 Release Notes for McAfee ePolicy Orchestrator(TM)
                    Version 3.0.1
                       Patch 3
 Copyright (C) 2004 Networks Associates Technology,
                        Inc.
                 All Rights Reserved


==========================================================

This release was developed and tested with:

ePolicy Orchestrator:3.0.1

Make sure you have installed this version before
using this release.

==========================================================


Thank you for using ePolicy Orchestrator(TM)
software. This file contains important information
regarding this release. We strongly recommend that
you read the entire document.

The attached files are provided as is, and with no
warranty either expressed or implied as to their
suitability for any particular use or purpose.
Network Associates, Inc. assumes no liability for
damages incurred either directly or indirectly as a
result of the use of these files, including but not
limited to the loss or damage of data or systems,
loss of business or revenue, or incidental damages
arising from their use. Patch files should be
applied only on the advice of McAfee Security
Technical Support, and only when you are actually
experiencing the issue being addressed by the Patch.
Patch files should not be proactively applied in
order to prevent potential product issues. You are
responsible for reading and following all
instructions for preparation, configuration, and
installation of Patch files. Patch files are not a
substitute or replacement for product Service Packs
which may be released by Network Associates, Inc. It
is a violation of your software license agreement to
distribute or share these files with any other
person or entity without written permission from
Network Associates, Inc. Further, posting of McAfee
Security Patch files to publicly available Internet
sites is prohibited. Network Associates, Inc.
reserves the right to refuse distribution of Patch
files to any company or person guilty of unlawful
distribution of McAfee software products. Questions
or issues with McAfee Patch files should be directed
to McAfee Security Technical Support.


__________________________________________________________
WHAT'S IN THIS FILE

-   About This Release
   -   Purpose
   -   Files Included with This Release
-   Installation
   -   Installation Requirements
   -   Installation Steps
   -   Replicating the Agent Package to Distributed
       Repositories
   -   Deploying the Agent to Client Computers
   -   Monitoring Agent Deployment
   -   Removing This Release
-   Contacting McAfee Security and Network
    Associates
-   Copyright, Trademark Attributions & Patents
   -   Trademarks
   -   License Agreement and Attributions
   -   Patents


__________________________________________________________
ABOUT THIS RELEASE


PURPOSE

This release addresses the following
vulnerabilities:

-   This release addresses the McAfee ePolicy
    Orchestrator Agent HTTP POST Buffer
    Mismanagement Vulnerability; vulnerability
    identifier:  CVE-2004-0095.



FILES INCLUDED WITH THIS RELEASE

This release consists of a package called
EPO3013.ZIP, which contains the following files:

    CLEANUP.EXE =
       Agent uninstallation program

    CMDAGENT.EXE =
       Command Agent program

    FRAMEWORKPACKAGE.EXE =
       Agent packaging tool

    FRAMEWORKSERVICE.EXE =
       Agent service program

    FRMINST.EXE =
       Agent framework installation program

    MCSCRIPT.EXE =
       McAfee script engine

    NAPRDMGR.EXE =
       Product Manager program

    UPDATERUI.EXE =
       Agent user interface program

    WSTUB32.EXE =
       Win32 stub for agent package

    AGENT.DLL
    AGENTPLUGIN.DLL
    AGENTRES.DLL
    CABINET.DLL
    CLIENTUI.DLL
    CMAUIRES.DLL
    COMPONENTSUBSYSTEM.DLL
    COMPONENTUSERINTERFACE.DLL
    FRMPLUGIN.DLL
    GENEVTINF.DLL
    INTERNETMANAGER.DLL
    LISTENSERVER.DLL
    LOGGING.DLL
    MANAGEMENT.DLL
    MCURIAL.DLL
    NACMNLIB.DLL
    NAGSHR32.DLL
    NAILOG.DLL
    NAINET.DLL
    NAISIGN.DLL
    NAIZLB32.DLL
    NAPOLICYMANAGER.DLL
    NASPIPE.DLL
    NAXML.DLL
    PATCHW32.DLL
    PCRPLUG.DLL
    POEVTINF.DLL
    PSAPI.DLL
    SCHEDULER.DLL
    SCRIPTSUBSYS.DLL
    SCRPTRES.DLL
    SECUREFRAMEWORKFACTORY.DLL
    UNICOWS.DLL
    UPDATESUBSYS.DLL
    UPDPLUG.DLL
    UPDRES.DLL
    USERSPACE.DLL
    XMLWRAP.DLL =
       Application extension files

    SRPUBKEY.BIN =
       Server public key

    AGENT.INI =
       Agent configuration file

    LOGO.JPG =
       McAfee Security company logo

    AGT300DET.MCS
    INSTALLMAIN.MCS
    UPDATEMAIN.MCS =
       Agent detection scripts

    INSTALL.PKG =
       Package information used by server

    PATCH3.TXT =
       This text file

    PKGCATALOG.Z =
       Agent package catalog file

    FRAMEWORKMANIFEST.XML =
       Package installation information file list
       used by agent installer

    SERVER.XML =
       Default agent policy settings

    SITELIST.XML =
       Repository list



__________________________________________________________
INSTALLATION


INSTALLATION REQUIREMENTS

To use this release, you must have ePolicy
Orchestrator 3.0.1 software installed on the ePolicy
Orchestrator server that you intend to update with
this release.

    NOTE:
    This release does not work with earlier versions
    of the ePolicy Orchestrator software.



INSTALLATION STEPS

    NOTE:
    You cannot check in packages while pull or
    replication tasks are executing.

1. Create a temporary folder on the hard drive of
   the ePolicy Orchestrator server.

2. Extract the EPO3013.ZIP file to the temporary
   folder that you created in Step 1.

3. Log on to the desired ePolicy Orchestrator server
   using a global administrator user account.

4. In the console tree under "ePolicy Orchestrator"
   | <SERVER>, select "Repository."

5. In the details pane under "AutoUpdate Tasks,"
   click "Check in package." The "Check in package"
   wizard appears.

6. Click "Next" to open the package type dialog
   box.

7. Select "Products or updates," then click "Next."
   The catalog file dialog box appears.

8. Select the package catalog (PKGCATALOG.Z) file
   from the temporary folder you created in Step 1.
   You can type the path to this file, or click
   "Browse" to select it, then click "Next." The
   summary dialog box appears.

9. Click "Finish" to check in the package.

10.   Click "Close" after the package has been
   checked in.

11.   Stop the "McAfee ePolicy Orchestrator 3.0.1
   Server" service. This procedure varies depending
   on the operating system. For instructions, see
   the operating system product documentation.

12.   Delete the FRAMEPKG.EXE and FRAMEWORK.Z files
   from this location in the installation
   directory:

    \DB\SOFTWARE\CURRENT\EPOAGENT3000\INSTALL\0409

    The default location of the installation
    directory is:

    C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3

    If you upgraded the software from version 2.0,
    2.5, or 2.5.1, the default location is:

    C:\PROGRAM FILES\MCAFEE\EPO\3.0.1

13.   Start the "McAfee ePolicy Orchestrator 3.0.1
   Server" service. This procedure varies depending
   on the operating system. For instructions, see
   the operating system product documentation.



REPLICATING THE AGENT PACKAGE TO DISTRIBUTED
REPOSITORIES

    NOTE:
    Since local distributed repositories can only be
    accessed from client computers, replication
    tasks do not copy packages from the master
    repository to local distributed repositories;
    you must manually update local distributed
    repositories with the desired packages.

1. Log on to the desired ePolicy Orchestrator server
   using a global administrator user account.

2. In the console tree under "ePolicy Orchestrator"
   | <SERVER>, select "Repository."

3. In the details pane under "AutoUpdate Tasks,"
   click "Replicate now." The "Replicate Now" wizard
   appears.

4. Click "Next" to open the distributed repositories
   dialog box.

5. Click "Select All" to select all global and
   SuperAgent distributed repositories, then click
   "Next." The replication type dialog box appears.

6. Select "Incremental replication," then click
   "Finish" to run the task.

7. Click "Close" after the task has completed.



DEPLOYING THE AGENT TO CLIENT COMPUTERS

Although there are numerous methods you can use to
install the agent on computers you want to manage
via ePolicy Orchestrator, we recommend using the
"Deployment" client task. See below for details on
how to do this. For a list of other methods and
instructions for each, see "Agent deployment" in the
ePolicy Orchestrator 3.0 Product Guide.

1. Log on to the desired ePolicy Orchestrator
   server.

2. In the console tree under "ePolicy Orchestrator"
   | <SERVER>, right-click "Directory," <SITE>,
   <GROUP>, or <COMPUTER>. The "Policies,"
   "Properties," and "Tasks" tabs appear in the
   details pane.

3. Click the "Tasks" tab.

4. Right-click the "Deployment" task, then select
   "Edit Task." The "ePolicy Orchestrator Scheduler"
   dialog box appears.

5. On the "Task" tab, click "Settings." The "Task
   Settings" dialog box appears.

6. Deselect "Inherit."

7. Next to "Agent 3.1.1," select "Install" in
   "Action."

8. Next to those products that you do not want to
   deploy, select "Ignore" in "Action."

9. To specify command-line options used when
   installing the agent, click the "..." button next
   to "Agent 3.1.0." For instructions, see "Agent
   installation command-line options" in the ePolicy
   Orchestrator 3.0 Product Guide.

10.   If you want this task to also be enforced
   during the policy enforcement interval, select
   "Run this task at every policy enforcement
   interval."

11.   Schedule the task. For instructions, see
   "Scheduling client tasks" in the ePolicy
   Orchestrator 3.0 Product Guide.

12.   Click "OK" to save the current entries.


MONITORING AGENT DEPLOYMENT

You can use the Agent Versions or the Compliance
Issues reports to monitor the deployment of the
agent. For instructions and information, see
"Running reports," and "Agent Versions report
template" or "Compliance Issues report template" in
the ePolicy Orchestrator 3.0 Product Guide,
respectively.

The new agent version number is 3.1.1.192.


REMOVING THIS RELEASE

To remove this Patch from your computer, uninstall,
then reinstall ePolicy Orchestrator.

    NOTE:
    We recommend that you do NOT remove the Patch
    files once you install them. If you reinstall
    the ePolicy Orchestrator software, we recommend
    that you also reinstall the Patch.




__________________________________________________________
PARTICIPATING IN THE MCAFEE SECURITY BETA PROGRAM

To download new beta software or to read about the
latest beta information, visit the beta web site:

       http://www.networkassociates.com/us/downloads/beta/

To submit your feedback on any McAfee Security beta
product, send e-mail to:

       avbeta@nai.com

McAfee Security is devoted to providing solutions
based on your input.


__________________________________________________________
CONTACTING MCAFEE SECURITY & NETWORK ASSOCIATES

Technical Support
    Home Page
       http://www.networkassociates.com/us/support/

    KnowledgeBase Search
       https://knowledgemap.nai.com/phpclient/homepage.aspx

    PrimeSupport Service Portal
       http://mysupport.nai.com

Login credentials required.


McAfee Security Beta Program
    Beta Web Site
       http://www.networkassociates.com/us/downloads/beta/

    E-mail
       avbeta@nai.com


Security Headquarters -- AVERT (Anti-Virus Emergency
Response Team)
    Home Page
       http://www.networkassociates.com/us/security/home.asp

    Virus Information Library
       http://vil.nai.com

    Submit a Virus Sample  AVERT WebImmune
       https://www.webimmune.net/default.asp

    AVERT DAT Notification Service
       http://vil.nai.com/vil/join-DAT-list.asp


Download Site
    Home Page
       http://www.networkassociates.com/us/downloads/

    DAT File and Engine Updates
       http://www.networkassociates.com/us/downloads/updates/

       ftp://ftp.nai.com/pub/antivirus/datfiles/4.x

    Product Upgrades
       https://secure.nai.com/us/forms/downloads/upgrades/login.asp

Valid grant number required.
Contact Network Associates Customer Service


Training
    McAfee Security University
       http://www.networkassociates.com/us/services/education/mcafee/university.htm



Network Associates Customer Service
    US, Canada, and Latin America toll-free:
   Phone:     +1-888-VIRUS NO or +1-888-847-8766
              Monday - Friday, 8 a.m. - 8 p.m.,
              Central Time

   E-mail:    services_corporate_division@nai.com
   Web:       http://www.nai.com/us/index.asp
              http://www.networkassociates.com/us/index.asp


For additional information on contacting Network
Associates and McAfee Security  including toll-free
numbers for other geographic areas - see the CONTACT
file that accompanied your original product
release.



__________________________________________________________
COPYRIGHT, TRADEMARK ATTRIBUTIONS & PATENTS

Copyright (C) 2004 Networks Associates Technology,
Inc. All Rights Reserved. No part of this
publication may be reproduced, transmitted,
transcribed, stored in a retrieval system, or
translated into any language in any form or by any
means without the written permission of Networks
Associates Technology, Inc., or its suppliers or
affiliate companies. To obtain this permission,
write to the attention of the Network Associates
legal department at:
5000 Headquarters Drive, Plano, Texas 75024, or call
+1-972- 963-8000.


TRADEMARKS

Active Firewall, Active Security, Active Security
(in Katakana), ActiveHelp, ActiveShield, AntiVirus
Anyware and design, Appera, AVERT, Bomb Shelter,
Certified Network Expert, Clean-Up, CleanUp Wizard,
ClickNet, CNX, CNX Certification Certified Network
Expert and design, Covert, Design (stylized N), Disk
Minder, Distributed Sniffer System, Distributed
Sniffer System (in Katakana), Dr Solomons, Dr
Solomons label, E and Design, Entercept, Enterprise
SecureCast, Enterprise SecureCast (in Katakana),
ePolicy Orchestrator, Event Orchestrator (in
Katakana), EZ SetUp, First Aid, ForceField, GMT,
GroupShield, GroupShield (in Katakana), Guard Dog,
HelpDesk, HelpDesk IQ, HomeGuard, Hunter, Impermia,
InfiniStream, Intrusion Prevention Through
Innovation, IntruShield, IntruVert Networks,
LANGuru, LANGuru (in Katakana), M and design, Magic
Solutions, Magic Solutions (in Katakana), Magic
University, MagicSpy, MagicTree, McAfee, McAfee (in
Katakana), McAfee and design, McAfee.com, MultiMedia
Cloaking, NA Network Associates, Net Tools, Net
Tools (in Katakana), NetAsyst, NetCrypto,
NetOctopus, NetScan, NetShield, NetStalker, Network
Associates, Network Performance Orchestrator,
NetXray, NotesGuard, nPO, Nuts & Bolts, Oil Change,
PC Medic, PCNotary, PortalShield, Powered by
SpamAssassin, PrimeSupport, Recoverkey, Recoverkey 
International, Registry Wizard, Remote Desktop,
ReportMagic, RingFence, Router PM, Safe & Sound,
SalesMagic, SecureCast, SecureSelect,
SecurityShield, Service Level Manager, ServiceMagic,
SmartDesk, Sniffer, Sniffer (in Hangul), SpamKiller,
SpamAssassin, Stalker, SupportMagic, ThreatScan,
TIS, TMEG, Total Network Security, Total Network
Visibility, Total Network Visibility (in Katakana),
Total Service Desk, Total Virus Defense, Trusted
Mail, UnInstaller, VIDS, Virex, Virus Forum,
ViruScan, VirusScan, WebScan, WebShield, WebShield
(in Katakana), WebSniffer, WebStalker, WebWall,
What's The State Of Your IDS?, Whos Watching Your
Network, WinGauge, Your E-Business Defender, ZAC
2000, Zip Manager are registered trademarks or
trademarks of Network Associates, Inc. and/or its
affiliates in the US and/or other countries.
Sniffer(R) brand products are made only by Network
Associates, Inc. All other registered and
unregistered trademarks herein are the sole property
of their respective owners.


LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE
LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU
PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND
CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF
YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE
ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED
LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT
ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE
RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A
BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE
AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED
THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF
THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL
THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE
PRODUCT TO NETWORK ASSOCIATES, INC. OR THE PLACE OF
PURCHASE FOR A FULL REFUND.


Attributions

This product includes or may include:

-   Software developed by the OpenSSL Project for
    use in the OpenSSL Toolkit
    (http://www.openssl.org/).

-   Cryptographic software written by Eric Young and
    software written by Tim J. Hudson.

-   Some software programs that are licensed (or
    sublicensed) to the user under the GNU General
    Public License (GPL) or other similar Free
    Software licenses which, among other rights,
    permit the user to copy, modify and redistribute
    certain programs, or portions thereof, and have
    access to the source code.  The GPL requires
    that for any software covered under the GPL
    which is distributed to someone in an executable
    binary format, that the source code also be made
    available to those users.  For any such software
    covered under the GPL, the source code is made
    available on this CD.  If any Free Software
    licenses require that Network Associates provide
    rights to use, copy or modify a software program
    that are broader than the rights granted in this
    agreement, then such rights shall take
    precedence over the rights and restrictions
    herein.

-   Software originally written by Henry Spencer,
    Copyright 1992, 1993, 1994, 1997 Henry Spencer.

-   Software originally written by Robert Nordier,
    Copyright (C) 1996-7 Robert Nordier. All rights
    reserved.

-   Software written by Douglas W. Sauder.

-   Software developed by the Apache Software
    Foundation (http://www.apache.org/).

-   International Components for Unicode ("ICU")
    Copyright (C) 1995-2002 International Business
    Machines Corporation and others. All rights
    reserved.

-   Software developed by CrystalClear Software,
    Inc., Copyright (C) 2000 CrystalClear Software,
    Inc.

-   FEAD(R) Optimizer(R) technology, Copyright
    Netopsystems AG, Berlin, Germany.

-   Outside In(R) Viewer Technology (C) 1992-2001
    Stellent Chicago, Inc. and/or Outside In(R) HTML
    Export, (C) 2001 Stellent Chicago, Inc.

-   Software copyrighted by Thai Open Source
    Software Center Ltd. and Clark Cooper, (C) 1998,
    1999, 2000.

-   Software copyrighted by Expat maintainers.

-   Software copyrighted by The Regents of the
    University of California, (C) 1989.

-   Software copyrighted by Gunnar Ritter.

-   Software copyrighted by Sun Microsystems(C),
    Inc.

-   Software copyrighted by Gisle Aas. All rights
    reserved, (C) 1995-2003.

-   Software copyrighted by Michael A. Chase, (C)
    1999-2000.

-   Software copyrighted by Neil Winton, (C)
    1995-1996.

-   Software copyrighted by RSA Data Security, Inc.,
    (C) 1990-1992.

-   Software copyrighted by Sean M. Burke, (C) 1999,
    2000.

-   Software copyrighted by Martijn Koster, (C)
    1995.

-   Software copyrighted by Brad Appleton, (C)
    1996-1999.

-   Software copyrighted by Michael G. Schwern, (C)
    2001.

-   Software copyrighted by Graham Barr, (C) 1998.

-   Software copyrighted by Larry Wall and Clark
    Cooper, (C) 1998-2000.

-   Software copyrighted by Frodo Looijaard, (C)
    1997.



V2.3.1

