Powertech Antivirus (Endpoint)

NOTE: In versions 4.3 and earlier, Powertech Antivirus was called Stand Guard Anti-Virus.
IMPORTANT: These release notes are for the Endpoint versions of Powertech Antivirus. See Powertech Antivirus (Server) for specific Powertech Antivirus Server release notes. Powertech Antivirus Legacy release notes (version 6.0 and earlier) can be found here.

January 2025

Version 6.3.0

January 8, 2025

IMPORTANT: Support for the following operating system/platform combinations is provided on a best-effort basis: Ubuntu Server 20 for s390x, SUSE Linux Enterprise Server 12 for s390x.
Support for the following operating system/platform combinations will be removed in a future version: Red Hat Enterprise Linux 7 big-endian for Power Systems servers, Ubuntu Linux 16 for x86_64. Customers who are using those operating systems should plan to migrate to newer operating system versions.
New Features

  • The on-demand scanner now supports multi-threaded scanning. On logical partitions and VMs with more than a single logical processor, this can lead to a pronounced reduction in scanning time. The number of scanning threads can be specified with the --scanthreads parameter, as well as by the corresponding setting in the Powertech Antivirus Server GUI (requires Powertech Antivirus Server version 6.3 or higher). By default, a single scanning thread is used, mimicking the behavior of the older versions. For more information, please see Knowledge Article: Multi-Threaded On-Demand Scans.

  • Powertech Antivirus now uses the latest Trellix anti-malware engine, version 6700. New and improved functionality in the 6700 engine includes: normalization support for PowerShell scripts, increased coverage of MIME samples, performance improvements and vulnerability fixes, multiple bug fixes, as well as other minor feature enhancements.

  • Reasons for skipping files are now presented in program output and scan summary.

  • An option to enhance quiet output to include errors, skips and timeouts has been added.

Enhancements

  • Tags for an endpoint can now be set when the endpoint is registered with Powertech Antivirus Server (requires Powertech Antivirus Server 6.3 or higher). To do so, specify the tags with the -t or --tags parameters when executing the registration script. Enclose the tags in single quotes, separating the tags with semicolons. Example: ./register.sh <other parameters> -t ’tag1;tag2;tag3’.

  • On-access filesystem cache performance has been improved for the default case, where pruning is disabled.

  • Performance was optimized for on-demand scanning on AIX in scenarios where on-access scanning is also being used.

  • The avsvccfg command, which was used to configure the on-access scanning and which has been superseded by the more powerful avconfig command, has been removed.

  • Security for the zlog component that is shipped with Powertech Antivirus has been hardened. Previously, a world-writable file, /tmp/zlog.lock, was used as a lock file for log file rotation. Now, the zlog.conf file is instead used. File permissions for log files have also been tightened. Note that for product upgrades to take advantage of these changes, it may be necessary to make manual updates to zlog.conf and zlog-avsvc.conf. For details, please see the Upgrading section of the product README.

  • The delivery of scan termination events to Powertech Antivirus Server has been improved.

  • Improvements have been made for memory management during archive scanning.

  • Improvements have been made to the on-access scan queue and reconfiguration stability.

  • Improvements have been made to signal handling in on-access service threads.

  • The Fortra license agreement has been updated.

  • The help text for the avconfig command now provides detailed information about how to specify the configuration file section and the configuration setting.

Fixes

  • On-access service no longer outputs failure messages when a file scheduled for scanning is no longer available at scan time.

  • On-access service shutdown and reconfiguration events are now logged at NOTICE level, which would go to syslog local5.notice with default configuration.

  • On-access path validation for avconfig and avsvc has been improved for the case where a path does not currently exist. Unacceptable paths are now noted by avconfig , and logged by avsvc.

  • Quarantine security has been improved for on-demand scans that are run under a non-root user.

  • Invalid paths are now shown as errors in on-demand scan output.

  • When the avupdate command is run on AIX and requires the curl or wget tool, it now additionally searches directory /opt/freeware/bin for those tools.

  • The file transfer logs for the avupdate command are now created with more secure file permissions. The avscan and avupdate commands now inherit the system umask.

  • The Linux on-access scanner will no longer inspect empty files encountered during file access interception.

  • The zlog third-party component has been updated to include a fix for security vulnerability CVE-2024-22857.

May 2023

Version 6.2.0

May 17, 2023

Enhancements

  • The PTAV scanners have been updated to use version 6600 of the Trellix (formerly McAfee) Anti-Malware engine. Changes include: scanning capability for the DEX file-type, new PDF 256-bit AES and RC4 40-bit encryption support, scanning capability for the APK file-type, extended AutoIT 2.x support, improved handling of manipulated MIME headers, improved DMG extraction support to include the APFS filesystem and UDRW format, expansion of hit-type limits to target more malware families, OpenSSL libraries are no longer used, multiple bug fixes and minor feature enhancements.

  • Endpoint installer packages now decompress DAT files during install/upgrade to improve scanner startup time. DAT updates pushed down from the PTAV web service also instruct this decompression. Product install requirements have been updated to recommend increased disk space for the decompression procedure.

  • On-access tracing state will now persist across service restarts.

  • The avupdate tool now has a decompress option to ensure DAT updates result in an optimized DAT set format that loads as fast as possible.

  • The sample script for notifications that is shipped with the product has been modified so that emails sent by using the script will use a formally correct example sender's address, powertech.antivirus_donotreply@yourorganization.com.

  • A log file (avscan.log) for the on-demand scanner (avscan) is now configured by default, and would include infected filenames. A new install would include this configuration, but upgrades might need some manual configuration changes to zlog.conf; see the README file in the endpoint installation for more information.

  • On endpoints running on AIX, when the sample script for notifications, notify-example.sh, was used, it sent email that included a blank instead of the system name in the subject line. This has been corrected. The subject line now does include the system name for notification emails sent from AIX systems through use of the new PTAV_HOSTNAME environment variable.

Updates

  • Endpoint disk space requirements have been increased to 2 GB disk space in /opt, 2.5 GB is recommended.

  • Endpoint installer metadata and tools have been rebranded to Fortra. An updated Fortra SLSA is included in the endpoint install.

  • "McAfee" references have been rebranded to "Trellix" in the endpoint.

Fixes

  • Fixed the condition that causes the error “failed to add fanotify mark for path '0'” on Linux.

  • The avsysinfo script has been fixed for syntax errors on Solaris 10.

  • A fix has been applied to the on-access service to avoid notifiers preventing the safe shutdown of avsvc.

  • The on-access infections count has been corrected for cases where an infected file is cleaned. The SCAN trace message has been updated to show an additional internal counter.

  • Fixed bug in reporting completion and reaping session files for on-demand scans that were started prior to an avinsite restart - that had failed or were cancelled.

June 2022

Version 6.1.0

June 27, 2022

New Features
  • Powertech Antivirus now uses the McAfee 6300 Anti-Malware Engine, which includes the following new features (from McAfee):

    • Enhanced threat landscape with added support for MPress (LZMAT) and DMG file types.

    • Improved coverage on OLE and Excel file types.

    • Better handling of VBA and Jar files and wider coverage for UPX packed files.

    • Various changes, resulting in improved malware detection.

    • Several bug fixes, and performance and security improvements.

Enhancements

  • Improved signal handling during UI-initiated on-access restarts and configuration pushes.

  • Added Health check process timeouts to prevent the possibility of large backlogs.

  • Starting the on-access service is now prevented for Solaris versions that do not support on-access scanning.

Fixes

  • OS details required to enable license management are now sent in the health check data response for Solaris endpoints.

  • Fixed an issue that caused EBUSY errors upon restart of the on-access scanning service on AIX.

  • Fixed signaling issues during UI-initiated on-access restarts and configuration pushes.

  • Fixed an issue that caused a health check backlog on RHEL6 after disabling on-access scanning.

  • Added library references to allow web server integration for Solaris 11.2 and 11.3 endpoints.

  • On Solaris, running avinsitectl restart now also starts avinsite if it was down, to facilitate the restart process.

  • On Solaris 11.4, fixed an issue that could cause a failure to restart on-access monitoring after reconfiguration from disabled state.

Back to Powertech Products