Question About Mcafee Virus Scan Enterprise Buffer Overflow Protection

Hi

A week ago i was having this problem where my windows media player wouldnt work no more, from the excellent help i received from Bubba it was deemed a .dll from mcaffe VSE was stopping it from working.

Here is the topic
https://www.wilderssecurity.com/showthread.php?t=52950

So i uninstalled Mcafee VE and my WMP now worked perfectly, i reinstalled mcafee and my windows media player again stopped working so i fiddled about with mcafee and i found it was the buffer overflow protection that was causing the problem as when its disabled WMP works perfectly.

This fact has got me rather concerned as reading about buffer overflow protection it says it stops exploited programs from starting. Does that mean my WMP has become exploited. And if so what does that mean and should i do about it.

Thanks for your help

 

Here the solution:

[MOVE]
Patch 5 for McAfee VirusScan Enterprise 8.0i


[/MOVE] Solution ID: KB38717
Last Modified: 07 Oct 2004

The patch listed above can be downloaded directly without contacting Technical Support. It is located at the following location: https://mysupport.nai.com/ You must be registered with Prime Support Service Portal and have a valid Grant number for this product to access the patch. If you do not have a valid Grant number, please contact Customer Service at 800-338-8754 As of the time of this posting, this patch was the latest patch available for the product and issues listed above. If this patch is no longer present, please check for a newer version.

Goal and/or Problem Description
Patch 5 for McAfee VirusScan Enterprise 8.0i
VSE80P05
List boxes and Message boxes in .NET applications do not display any content
Toolbar icons in some applications display as black boxes.
Web Inspector crashes
Windows Media Player stops responding

Problem Environment
McAfee VirusScan Enterprise 8.0i

Changes affecting this Problem
Change information is not available for this solution

Cause of this Problem
Cause information is not available for this solution


Solution 1:
Patch Release: 7 October 2004
This release was developed and tested with:
- VirusScan Enterprise:8.0i
- DAT Version: 4396, 29 September 2004
- Engine Version: 4.3.20
PURPOSE
This release replaces files for the Buffer Overflow feature that caused various symptoms in third-party applications, as listed in "Resolved Issues" below.

RESOLVED ISSUES
1. ISSUE:
List boxes and Message boxes in .NET applications do not display any content.
RESOLUTION:
List boxes and Message boxes now display content as expected.
2. ISSUE:
Toolbar icons in some applications, including IBM WebSphere Studio, display as black boxes.
RESOLUTION:
Toolbar icons now display as expected.
3. ISSUE:
Web Inspector from Zixcorp would encounter an error upon initializing, usually seen at logon.
RESOLUTION:
Web Inspector loads without issue.
4. ISSUE:
Windows Media Player 10 could stop responding after you select the option to listen to a "Radio" stream, then select the "Music" tab.
RESOLUTION:
Windows Media Player 10 operates correctly without interruption when you change from the "Radio" to "Music" tab, and vice versa.
NOTE:
Once the Patch is applied a reboot may be required to resolve this issue.

This release consists of a package called VSE80P05.ZIP, which contains the following files:
VSE80P05.EXE =
Installer for the updated files
PATCH05.TXT =
This text file.
PKGCATALOG.Z =
Package catalog file
VSE800DET.MCS =
VirusScan Enterprise detection script
PACKING.LST =
Packing list


Have fun!


Ciao,

Smokey

 

You can set exclusions.

 

Is correct, but that will only be a temporary solution, apply the patch and all problems are gone...


Ciao,

Smokey

 

Anybody knows if these patches are cumulative? For example if i will install patch 9 will it also apply the changes made by patch 6?

 

Most Home users apply any relevant security patches in the order that they are released. However, these McAfee patches are not that straightforward in that;

1. Some do replace previous patches;

2. Some include issues from earlier patches.

3. Some are very specific fixes.

4. Although classified as patches, some of these are really hot-fixes.

So no, the latest individual patches do not include all/some of the changes from earlier patches. You will have to install more than one patch.

If you are talking about a standalone Home machine, I would take a look here http://forums.mcafeehelp.com/viewforum.php?f=27 and see whether your computer needs the patch/fix depending upon whether it seems a critical or non-critical remedy.

However, the new scanning engine, 4440, is definitely worth downloading; http://www.dslreports.com/forum/remark,11785113~mode=flat

 

Apply only patches 4,7,8 and 9 and all (necessary) changes are made.


Ciao,

Smokey

 

Smokey,

I know that Patch 7 now replaces Patch 1 and Patch 9 now replaces Patch 5, so leaving as you say Patches 4, 7, 8 & 9 as the recommended fixes.

But looking at your security spec, with v8.0i now as your main AV, have you installed all these patches on your Home computer?

 

I have more systems then just one, I'm running VirusScan Enterprise now on several machines, one with Windows2003 Server and two with XP Professional.

For using VS 8.0i smoothly the mentioned fixes above are all strongly recommended!

I know there are lots of people who have only used just one or two of the patches, but IMO that's not the right decision, 'cause a good functionating AV is very, very important like we all should know.


Ciao,

Smokey

 

Hi can i ask does anyone have any suggestions on what i can do as i got my MVSE 8 free from my university as im a student, but for some reason they wont give me their grant number to install the updates. So what do i do

Thanks

 

At the present time, the updater within V.8.0i only updates the DATs and not the Patches or the engine upgrades.

Therefore, for now;

All the present patches are still live in this thread; https://www.wilderssecurity.com/showthread.php?t=52080
While the URL for the new engine was given here; http://www.dslreports.com/forum/remark,11785113~mode=flat

For future patch and engine upgrades, your University will deal with this for you.

Campus computers, permanently on the network will be automatically updated. For 'Home' use, since you obtained a copy of the program from your University, there should be information on the same internal web-site giving you precise instructions on how to both use and update the AV solution they have decided to use.

Obviously they will not give you the Corporate grant code but they will have alternatives to obtain the necessary downloads for legitimate copies of the program. In most cases they provide their bona fida students with a particular internal code whereby they can obtain both the software and the updates.

In my experience, most Universities here in the UK try and provide security-interested students with as much help as possible and this includes a particular internal web-site offering the use of 'free' AV software. In general, at these sites, there are very precise instructions on how to install the software, the best settings to use and how to obtain updates to the program.

Since, unlike most students, you appear to be concerned about your computer's security, ask around within your Department or check your particular University's web-site. They will have the answer.

Or keep looking here at Wilders

 

Thanks for your help, but i cant get the link for the new scanning engine to work, do you have another.

 

The previous link over at DSLR is still working as I have just tested the link now with FireFox.

Here at home, I have no alternative link to the upgrade engine.

 

This link should be fine:

http://a64.g.akamai.net/7/64/2015/2004-11-03-6-12-53-300/download.nai.com/products/licensed/superdat/engine/intel/4400/4400eng.exe


Ciao,

Smokey

 

works like a charm

 

My copy of VirusScan Enterprise v8.0i provided by my uni installs with patch 1 applied by default. Do I need to remove patch one in order to use its replacement patch 7? At the moment I have applied patch 4, 5, 7, 8, 9 meaning that i have all of the patches available. I installed patch 5 by accident! Wasn't going to, going on your post above. Looked around the McAfee forums and found no instructions on how to remove a patch from current install.

Is having all the patches doing more harm than good? I personally dont see a problem, but I am no expert.

Thanks.
JLAMY

 

If the patch is available it should be ok to use, or else why was it released?
if you go to program files/network associates/antivirus and you will find the installed patches listed by numbers.
bigc

 

Thanks. I go to C:\Program Files\Network Associates\VirusScan and only see 3 folders named PreVSE80004, PreVSE80008, PreVSE80009 when clearly I have all the others installled as well, as confirmed in the "About VirusScan Enterprise" box. Am I missing something? I'm not really bothered, as long as the patches are running OK.

 

as long as it is working I wouldnt worry about it. The other patches could be utilized differently and are in a different folder on your comp.

 

Yeah seems to be running good, altho I have not tested with EICAR, or any other virus yet! Maybe I should test just to make sure. I had the VS Professional v7.03.6000 before, and in comparison, the v8.0i runs slicker, uses less memory, less processes, and the AV monitor doesn't shutdown and restart when applying DAT updates. I'm quite happy with it! Pitty it's only 2nd to Kaspersky in terms of detection though.