麦咖啡企业版8.7i的patch1补丁今天正式发布了，从更新日志上看修复了很多bug，具体到实机安装后的体验来看，显著的功能特性就是在监控选项中加入了所谓的月神（启发式网络检查），也就是云安全机制。之前的版本中，该特性只存在于文件扫描系统中，且默认关闭，此次更新加入到监控系统，看来官方对此已经比较有信心了。

从运行情况上看，安装patch1后，程序的资源占用也较之前有了改善，进程的资源消耗亦有所减少。另一个个人很关心的，病毒库更新后的高资源占用问题，目前尚无法得知有无改善，下次升级时就会有答案了。

版权问题就不贴官方的下载链接了，因为官网下载需要Grant Number，相信使用麦咖啡的网友也都知道如何获取^^

具体的更新日志：

Known issues in this release of the software are described below:

Issue: In some situations, the product switches over to using the normal copy of the DAT files, instead of the runtime DATs:
If the McAfee AntiSpyware Enterprise module is installed after VirusScan Enterprise 8.7i Patch 1 is on the system, some of the new registry settings, which are new for the runtime functionality, were changed back. This resolves itself with a restart of the McTaskManager service or with a reboot.
If one of the scanners is busy on a large file when the AutoUpdate process posts the revised copy of the DATs, the process of refreshing the runtime copy of the DATs times out. All scanners use the normal DATs until the next successful update.
The VirusScan Modules* will not use the runtime DAT functionality until they received their next Patch.

Issue: With the improved functionality of the on-access scanner memory scan, lower and middle ranged systems may see a performance impact at startup and after a successful AutoUpdate of the engine or DATs. Currently the Process on enable option is enabled by default on the shipping version of VirusScan Enterprise 8.7i. McAfee recommends that in a managed environment, disable this option prior to deployment of the Patch, until the impact of memory scanning can be determined for your environment. It is not possible to maintain both the more comprehensive scanning that comes with Patch 1 and later, and the former level of scanning. Therefore, only the more comprehensive scan is used.
NOTE FOR CURRENT AND NEW USERS:
The Patch installation does not modify current settings to disable the Process on enable option.
The VirusScan 8.7i NAP and extension that are included with the Patch do change the McAfee Default policy, but do not modify the My Default policy, or any custom policy settings that were made prior to the checkin of the new NAP/extension.
The VirusScan Enterprise 8.7i Repost with Patch now installs with the Process on enable option disabled, unless the Maximum Security option is selected during the installation.

Issue: VirusScan 8.7i Patch 1 introduced an issue with Microsoft Outlook where keyboard entries made during the delivery of an email were lost.
NOTE: This issue is resolved by HotFix VSE85HF464768, included with this release. Refer to "Additional Steps for HotFix 464768" for installation instructions.

Issue: The Access Protection rule "Prevent termination of McAfee processes" was improperly disabled, on 32-bit systems, even when the managed policy specified otherwise.
NOTE: This issue has been resolved in the fully released version of the Patch. HotFix VSE85HF464768, included with this release, resolves the issue for customers who installed Patch 1 during the managed release cycle. Refer to "Additional Steps for HotFix 464768" for installation instructions.

Issue: The Patch installer included an MSI deferred action to resolve an issue found when attempting to uninstall the Patch on some newer operating systems. The deferred.mfe file updated the cached MSI of the currently installed VirusScan 8.7i product. If the Patch is included in a McAfee Installation Designer customized package, the deferred.mfe file was not included, and therefore the Patch might not be able to be uninstalled in some newer operating systems.

Issue: If you installed this release interactively and cancelled the installation on a system where a previous Patch was installed, after the rollback was complete, the previous Patch might no longer reported to ePolicy Orchestrator or appeared in the About VirusScan Enterprise window.

Issue: Installing the Patch and specifying a log file path using the Microsoft Installer (MSI) switch “/L” did not log to the specified path. A log file capturing full data was logged to the folder “McAfeeLogs” under the Temp folder.

Issue: If Host Intrusion Prevention 6.x or later was installed and disabled prior to installing VirusScan Enterprise, it was necessary to re-enable Host Intrusion Prevention and disable it again, in order for VirusScan Buffer Overflow Protection to be properly enabled.

Issue: Uninstalling VirusScan Enterprise Patches is possible for computers running Windows Installer v3.x or later. This technology is not fully integrated for Windows 2000 operating systems, so there is no option to remove the Patch in Add/Remove programs. See instructions under Removing the Patch for removal via command-line options.

Issue: Patches for VirusScan Enterprise 8.7i can only be uninstalled via Add/Remove programs, not via ePolicy Orchestrator.

Resolved issues
The resolved issues are divided into subsections per patch, showing when each fix was added to the compilation.
Patch 1 resolved issues:

Issue: An unauthenticated remote denial-of-service attack was discovered. (Reference: 470184)
Resolution: The product no longer allows the denial-of-service attack.

Issue: Under certain conditions, the Lotus Notes scanner of VirusScan Enterprise can mistakenly deny access to the Lotus Notes internal processes, if a note was being accessed more than once. (Reference: 438541)
Resolution: The Lotus Notes scanner has been adjusted to better handle re-entrance scanning of the same note.

Issue: Silent installs may fail on hard drives that are designated as dynamic. The on-access scanner service fails to start, and the installation will roll back. (Reference: 443669)
Resolution: The patch 1 and later install packages will now install to a dynamic disk, silently.

Issue: Sporadic crashes were seen on multi-processor systems, with the Lotus Notes scanner file ncdaemon.exe, during startup and general use of Lotus Notes. (Reference: 442337)
Resolution: The Lotus Notes scanner has been corrected to prevent a race condition where different scanner threads were starting and stopping out of sequence.

Issue: A 8E bugcheck (blue screen) sometimes occurred when VirusScan Enterprise 8.7i was installed along with Checkpoint VPN-1 SecureClient. (Reference: 438771)
Resolution: The link driver was updated to avoid probing kernel memory unnecessarily.
NOTE: For this fix to prevent the above issue, the files need to be placed on the system during the installation of VirusScan Enterprise, before the services start. The repost of VirusScan Enterprise 8.7i with Patch 1 will be needed to see the resolution.

Issue: A flaw in the caching algorithm sometimes caused files in removable media to not be scanned. (Reference: 443104)
Resolution: The Anti-Virus Filter driver was updated to clear the cache of removable media upon attaching to the system.

Issue: The on-access scanner contained a flaw in the scan on close logic. This could cause a file to be queued up for scanning a second time. (Reference: 434475)
Resolution: The Anti-Virus Filter driver no longer queues these unnecessary scan requests.

Issue: During an upgrade from a customized VirusScan Enterprise 8.5i to VirusScan Enterprise 8.7i, An issue sometimes occurred where the configuration tool did not properly backup and restore the registry information. The installation was left in a state where some of the product information still showed as the older version. (Reference: 443019)
Resolution: The McAfee Installation Designer configuration applicator has been changed to be more comprehensive in backing up and in version checking during the upgrade, in order to prevent failures by other McAfee product installations that require version 8.7i.
NOTE: For this fix to prevent the above issue, the files need to be placed on the system during the installation of VirusScan Enterprise, before the services start. The repost of VirusScan Enterprise 8.7i with Patch 1 will be needed to see the resolution.

Issue: On Microsoft Windows Vista SP1 or 2008 server, sharing violations could occur when working with remote files while network drive scanning was enabled. This resulted in being denied access to files, or being unable to modify or save a file. (Reference: 447282)
Resolution: The Anti-Virus Filter driver has been updated to better handle potential sharing violations that could occur and avoid conflicts.

Issue: Prolonged use of the VirusScan Console was causing delays in loading subsequent loading of the Console window. (Reference: 456831)
Resolution: The VirusScan Console plug-in was corrected to properly clean up the .tmp files it creates at load time.

Issue: Access Protection rules were being triggered during creation of a VirusScan customized installation package via McAfee Installation Designer. This could lead to a crash of the McAfee Installation Designer tool. (Reference: 435728)
Resolution: The VirusScan Email Scan library appropriately handles the new Sensitivity level setting when it is displayed in the McAfee Installation Designer window.

Issue: Certain detections with multiple infections or clean actions were logging the action two times. One entry was made during the middle of the process, and the other during the final resolution. (Reference: 404787)
Resolution: The Common Shell scanner has been updated to report only the final resolution of the detection.

Issue: A 8E bugcheck (blue screen) might occur during the “Memory for Rootkits” portion of an on-demand scan. (Reference: 445490)
Resolution: The code analysis driver now uses a more robust method of querying the system for driver object data.

Issue: Access Protection block rules that were created for USB devices sometimes did not handle removing and reinserting the device multiple times. (Reference: 457415)
Resolution: The Access Protection, Anti-Virus Filter, and Link drivers have been updated to better handle reinserting the device.

Issue: The on-access scanner was not properly utilizing the Scan files opened for Backup option. (Reference: 457416)
Resolution: The Anti-Virus Filter driver has been rectified to properly interpret the flag being sent from the on-access scanner.

Issue: In an ePolicy Orchestrator managed environment, the agent’s Collect and Send Properties function could cause the McAfee Product Manager service to spike its CPU utilization for extended periods of time. (Reference: 457421)
Resolution: The VirusScan Management Plug-in has been updated to call for the scan engine and DAT files via a new API call, rather than initializing the engine to retrieve the information. This lessens the CPU time involved during the agent Collect and Send Properties function.

Issue: With certain Access Protection rules enabled, VirusScan Enterprise was failing to return information to the Checkpoint SecureClient software. (Reference: 444667)
Resolution: The binaries for Checkpoint integration have been updated to properly request information from VirusScan Enterprise.

Issue: Attempting to start an on-demand scan via the VirusScan tray icon could result in an error on Microsoft Windows Vista. (Reference: 446950)
Resolution: The VirusScan tray icon correctly calls the on-demand scanner on User Access Controlled operating systems.

Issue: Creating a McAfee Installation Designer change package for VirusScan Enterprise and the AntiSpyware Enterprise Module, sometimes failed to upgrade the evaluations to licensed versions, for both products. (Reference: 437509)
Resolution: McAfee Installation Designer configuration applicator upgrades the licenses of VirusScan Enterprise and the AntiSpyware Enterprise Module when they are both evaluations.

Issue: The VirusScan Console On-Delivery Email Scanner entry was not worded correctly in German. (Reference: 438931)
Resolution: The VirusScan Resource file updates the displayed text to the correct wording in German.

Issue: One of the ScriptScan “McLogEvent” entries was always recorded in English. (Reference: 431071)
Resolution: The Announcer library was updated to remove the extra notification.

Issue: In some cases, VirusScan Enterprise was not properly displaying Patch information about itself and currently installed VirusScan Modules*. (Reference: 456826)
Resolution: The VirusScan Management Plug-in has been updated to gather the current information about Patch levels of its installed VirusScan Modules*.

Issue: When there were HotFixes or Patches available for the VirusScan Modules*, they were not being downloaded to the clients. (Reference: 445494)
Resolution: The AutoUpdate binary was modified to check for the existence of the VirusScan Module* licenses when deciding which HotFixes or Patches to install.

Issue: Script errors were seen when attempting to view the Japanese text, of the product description window, in ePolicy Orchestrator 3.6.x. (Reference: 434203)
Resolution: The VirusScan 8.7i NAP file has been updated to display the Japanese page in its proper Unicode format (UTF-8).

Issue: The alert options for Network Appliance Filer and ICAP scanners were visible on the workstation ePolicy Orchestrator policies. (Reference: 448361)
Resolution: The VirusScan 8.7i NAP and extension have been updated to remove the alert options for alert options for Network Appliance Filer and ICAP scanners, from the workstation policy, as those scanners are server specific.

Issue: Some ePolicy Orchestrator operational events were not being generated for the VirusScan Modules*. (Reference: 434423)
Resolution: The VirusScan Reports extension updates the current VirusScan Enterprise Event IDs (1329 – 1339) to be used for the VirusScan Modules*.

Issue: The on-demand scan log file validation checked for invalid file characters, including the "<" and ">" characters. (Reference: 433776)
Resolution: The VirusScan 8.7i extension validation for the path name of the on-demand scanner log file now allows the "<" and ">" characters, which are needed for ePolicy Orchestrator macro variables.

Issue: The alert options for the VirusScan Modules* would not gray out when inheritance was enforced on the parent policy. (Reference: 434231)
Resolution: The VirusScan 8.7i NAP now properly enforces inheritance on the VirusScan Module alert options.

Issue: Events generated by the VirusScan Enterprise for Offline Virtual Images 1.0 software were not being generated in ePO reports. (Reference: 439832)
Resolution: The McAfee Announcer library changed properties of the events to support current reporting in ePolicy Orchestrator 3.6.1.

Issue: Scanning events generated by VirusScan Enterprise 8.7i were not populating the Task Name with proper information. (Reference: 453515)
Resolution: The McAfee Announcer library now populates the Task Name with the scanner that generated the event.

Issue: The Access Protection includes and exclude fields permitted a limited number of characters in the extension interface. (Reference: 457418/457419)
Resolution: The VirusScan 8.7i extension updates the maximum limit of the include and exclude fields, to be consistent with the point-product interface.

Issue: Scanner exclusions that were entered in ePolicy Orchestrator with a preceding blank space did not show up correctly when they were enforced on the client. (Reference: 457420)
Resolution: The VirusScan 8.5i extension has been updated to strip any preceding blank spaces from exclusions when they are entered in ePolicy Orchestrator.

Issue: VirusScan Enterprise added some new events that were not included in the default event filter, which was provided by ePolicy Orchestrator. (Reference: 462927)
Resolution: The VirusScan Reports extension updates the current list to allow filtering of these events.