Powertech Antivirus for IBM i
July 2024
Version 8.11
July 23, 2024
Enhancements
-
The End User License Agreement is now being displayed when the user enters a license code for all product license types. Previously, the Agreement was only displayed for specific license types.
Fixes
-
Changes in 8.10 introduced an issue where applications that use the Network File Server host server could become unresponsive. The issue affected multiple applications that use the Network File Server host server. This issue has been fixed.*
-
If anti-ransomware was enabled, file server jobs that kept open locks on a high number of files could encounter a slowdown. This was due to the anti-ransomware performing a number of operations for each file whenever any file was opened in that job. The corresponding code has been changed to improve performance.
-
Communication between IBM i endpoints and the Powertech Antivirus Server GUI did not work if the IBM i system's CCSID was set to 65535. In that scenario, incorrect information was displayed in the GUI about endpoint status, DAT information, and license key for those endpoints. This has been fixed.
-
An attempt to activate the anti-ransomware functionality when it was already active as a supplemental exit program could lead to the anti-ransomware functionality being disabled. This has now been corrected.
-
The Endpoint Menu is now documented in the User Guide. The Endpoint Menu was added in release 8.10 and can be used to manage the registration of Powertech Antivirus for IBM i with Powertech Antivirus Server and their communication.
-
The AVINSITE command, which is used to manage the communication between Powertech Antivirus for IBM i and Powertech Antivirus Server, is now documented in the Reference section of the User Guide.
-
The Register as Web Endpoint (AVREGWEB) command is now documented in the User Guide.
-
A Performance Impact section has been added to the User Guide that describes system performance implications of using the anti-ransomware functionality.
*Customers that installed the 8.10 release should update to the current release as soon as possible.
May 2024
Version 8.10
May 14, 2024
New Features
-
On-access and On-demand scan statistics along with Virus detection events are now forwarded to the PTAV Server for use in dashboards.
-
In addition to On-demand scanning, on-access scanning can now be configured in the HelpSystems One PTAV application.
-
Extended support for IBM i endpoints within Powertech Antivirus:
-
Anti-ransomware functionality can now be configured for IBM i endpoints. Requires this version (8.10 (R8M10)) or higher of the Powertech Antivirus for IBM i software to be installed on the IBM i system.
-
Enhancements
-
The Trellix 6600 scan engine has been incorporated. Compared to the previous version of the scan engine, this offers improvements in detection capabilities, performance, product security and stability, improved support for DMG files, and support for the APK file type.
-
The documentation of the anti-ransomware functionality has been extended massively to highlight the detection mechanisms, mitigation mechanisms, and usage scenarios.
-
The Anti-Ransomware section of the User Guide has been updated to more clearly distinguish between the two detection mechanisms.
-
All references to "McAfee" have been replaced with the new brand name, "Trellix".
-
In the User Guide, the section on Monitoring the product has been extended to include additional messages to monitor for, such as the AVE3001 and AVE3002 anti-ransomware messages.
-
Endpoint registration has been improved as follows:
-
The Endpoint Menu now has two options:
-
Register as Web Endpoint (prompts a new command AVREGWEB which allows the user to register the system as an endpoint).
-
Control Web Endpoint Servers (prompts the existing AVINSITE command)
-
-
-
In the 'Monitoring' section of the User Guide, updated information is provided about which messages to monitor for in Powertech Antivirus.
-
Support has been added for scanning multiple directories when the scan is configured from the GUI.
-
The fields, “block time” and “block origin” have been added to blocked users within the web server.
-
The Integrity Scan log has been amended to have an ascii ccsid.
-
The information in the User Guide about managing IBM i endpoints with Powertech Antivirus Server has been expanded.
Fixes
-
Under certain conditions, a Qp0lProcessSubtree API failed with error code -1 message would be generated. Processing has been amended to reduce the occasions upon which this occurs.
-
An infected file found on an iASP is now Quarantined correctly.
-
Work with Canary Files (AVWRKCNY) now handles many more definitions. The new limit is based upon storage location.
-
QMSF Scanning now works as expected.
-
Objects related to the legacy Operations Navigator(TM) plugin for Powertech Antivirus for IBM i have been removed from the installed objects.
-
All scan paths configured on an on-demand scan path definition are now scanned if multiple paths are configured. While it was previously possible to specify multiple paths, only the last path specified was actually scanned.
-
The list of Blocked Users is now always updated.
-
The file "SCNRESULTS" is now created with size set at *NOMAX.
-
User Indexes are now created with the correct Owner.
-
An issue where the DAT version, following download, was being shown as only four characters long, has been resolved.
-
After running a DAT update with "Retrieve files only" RTVONLY(*YES), the superfluous character ('?') no longer appears in the text for Message Id AVC0207.
March 2023
Version 8.09
March 3, 2023
Enhancements
-
Anti-Ransomware Protection now supports exit program integration, allowing the use of multiple exit programs for file servers.
-
Improved the anti-ransomware functionality to detect ransomware attacks if the ransomware additionally encodes files with Base64 encoding after encrypting them.
-
Improved anti-ransomware messaging to include the IP address of systems causing suspicious activity.
-
Separated the user block/unblock functionality from "Work with User Overrides" menu option and corresponding command into a separate "Work with Blocked Users" menu option and AVWRKBLK command.
-
Functionality corresponding to the WGET utility is now shipped with the product. Users no longer need to install the open-source WGET utility to download DAT updates via HTTP or HTTPS.
Updates
-
Renamed file-access-and-encryption pattern detection mechanism to 'APEX' (Access Pattern and Encryption Activity Extended Detection).
-
Updated the anti-ransomware menu options to better represent the functions of each option.
Fixes
-
Fixed an issue where the anti-ransomware was not triggered for canary files that were located in the root directory of the IFS.
-
Fixed an issue where changing the on-access scan setting from *OPEN to *OPNCLO caused an error.
-
Fixed an issue that could cause the product to not function if both valid and invalid license keys were entered.
August 2022
Version 8.08
August 16, 2022
Fixes
-
Fixed an integration failure with Powertech Antivirus GUI when:
-
Powertech Antivirus for IBM i 8.06 is updated to a higher release.
-
The Powertech Antivirus for IBM i *ALLOBJ user profile setting is modified from the default value.
-
A permanent license key is used for Powertech Antivirus for IBM i.
-
-
Fixed an issue with scanning failures on systems running POWER7 hardware.
-
Fixed the AVSVR job failure issue when the Powertech Antivirus for IBM i *ALLOBJ user profile setting is modified from the default value.
June 2022
Version 8.07
June 30, 2022
New Features
-
Powertech Antivirus now supports IBM i endpoints. The majority of the functionality available through the Powertech Antivirus for IBM i software is available, including:
-
display of antivirus status;
-
scheduled on-demand scans;
-
scheduled scan reports;
-
management of on-demand scan configurations;
-
quarantine management;
-
new DAT file updates can be applied to one or all of IBM i endpoints;
-
start, stop, and retrieve a scan status via the Powertech Antivirus applications within HelpSystems One;
-
the HelpSystems One IBM i endpoint will work with an IBM i Temporary License key.
-
-
See the Registering IBM i Endpoints instructions in the Powertech Antivirus 6.1 User Guide for information on how to add IBM i systems as endpoints to the Powertech Antivirus GUI.
-
The new Create Antivirus Test File (AVCRTTEST) command enables users to create EICAR® test files. These files can be used to test and demonstrate the malware scanning functionality. The command can also be used to create canary files for testing the anti-ransomware functionality.
Enhancements
-
The AVSVR log now includes the date of the build.
Fixes
-
Fixed issue with multiple "Caller denied" messages being logged to scan logs for on-demand scans that ran for several hours.
-
Downloading new virus definitions during a scan is now handled correctly.
-
Fixed issue with several programs not adopting authority, which resulted in potentially diminished detection capabilities under certain conditions.
-
The virus log no longer contains invalid characters due to CCSID issues.
-
Fixed issue with the MIME parameter for on-demand scans that was being ignored.
-
If you are updating from release 8.06 to 8.07 of Powertech Antivirus for IBM i and want to manage IBM i systems through the Powertech Antivirus GUI, note the After Registering section in the Registering IBM i Endpoints topic, of the Powertech Antivirus 6.1 User Guide.
-
If the Powertech Antivirus for IBM i *ALLOBJ user profile (the privileged user profile used for tasks such as the DAT updates) has been configured to a profile other than the default setting of QSECOFR, run this command before starting AVINSITE:
GRTOBJAUT OBJ(QSYS/name of the *ALLOBJ user profile) OBJTYPE(*USRPRF) USER(STANDGUARD) AUT(*USE) REPLACE(*YES)
March 2022
Version 8.06
March 28, 2022
-
Fixed issue with scheduled scans ending prematurely.
-
Fixed issue with AVSVR failing with error CPFB9C6 on systems running older versions of POWER processor.
January 2022
Version 8.05
January 25, 2022
Enhancements
-
Powertech Antivirus now supports the detection and blocking of ransomware activity on IBM i. This extends the existing protection against ransomware storage, by blocking ransomware that encrypts files in the IFS.
-
Improved performance of AVSVR initialization.
- Powertech Antivirus now uses the McAfee 6300 Anti-Malware Engine, which includes the following new features:
Enhanced threat landscape with added support for MPress (LZMAT) and DMG file-type support
Improved coverage on OLE and Microsoft Excel file-types
Better handling of VBA and Jar files and wider coverage for UPX packed files
Several bug fixes, and performance and security improvements
Fixes
-
On-access timeout now processed as seconds.
-
Removed scan file size limit of 2Gb.
-
Fixed "Data for key field 1804 not valid" issue.
-
Improved error messaging when path and file name too long.
-
Infected files on an iASP are now correctly quarantined.
-
In past versions, software updates for Powertech Antivirus for IBM i were provided through a mix of product installers and product PTFs. This process has been simplified so all software updates for Powertech Antivirus for IBM i are provided through product installers. In this version, menu items relating to the PTF-based product update process have been removed.
May 2021
Version 8.04
May 18, 2021
Enhancements
- Powertech Antivirus now uses the McAfee 6200 Anti-Malware Engine, which includes the following new features:(from McAfee)
- Enhanced threat landscape with added support for MSIL and AutoIT based malware.
- Extended coverage for PDF and ISO file types.
- Added provision to author better content with decoding support for ADC and LZFSE.
- Introduced better handling capability for Linux threats.
- Multiple features for better driver handling which improves the detection effectiveness.
- Several bug fixes and performance improvements.
Fixes
- DAT file version numbers over four digits are now supported.
- An issue that caused AVRUNTSK to fail with error "Lost connection with AVSVR (socket closed)" has been resolved.
- An issue that caused the job log to report "No job log information" when initiating AVSVR has been resolved.
Version 8.03b
May 18, 2021
- An issue that caused a virus definition update to remove the IFS Encryption exit program and replace it with the Powertech Antivirus exit program has been resolved.
- An issue that could cause the scan task to end with error "Qp0lProcessSubtree API failed with error code -1 (socket closed.)" has been resolved.
Version 8.03a
May 18, 2021
- Object ownership issues upon installation have been resolved.
January 2021
Version 8.02
January 7, 2021
New Features
- Powertech Antivirus now uses the new McAfee 6100 Anti-Malware Engine, which includes the following:
- Enhanced threat landscape coverage with added support for 7Z, RAR5, and ISO archive file types
- Improved detection with added support for WinACE2, BZIP2, LZMA2, BCJ, and PPMD Codecs
- Better handling capability for non-PE-based malware with added Driver Ordering support
- Improved precision in detection with added Floating-point support
- Several bug fixes, security fixes, and performance improvements
Enhancements
- Help text has been added to the AVINSTALL command.
Fixes
- An issue that could cause incorrect reporting of the "not scanned due to error" summary total in the Antivirus Scan Summary report has been corrected.
- An issue causing Powertech Antivirus to send illegible messages to AVMSGQ has been corrected.
- The End User License Agreement is now available in the License screen by pressing F8.
- Incorrect contact information in the message that warns of an upcoming license expiration (message L100006) has been corrected.
June 2019
Version 8.01
- Updates that were originally provided as PTFs to Powertech Antivirus for R08M0 are now included in the installation package. The updates that are now included enable DAT file updates using HTTP (*WGET download method).
February 2019
Version 8.0
- The new product name, Powertech Antivirus for IBM i, is now used throughout the software and accompanying documentation. (Prior to version 8.0, the product was called "Stand Guard Anti-Virus for IBM i.")
- Powertech Antivirus now uses the new McAfee 6000 Anti-Malware Engine, which includes the following:
- Enhanced support for JavaScript, including stabilization and performance improvements.
- Improved VBA file handling capability to detect more threats.
- Improved Executable and Linkable Format (ELF) file handling capability.
- Enhanced support to detect 64-bit PE, ELF, Mach-O, and .NET based malware.
- Optimizations to DAT initialization to improve load times.
- A menu option has been added that allows you to change the *ALLOBJ profile to something other than QSECOFR.
- Object locks on AVMSGQ, which could interfere with installation, have been fixed.
- Documentation updates have been added, including the usage of a non-standard FTP port for acquiring DAT files and PTF files, fixes to code examples, omitting a single file from scanning, and other improvements.
- The owner of AVMENU has been changed to STANDGUARD (rather than the user performing the installation).
- AVCFGTSK *CMD has been changed to public *EXCLUDE.
-
The default time-out limit for on-demand scans is now set to *NONE so that scans do not end based on the scan duration. (This behavior can be overridden by specifying a value for the "Timeout minutes" parameter of a virus scan definition.)
PTF Updates
- 1AV0001: The MCH0601 space offset error with On-Access Scanning has been fixed.
- 1AV0002: The SQL0181 error in AVRUNTSK, when omit items exceed 1024, has been fixed.
- 1AV0003: The *WGET option has been added to AVCHGUPDA, AVRUNUPD.
- 1AV0004: The help text for WGET has been updated.
- 1AV0005: AVMSGF for WGET has been updated.
- 1AV0006: The SIGABRT error in AVRUNTSK when creating a logfile in a directory that doesn't exist has been fixed.
- 1AV0009: The FORCE parameter has been added to AVRUNUPD. This allows you to force a DAT update even if the DAT files are current. This can be used to fix missing or corrupt DAT files.
- 1AV0010: Duplicated AVCHGAO help text has been fixed.
- 1AV0011: The user guide has been updated.
- 1AV0012: AVUPDATE ADDJOBSCDE AVRUNUPD OUTPUT(*LOGFILE) not valid has been fixed.
- 1AV0013: AVRUNUPD now supports ACS wget.
- 1AV0014: A problem causing incorrect display of AVDATVER data area text has been fixed.
- 1AV0015: A problem causing incorrect function of AVSUPPORT option 20 menu has been fixed.
- 1AV0016: Resolves an error reported as CPF2105 AVRUNUPG "Object Q1134112 in QTEMP type *FILE not found," an issue that could interfere with the PTF update process.
August 2017
Version 7.4
- HelpSystems Insite Deployment Manager support has been added to Stand Guard Anti-Virus, allowing for updates and licensing management.
- Extraneous errors have been eliminated from the installation process.
July 2017
Version 7.3
- Stand Guard Anti-Virus now uses the new McAfee 5900 Anti-Malware Engine, which includes the following:
- Enhanced support of JavaScript malware detection
- Enhancements to DAT content to improve predictability of content processing
- A new high-performance executable packer (MPRESS) to decompress executables
- Dotfuscator .NET obfuscation functionality for string obfuscation
- Improved support of OLE file format Platform enhancements
- Deployment functionality has been added to Stand Guard Anti-Virus, including the ability to stage the product installation.
For more information, visit the McAfee website.
October 2014
Version 7.2
- Updated to use the new McAfee 5700 Anti-Malware Engine. Using the new scanning engine improves threat detection and enhances performance. Some of the improvements are listed below. For a full list, visit the McAfee website.
Improved Java class format scanning to exploit detection capabilities.
Enhanced generic unpacking to detect more threats.
Native unpacking for newer versions of ASPack, AutoIt, and MSI.
General performance optimizations, including initialization and scanning.
Improved extra.dat load times.
April 2014
Version 7.1
-
Adds full Domino 9 compatibility.
February 2014
Version 7.0
October 2013
Version 6.1.1
-
Critical update now available with McAfee Scan Engine 5600. Scan engine must be updated prior to November 1, 2013 in order to remain compatible with McAfee DAT files and stay protected against the latest threats.