| MOVE AV Multi-Platform 4.x (resolved or under Investigation) |
| Reference Number |
Related
Article |
Found
In |
Fixed
In |
Issue Description |
| MOVE-2421 |
- |
- |
4.8.1
Update 1 |
[Feature] Provide zero-day platform support.support for Windows 10 version 2004 (also known as 20H1). |
| MOVE-288 |
- |
- |
4.8.1 |
Issue: [Extension] MOVE AntiVirus Agentless does not reflect the correct ePO policies in the NSX Manager policy configuration page. |
| MOVE-324 |
- |
- |
4.8.1 |
Issue: [Extension] The SVM OVF template is not visible on ePO while deploying to SVM systems. |
| MOVE-257 |
- |
- |
4.8.1 |
Issue: [Extension] The password to validate credentials for authentication to NSX Manager is limited to 16 characters. |
| MOVE-321 |
- |
- |
4.8.1 |
Issue: [SVM, SVM Manager, client systems]
The Virtual Desktop Infrastructure (VDI) enters into a hung state in the client environment, because of high CPU on the SVM. |
| MOVE-334 |
KB92293 |
4.8.0 |
4.8.1 |
Issue: [SVM] The mvserver.exe process reports high CPU utilization after you upgrade to MOVE AntiVirus 4.8.0. |
| MOVE-190 |
KB92297 |
4.8.0 |
4.8.1 |
Issue: Antivirus Multi-Platform service restarts unexpectedly multiple times a day after an upgrade to MOVE AV Multi-Platform 4.8.0. |
| MOVE-355 |
- |
- |
4.8.1 |
Issue: [Client systems] Endpoint systems become unresponsive. |
| MOVE-207 |
- |
- |
4.8.1 |
Issue: [SVM] Performance issues experienced by MOVE AV Multi-Platform after you upgrade Endpoint Security Threat Prevention. |
| MOVE-2367 |
- |
- |
4.8.1 |
Issue: [Client systems] MOVE MP AntiVirus 4.8.1 provides zero-day platform support for Windows 10 November 2019 update. |
| MOVE-349 |
- |
- |
4.8.1 |
Issue: [SVM Manager] IP filtering does not initialize without the following option selected:
"Assign SVM if no rule is defined above" |
| - |
KB91641 |
- |
4.8.1 |
Issue: Performance issues experienced by MOVE AV Multi-Platform after you upgrade Endpoint Security Threat Prevention |
| MOVE-2389 |
- |
4.8.1 |
- |
Issue: RAM Disk creation fails after you install MOVE MP 4.8.1 without a reboot.
Resolution: Restart the SVM after installation. The RAMDisk software installs its own driver and requires a system restart after installation. |
| MOVE-2369 |
- |
4.8.1 |
- |
Issue: ENS firewall module fails to install when MOVE MP client is installed.
Resolution: Installation of ENS after a MOVE client installation is not supported. The ENS platform and the MOVE client are seen as conflicting products. In the error logs, you see the message:
McAfee_Common_Bootstrapper_xxx |
| 1237844 |
- |
4.7.0 |
4.8.0 |
Issue: Event ID '37011' does not exist in ePO 'Event Filtering'. |
| 1235548 |
- |
4.7.0 |
4.8.1 |
Issue: IP address assignment rule does not assign until the Assign SVM if no rule is defined for the above client checkbox is selected. |
| MOVE-2557 |
KB93772 |
4.9.0 |
- |
Issue: The On-demand scan summary shows scan running even when scan is stopped. |
| MOVE-2583 |
KB93786 |
4.9.0 |
- |
Issue: Intermittent communication issue observed with SVMs to SVM Manager when ESVM feature is enabled. Resolution: See Related Article for details. |
| MOVE-2587 |
- |
4.9.0 |
- |
Issue: Upgrade of MOVE client via Time to Value (TTV) fails on the first attempt in the following operating systems:
- Microsoft Windows 2008 R2
- Microsoft Windows 2016 Core
Workaround: Try to deploy the client via TTV on the same system a second time. |
| 1232177 |
- |
4.7.0 |
- |
Issue: The MOVE AntiVirus:Policy collection task is triggered even after you disable the Policy Collector. When the task is triggered, the Server Task Log records failed. |
| 1219750 |
KB90114 |
- |
- |
Issue: IP Rule Assignments fail when an Enter keystroke is used rather than a comma (,) to separate multiple IP addresses. The Enter keystroke is handled properly via the front-end user interface. But, it is not properly parsed when received as a policy in SVM Manager.
The SVM Manager expects the IP-Based Rules to use a comma to separate multiple IP addresses. If the SVA Manager receives IP-Based Rules with an Enter keystroke, the SVM Manager fails to parse the rule and so fails to form any IP-mapping filter. This failure results in an IP-based communication failure.
Workaround: Edit the applied SVM Manager setting policy. Then look to see if any rule has an entry where the Enter keystroke was used instead of a comma. Any rules found with the Enter keystroke must be deleted and added back to the policy with a comma to separate. |
| 1223246 |
- |
4.6.0.396 |
4.7.0 |
Issue: The default OAS policy of MOVE AntiVirus Multi-Platform 4.6 has a process pass through value as blank, which logs the error ERROR: svc_policies.c: 1053: Failed to send oas process passthrough cmd. err: 22 while applying the policy.
Resolution: Install MOVE AntiVirus Multi-Platform 4.7.0. |
| 1214171 |
- |
- |
4.6.0.396 |
Issue: Scan timeout and engine initialization failures.
Resolution: Download and install MOVE AntiVirus Multi-Platform 4.6.0 Hotfix 1214063. |
| 1214063 |
- |
- |
4.6.0.396 |
Issue: Can't add any more process exclusions to OnAccess Policy in ePO5.9 MOVE Extension 4.6.
Resolution: Download and install MOVE AntiVirus Multi-Platform 4.6.0 Hotfix 1214063. |
1212961
1210593 |
- |
- |
4.6.0.396 |
Issue: The mvagent.log file increases in size because of the MOVE client service closes unexpectedly.
Resolution: Download and install MOVE AntiVirus Multi-Platform 4.6.0 Hotfix 1214063. |
| 1207865 |
- |
- |
4.6.0.396 |
Issue: Sensitive password information disclosure on MOVE AntiVirus Deployment page.
Resolution: Download and install MOVE AntiVirus Multi-Platform 4.6.0 Hotfix 1214063. |
| 1206621 |
- |
- |
4.6.0.396 |
Issue: Recovery settings for mvagtsvc all set to 'Take No Action' when upgrade from MOVE v3.6.1 to v4.0 and or v4.5.
Resolution: Download and install MOVE AntiVirus Multi-Platform 4.6.0 Hotfix 1214063. |
| 1204766 |
- |
- |
4.6.0.396 |
Issue: Improper FQDN validation regex for SVM server address and Broker address field in Options Policy.
Resolution: Download and install MOVE AntiVirus Multi-Platform 4.6.0 Hotfix 1214063. |
| 1204071 |
- |
- |
- |
Issue: Option policy is not updated with the correct IP address of the MOVE AV Multi-Platform 4.6 SVA Manager. Issue seen during an upgrade from 4.0 to 4.6.
Workaround: After you upgrade the MOVE AV Multi-Platform SVA Manager from 4.0 to 4.6, update the Option policy with the new IP address of the deployed MOVE AV Multi-Platform 4.6 SVA Manager. (Get the IP address of the MOVE AV Multi-Platform 4.6 SVM Manager from the ePO System Tree after it is deployed and has communicated successfully with ePO.) |
| 1204061 |
- |
- |
- |
Issue: Alert for the MOVE 4.6.0 Metapackage is not displayed in SDM.
Workaround: Navigate to Software Manager in ePO, check for MOVE AntiVirus 4.6 under Endpoint Security and check in single Metapackage. |
| 1203596 |
- |
4.6.0 |
- |
Issue: The message Failed to connect to the McAfee MOVE AV Client Service (mvagtsvc): Service is not running occurs in larger environments where SVMs are deployed with VSE 8.8 Update 6 and above.
Workaround: Reboot the SVM. It resolves the issue. |
| 1202639 |
- |
4.6.0 |
- |
Issue: SVMs in a Ready, or Running state, might switch to a Stand by state. Seen when an SVM package upgrade is in progress and the Auto Scale feature is enabled.
Workaround: Disable the Auto Scale feature in the SVM Manager settings policy before you run an SVM package upgrade. |
| 1202130 |
- |
4.6.0 |
- |
Issue: MOVE AV Multi-Platform 4.6 deployment might fail in large environments where VSE 8.8 Update 6 or above is installed, because of EICAR test failure.
Workaround: Configure an exclusion for the MOVE service in the VSE 8.8 Low Risk Process Exclusion policy and apply to the affected SVMs.
- Log on to the ePO console.
- Navigate to Menu, Policy, Policy Catalog.
- Select VirusScan Enterprise from the Product drop-down list.
- Duplicate the On-Access Default Processes policies.
- Select the duplicated On Access Default Processes policy and configure the different scanning policies for High Risk, Low Risk and Default processes for servers. Click Save.
- Go to the Category drop-down list and select the On-Access Low Risk Processes policies. Duplicate this policy.
- Select the duplicated On-Access Low Risk Processes policy, select server, click the Low Risk Processes tab, Add, and enter mvserver.exe.
- Under Scan Items, deselect When writing to disk and When reading from disk. Click Save.
- Apply both of the duplicated policies to the MOVE SVM systems and enforce.
|
| 1202209 |
- |
4.6.0 |
- |
Issue: MOVE AV Multi-Platform deployment to clients might time out when many deployment tasks are triggered simultaneously.
Workaround: Reinitiate the failed deployment tasks. |
| 1201959 |
- |
4.6.0 |
- |
Issue: You are not able to connect to the MOVE AV Multi-Platform 4.6 SVM Manager, when installed on a Windows 2016 system.
Workaround: Install security update for Windows (KB4022715) on the SVM system and update SVM systems with the latest Windows updates. |
| 1203955 |
- |
4.6.0 |
- |
Issue: Policy enforcement might not occur on clients with a clean installation of MOVE AV Multi-Platform and MA 5.0.4.
Workaround: Update the message bus certificate on the client and reboot.
- Log on to the ePO console.
- Select the client that experiences the issue.
- Go to Action, Agent, Run Client Task Now.
- Select McAfee Agent, Product Update, Create New Task.
- Select MsgBus Cert Updater 5.0.5 and click Run Task Now.
- Make sure that the task completes, then reboot the client.
|
| 1197808 |
- |
4.5.0
4.0.0 |
4.6.0 |
Issue: When you deploy, or redeploy the MOVE client, the installation process initiates the installation of VC++ 2010 Redistributable. It is installed whether it is needed or not. |
| 1185110 |
- |
4.5.0
4.0.0 |
4.6.0 |
Issue: The command "mvadm exp list oas" might not return the correct details about On Access Scan Exclusions. |
| 1172365 |
- |
4.5.0 |
4.5.1 |
Issue: When SVM deployment fails because of improper or corrupt OVF files, static IPs are not released to the IP address pool.
Workaround: Reinstall the MOVE extension. |
| 1171872 |
- |
4.5.0 |
4.5.1 |
Issue: User Interface validation for double quotation mark (“) is missing when added to the Path Exclusions field. This mark is one of the reserved special characters, and when entered, leads to the Save option being grayed out, or disabled. |
| 1171565 |
- |
4.5.0 |
4.5.1 |
Issue: The MOVE AV Multi-Platform 4.5 License extension name is not displayed (no module name displayed) after checking in and is not shown as running. |
| 1170951 |
- |
4.5.0 |
- |
Issue: After you upgrade the extension from MOVE 4.0 to MOVE AV 4.5, the MOVE product name continues to show the older version in the ePO Policy Catalog page. This issue is only seen with ePO 5.3.2 and 5.3.1. |
| 1169721 |
- |
4.5.0 |
- |
Issue: You see the following after an extension upgrade from MOVE AV 4.0 to MOVE AV 4.5.
The first load of the Policy page, takes longer on ePO consoles when started from Microsoft Internet Explorer 11.
Workarounds:
- Press the refresh key F5.
- Start the ePO console from Chrome.
|
| 1162547 |
- |
4.5.0 |
4.6.0 |
Issue: With Threat Intelligence Exchange (TIE) enabled, sometimes certificate reputation revocation might not be applied. The client receives an old certificate reputation from the SVM. |
| 1171565 |
- |
4.5.0 |
4.5.1 |
Issue: The name for MOVE AV Multi-Platform 4.5 License extension is not displayed (no module name displayed) after checking in and is not shown as running. |
| 1172365 |
- |
4.5.0 |
4.5.1 |
Issue: When SVM deployment fails because of improper or corrupt OVF files, static IPs are not released to the IP address pool.
Workaround: Reinstall the MOVE extension. |
| 1172047 |
- |
4.5.0 |
- |
Issue: Incorrect error logging in SVM log for update Metadata and adding to the cache during cert look up to TIE. The error in the log shows as cert update metadata failed, but is actually updating. The following error is recorded in the log: ERROR: svc_socket.c: 1405: [TIE FLOW] Cert update metadata failed for file with cksum |
| 1151082 |
- |
4.0.0 |
4.5.0 |
Issue: When an ePO administrator disables the MOVE AV Multi-Platform 4.x Enable Self-Protection option from the ePO antivirus common policies, the result is that system protection on the client is disabled.
When the Enable Self-Protection option is disabled post installation to a client, the client system is in an unprotected state.
NOTE: The Enable Self-Protection option is enabled by default in ePO. |
| 1145208 |
- |
4.0.0 |
4.5.0 |
Issue: Threat Intelligence Exchange (TIE) reputation change is not honored at the client side if the active server is secondary.
NOTES:
- All clients are protected. The revocation changes for files are refreshed every day and for the certificate every 30 days (worse case).
- This issue does not occur if SVA manager is used.
|
| 1136539 |
- |
4.0.0 |
4.5.0 |
Issue: The number of SVMs increases marginally, when the state changes to Ready. The result is the SVM count increases from two to four in the policy. |
| 1114475 |
- |
4.0.0 |
- |
Issue: When new SVMs are spawned in an environment with the Elastic SVM feature enabled, the newly spawned SVMs are not sequentially numbered. |
| 1128329 |
- |
4.0.0 |
- |
Issue: When the Elastic SVM feature is enabled, a base SVM that was used to create a template is deleted.
Workaround: To avoid the deletion of a base SVM: Delete the entry of this SVM from the ePO System Tree after a shutdown, and before you enable the elastic SVM feature. |
| 1146376 |
- |
4.0.0 |
- |
Issue: When you download an Advanced Threat Defense (ATD) sample, only partial files get submitted to ATD before the download is completed. The Actual full sample only gets submitted after it has fully completed the download.
NOTE: No major functional impact because the correct reputation will occur after a successful submission takes place to ATD for the original file, where the client acts based on the proper file submission. |
| 1143847 |
- |
4.0.0 |
- |
Issue: After automatic migration, the number of new policies created is higher when compared to the existing policy. |
| 1140686 |
- |
4.0.0 |
- |
Issue: IP assignment rule does not work if there is no tag-based rule defined. Or, it does not work if the automatic assignment of Off Load Scan Server (OSS) is disabled. |
| 1133388 |
- |
4.0.0 |
- |
Issue: A few SVMs are sometimes tagged automatically in the User Interface, when the Tag Assignment Rule is configured with the DHCP option. This issue is inconsistent and has no functional impact.
Workaround: The recommendation is to provision SVM with a static IP address. |
| 1141063 |
- |
4.0.0 |
- |
Issue: You see the following after multiple togglings of the Endpoint Security Virtual Machine (ESVM) feature (Disable, Enable, Disable).
The IP address of the active SVM that had been purged, is not reflected in the ePO User interface. |
| 1107342 |
- |
3.6.1 |
4.5.0 |
Issue: When you create an IP-based assignment rule in the SVA/SVM manager policy, the IP separator new line option does not function.
NOTE: Three types of separators are supported with 3.6.1: comma, hyphen, or new line.
Workaround: When you create the rule, use either a comma or hyphen. |
| 1081301 |
KB85566 |
3.6.1 |
- |
Issue: Windows Defender must be disabled when MOVE AV product is installed.
Workaround: See the article for details. |
| 1085662 |
- |
3.6.1 |
- |
Issue: A local manual uninstall of the MOVE AV Multi-Platform client generates the uninstall log file in the wrong location.
- Incorrect location: %temp%MSI*.log
- Correct location: c:\windows\temp\MOVE_Uninstall.log
Workaround:
Use the following command line for a standalone removal of the MOVE Multi-Platform client.
msiexec.exe /x {291E5CBE-DC09-48AC-B3F6-1997B3113966} /L*V %WINDIR%\Temp\MOVE_Uninstall.log
|
| 971923 |
- |
3.5.0 |
- |
Issue: The mvramdisk forceuninstall option does not uninstall the mvramdisk cleanly.
Workaround: The mvramdisk forceuninstall command is used to manually uninstall Imdisk. Restart the system first to reinstall OSS or Imdisk. |
| 1039236 |
- |
3.6.0 |
- |
Issue: Deferred scan notifications from OAS are not displayed when an ODS is in progress on the client system. |
| 1010787 |
- |
3.6.0 |
- |
Issue: If a deferred scan is in progress, an unexpected scan time-out message is displayed.
- If a deferred scan is in progress
And
- The OSS becomes unreachable because of a network issue
Or
- If the OSS becomes unresponsive,
The unexpected scan time-out message is displayed, rather than the scan being canceled. |
| MOVE AV Multi-Platform 4.0 (Expected Behavior) |
| Reference Number |
Related Article |
Found
In |
Fixed
In |
Issue Description |
| 1171142 |
- |
4.5.0 |
n/a |
Issue: Some system variables are not honored in the Path Exclusion for Multi-Platform On-Demand and On-Access policies.
List of system variables that are not supported:
- %APPDATA%
- %HOMEDRIVE%
- %HOMEPATH%
- %LOCALAPPDATA%
- %LOGONSERVER%
- %PSModulePath%
- %TEMP% % %TMP%
- %USERPROFILE%
|
| 1104762 |
- |
4.0 |
n/a |
Issue: When a DXL client is installed after an SVM installation, SVM can't connect to TIE.
Workarounds:
- The DXL client needs to be installed before SVM.
Or
- If the DXL client was installed after SVM, restart the SVM service.
|
| 1145289 |
- |
4.0 |
n/a |
Issue: With TIE enabled in the MOVE Multi-Platform policy, both the On-demand Scan (ODS), and third-party application installations take more time to complete.
This increase occurs because when TIE is enabled, it sends all non-PE files to the TIE lookup. The time increases to complete ODS and third-party application installations for the client. |
| 963820 |
- |
3.5.0 |
n/a |
Issue: The ePO credentials persist in the SVA Manager policy after a user imports the policy XML.
Workaround: After import, manually delete the ePO details, such as the URL, user, and password, and save the policy. The Extension automatically fills the correct values. |
| 1042169 |
- |
3.6.0 |
n/a |
Issue: Multi-Platform client icon does not work in Windows 8.1 (64-bit and 32-bit) systems. Two icons are displayed but only one opens; the second icon leads to a command line interface (CLI) crash.
Workaround: Restart the computer. After the restart, only one icon remains. |
| 1018218 |
- |
3.6.0 |
n/a |
Issue: A pop-up box from Windows is displayed with the message "You may not have the appropriate permissions to access the item". The message displays when a file is accessed via Windows Explorer and a deferred scan is in progress. |
| 1010794 |
- |
3.6.0 |
n/a |
Issue: If a scan time-out happens for a file under 40 MB, a deferred scan notification is not displayed. |
| 965637 |
- |
3.5.0 |
n/a |
Issue: ePO credentials are not updated when a user changes the host name of ePO in the SVA Manager policy.
Resolution: Manually update the ePO URL in the SVA manager policy. This update can't be done automatically. |
| 962432 |
- |
3.5.0 |
n/a |
Issue: MSM fails to retrieve tag information from ePO when the specified ePO password contains non-ASCII characters.
Resolution: Use ASCII characters in the password field.
|
