Thursday, March 1, 2007

The joys of McAfee VirusScan Enterprise 8.5i vs. Notes

THOSE AMAZING USERS

By Nancy Hand

Part of my job is to install and monitor desktop virus protection for the site where I work. So, when McAfee VirusScan Enterprise 8.5i (VSE 8.5i) was released late last year, I started testing it along with McAfee's Anti-Spyware Enterprise 8.5 (ASE 8.5) package.


"My Notes 7.0.2 client promptly informed me I wasn't authorized to open memos in my own mailfile."

Installations sent to the Development environment didn't generate any responses from users or system sponsors, even after several weeks. Since I'd already deployed the 5100 engine, I patched my main ePolicy Orchestrator (ePO) server to 3.6.0, Patch 4, deployed Common Management Agent 3.6.0, and loaded VSE 8.5i and ASE 8.5 into the repository. I waited a week before deploying VSE 8.5i to the Test environment. The silence was deafening.

The only thing left was to deploy to a small group in Production. I solicited victims, excuse me -- "volunteers" -- from within my group. I was offered 12 machines. Policies for VSE 8.5i were as similar to what we had on VSE 8.0i in ePO as possible. Since we don't scan Notes on the workstations under VSE 8.0i, I specifically disabled scanning of Notes files for the new version in the Detection tab, as shown in Figure A.

FIGURE A

I disabled scanning in the Detection tab. (click for larger image)

I also disabled scanning of Notes files in the Notes Scanner Settings tab, as shown in Figure B.

FIGURE B

I also disabled scanning of Notes files in the Notes Scanner Settings tab. (click for larger image)

Ten of the twelve machines got VSE 8.5i with ASE 8.5, the other 2 already had an anti-spyware package which I didn't remove. I deployed to all twelve machines, sent emails to the users saying their machines were updated, and went to lunch.

When I returned, I woke up my machine to read my email. My Notes 7.0.2 client promptly informed me I wasn't authorized to open memos in my own mailfile. Thinking the first message was a mistake, I tried several more memos with the same result.

Then I tried to open a URL from a message I'd left open. Instead of the Web site I expected to see, I got a page saying the server was not available. The proxy has failed before, so before giving up, I opened Internet Explorer and tried the URL again. Internet Explorer opened the site without problem while the Notes client still insisted the server was down. I closed and re-opened Notes. Everything was fine. Messages opened, URLs connected, all without error messages.

There seemed to be a problem.

I went to Notes.net and searched on the error "you are not authorized". Several recent postings indicated people had installed McAfee VSE 8.5i shortly before getting the error. Seeing that another user had opened a trouble call with McAfee, I contacted McAfee for more information.