  Release Notes for McAfee(R) Desktop Firewall(TM)
                 Version 8.5 Patch 2
                        (313)
           Copyright (C) 2005 McAfee, Inc.
                 All Rights Reserved

==========================================================

Patch 2 Release:  August 24, 2005

This release was developed and tested with:

ePolicy Orchestrator:  3.02a, Patch 8
ePolicy Orchestrator:  3.5
ePolicy Orchestrator:  3.6
Make sure you have one of these versions installed
before using this release.

==========================================================

Thank you for using McAfee Desktop Firewall(TM)
software. This file contains important information
regarding this Patch. We strongly recommend that you
read this entire document.

The attached files are provided as is, and with no
warranty either expressed or implied as to their
suitability for any particular use or purpose.
McAfee, Inc. assumes no liability for damages
incurred either directly or indirectly as a result
of the use of these files, including but not limited
to the loss or damage of data or systems, loss of
business or revenue, or incidental damages arising
from their use. Patch files should be applied only
on the advice of McAfee Technical Support, and only
when you are actually experiencing the issue being
addressed by the Patch. Patch files should not be
proactively applied in order to prevent potential
product issues. You are responsible for reading and
following all instructions for preparation,
configuration, and installation of Patch files.
Patch files are not a substitute or replacement for
product Service Packs which may be released by
McAfee, Inc. It is a violation of your software
license agreement to distribute or share these files
with any other person or entity without written
permission from McAfee, Inc. Further, posting of
McAfee Patch files to publicly available Internet
sites is prohibited. McAfee, Inc. reserves the right
to refuse distribution of Patch files to any company
or person guilty of unlawful distribution of McAfee
software products. Questions or issues with McAfee
Patch files should be directed to McAfee Technical
Support.


__________________________________________________________
WHAT'S IN THIS FILE

-  About This Release
   -   Purpose
   -   Resolved Issues
   -   Additional Features
   -   Files Included with This Release
-  Installation
   -   Before You Begin
   -   Installing the Stand-alone Version
   -   Installing the ePolicy Orchestrator Version
   -   Post Installation Notes
   -   Compatibility with PGP and Entercept
       products.
-  Participating in the McAfee Beta Program
-  Contact Information
-  Copyright & Trademark Attributions
-  License Information



IMPORTANT NOTE

    We strongly recommend that you test with the
    stand-alone version before checking in the
    Package file for this Patch.


__________________________________________________________
ABOUT THIS RELEASE

PURPOSE

The purpose of this patch is to resolve defects
found since the product was released.


RESOLVED ISSUES

This Patch for Desktop Firewall includes the
following changes:

1.  ISSUE:
    Ptdebug.txt file grows to fill partition.

    RESOLUTION:
    Desktop Firewall uses this file for debugging.
    In some situations, the file could grow to fill
    the installed drive partition. Now, the file
    growth has been set to a maximum limit and the
    file location moved to the installation path
    directory of Desktop Firewall. An associated
    file, epodbg.txt, now has reduced logging.

2.  ISSUE:
    Logon failure using Novell WinLogon before
    Windows login.

    RESOLUTION:
    In some cases, logging into a Novell account
    before completing Windows authentication may
    fail.  This issue has been resolved.

3.  ISSUE:
    Password prompting when no password is set.
    RESOLUTION:
    If you set a password to unlock the user
    interface then later remove the password, you
    are still prompted for a password, even though
    no password is assigned. This has been fixed.

4.  ISSUE:
    The server hangs due to a signature defect.

    RESOLUTION:
    A defect in a Network Intrusion Prevention
    System (NIPS) signature that addresses an
    MDF_RpcDcom exploit caused the problem. This
    signature has been updated to fix the issue
    where a certain type of packet being received
    could cause an infinite loop. The affected
    computer would hang, and the only way to recover
    was a hard reset.

________________________________________________________
ADDITIONAL FEATURES


1.  Windows 2003 Service Pack 1 Support.
    Prior to this Patch release, only Windows 2003
    was officially supported.

2.  ePolicy Orchestrator 3.6 Support.
    This Patch provides compatibility for managing
    Desktop Firewall through ePolicy Orchestrator
    3.6, and is backward compatibile with older
    versions of ePolicy Orchestrator.


________________________________________________________
FILES INCLUDED WITH THIS RELEASE

This release consists of a package called
MDF850_HOTFIX2_LEN.ZIP, which contains the following
folders:

1.  Desktop Firewall:
    This is the stand-alone version of the product.
    This folder contains one file - Setup.exe.

2.  Desktop Firewall for ePolicy Orchestrator:
    This is the ePolicy Orchestrator version of the
    product, which contains these files 
    FirewallDet.McS, McAfeeFireHF2_EN.exe, and
    PkgCatalog.z.

3.  ePolicy Orchestrator Update for Firewall:
    This is required for your ePolicy Orchestrator
    console installation. This folder contains one
    file  McAfeeFireEPOUpdate85.exe.

__________________________________________________________
INSTALLATION AND SYSTEM REQUIREMENTS

Please see product documentation for complete
information regarding installation and system
requirements.


BEFORE YOU BEGIN

1.  Create a temporary folder on the hard drive of
    the computer where you want to install this
    Patch.

2.  Extract the MDF850_HOTFIX2_LEN.ZIP file to the
    temporary folder that you created in Step 1.


INSTALLING THE STAND-ALONE VERSION

To install this Patch release:

1.  From the temporary folder you created,
    double-click the Setup.exe file.

2.  Follow the prompts to complete the
    installation.

3.  Restart your computer.


INSTALLING THE EPOLICY ORCHESTRATOR VERSION

    IMPORTANT:
    Installing this Patch on your ePolicy
    Orchestrator server may deploy this version to
    all clients. McAfee strongly recommends that
    before installing this Patch on your ePolicy
    Orchestrator server, you first install the
    stand-alone version on a test computer. Follow
    the steps in "Installing the Stand-alone
    Version."

    When youve verified the fixes and your testing
    is complete, remove the stand-alone version from
    the test computer and follow the steps in the
    ePolicy Orchestrator procedures.


INSTALLING THE "EPO UPDATE FOR DESKTOP FIREWALL"


1.  Remove the prior version of McAfee Desktop
    Firewall ePO Update:

   -   Open "Add/Remove Programs" in the Control
       Panel.

   -   In the list, click "McAfee Desktop Firewall
       ePO Update" then click "Change/Remove."

2.  Confirm the Uninstall by clicking "OK."

3.  Click "Finish" to restart the computer.

    WARNING:
    CLICKING FINISH WILL REBOOT YOUR COMPUTER!

4.  After rebooting, double-click the new "McAfee
    Desktop Firewall ePO Update for Firewall" and
    proceed through the installation screens.


UPDATING THE EPOLICY ORCHESTRATOR PACKAGE


To install this Patch release on the ePolicy
Orchestrator server:

1.  Check in the new PkgCatalog.z file. Use the
    procedures in the Desktop Firewall Installation
    Guide for instructions.

2.  Create a new Update task to deploy the updated
    software to your remote Desktop Firewall
    clients. Note that if you do not have ePolicy
    Orchestrator 3.5 Patch 3 or later, you will not
    see Desktop Firewall in the list of deployable
    patches. You can use the option This task
    updates all components if you are using an
    older version of ePolicy Orchestrator.
    If you already have a Global Update task
    enabled, or a DAT update task, the new patch
    will be deployed with the next ASCI or wakeup
    call.



POST INSTALLATION NOTES

You can identify who has received the Patch by going
to the following location in your ePolicy
Orchestrator Server:

       Reporting | ePO Databases | ePO_<Servername> | Queries |
       Installations | All Installations

Look in Column 1 for "Firewall8500." Then, in Column
5, the computers that have reported back as having
received the Patch, are indicated by a "2." A blank
entry indicates that the Patch has not been received
or, if received, is not able to report back. If that
client never reports back as having received the
Patch, this could be an indication of another
problem.


COMPATIBILITY WITH PGP AND ENTERCEPT PRODUCTS

Desktop Firewall is not compatible with the PGPadmin
and PGPvpn components of the following software
suites:

-   PGP Desktop Security, version 7.0 or later.

-   PGP Corporate Desktop, version 7.1 or later.

-   PGPfire Personal Firewall/IDS, version 7.1 or
    later.

You must remove the PGPadmin and PGPvpn components
if you plan to install and use Desktop Firewall.

Desktop Firewall is not compatible with the
Entercept agent if the Entercept agent is in protect
mode.

Administrators should set Entercept protected
systems to "Warning Mode" prior to deploying the
Desktop Firewall Patch.


__________________________________________________________
PARTICIPATING IN THE MCAFEE BETA PROGRAM

To download new beta software or to read about the
latest beta information, visit the McAfee beta web
site located at:
       http://www.mcafeesecurity.com/us/downloads/beta/mcafeebetahome.htm

To submit beta feedback on any McAfee product, send
e-mail to:
       mcafee_beta@mcafee.com

McAfee is devoted to providing solutions based on
your input.


__________________________________________________________
CONTACT INFORMATION

Security Headquarters:  AVERT
(Anti-Virus & Vulnerability Emergency Response
Team)
    Home Page
       http://www.mcafeesecurity.com/us/security/home.asp

    Virus Information Library
       http://vil.mcafeesecurity.com/

    AVERT WebImmune & Submit a Virus Sample (Logon
    credentials required)
       https://www.webimmune.net/default.asp

    AVERT DAT Notification Service
       http://vil.mcafeesecurity.com/vil/join-DAT-list.asp


Download Site
    Home Page
       http://www.mcafeesecurity.com/us/downloads/

    Anti-Virus DAT File and Engine Updates
       http://www.mcafeesecurity.com/us/downloads/updates/

       ftp://ftp.mcafee.com/pub/antivirus/datfiles/4.x

    Anti-Spam Rules File and Engine Updates
       ftp://ftp.mcafee.com/spamdefs/1.x/

    Product Upgrades
       https://secure.nai.com/us/forms/downloads/upgrades/login.asp

       Valid grant number required (contact Customer
       Service)

    HotFix and Patch Releases
   -   For Security Vulnerabilities (Available to
       the public)
       http://www.mcafeesecurity.com/us/downloads/updates/hotfixes.asp
   -   For Products (ServicePortal account and
       McAfee Technical Support grant number
       required)
       https://mysupport.nai.com/products/products.asp

    Product End-of-Life Support
       http://www.mcafeesecurity.com/us/products/mcafee/end_of_life.htm


Software and Hardware Technical Support
    Home Page
       http://www.mcafeesecurity.com/us/support/technical_support

    KnowledgeBase Search
       http://knowledgemap.nai.com/

    McAfee Technical Support ServicePortal (Logon
    credentials required)
       https://mysupport.mcafeesecurity.com

    McAfee Security Alerting Service (MSAS)
       http://mysupport.nai.com/supportinfo/pvans_info.asp


Customer Service
   US, Canada, and Latin America toll-free:
   Phone:     +1-888-VIRUS NO or +1-888-847-8766
              Monday-Friday, 8am-8pm, Central Time

   E-mail:
              https://secure.nai.com/us/forms/support/request_form.asp

   Web:
              http://www.mcafeesecurity.com/us/support/default.asp


McAfee Beta Program
    Download Site:
       http://www.mcafeesecurity.com/us/downloads/beta/mcafeebetahome.htm

    E-mail to Submit Beta Feedback:
       mcafee_beta@mcafee.com


Training: McAfee University
              http://www.mcafeesecurity.com/us/services/education/mcafee/university.htm


Worldwide Offices
    For addresses and phone numbers of worldwide
    offices:

       http://www.mcafeesecurity.com/us/contact/home.htm


_____________________________________________________
COPYRIGHT AND TRADEMARK ATTRIBUTIONS

Copyright (C) 2005 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced,
transmitted, transcribed, stored in a retrieval
system, or translated into any language in any form
orbyany means without the written permission of
McAfee, Inc., or its suppliers or affiliate
companies.


TRADEMARKS

ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY
(AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN
(STYLIZED E), DESIGN (STYLIZED N), ENTERCEPT,
EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE,
GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA),
INTRUSHIELD, INTRUSION PREVENTION THROUGH
INNOVATION, MCAFEE, MCAFEE (AND IN KATAKANA), MCAFEE
AND DESIGN, MCAFEE.COM, MCAFEE VIRUSSCAN, NET TOOLS,
NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD,
NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER,
THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM,
VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA),
WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are
registered trademarks or trademarks of McAfee, Inc.
and/or its affiliates in the US and/or other
countries. The color red in connection with security
is distinctive of McAfee brand products. All other
registered and unregistered trademarks herein are
the sole property of their respective owners.


_____________________________________________________
LICENSE & PATENT INFORMATION

LICENSE AGREEMENT

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE
LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU
PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND
CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF
YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE
ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED
LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT
ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE
RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A
BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE
AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED
THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF
THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL
THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE
PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A
FULL REFUND.


LICENSE ATTRIBUTIONS

This product includes or may include:
*Software developed by the OpenSSL Project for use
in the OpenSSL Toolkit (http://www.openssl.org/).
*Cryptographic software written by Eric A. Young
and software written by Tim J. Hudson. *Some
software programs that are licensed (or sublicensed)
to the user under the GNU General Public License
(GPL) or other similar Free Software licenses which,
among other rights, permit the user to copy, modify
and redistribute certain programs, or portions
thereof, and have access to the source code. The GPL
requires that for any software covered under the
GPL, which is distributed to someone in an
executable binary format, that the source code also
be made available to those users. For any such
software covered under the GPL, the source code is
made available on this CD. If any Free Software
licenses require that McAfee provide rights to use,
copy or modify a software program that are broader
than the rights granted in this agreement, then such
rights shall take precedence over the rights and
restrictions herein. *Software originally written
by Henry Spencer, Copyright 1992, 1993, 1994, 1997
Henry Spencer. *Software originally written by
Robert Nordier, Copyright (C) 1996-7 Robert Nordier.
*Software written by Douglas W. Sauder. *Software
developed by the Apache Software Foundation
(http://www.apache.org/). A copy of the license
agreement for this software can be found at
www.apache.org/licenses/LICENSE-2.0.txt.
*International Components for Unicode ("ICU")
Copyright (C)1995-2002 International Business
Machines Corporation and others. *Software
developed by CrystalClear Software, Inc., Copyright
(C)2000 CrystalClear Software, Inc. *FEAD(R)
Optimizer(R) technology, Copyright Netopsystems AG,
Berlin, Germany. *Outside In(R) Viewer Technology
(C)1992-2001 Stellent Chicago, Inc. and/or Outside
In(R) HTML Export, (C) 2001 Stellent Chicago, Inc.
*Software copyrighted by Thai Open Source Software
Center Ltd. and Clark Cooper, (C) 1998, 1999, 2000.
*Software copyrighted by Expat maintainers.
*Software copyrighted by The Regents of the
University of California, (C) 1996, 1989, 1998-2000.
*Software copyrighted by Gunnar Ritter. *Software
copyrighted by Sun Microsystems, Inc., 4150 Network
Circle, Santa Clara, California 95054, U.S.A., (C)
2003. *Software copyrighted by Gisle Aas. (C)
1995-2003. *Software copyrighted by Michael A.
Chase, (C) 1999-2000. *Software copyrighted by Neil
Winton, (C)1995-1996. *Software copyrighted by RSA
Data Security, Inc., (C) 1990-1992. *Software
copyrighted by Sean M. Burke, (C) 1999, 2000.
*Software copyrighted by Martijn Koster, (C) 1995.
*Software copyrighted by Brad Appleton, (C)
1996-1999.  *Software copyrighted by Michael G.
Schwern, (C)2001. *Software copyrighted by Graham
Barr, (C) 1998. *Software copyrighted by Larry Wall
and Clark Cooper, (C) 1998-2000. *Software
copyrighted by Frodo Looijaard, (C) 1997. *Software
copyrighted by the Python Software Foundation,
Copyright (C) 2001, 2002, 2003. A copy of the
license agreement for this software can be found at
www.python.org. *Software copyrighted by Beman
Dawes, (C) 1994-1999, 2002. *Software written by
Andrew Lumsdaine, Lie-Quan Lee, Jeremy G. Siek (C)
1997-2000 University of Notre Dame. *Software
copyrighted by Simone Bordet & Marco Cravero, (C)
2002. *Software copyrighted by Stephen Purcell, (C)
2001. *Software developed by the Indiana University
Extreme! Lab (http://www.extreme.indiana.edu/).
*Software copyrighted by International Business
Machines Corporation and others, (C) 1995-2003.
*Software developed by the University of
California, Berkeley and its contributors.
*Software developed by Ralf S. Engelschall
<rse@engelschall.com> for use in the mod_ssl project
(http:// www.modssl.org/). *Software copyrighted by
Kevlin Henney, (C) 2000-2002. *Software copyrighted
by Peter Dimov and Multi Media Ltd. (C) 2001, 2002.
*Software copyrighted by David Abrahams, (C) 2001,
2002. See http://www.boost.org/libs/bind/bind.html
for documentation. *Software copyrighted by Steve
Cleary, Beman Dawes, Howard Hinnant & John Maddock,
(C) 2000. *Software copyrighted by Boost.org, (C)
1999-2002. *Software copyrighted by Nicolai M.
Josuttis, (C) 1999. *Software copyrighted by Jeremy
Siek, (C) 1999-2001. *Software copyrighted by
Daryle Walker, (C) 2001. *Software copyrighted by
Chuck Allison and Jeremy Siek, (C) 2001, 2002.
*Software copyrighted by Samuel Krempp, (C) 2001.
See http://www.boost.org for updates, documentation,
and revision history. *Software copyrighted by Doug
Gregor (gregod@cs.rpi.edu), (C) 2001, 2002.
*Software copyrighted by Cadenza New Zealand Ltd.,
(C) 2000. *Software copyrighted by Jens Maurer,
(C)2000, 2001. *Software copyrighted by Jaakko
Jrvi (jaakko.jarvi@cs.utu.fi), (C)1999, 2000.
*Software copyrighted by Ronald Garcia, (C) 2002.
*Software copyrighted by David Abrahams, Jeremy
Siek, and Daryle Walker, (C)1999-2001. *Software
copyrighted by Stephen Cleary (shammah@voyager.net),
(C)2000. *Software copyrighted by Housemarque Oy
<http://www.housemarque.com>, (C) 2001. *Software
copyrighted by Paul Moore, (C) 1999. *Software
copyrighted by Dr. John Maddock, (C) 1998-2002.
*Software copyrighted by Greg Colvin and Beman
Dawes, (C) 1998, 1999. *Software copyrighted by
Peter Dimov, (C) 2001, 2002. *Software copyrighted
by Jeremy Siek and John R. Bandela, (C) 2001.
*Software copyrighted by Joerg Walter and Mathias
Koch, (C) 2000-2002. *Software copyrighted by
Carnegie Mellon University (C) 1989, 1991, 1992.
*Software copyrighted by Cambridge Broadband Ltd.,
(C) 2001-2003. *Software copyrighted by Sparta,
Inc., (C) 2003-2004. *Software copyrighted by
Cisco, Inc. and Information Network Center of
Beijing University of Posts and Telecommunications,
(C) 2004. *Software copyrighted by Simon Josefsson,
(C) 2003. *Software copyrighted by Thomas Jacob,
(C) 2003-2004. *Software copyrighted by Advanced
Software Engineering Limited, (C) 2004. *Software
copyrighted by Todd C. Miller, (c) 1998. *Software
copyrighted by The Regents of the University of
California, (c) 1990, 1993, with code derived from
software contributed to Berkeley by Chris Torek.


V3.1.3



