Powertech Antivirus (Legacy)

NOTE: In versions 4.3 and earlier, Powertech Antivirus was called Stand Guard Anti-Virus.
IMPORTANT: These release notes are for the legacy versions of Powertech Antivirus. See Powertech Antivirus (Server) and Powertech Antivirus (Endpoint) release notes for more recent updates.

August 2021

Version 6.0

August 10, 2021

New Features

  • Powertech Antivirus is now supported by the HelpSystems One web browser interface, which allows you to easily initiate and schedule scans, update virus definitions, generate reports, and monitor your systems using HelpSystems One's interactive controls.

    • Endpoints previously integrated with HelpSystems Insite can be easily migrated to HelpSystems One.

    • HTTPS is used for secure integration of Powertech Antivirus with HelpSystems One.

    • On-Demand scans can now be scheduled for one or many endpoints using any selected configuration.

  • The Settings > Endpoint Registration page now includes options to automatically approve endpoints and not require an API key upon registration.

Enhancements
  • Powertech Antivirus now supports threat protection on endpoints running Solaris 10 and 11 on Intel and SPARC.

    NOTE:  
    • Solaris 11 is required for integration with the PTAV web service.
    • Solaris 11.4 is required for on-access scanning support.

  • On-Demand and On-Access scan configurations now require absolute paths for include and exclude filters.

  • Java Virtual Machines (JVMs) now run at the current Long-Term-Support (LTS) version (OpenJDK Java 11.0.10) for improved performance and to support the latest security updates.

  • Powertech Antivirus now uses version 2.3.1 of Apache Kafka.

  • On the Reports page, labels for the time range ("Number of Days" and "Number of Hours") have been clarified. They now read "Last X Days" and "Last X Hours".

  • On-Access Scan statistics are now captured every thirty minutes and retained for six months.

  • It is now possible to enter or edit the API Key used for registering Powertech Antivirus endpoints.

Fixes

  • An issue that could cause a delayed health check result after DAT updates has been resolved.

  • An issue that could cause the integration service to incorrectly determine another instance is running has been resolved.

  • An issue restarting the avinsite service during product updates has been resolved.

  • An issue that could cause AVSCAN to fail to quarantine when run as a non-root user while on-access was running has been resolved.

  • Notices.txt in the Powertech Antivirus endpoint installation now contains the Apache License statement.

  • An issue that caused an AVSCAN noise error when the command found it could not delete a file due to it being quarantined has been resolved.

  • The Unix man-page for avupdate ("avupdate --help" or "man avupdate") now shows the correct example (/opt/sgav/avupdate --avget --sscert --ptavrepo).

  • Unexpected behavior when restoring and deleting quarantined files has been resolved.

March 2021

Version 5.4.2

March 30, 2021

New Features
  • Powertech Antivirus now uses the McAfee 6200 Anti-Malware Engine, which includes the following new features:
    (from McAfee)
    • Enhanced threat landscape with added support for MSIL and AutoIT based malware.
    • Extended coverage for PDF and ISO file types.
    • Added provision to author better content with decoding support for ADC and LZFSE.
    • Introduced better handling capability for Linux threats.
    • Multiple features for better driver handling which improves the detection effectiveness.
    • Several bug fixes and performance improvements.
  • Powertech Antivirus now supports threat protection on endpoints running Ubuntu 20.04.
Fixes
  • The avupdate program on AIX and Linux now searches both /usr/bin and /usr/local/bin directories for curl and wget.
  • An issue that could cause a system lockup resulting from delayed closure of the AIX device driver has been resolved.
  • A small memory leak during license checks on AIX has been resolved.
  • The installation requirements have been reviewed and updated to accommodate FIPS mode.

November 2020

Version 5.4.1

November 16, 2020

New Features
  • On-Access scanning is now supported on endpoints running RedHat Enterprise Linux 6.
  • Powertech Antivirus now allows you to generate reports that include consolidated, filterable scanning statistics for On-Access and On-Demand scans.
    • Reports can be generated manually as needed, or scheduled to run automatically at predetermined intervals.
    • Reports can be viewed in the HelpSystems Insite web browser interface, or distributed to recipients as PDF attachments.
    • Report processes are recorded in Powertech Antivirus' Activity List.
Enhancements
  • The minimum "DAT Update Frequency" interval has been reduced from thirty minutes to five minutes.
  • Virus definitions (DAT files) can now be acquired from McAfee's HTTPS server.
  • The process for managing and dealing with TLS certificate renewal has been improved. (TLS certificates are used for secure communication with Kafka and for secure access to the PostgreSQL database.)
Fixes
  • A vulnerability to a linked-directory DOS exploit has been resolved.
  • Powertech Antivirus now responds appropriately when an attempt is made to save a Configuration whose name already exists.
  • License files named either "license" or "license.xml" are now accepted.
  • Delayed shutdown of avsvc now results in the service being stopped after 20 seconds to cope with servers that have become unresponsive.
  • The Use HTTP server toggle switch is no longer (erroneously) available when the main DAT File Repository toggle is set to Off.
  • An issue causing a UI anomaly on the Add Notification button when saving a Notification has been resolved.

June 2020

Version 5.4

June 4, 2020

New Features
  • Powertech Antivirus now allows you to generate reports that include consolidated, filterable scanning statistics for On-Access and On-Demand scans.
    • Reports can be generated manually as needed, or scheduled to run automatically at predetermined intervals.
    • Reports can be viewed in the HelpSystems Insite web browser interface, or distributed to recipients as PDF attachments.
    • Report processes are recorded in Powertech Antivirus' Activity List.
  • Quarantined files can now be viewed and managed using HelpSystems Insite, simplifying the process of working with quarantined files.
  • Licenses can now be deployed to many Powertech Antivirus endpoints simultaneously using a consolidated service.
Enhancements
  • Powertech Antivirus now includes support for the following:
    • RedHat Linux 7.6 (or later) for IBM LinuxONE and Linux on IBM Z S/390x.
    • SuSE Linux Enterprise Server 12 SP5 (or later) for IBM LinuxONE and Linux on IBM Z S/390x.
    • Ubuntu 18.04 (or later) for IBM LinuxONE and Linux on IBM Z S/390x.
  • The Insite PTAV Service and Powertech Antivirus endpoints are now automatically enabled during the registration process.
Fixes

  • The avupdate command, used to update virus definitions from McAfee, no longer fails when used in conjunction with the Powertech Antivirus DAT file repository and wget 1.9.

March 2020

Version 5.3

March 30, 2020

New Features
  • Powertech Antivirus' On-Access Scan Service can now be stopped, started, and managed on endpoints using HelpSystems Insite.
    • The On-Access Scanning Service status now appears in the Endpoints list.
    • On-Access Service Configuration requests can be rerun to target endpoints whose configuration update failed.
  • Improved virus definition (DAT file) updating:
    • Virus definition updates from McAfee (DAT files) can now be distributed to servers locally over FTP using a local DAT file repository. Using this method, only a single server on your network requires an outside connection to retrieve the latest DAT files. The file server is secured using TLS, ensuring that data transfer is always secure and requires little configuration.
    • An internal HTTP proxy server dedicated to Internet activity can now be used for virus definition downloads rather than accessing the McAfee server directly.
    • DAT file updates are now validated by Powertech Antivirus before endpoints can use them, whether downloaded from McAfee or copied manually to an air-gapped endpoint.
    • DAT update requests can be rerun to target endpoints whose DAT update failed.
    • Powertech Antivirus can now be operated in an 'air-gapped' environment so that Insite and the PTAV Service (including the DAT Repository) can operate without an Internet connection.
Enhancements

  • Virus scans can now be rerun for all endpoints or for only endpoints whose scans failed or were canceled.

  • A Search bar and Search By settings have been added to the Activity Status and Activity Details pages. Activities can now be filtered to their Type and Status.
  • Items can now be sorted by Status on the Activity Status and Activity Details pages.
  • Endpoints running RHEL 6 can now be managed , monitored, have DAT files updated automatically from Insite. (On-Access Scanning is not supported on RHEL 6.)
Fixes
  • The term 'Success' is now used to indicate a successful result on the Activity Details page, rather than ‘Completed.’
  • The formatting of the text on the Endpoints page that indicates the Powertech Antivirus version has been corrected.
  • A loading mask has been added to the Activity Details page to indicate progress while switching pages.
  • Field validation has been corrected for On-Demand Configuration settings.

December 2019

Version 5.2
New Features
  • On-Demand scans can now be started and stopped in HelpSystems Insite.
    • Options for starting and stopping scans are available on the Endpoints screen. The Endpoints screen also includes the status for scans currently running on endpoints.
    • Configurations for On-Demand scans can be defined on the Configurations screen. On-Demand scanning Configurations are validated when edited to ensure there are no validation errors.
    • The Configurations screen can be sorted and filtered by Configuration type so that only On-Access or On-Demand scan Configurations are displayed.
    • While running a scan from the Endpoints screen, Configuration settings can changed prior to the scan. The updated settings can be saved as a new Configuration.
    • Status information about configuration updates and virus scan requests is listed on the Activity Status screen and Activity Details list.
    • The number of endpoints with currently active scans is also listed on the Home screen.
  • An internal repository can now be used to download virus definition (DAT file) updates to be distributed to Powertech Antivirus endpoints using an HTTP file server.
    • A new Settings screen now allows you to configure options for running DAT level updates on endpoints.
    • The HTTP file server uses TLS certificates to ensure secure data transfer and requires little configuration. A signed TLS certificate can be used to secure the DAT repository HTTP file server. If a signed TLS certificate is not available the Powertech Antivirus service will generate a self-signed certificate to ensure a secure connection.
    • Row action and group action options for updating DAT files now appear on the Powertech Antivirus Endpoints screen.
    • The number of endpoints with outdated virus definition DAT files is listed on the Powertech Antivirus Home screen.
    • The Powertech Antivirus Home screen shows new information about the DAT file repository and endpoint DAT levels.
    • A new Powertech Antivirus service can be configured to update the DAT file repository when new virus definition updates are available. The most recent three DAT file versions are stored on the remote server, ensuring the local repository can be updated without the risk of interrupting any file transfer requests from endpoints that are currently in progress.
    • The avupdate command now support an new option, --ptavrepo, to indicate the path provided is to the root of a PTAV DAT Repository.
Enhancements
  • Endpoints can be searched by operating system on the Endpoints screen, so that only endpoints running the specified operating systems will be displayed.
  • Running scans can be sorted according to their scanning status on Powertech Antivirus Endpoints screen.
  • Activity Status links have been added to the Powertech Antivirus Home screen, which allow easy access to a list of endpoints with currently running scans and the list of active scans.
  • Filtering options have been added to the Activity Status screen, allowing easier access to the most relevant list of requests.
  • All endpoint items across all pages can now be selected, so that multi-select actions can be applied to all endpoints.
Fixes
  • A change has been made to kernel event handling on AIX to avoid a system crash during On-Access operation.
  • An issue causing a failure to quarantine files in the root directory when using AVSCAN has been resolved.

July 2019

Version 5.1
New Features
  • The following improvements have been made to Powertech Antivirus-specific features of the HelpSystems Insite web browser interface.
    • The running configuration of the On-access virus scanning service, including notification settings, can now be updated. Configuration updates can be applied to one or several endpoints simultaneously.
    • Notification settings can now be configured for On-demand scanning.
    • A new Insite Powertech Antivirus service has been added.
    • The ability to reference status information about requests sent to Insite's Powertech Antivirus service has been added.
  • A new On-access scanning option allows for scanning of files when opened and closed.
Enhancements
  • Additional information has been added to the Endpoint Properties pane, including OS, Powertech Antivirus version, DAT file version, and scan engine version.
  • Default settings in the configuration file have been updated to improve performance.
Fixes
  • Powertech Antivirus no longer checks for an empty parameter when -- is specified.
  • The bash dependency for Powertech Antivirus RPM and DEB packages has been removed.
  • An incorrectly configured notify section in config.ini (for example, a missing dot in name.cmd or name.options) no longer causes avconfig/avscan/avsvc to crash.
  • A potential avscan/avupdate/avsvc crash caused by a malformed license file has been resolved.

June 2019

Version 4.1.5

(Legacy version for OS compatibility (includes previous name Stand Guard Anti-Virus) without On-access scanning support)

  • Curl support has been added for HTTP support acquiring DAT files.
  • The default avupdate action now uses curl to acquire virus definition updates from McAfee's HTTP server.
  • Powertech Antivirus now uses the McAfee 6000 Anti-Malware Engine, which includes the following new features:
    • Enhanced support for JavaScript, including stabilization and performance improvements.
    • Improved VBA file handling capability to detect more threats.
    • Improved access to Win32 APIs enabling better policy control over DAT content.
    • Enhanced support to detect 64-bit PE , ELF , Mach-O and .NET based malware.
    • Improved ELF file handling capability.
    • Optimizations to DAT initialization to improve load times.

April 2019

Version 5.0.1
  • The bash dependency for installing Powertech Antivirus has been removed.

March 2019

Version 5.0
  • Powertech Antivirus is now supported by the HelpSystems Insite web browser interface, which allows you to easily monitor your systems using Insite's Dashboard and interactive controls.

  • Notifications can now be sent from several points in Powertech Antivirus, including On-Demand Scanning and On-Access Scanning. Scheduled emails can also be sent for status updates.

  • Powertech Antivirus now uses the McAfee 6000 Anti-Malware Engine, which includes the following new features:
    • Enhanced support for JavaScript, including stabilization and performance improvements.
    • Improved VBA file handling capability to detect more threats.
    • Improved access to Win32 APIs enabling better policy control over DAT content.
    • Enhanced support to detect 64-bit PE , ELF , Mach-O and .NET based malware.
    • Improved ELF file handling capability.
    • Optimizations to DAT initialization to improve load times.
  • The product has been renamed "Powertech Antivirus." The new name is used throughout the software and accompanying documentation. (Prior to version 5.0, the product was called "Stand Guard Anti-Virus.")

August 2018

Version 4.3 (AIX only)
New Features
  • Stand Guard Anti-Virus can now scan files as they are accessed by users of the system, a process known as On-Access Scanning.
    • An on-access management service is provided, which allows you to start, stop, and query the status of the service, as well as load configuration file updates.
    • On-access scan options are controlled through a configuration file.
    • A reporting tool is provided to display the status of the service.
    • Stand Guard Anti-Virus manages scanning of mounted file systems by detecting unmount and mount actions, resuming the scan procedure accordingly.
    • Scans that take too long can now be aborted after a specified timeout duration.
    • File caching allows for enhanced on-access scanning performance.
  • New diagnostic capabilities have been added that reveal environment details helpful for analysis and troubleshooting.
  • Tools have been provided to validate and update the on-access configuration file.
Enhancements
  • The Stand Guard Anti-Virus installation package now includes a version of the McAfee virus definitions to allow for scanning immediately after installation.
Fixes
  • The --cmd option in AVSCAN now scans the script file before execution.
  • All AVSCAN options are now validated.
  • The --loglevel 1 option in AVSCAN no longer results in unexpected behavior.
  • An issue causing an incorrect file count in the AVSCAN scan summary has been corrected.

June 2018

Version 4.1.4 (AIX only)
  • The --delay option now allows you to specify a pause (in milliseconds) as a CPU limiting technique to manage system resources under heavy use.

May 2018

Version 4.2 (Linux only)
New Features
  • Stand Guard Anti-Virus can now scan files as they are accessed by users of the system, a process known as On-Access Scanning.
    • An on-access management service is provided, which allows you to start, stop, and query the status of the service, as well as load configuration file updates.
    • On-access scan options are controlled through a configuration file.
    • A reporting tool is provided to display the status of the service.
    • Stand Guard Anti-Virus manages scanning of mounted file systems by detecting unmount and mount actions, resuming the scan procedure accordingly.
    • Scans that take too long can now be aborted after a specified timeout duration.
    • File caching allows for enhanced on-access scanning performance.
  • New diagnostic capabilities have been added that reveal environment details helpful for analysis and troubleshooting.
  • Tools have been provided to validate and update the on-access configuration file.
Enhancements
  • The Stand Guard Anti-Virus installation package now includes a version of the McAfee virus definitions to allow for scanning immediately after installation.
Fixes
  • The --cmd option in AVSCAN now scans the script file before execution.
  • All AVSCAN options are now validated.
  • The --loglevel 1 option in AVSCAN no longer results in unexpected behavior.
  • An issue causing an incorrect file count in the AVSCAN scan summary has been corrected.
  • --passive is now the default option on RedHat systems.

February 2018

Version 4.1.3
  • The --maxwait, --exclude, --cmd, --timeout, and --loglevel options are now validated prior to running the command in order to eliminate unexpected behavior.
  • The AVSCAN options summary now displays PUP scan options correctly.
  • The AVSCAN --cmd option now scans script files before execution.
  • The AVSCAN summary now accurately displays the number of files that were scanned. The scanner no longer counts the files identified as infected twice.
  • Unexpected behavior caused by using loglevel1 has been resolved.
  • Directories are no longer potentially skipped after a large or infected archive is detected.

November 2017

Version 4.1.2
Enhancements
  • Scan results from many Stand Guard Anti-Virus installations can now be directed to SYSLOG in order to provide centralized monitoring.
  • Stand Guard Anti-Virus now supports RHEL 7.1 (and later) Power Linux Little Endian and SLES 12 Power Linux Little Endian. (Linux only)
  • Support for Wget has been added. (Linux only)
Other Updates
  • AVSCAN no longer scans the /Quarantined folder, which is unnecessary and results in extraneous nested folders.

October 2017

Version 4.1
  • Stand Guard Anti-Virus now supports Power RHEL 6 & 7 and SLES 11 Big Endian Linux.

For more information, visit the McAfee website.

June 2017

Version 4.0-13
  • Stand Guard Anti-Virus now uses the new McAfee 5900 Anti-Malware Engine, which includes the following:
    • Enhanced support of JavaScript malware detection
    • Enhancements to DAT content to improve predictability of content processing
    • A new high-performance executable packer (MPRESS) to decompress executables
    • Dotfuscator .NET obfuscation functionality for string obfuscation

    • Improved support of OLE file format Platform enhancements

For more information, visit the McAfee website.

November 2016

Version 4.0-12
  • Updated McAfee Scan Engine 5800.
    • Enhancements to PDF format to improve exploit detection capabilities.
    • Improved unpacking of .NET, VBA, Shockwave Flash and generic unpacking improvements to detect more threats.
    • Performance optimizations of initialization and scanning.
  • Ability to run real-time scans interactively.
  • Use your favorite scheduler to run system scans and download DAT file updates. CRON is no longer required.
  • Simplified User Interface for enhanced user experience.
  • Improved Stability.
  • Support for 64-bit systems.

February 2016

Version 4.0-11
  • Updated McAfee Scan Engine 5800.
    • Enhancements to PDF format to improve exploit detection capabilities.
    • Improved unpacking of .NET, VBA, Shockwave Flash and generic unpacking improvements to detect more threats.
    • Performance optimizations of initialization and scanning.
  • Ability to run real-time scans interactively.
  • Use your favorite scheduler to run system scans and download DAT file updates. CRON is no longer required.
  • Simplified User Interface for enhanced user experience.
  • Improved Stability.

Back to Powertech Products