               Release Notes for
   McAfee ePolicy Orchestrator Version 2.5.1
                    HotFix 2
 (c) 2002 Networks Associates Technology, Inc.
              All Rights Reserved


===============================================

This HotFix was developed and tested with:

-  ePolicy Orchestrator: 2.5.1
-  ePolicy Orchestrator: 2.5.1 HotFix 1

Make sure you have installed this version
before using this HotFix.

===============================================


Thank you for using ePolicy Orchestrator
software. This file contains important
information regarding this release. We strongly
recommend that you read the entire document.

The attached files are provided as is, and with
no warranty either expressed or implied as to
their suitability for any particular use or
purpose. Network Associates, Inc. assumes no
liability for damages incurred either directly
or indirectly as a result of the use of these
files, including but not limited to the loss or
damage of data or systems, loss of business or
revenue, or incidental damages arising from
their use. HotFix files should be applied only
on the advice of McAfee Technical Support, and
only when you are actually experiencing the
issue being addressed by the HotFix. HotFix
files should not be proactively applied in
order to prevent potential product issues. You
are responsible for reading and following all
instructions for preparation, configuration,
and installation of HotFix files. HotFix files
are not a substitute nor replacement for
product Service Packs which may be released by
Network Associates, Inc. It is a violation of
your software license agreement to distribute
or share these files with any other person or
entity without written permission from Network
Associates, Inc. Further, posting of McAfee
HotFix files to publicly available Internet
sites is prohibited. Network Associates, Inc.
reserves the right to refuse distribution of
HotFix files to any company or person guilty of
unlawful distribution of McAfee software
products. Questions or issues with McAfee
HotFix files should be directed to McAfee
Technical Support.


_______________________________________________
WHAT'S IN THIS FILE

-  About This HotFix
    - Purpose
    - Resolved Issue
    - Additional Resolved Issues
    - Files Included with This HotFix
-  Installation
    - Installation Requirements
    - Installation Steps
    - Removing This HotFix
-  Contacting McAfee and Network Associates
-  Copyright and Trademark Attributions
    - Trademarks
    - License Agreement


_______________________________________________
ABOUT THIS HOTFIX

PURPOSE

This HotFix replaces several files in ePolicy
Orchestrator to resolve the issues listed
below.


RESOLVED ISSUE

1.  ISSUE:
    Under certain conditions NAIMSERV.EXE tries
    to release memory twice, causing an access
    violation error that can cause the server
    to crash.

    RESOLUTION:
    NAIMSERV.EXE no longer releases memory
    twice.


ADDITIONAL RESOLVED ISSUES

1.  ISSUE:
    A single ADO connection was performing
    multiple database operations at once,
    causing a variety of issues, including
    properties from agents to report
    incorrectly, and the ePolicy Orchestrator
    server to stop responding.

    RESOLUTION:
    Now a single connection performs only one
    database operation at a time. This
    eliminates the issues above and improves
    overall performance.

    ADDITIONAL INFORMATION:
    The agent wakeup call now includes a "Get
    Full Props" option, which requests complete
    properties.


2.  ISSUE:
    If the public key data for the ePolicy
    Orchestrator server was not entered into
    the database the first time the agent sent
    it to the server, the message "Invalid
    Server Public Key...Package ignored from
    <COMPUTER_NAME>" was saved in SERVER.LOG at
    every agent-to-server-communication
    interval (ASCI). When this situation
    occurred, the server would no longer accept
    data from the agent.

    RESOLUTION:
    The server now checks the size of the key
    and, if it is empty, requests that the
    agent resend it.

3.  ISSUE:
    "Failed to enforce policies" and "Failed to
    get properties" messages were incorrectly
    reported in the "Server Event Viewer" and
    the following events (alerts) were
    incorrectly saved in the ePolicy
    Orchestrator database, even though policy
    and task enforcement and properties
    collection completed successfully.

    - 2232 -- ePolicy Orchestrator Agent:
      Enforce Policy Failed

    - 2264 -- ePolicy Orchestrator Agent:
      Property Collection Failed

    - 2328 -- ePolicy Orchestrator Agent:
      Enforce Task Failed

    RESOLUTION:
    These incorrect messages are no longer
    reported in the "Server Event Viewer."
    Although, the incorrect events are still
    generated, you can now filter them so that
    they are no longer collected.

    ADDITIONAL INFORMATION:
    To filter these events, do the following:

    1. Log on to the desired ePolicy
       Orchestrator database server using "ePO
       authentication" and a global
       administrator account.

    2. In the console tree under "ePO Reports
       ," "ePO Databases," <DATABASE_SERVER>,
       click "Alerts." The "Alerts" dialog box
       appears in the details pane.

    3. On the "Filtering" tab, deselect the
       checkboxes that correspond to events
       2232, 2264, and 2328.

    4. Click "Apply." Beginning at the next
       agent-to-server communication interval
       (ASCI), these events are no longer
       collected. Events that are already in
       the database are not affected.

4.  ISSUE:
    If an ePolicy Orchestrator server was using
    two network cards and, thus, two IP
    addresses (for example, using one network
    card for a remote SQL Server database and
    another for the managed network), the first
    binding IP address was always used for
    agent-to-server communication. If this IP
    address wasn't associated with the network
    card being used for the managed network,
    agents were unable to communicate with the
    server.

    RESOLUTION:
    Now, if a value is defined for
    "ServerIPAddress=" in SERVER.INI, agents
    use it to connect to the server. Otherwise,
    the first binding IP address is used.

    ADDITIONAL INFORMATION:
    To specify an IP address in SERVER.INI, do
    the following:

    1. In a text editor, open SERVER.INI. This
       file is located in the DB folder in the
       installation directory. The default
       installation directory is:

       C:\PROGRAM FILES\MCAFEE\EPO\2.0\DB

    2. Type the following line in SERVER.INI,
       then save the file:

       SERVERIPADDRESS=<IP_ADDRESS>

    3. In the "Service" dialog box, select the
       "McAfee ePolicy Orchestrator 2.5.1
       Server" service, click "Stop," then
       click "Start" to restart the service.

    4. Deploy the agent or SITEINFO.INI to
       affected client computers.

5.  ISSUE:
    If agents sent an empty event file to the
    ePolicy Orchestrator server, the server
    might stop responding.

    RESOLUTION:
    The server now ignores empty event files
    and logs a message in SERVER.LOG.

6.  ISSUE:
    A SELECT statement was used after events
    were added to the database. This statement
    slowed down server performance
    unnecessarily.

    RESOLUTION:
    A SELECT statement is no longer used.

7.  ISSUE:
    The virus definition (DAT) file version
    number for the Nimda Scanner (5000) was
    being prefilled in the "Current Protection
    Standards" dialog box and was causing DAT
    files to be reported as out-of-date. This
    dialog box appears when you run the
    "DAT/Definition Deployment Summary," "DAT
    Engine Coverage," or "Engine Deployment
    Summary" reports.

    RESOLUTION:
    The DAT version number is no longer
    prefilled in the "Current Protection
    Standards" dialog box.


FILES INCLUDED WITH THIS HOTFIX

This HotFix consists of a package called
EPO2512.ZIP, which contains the following
files:

     EPO251HF2.EXE =
      Installation package
     PACKING.LST =
      Packing list for HotFix files
     HOTFIX2.TXT =
      This text file


_____________________________________________
INSTALLATION

INSTALLATION REQUIREMENTS

To use this HotFix, you must have ePolicy
Orchestrator 2.5.1 installed on the computer
you intend to update with this HotFix.

     NOTE:
     This HotFix does not work with earlier
     versions of ePolicy Orchestrator
     software.


INSTALLATION STEPS

1.  Close every ePolicy Orchestrator console,
    remote console, and Performance Monitor.

2.  Extract the HotFix files from EPO2512.ZIP
    to a temporary folder on your hard drive.

3.  Double-click EPO251HF2.EXE and follow the
    instructions on the install windows.

4.  In the "Services" dialog box, select the
    "NAI ePolicy Orchestrator 2.5.1 Server"
    service and edit the service to change the
    account back to the original setting. For
    example, if you specified a domain
    administrator account during the
    installation, you need to provide that
    account information again. The account is
    not automatically restored.

5.  Repeat Steps 1  3 on all remote consoles.


REMOVING THIS HOTFIX

To remove this HotFix from your computer,
uninstall, then reinstall ePolicy
Orchestrator.

     NOTE:
     We recommend that you do NOT remove the
     HotFix files from your ePolicy
     Orchestrator installation once you install
     it. If you reinstall your ePolicy
     Orchestrator software, we recommend that
     you also reinstall this HotFix.


_______________________________________________
CONTACTING MCAFEE AND NETWORK ASSOCIATES

Technical Support
      http://knowledge.nai.com


McAfee Beta Program
     Beta Web Site
      www.mcafeeb2b.com/beta/

     E-mail
      avbeta@nai.com


AVERT Anti-Virus Emergency Response Team
      www.mcafeeb2b.com/naicommon/avert/default.asp


Download Site
      www.mcafeeb2b.com/naicommon/download/

     DAT File Updates
      www.mcafeeb2b.com/naicommon/download/dats/find.asp

      ftp://ftp.nai.com/pub/antivirus/datfiles/4.x

     Product Upgrades
      www.mcafeeb2b.com/naicommon/download/upgrade/login.asp

      Valid grant number required.
      Contact Network Associates Customer
      Service


On-Site Training Information
      www.mcafeeb2b.com/services/mcafee-training/default.asp


Network Associates Customer Service
     US, Canada, and Latin America toll-free:
   Phone:   +1-888-VIRUS NO or +1-888-847-8766
            Monday - Friday, 8 a.m. - 8 p.m.,
            Central Time

   E-mail:  services_corporate_division@nai.com
   Web:     www.nai.com
            www.mcafeeb2b.com


For additional information on contacting
Network Associates and McAfee  including
toll-free numbers for other geographic areas --
see the CONTACT.TXT file that accompanied your
original product release.


_______________________________________________
COPYRIGHT AND TRADEMARK ATTRIBUTIONS

(c) 2002 Networks Associates Technology, Inc.
All Rights Reserved. No part of this
publication may be reproduced, transmitted,
transcribed, stored in a retrieval system, or
translated into any language in any form or by
any means without the written permission of
Networks Associates Technology, Inc., or its
suppliers or affiliate companies. To obtain
this permission, write to the attention of the
Network Associates legal department at: 3965
Freedom Circle, Santa Clara, California 95054,
or call
+1-972-308-9960.


TRADEMARKS

Active Firewall, Active Security, Active
Security (in Katakana), ActiveHelp,
ActiveShield, AntiVirus Anyware and design,
Bomb Shelter, Certified Network Expert,
Clean-Up, CleanUp Wizard, CNX, CNX
Certification Certified Network Expert and
design, Design (stylized N), Disk Minder,
Distributed Sniffer System, Distributed Sniffer
System (in Katakana), Dr Solomons, Dr
Solomons label, Enterprise SecureCast,
Enterprise SecureCast (in Katakana), Event
Orchestrator, EZ SetUp, First Aid, ForceField,
GMT, GroupShield, GroupShield (in Katakana),
Guard Dog, HelpDesk, HomeGuard, Hunter,
LANGuru, LANGuru (in Katakana), M and design,
Magic Solutions, Magic Solutions (in Katakana),
Magic University, MagicSpy, MagicTree, McAfee,
McAfee (in Katakana), McAfee and design,
McAfee.com, MultiMedia Cloaking, Net Tools, Net
Tools (in Katakana), NetCrypto, NetScan,
NetShield, NetStalker, Network Associates,
NetXray, NotesGuard, Nuts & Bolts, Oil Change,
PC Medic, PCNotary, PrimeSupport, Recoverkey,
Recoverkey - International, Registry Wizard,
ReportMagic, Router PM, Safe & Sound,
SalesMagic, SecureCast, Service Level Manager,
ServiceMagic, SmartDesk, Sniffer, Sniffer (in
Hangul), Stalker, SupportMagic, TIS, TMEG,
Total Network Security, Total Network
Visibility, Total Network Visibility (in
Katakana), Total Service Desk, Total Virus
Defense, Trusted Mail, UnInstaller, Virex,
Virus Forum, ViruScan, VirusScan, WebScan,
WebShield, WebShield (in Katakana), WebSniffer,
WebStalker, WebWall, Whos Watching Your
Network, WinGauge, Your E-Business Defender,
ZAC 2000, Zip Manager are registered trademarks
of Network Associates, Inc. and/or its
affiliates in the US and/or other countries.
All other registered and unregistered
trademarks in this document are the sole
property of their respective owners.


LICENSE AGREEMENT

NOTICE TO ALL USERS: CAREFULLY READ THE
APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO
THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE
GENERAL TERMS AND CONDITIONS FOR THE USE OF THE
LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH
TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE
CONSULT THE SALES AND OTHER RELATED LICENSE
GRANT OR PURCHASE ORDER DOCUMENTS THAT
ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU
HAVE RECEIVED SEPARATELY AS PART OF THE
PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT
CD, OR A FILE AVAILABLE ON THE WEB SITE FROM
WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF
YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH
IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE.
IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO
NETWORK ASSOCIATES, INC. OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
