Question About Mcafee Virus Scan Enterprise Buffer Overflow Protection

Discussion in 'other anti-virus software' started by AnthonyG, Nov 6, 2004.

Thread Status:
Not open for further replies.
  1. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    Hi

    A week ago i was having this problem where my windows media player wouldnt work no more, from the excellent help i received from Bubba it was deemed a .dll from mcaffe VSE was stopping it from working.

    Here is the topic
    https://www.wilderssecurity.com/showthread.php?t=52950

    So i uninstalled Mcafee VE and my WMP now worked perfectly, i reinstalled mcafee and my windows media player again stopped working so i fiddled about with mcafee and i found it was the buffer overflow protection that was causing the problem as when its disabled WMP works perfectly.

    This fact has got me rather concerned as reading about buffer overflow protection it says it stops exploited programs from starting. Does that mean my WMP has become exploited. And if so what does that mean and should i do about it.

    Thanks for your help
     
  2. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Here the solution:

    [MOVE]
    Patch 5 for McAfee VirusScan Enterprise 8.0i


    [/MOVE]
    Solution ID: KB38717
    Last Modified: 07 Oct 2004

    The patch listed above can be downloaded directly without contacting Technical Support. It is located at the following location: https://mysupport.nai.com/ You must be registered with Prime Support Service Portal and have a valid Grant number for this product to access the patch. If you do not have a valid Grant number, please contact Customer Service at 800-338-8754 As of the time of this posting, this patch was the latest patch available for the product and issues listed above. If this patch is no longer present, please check for a newer version.

    Goal and/or Problem Description
    Patch 5 for McAfee VirusScan Enterprise 8.0i
    VSE80P05
    List boxes and Message boxes in .NET applications do not display any content
    Toolbar icons in some applications display as black boxes.
    Web Inspector crashes
    Windows Media Player stops responding

    Problem Environment
    McAfee VirusScan Enterprise 8.0i

    Changes affecting this Problem
    Change information is not available for this solution

    Cause of this Problem
    Cause information is not available for this solution


    Solution 1:
    Patch Release: 7 October 2004
    This release was developed and tested with:
    - VirusScan Enterprise:8.0i
    - DAT Version: 4396, 29 September 2004
    - Engine Version: 4.3.20
    PURPOSE
    This release replaces files for the Buffer Overflow feature that caused various symptoms in third-party applications, as listed in "Resolved Issues" below.

    RESOLVED ISSUES
    1. ISSUE:
    List boxes and Message boxes in .NET applications do not display any content.
    RESOLUTION:
    List boxes and Message boxes now display content as expected.
    2. ISSUE:
    Toolbar icons in some applications, including IBM WebSphere Studio, display as black boxes.
    RESOLUTION:
    Toolbar icons now display as expected.
    3. ISSUE:
    Web Inspector from Zixcorp would encounter an error upon initializing, usually seen at logon.
    RESOLUTION:
    Web Inspector loads without issue.
    4. ISSUE:
    Windows Media Player 10 could stop responding after you select the option to listen to a "Radio" stream, then select the "Music" tab.
    RESOLUTION:
    Windows Media Player 10 operates correctly without interruption when you change from the "Radio" to "Music" tab, and vice versa.
    NOTE:
    Once the Patch is applied a reboot may be required to resolve this issue.

    This release consists of a package called VSE80P05.ZIP, which contains the following files:
    VSE80P05.EXE =
    Installer for the updated files
    PATCH05.TXT =
    This text file.
    PKGCATALOG.Z =
    Package catalog file
    VSE800DET.MCS =
    VirusScan Enterprise detection script
    PACKING.LST =
    Packing list


    Have fun!


    Ciao,

    Smokey
     
  3. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    You can set exclusions.
     
  4. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Is correct, but that will only be a temporary solution, apply the patch and all problems are gone...;)


    Ciao,

    Smokey
     
  5. infini

    infini Registered Member

    Joined:
    Oct 11, 2002
    Posts:
    110
    Anybody knows if these patches are cumulative? For example if i will install patch 9 will it also apply the changes made by patch 6?
     
  6. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Most Home users apply any relevant security patches in the order that they are released. However, these McAfee patches are not that straightforward in that;

    1. Some do replace previous patches;

    2. Some include issues from earlier patches.

    3. Some are very specific fixes.

    4. Although classified as patches, some of these are really hot-fixes.
    So no, the latest individual patches do not include all/some of the changes from earlier patches. You will have to install more than one patch.

    If you are talking about a standalone Home machine, I would take a look here http://forums.mcafeehelp.com/viewforum.php?f=27 and see whether your computer needs the patch/fix depending upon whether it seems a critical or non-critical remedy.

    However, the new scanning engine, 4440, is definitely worth downloading; http://www.dslreports.com/forum/remark,11785113~mode=flat
     
    Last edited: Nov 7, 2004
  7. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Apply only patches 4,7,8 and 9 and all (necessary) changes are made.


    Ciao,

    Smokey
     
  8. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Smokey,

    I know that Patch 7 now replaces Patch 1 and Patch 9 now replaces Patch 5, so leaving as you say Patches 4, 7, 8 & 9 as the recommended fixes.

    But looking at your security spec, with v8.0i now as your main AV, have you installed all these patches on your Home computer?
     
  9. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    I have more systems then just one, I'm running VirusScan Enterprise now on several machines, one with Windows2003 Server and two with XP Professional.

    For using VS 8.0i smoothly the mentioned fixes above are all strongly recommended!

    I know there are lots of people who have only used just one or two of the patches, but IMO that's not the right decision, 'cause a good functionating AV is very, very important like we all should know.


    Ciao,

    Smokey
     
  10. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    Hi can i ask does anyone have any suggestions on what i can do as i got my MVSE 8 free from my university as im a student, but for some reason they wont give me their grant number to install the updates. So what do i do

    Thanks
     
  11. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    At the present time, the updater within V.8.0i only updates the DATs and not the Patches or the engine upgrades.

    Therefore, for now;

    All the present patches are still live in this thread; https://www.wilderssecurity.com/showthread.php?t=52080
    While the URL for the new engine was given here; http://www.dslreports.com/forum/remark,11785113~mode=flat

    For future patch and engine upgrades, your University will deal with this for you.

    Campus computers, permanently on the network will be automatically updated. For 'Home' use, since you obtained a copy of the program from your University, there should be information on the same internal web-site giving you precise instructions on how to both use and update the AV solution they have decided to use.

    Obviously they will not give you the Corporate grant code but they will have alternatives to obtain the necessary downloads for legitimate copies of the program. In most cases they provide their bona fida students with a particular internal code whereby they can obtain both the software and the updates.

    In my experience, most Universities here in the UK try and provide security-interested students with as much help as possible and this includes a particular internal web-site offering the use of 'free' AV software. In general, at these sites, there are very precise instructions on how to install the software, the best settings to use and how to obtain updates to the program.

    Since, unlike most students, you appear to be concerned about your computer's security, ask around within your Department or check your particular University's web-site. They will have the answer.

    Or keep looking here at Wilders ;)
     
  12. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    Thanks for your help, but i cant get the link for the new scanning engine to work, do you have another.
     
  13. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    The previous link over at DSLR is still working as I have just tested the link now with FireFox.

    Here at home, I have no alternative link to the upgrade engine.
     
  14. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
  15. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    works like a charm
     

    Attached Files:

  16. JLamy

    JLamy Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    35
    My copy of VirusScan Enterprise v8.0i provided by my uni installs with patch 1 applied by default. Do I need to remove patch one in order to use its replacement patch 7? At the moment I have applied patch 4, 5, 7, 8, 9 meaning that i have all of the patches available. I installed patch 5 by accident! Wasn't going to, going on your post above. Looked around the McAfee forums and found no instructions on how to remove a patch from current install.

    Is having all the patches doing more harm than good? I personally dont see a problem, but I am no expert.

    Thanks.
    JLAMY
     

    Attached Files:

    Last edited: Nov 16, 2004
  17. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    If the patch is available it should be ok to use, or else why was it released?
    if you go to program files/network associates/antivirus and you will find the installed patches listed by numbers.
    bigc
     
  18. JLamy

    JLamy Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    35
    Thanks. I go to C:\Program Files\Network Associates\VirusScan and only see 3 folders named PreVSE80004, PreVSE80008, PreVSE80009 when clearly I have all the others installled as well, as confirmed in the "About VirusScan Enterprise" box. Am I missing something? I'm not really bothered, as long as the patches are running OK.
     
  19. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    as long as it is working I wouldnt worry about it. The other patches could be utilized differently and are in a different folder on your comp.
     
  20. JLamy

    JLamy Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    35
    Yeah seems to be running good, altho I have not tested with EICAR, or any other virus yet! Maybe I should test just to make sure. I had the VS Professional v7.03.6000 before, and in comparison, the v8.0i runs slicker, uses less memory, less processes, and the AV monitor doesn't shutdown and restart when applying DAT updates. I'm quite happy with it! :D Pitty it's only 2nd to Kaspersky in terms of detection though.
     
Loading...
Thread Status:
Not open for further replies.