include the IPV4 source or destination addresses are not being converted
correctly in the CSV export. (Reference: 374270)
Resolution: IPV4 addresses are now correctly exported in CSV formatted files.
62. Issue: When a query was exported via SMTP mail and the query name had HI-ASCII characters in it, the HI-ASCII characters
were dropped during the export in the attachment name. (Reference: 375097)
Resolution: HI-ASCII characters are now supported in attachments being sent through the email export feature. The exported
file name retains the HI-ASCII characters.
63. Issue: Server task corruption occurs in replication tasks with more than 80 individually selected SuperAgent repositories.
(Reference: 384144)
Resolution: The maximum length allowed by the SchedulerTaskAction class for command URIs has been changed from 4000 to
1073741823. This allows for a task with 1000 repositories.
64. Issue: Default server tasks that are not directly related to a plug-in are being marked as invalid (and cannot be accessed
through the user interface). (Reference: 385880)
Resolution: Server tasks are now checked to see if they are valid.
65. Issue: Connection objects were declared but never used. (Reference: 370991)
Resolution: The orphaned connection has been removed.
66. Issue: The Scheduler ran a task regardless of whether it was in a valid or invalid state. (Reference: 375327)
Resolution: Only valid tasks are allowed to be edited, viewed, run, or duplicated.
ePolicy Orchestrator 4.0 Patch 6 installation instructions
ePolicy Orchestrator 4.0 Patch 6 installation prerequisites
You must have one of the following installed prior to upgrading to ePolicy Orchestrator 4.0 Patch 6:
ePolicy Orchestrator 4.0 (build 1015)
ePolicy Orchestrator 4.0 Patch 1 (build 1083)
ePolicy Orchestrator 4.0 Patch 2 (build 1113)
ePolicy Orchestrator 4.0 Patch 3 (build 1151)
ePolicy Orchestrator 4.0 Patch 4 (build 1186 or 1221)
ePolicy Orchestrator 4.0 Patch 5 (build 1298)

You must be logged on to the ePolicy Orchestrator 4.0 server as a Local Administrator on the system.
You must know the user name and password for at least one Global Administrator that is valid for the ePolicy Orchestrator 4.0
server you are trying to upgrade.
The ePolicy Orchestrator and SQL Server services must be running during this upgrade (expect when the automated upgrade
stops and starts your ePO services).
Before installing ePolicy Orchestrator 4.0 Patch 6
1. Back up your ePolicy Orchestrator server and ePolicy Orchestrator database before upgrading to ePolicy Orchestrator 4.0 Patch 6.
For more information, see KB article KB51438.
2. Be sure that there are no repository pulls or replications tasks currently running or scheduled to run during the installation.
Note: If the master repository is locked, package check-ins fail, causing the installation to fail and roll back.
3. Warn other ePolicy Orchestrator users that during the installation process they might see changing content or be logged out of
their current ePolicy Orchestrator console session.
Installing ePolicy Orchestrator 4.0 Patch 6
1. Copy the upgrade installation zip file to a temporary directory.
2. Extract the contents of the zip file into the temporary directory.
3. In the extracted files, run Setup.exe.
4. Click Next.
5. Type the ePolicy Orchestrator credentials for a global administrator.
Note: McAfee recommends you use an existing global administrator with a simple password when installing this Patch. If the
user is not a global administrator or the password includes characters other than those listed in the official character set (see
Known Issues above) the installation will fail.
6. Click Next.
7. Choose the port for the Event Parser-to-Application Server communication, then click Next.
Note: This step is required when installing over ePolicy Orchestrator 4.0 RTW only, not when installing over Patches.
8. Choose the port for the Sensor-to-Server communications, then click Next.
Note: If prompted for a port for the Sensor-to-Server, you must specify an unused port, then click Next.
9. The automated installation process starts.
10. When the installation is complete, click Finish.
11. Manually determine if any extension upgrades failed, because individual extension upgrade failures do not cause the ePolicy
Orchestrator 4.0 Patch 6 installation to fail. A record of the failed extension check-ins can be found in
%TEMP%\NAILogs\EPO400-Checkin-Falure.log file. Any failed extensions can be checked in again through the management
console after the Patch installation is complete.
Clustered Server ePolicy Orchestrator 4.0 Patch 6 installation instructions
Note: Cluster installation is not currently supported on Windows 2008 Server.
ePolicy Orchestrator software provides high availability for server clusters with Microsoft Cluster Server (MSCS) software.
Removing the Generic Service resources
1. In Cluster Administrator, take the ePolicy Orchestrator service resources offline by right-clicking each resource and selecting Take
Offline.
McAfee ePolicy Orchestrator 4.0.0 Server.
McAfee ePolicy Orchestrator 4.0.0 Application Server.
McAfee ePolicy Orchestrator 4.0.0 Event Parser.
2. Delete the ePolicy Orchestrator service resources by right-clicking each resource and selecting Delete.
CAUTION: Do not remove the Data Drive, ePolicy Orchestrator IP Address, or ePolicy Orchestrator Network Name resources;
they are required to install the Patch successfully.
Installing ePolicy Orchestrator 4.0 Patch 6 on each node
Run the ePolicy Orchestrator Patch 6 setup on each node. McAfee strongly recommends that you install the Patch on one node at a
time, and that all other nodes are shut down.
1. Make sure the following services are running in the Service Control Manager: (If they are not running, start them manually.)
McAfee ePolicy Orchestrator 4.0.0 Application Server service
McAfee ePolicy Orchestrator 4.0.0 Event Parser service
McAfee ePolicy Orchestrator 4.0.0 Server service.
2. In the Patch 6 installation folder, run Setup.exe.
3. Complete the installation wizard until the installation is complete on the node.
Note: Upgrading from ePolicy Orchestrator 4.0: When installing on the first node of the cluster, you are prompted for the
Event Parser-to-Application Server and Sensor-to-Server ports. You must specify unused ports.

Note: Upgrading from ePolicy Orchestrator 4.0 Patch 1: When installing on the first node of the cluster, you are prompted
for the Sensor-to-Server port. You must specify an unused port.
4. Shut down the node.
5. Bring up the next node and repeat these tasks.
Creating the Generic Service resources
1. Ensure that the three McAfee services listed below are set to Manual and not Automatic in the Service Control Manager.
2. Add Generic Service resources in the following order:
McAfee ePolicy Orchestrator 4.0.0 Server
McAfee ePolicy Orchestrator 4.0.0 Application Server
McAfee ePolicy Orchestrator 4.0.0 Event Parser
3. In the Cluster Administrator, right-click the ePO group, then select New | Resource. The New Resource dialog box appears.
4. Type the Name and Description of the resource. For example, ePO 4.0 Server.
5. From the Resource type drop-down list, select Generic Service.
6. Ensure ePO is the selected group, then click Next.
7. In the Possible Owners dialog box, identify the owners of the resource. Select the desired node, then click Add.
8. Repeat until all owners are added, then click Next.
9. In the Dependencies dialog box, type the dependency specific to each service.
Service “McAfee ePolicy Orchestrator 4.0.0 Application Server” depends on “McAfee ePolicy Orchestrator 4.0.0 Server”
Service “McAfee ePolicy Orchestrator 4.0.0 Event Parser” depends on “McAfee ePolicy Orchestrator 4.0.0 Application
Server”
10. For each of the following services, type the Service Name, leave the Start Parameters field blank, then click Finish.
Service “Server” Service Name “MCAFEEAPACHESRV”
Service “Application Server” Service Name “MCAFEETOMCATSRV”
Service “Event Parser” Service Name “MCAFEEEVENTPARSERSRV”
Testing ePolicy Orchestrator 4.0 clustered server installation
When the ePolicy Orchestrator cluster is set up, test its functionality by bringing the ePO group online.
1. Turn on all nodes.
2. Select the ePO group, and select Bring online.
3. Right-click any of the resources for the ePO group, then select Initiate Failure. A series of messages reports the progress of the
failure of the resource and its restoration.
4. Check that you can restart the Cluster Service on the Active Node, which causes the Passive Node to become the Active Node
and the new owner of the resources.
Finding release notes and documentation for McAfee enterprise products
1. Go to https://mysupport.mcafee.com and select Read Product Documentation under Self Service.
2. Select | and select the required document from the list of documents.
License attributions
This product includes or may include:
Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). | Cryptographic software written
by Eric A. Young and software written by Tim J. Hudson | Some software programs that are licensed (or sublicensed) to the user under
the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify
and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software
covered under the GPL, which is distributed to someone in an executable binary format, that the source code also be made available to
those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses
require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this
agreement, then such rights shall take precedence over the rights and restrictions herein. * Software originally written by Henry
Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer. | Software originally written by Robert Nordier, Copyright © 1996-7 Robert
Nordier. | Software written by Douglas W. Sauder. | Software developed by the Apache Software Foundation (http://www.apache.org/).
A copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt. | International
Components for Unicode ("ICU") Copyright © 1995-2002 International Business Machines Corporation and others. | Software developed
by CrystalClear Software, Inc., Copyright © 2000 CrystalClear Software, Inc. | FEAD® Optimizer® technology, Copyright Netopsystems
AG, Berlin, Germany. | Outside In® Viewer Technology © 1992-2001 Stellent Chicago, Inc. and/or Outside In® HTML Export, © 2001
Stellent Chicago, Inc. | Software copyrighted by Thai Open Source Software Center Ltd. and Clark Cooper, © 1998, 1999, 2000. |
Software copyrighted by Expat maintainers. | Software copyrighted by The Regents of the University of California, © 1996, 1989, 1998-
2000. | Software copyrighted by Gunnar Ritter. | Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
California 95054, U.S.A., © 2003. | Software copyrighted by Gisle Aas. © 1995-2003. | Software copyrighted by Michael A. Chase, ©
1999-2000. * Software copyrighted by Neil Winton, © 1995-1996. | Software copyrighted by RSA Data Security, Inc., © 1990-1992. |
Software copyrighted by Sean M. Burke, © 1999, 2000. | Software copyrighted by Martijn Koster, © 1995. | Software copyrighted by
Brad Appleton, © 1996-1999. | Software copyrighted by Michael G. Schwern, © 2001. | Software copyrighted by Graham Barr, © 1998.
| Software copyrighted by Larry Wall and Clark Cooper, © 1998-2000. | Software copyrighted by Frodo Looijaard, © 1997. | Software
copyrighted by the Python Software Foundation, Copyright © 2001, 2002, 2003. A copy of the license agreement for this software can
be found at www.python.org. | Software copyrighted by Beman Dawes, © 1994-1999, 2002. | Software written by Andrew Lumsdaine,
Lie-Quan Lee, Jeremy G. Siek © 1997-2000 University of Notre Dame. | Software copyrighted by Simone Bordet & Marco Cravero, ©
2002. | Software copyrighted by Stephen Purcell, © 2001. | Software developed by the Indiana University Extreme! Lab
(http://www.extreme.indiana.edu/). | Software copyrighted by International Business Machines Corporation and others, © 1995-2003. |

Software developed by the University of California, Berkeley and its contributors. | Software developed by Ralf S. Engelschall
for use in the mod_ssl project (http:// www.modssl.org/). | Software copyrighted by Kevlin Henney, © 2000-
2002. | Software copyrighted by Peter Dimov and Multi Media Ltd. © 2001, 2002. | Software copyrighted by David Abrahams, © 2001,
2002. See http://www.boost.org/libs/bind/bind.html for documentation. | Software copyrighted by Steve Cleary, Beman Dawes, Howard
Hinnant & John Maddock, © 2000. | Software copyrighted by Boost.org, © 1999-2002. | Software copyrighted by Nicolai M. Josuttis,
©1999. | Software copyrighted by Jeremy Siek, © 1999-2001. | Software copyrighted by Daryle Walker, © 2001. | Software
copyrighted by Chuck Allison and Jeremy Siek, © 2001, 2002. | Software copyrighted by Samuel Krempp, © 2001. See
http://www.boost.org for updates, documentation, and revision history. | Software copyrighted by Doug Gregor (gregod@cs.rpi.edu), ©
2001, 2002. | Software copyrighted by Cadenza New Zealand Ltd., © 2000. | Software copyrighted by Jens Maurer, © 2000, 2001. |
Software copyrighted by Jaakko Järvi (jaakko.jarvi@cs.utu.fi), © 1999, 2000. | Software copyrighted by Ronald Garcia, © 2002. |
Software copyrighted by David Abrahams, Jeremy Siek, and Daryle Walker, © 1999-2001. | Software copyrighted by Stephen Cleary
(shammah@voyager.net), © 2000. | Software copyrighted by Housemarque Oy , © 2001. | Software
copyrighted by Paul Moore, © 1999. | Software copyrighted by Dr. John Maddock, © 1998-2002. | Software copyrighted by Greg Colvin
and Beman Dawes, © 1998, 1999. | Software copyrighted by Peter Dimov, © 2001, 2002. | Software copyrighted by Jeremy Siek and
John R. Bandela, © 2001. | Software copyrighted by Joerg Walter and Mathias Koch, © 2000-2002. | Software copyrighted by Carnegie
Mellon University © 1989, 1991, 1992. | Software copyrighted by Cambridge Broadband Ltd., © 2001-2003. | Software copyrighted by
Sparta, Inc., © 2003-2004. | Software copyrighted by Cisco, Inc and Information Network Center of Beijing University of Posts and
Telecommunications, © 2004. | Software copyrighted by Simon Josefsson, © 2003. | Software copyrighted by Thomas Jacob, © 2003-
2004. | Software copyrighted by Advanced Software Engineering Limited, © 2004. | Software copyrighted by Todd C. Miller, © 1998. |
Software copyrighted by The Regents of the University of California, © 1990, 1993, with code derived from software contributed to
Berkeley by Chris Torek.
COPYRIGHT
Copyright © 2009 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in
any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FLASHBOX, FOUNDSTONE, GROUPSHIELD, HERCULES, INTRUSHIELD, INTRUSION
INTELLIGENCE, LINUXSHIELD, MANAGED MAIL PROTECTION, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, MCAFEE.COM,
NETSHIELD, PORTALSHIELD, PREVENTSYS, PROTECTION-IN-DEPTH STRATEGY, PROTECTIONPILOT, SECURE MESSAGING SERVICE,
SECURITYALLIANCE, SITEADVISOR, THREATSCAN, TOTAL PROTECTION, VIREX, VIRUSSCAN, WEBSHIELD are registered trademarks or
trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of
McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED,
WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW
WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE
ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE
PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED
THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE
SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.