Powertech Antivirus for IBM i

NOTE: In versions prior to 8.0, Powertech Antivirus for IBM i was called Stand Guard Anti-Virus for IBM i.

March 2023

Version 8.09

March 3, 2023

Enhancements

  • Anti-Ransomware Protection now supports exit program integration, allowing the use of multiple exit programs for file servers.

  • Improved the anti-ransomware functionality to detect ransomware attacks if the ransomware additionally encodes files with Base64 encoding after encrypting them.

  • Improved anti-ransomware messaging to include the IP address of systems causing suspicious activity.

  • Separated the user block/unblock functionality from "Work with User Overrides" menu option and corresponding command into a separate "Work with Blocked Users" menu option and AVWRKBLK command.

  • Functionality corresponding to the WGET utility is now shipped with the product. Users no longer need to install the open-source WGET utility to download DAT updates via HTTP or HTTPS.

Updates

  • Renamed file-access-and-encryption pattern detection mechanism to 'APEX' (Access Pattern and Encryption Activity Extended Detection).

  • Updated the anti-ransomware menu options to better represent the functions of each option.

Fixes

  • Fixed an issue where the anti-ransomware was not triggered for canary files that were located in the root directory of the IFS.

  • Fixed an issue where changing the on-access scan setting from *OPEN to *OPNCLO caused an error.

  • Fixed an issue that could cause the product to not function if both valid and invalid license keys were entered.

August 2022

Version 8.08

August 16, 2022

Fixes

  • Fixed an integration failure with Powertech Antivirus GUI when:

    • Powertech Antivirus for IBM i 8.06 is updated to a higher release.

    • The Powertech Antivirus for IBM i *ALLOBJ user profile setting is modified from the default value.

    • A permanent license key is used for Powertech Antivirus for IBM i.

  • Fixed an issue with scanning failures on systems running POWER7 hardware.

  • Fixed the AVSVR job failure issue when the Powertech Antivirus for IBM i *ALLOBJ user profile setting is modified from the default value.

June 2022

Version 8.07

June 30, 2022

Features

  • Powertech Antivirus now supports IBM i endpoints. The majority of the functionality available through the Powertech Antivirus for IBM i software is available, including:

    • display of antivirus status;

    • scheduled on-demand scans;

    • scheduled scan reports;

    • management of on-demand scan configurations;

    • quarantine management;

    • new DAT file updates can be applied to one or all of IBM i endpoints;

    • start, stop, and retrieve a scan status via the Powertech Antivirus applications within HelpSystems One;

    • the HelpSystems One IBM i endpoint will work with an IBM i Temporary License key.

  • See the Registering IBM i Endpoints instructions in the Powertech Antivirus 6.1 User Guide for information on how to add IBM i systems as endpoints to the Powertech Antivirus GUI.

Enhancements

  • The AVSVR log now includes the date of the build.

Fixes

  • Fixed issue with multiple "Caller denied" messages being logged to scan logs for on-demand scans that ran for several hours.

  • Downloading new virus definitions during a scan is now handled correctly.

  • Fixed issue with several programs not adopting authority, which resulted in potentially diminished detection capabilities under certain conditions.

  • The virus log no longer contains invalid characters due to CCSID issues.

  • Fixed issue with the MIME parameter for on-demand scans that was being ignored.

  • If you are updating from release 8.06 to 8.07 of Powertech Antivirus for IBM i and want to manage IBM i systems through the Powertech Antivirus GUI, note the After Registering section in the Registering IBM i Endpoints topic, of the Powertech Antivirus 6.1 User Guide.

  • If the Powertech Antivirus for IBM i *ALLOBJ user profile (the privileged user profile used for tasks such as the DAT updates) has been configured to a profile other than the default setting of QSECOFR, run this command before starting AVINSITE:

    GRTOBJAUT OBJ(QSYS/name of the *ALLOBJ user profile) OBJTYPE(*USRPRF) USER(STANDGUARD) AUT(*USE) REPLACE(*YES)

March 2022

Version 8.06

March 28, 2022

  • Fixed issue with scheduled scans ending prematurely.

  • Fixed issue with AVSVR failing with error CPFB9C6 on systems running older versions of POWER processor.

January 2022

Version 8.05

January 25, 2022

Enhancements

  • Powertech Antivirus now supports the detection and blocking of ransomware activity on IBM i. This extends the existing protection against ransomware storage, by blocking ransomware that encrypts files in the IFS.

  • Improved performance of AVSVR initialization.

  • Powertech Antivirus now uses the McAfee 6300 Anti-Malware Engine, which includes the following new features:

    • Enhanced threat landscape with added support for MPress (LZMAT) and DMG file-type support

    • Improved coverage on OLE and Microsoft Excel file-types

    • Better handling of VBA and Jar files and wider coverage for UPX packed files

    • Several bug fixes, and performance and security improvements

Fixes

  • On-access timeout now processed as seconds.

  • Removed scan file size limit of 2Gb.

  • Fixed "Data for key field 1804 not valid" issue.

  • Improved error messaging when path and file name too long.

  • Infected files on an iASP are now correctly quarantined.

  • In past versions, software updates for Powertech Antivirus for IBM i were provided through a mix of product installers and product PTFs. This process has been simplified so all software updates for Powertech Antivirus for IBM i are provided through product installers. In this version, menu items relating to the PTF-based product update process have been removed.

May 2021

Version 8.04

May 18, 2021

Enhancements
  • Powertech Antivirus now uses the McAfee 6200 Anti-Malware Engine, which includes the following new features:
    (from McAfee)
    • Enhanced threat landscape with added support for MSIL and AutoIT based malware.
    • Extended coverage for PDF and ISO file types.
    • Added provision to author better content with decoding support for ADC and LZFSE.
    • Introduced better handling capability for Linux threats.
    • Multiple features for better driver handling which improves the detection effectiveness.
    • Several bug fixes and performance improvements.
Fixes
  • DAT file version numbers over four digits are now supported.
  • An issue that caused AVRUNTSK to fail with error "Lost connection with AVSVR (socket closed)" has been resolved.
  • An issue that caused the job log to report "No job log information" when initiating AVSVR has been resolved.
Version 8.03b

May 18, 2021

  • An issue that caused a virus definition update to remove the IFS Encryption exit program and replace it with the Powertech Antivirus exit program has been resolved.
  • An issue that could cause the scan task to end with error "Qp0lProcessSubtree API failed with error code -1 (socket closed.)" has been resolved.
Version 8.03a

May 18, 2021

  • Object ownership issues upon installation have been resolved.

January 2021

Version 8.02

January 7, 2021

New Features
  • Powertech Antivirus now uses the new McAfee 6100 Anti-Malware Engine, which includes the following:
    • Enhanced threat landscape coverage with added support for 7Z, RAR5, and ISO archive file types
    • Improved detection with added support for WinACE2, BZIP2, LZMA2, BCJ, and PPMD Codecs
    • Better handling capability for non-PE-based malware with added Driver Ordering support
    • Improved precision in detection with added Floating-point support
    • Several bug fixes, security fixes, and performance improvements
Enhancements
  • Help text has been added to the AVINSTALL command.
Fixes
  • An issue that could cause incorrect reporting of the "not scanned due to error" summary total in the Antivirus Scan Summary report has been corrected.
  • An issue causing Powertech Antivirus to send illegible messages to AVMSGQ has been corrected.
  • The End User License Agreement is now available in the License screen by pressing F8.
  • Incorrect contact information in the message that warns of an upcoming license expiration (message L100006) has been corrected.

June 2019

Version 8.01
  • Updates that were originally provided as PTFs to Powertech Antivirus for R08M0 are now included in the installation package. The updates that are now included enable DAT file updates using HTTP (*WGET download method).

February 2019

Version 8.0
  • The new product name, Powertech Antivirus for IBM i, is now used throughout the software and accompanying documentation. (Prior to version 8.0, the product was called "Stand Guard Anti-Virus for IBM i.")
  • Powertech Antivirus now uses the new McAfee 6000 Anti-Malware Engine, which includes the following:
    • Enhanced support for JavaScript, including stabilization and performance improvements.
    • Improved VBA file handling capability to detect more threats.
    • Improved Executable and Linkable Format (ELF) file handling capability.
    • Enhanced support to detect 64-bit PE, ELF, Mach-O, and .NET based malware.
    • Optimizations to DAT initialization to improve load times.
  • A menu option has been added that allows you to change the *ALLOBJ profile to something other than QSECOFR.
  • Object locks on AVMSGQ, which could interfere with installation, have been fixed.
  • Documentation updates have been added, including the usage of a non-standard FTP port for acquiring DAT files and PTF files, fixes to code examples, omitting a single file from scanning, and other improvements.
  • The owner of AVMENU has been changed to STANDGUARD (rather than the user performing the installation).
  • AVCFGTSK *CMD has been changed to public *EXCLUDE.

  • The default time-out limit for on-demand scans is now set to *NONE so that scans do not end based on the scan duration. (This behavior can be overridden by specifying a value for the "Timeout minutes" parameter of a virus scan definition.)

PTF Updates
  • 1AV0001: The MCH0601 space offset error with On-Access Scanning has been fixed.
  • 1AV0002: The SQL0181 error in AVRUNTSK, when omit items exceed 1024, has been fixed.
  • 1AV0003: The *WGET option has been added to AVCHGUPDA, AVRUNUPD.
  • 1AV0004: The help text for WGET has been updated.
  • 1AV0005: AVMSGF for WGET has been updated.
  • 1AV0006: The SIGABRT error in AVRUNTSK when creating a logfile in a directory that doesn't exist has been fixed.
  • 1AV0009: The FORCE parameter has been added to AVRUNUPD. This allows you to force a DAT update even if the DAT files are current. This can be used to fix missing or corrupt DAT files.
  • 1AV0010: Duplicated AVCHGAO help text has been fixed.
  • 1AV0011: The user guide has been updated.
  • 1AV0012: AVUPDATE ADDJOBSCDE AVRUNUPD OUTPUT(*LOGFILE) not valid has been fixed.
  • 1AV0013: AVRUNUPD now supports ACS wget.
  • 1AV0014: A problem causing incorrect display of AVDATVER data area text has been fixed.
  • 1AV0015: A problem causing incorrect function of AVSUPPORT option 20 menu has been fixed.
  • 1AV0016: Resolves an error reported as CPF2105 AVRUNUPG "Object Q1134112 in QTEMP type *FILE not found," an issue that could interfere with the PTF update process.

August 2017

Version 7.4
  • HelpSystems Insite Deployment Manager support has been added to Stand Guard Anti-Virus, allowing for updates and licensing management.
  • Extraneous errors have been eliminated from the installation process.

July 2017

Version 7.3
  • Stand Guard Anti-Virus now uses the new McAfee 5900 Anti-Malware Engine, which includes the following:
    • Enhanced support of JavaScript malware detection
    • Enhancements to DAT content to improve predictability of content processing
    • A new high-performance executable packer (MPRESS) to decompress executables
    • Dotfuscator .NET obfuscation functionality for string obfuscation
    • Improved support of OLE file format Platform enhancements
    • Deployment functionality has been added to Stand Guard Anti-Virus, including the ability to stage the product installation.

For more information, visit the McAfee website.

October 2014

Version 7.2
  • Updated to use the new McAfee 5700 Anti-Malware Engine. Using the new scanning engine improves threat detection and enhances performance. Some of the improvements are listed below. For a full list, visit the McAfee website.

    • Improved Java class format scanning to exploit detection capabilities.

    • Enhanced generic unpacking to detect more threats.

    • Native unpacking for newer versions of ASPack, AutoIt, and MSI.

    • General performance optimizations, including initialization and scanning.

    • Improved extra.dat load times.

April 2014

Version 7.1

  • Adds full Domino 9 compatibility.

February 2014

Version 7.0

October 2013

Version 6.1.1

  • Critical update now available with McAfee Scan Engine 5600. Scan engine must be updated prior to November 1, 2013 in order to remain compatible with McAfee DAT files and stay protected against the latest threats.

Back to Powertech Products