Online Updates

Advanced Threat Defense Content Update Package Now Available for versions 3.6.x, 3.8.x, and 4.0

6/12/2017

The Advanced Threat Defense (ATD) updated content package for ATD 3.6.x, 3.8.x, and 4.0 is now available. This detection package adds detection updates to ATD.

Rule additions: Covering prevalent threats, including Embedded LNK file using PowerShell to connect to the Internet, suspicious file operations inside Windows directory, Exploited Equation Editor, and others.

NOTE: ATD 4.2, released on November 30, 2017, had this content package included.

Package details by version are as follows:

ATD 4.0.4:atd-detection-img-4.0.4.171129-4.0.4.x86_64.rpm
ATD 3.8.2:atd-detection-img-3.8.2.171129.64084-3.8.2.x86_64.rpm
ATD 3.8.0:atd-detection-img-3.8.0.171129.64084-3.8.0.x86_64.rpm
ATD 3.6.2:atd-detection-img-3.6.2.107.7777-3.6.2.x86_64.rpm

Customers can update to the detection packages using the following two options:

Auto-downloads: Access on the ATD UI at: Manage > Image & Software > Content Update > Detection Pkg.
Manual download: Customers can download the content updates, behind appropriate grant numbers, from the Download Server at: http://www.mcafee.com/us/downloads/downloads.aspx

*Content updates are available for ATD 4.0, 3.8 and 3.6.
*ATD 4.2 already includes the latest detection content.

For more information, refer to the product guide applicable to your ATD version:

PD27384 - Advanced Threat Defense 4.2 Product Guide:
https://kc.mcafee.com/corporate/index?page=content&id=PD27384
PD27137 – Advanced Threat Defense 4.0 Product Guide:
https://kc.mcafee.com/corporate/index?page=content&id=PD27137
PD27244 - Advanced Threat Defense 4.0.4 Product Guide:
https://kc.mcafee.com/corporate/index?page=content&id=PD27244
PD26831 - Advanced Threat Defense 3.8.0 Product Guide:
https://kc.mcafee.com/corporate/index?page=content&id=PD26831

PD26574 - Advanced Threat Defense 3.6.2 Product Guide:
https://kc.mcafee.com/corporate/index?page=content&id=PD26574

Threat Intelligence Exchange 2.1 Patch 1 Now Available

6/12/2017

Threat Intelligence Exchange (TIE) 2.1 Patch 1 is now available. This release includes new features, fixes, and enhancements including:

Updated Server Tasks
Change to the TIE Server Management policy settings
Reputation search service
New TIE report
File reputation enhancement
Database maintenance enhancement

You can download Threat Intelligence Exchange 2.1.1 using the ePO Software Manager, or from the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.

For a full list of changes, see the Release Notes in PD27352:
https://kc.mcafee.com/corporate/index?page=content&id=PD27352.

For a list of Known Issues, see KB85172:
https://kc.mcafee.com/corporate/index?page=content&id=KB85172.

McAfee Cloud Workload Security (CWS) 5.0 is Now Available

6/12/2017

What’s new:

Cloud Workload Security 5.0 - Includes only the meta package for the product
Cloud Workload Security (CWS) 5.0 - Includes product meta package, License extension, and EEDK package for vNSP probe deployment
Card based user interface for improved usability
Activate McAfee Adaptive Threat Protection
Activate Network Intrusion Prevention
Install license extension to enable advanced security features
Microsoft Azure Instances Traffic view
New Cloud Workload Security traffic card views
Performs DAT assessment for all workloads older than a week
New Card Summary and filters
Improved Tagging
Improved Pivot Table experience
NSP Deployment probe
Set AWS and Azure privileges
Older version upgrades

Documentation:

Cloud Workload Security Product Guide 5.0.0: PD27357: https://kc.mcafee.com/corporate/index?page=content&id=PD27357
Cloud Workload Security Reference Guide 5.0.0: PD27358: https://kc.mcafee.com/corporate/index?page=content&id=PD27358
Cloud Workload Security Installation Guide 5.0.0: PD27359: https://kc.mcafee.com/corporate/index?page=content&id=PD27359
Release Notes: PD27356: https://kc.mcafee.com/corporate/index?page=content&id=PD27356
Supported platforms, environments, and operating systems for Cloud Workload Security: KB90062: https://kc.mcafee.com/corporate/index?page=content&id=KB90062

CWS 5.x Known Issues: KB90035: https://kc.mcafee.com/corporate/index?page=content&id=KB90035

MACC 8.0.0-855 (HF3) system crashes when running “enable” task (limited activation) from ePo

6/12/2017

Starting with MACC 8.0.0-855 (also known as HotFix #3) system crashes are observed when running the “enable” task (limited activation) from ePO.
One of the performance improvements added in MACC 8.0.0-HF3 was about solidification time (whitelist creation).
To achieve this, we started filtering those IPRs generated by our own service because of the file operation done, necessary to obtain all the information that is going to be stored in the inventory. This logic was causing the system crash under certain race conditions. The failure rate observed in production is about 10%.
For details, see the following documents:
KB90083 - Solidcore is causing a BSOD upon applying limited Enable on 8.0 HF3:
https://kc.mcafee.com/corporate/index?page=content&id=KB90083

ePolicy Orchestrator 5.9.1 Now Available

6/12/2017

ePolicy Orchestrator (ePO) 5.9.1 is now available. See the release notes for a list of enhancements and resolved issues.
To download ePO 5.9.1, go to the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx
For a full list of changes, see the Release Notes in PD27290: https://kc.mcafee.com/corporate/index?page=content&id=PD27290
For a list of Known Issues, see KB87673: https://kc.mcafee.com/corporate/index?page=content&id=KB87673

Endpoint Security 10.5.3 has been reposted

6/12/2017

The Endpoint Security (ENS) 10.5.3 repost includes a change to the ENS installer to address a blue screen that might occur when upgrading from older versions of Endpoint Security.

Who needs this repost package?
Customers using older versions of ENS who are planning to upgrade to ENS 10.5.3.

Refer to KB90053 for more details on the repost:
https://kc.mcafee.com/corporate/index?page=content&id=KB90053

McAfee Advanced Threat Defense (ATD and vATD) 4.2 Now Available

6/12/2017

Advanced Threat Defense (ATD) and Virtual Advanced Threat Defense (vATD) 4.2 are now available.
This release includes new features, fixes, and enhancements including:

Public Cloud Support – vATD in Azure Marketplace
Increased threat vector coverage – Bro IDS sensor support and Email Connector offline mode
Increased security ecosystem effectiveness - ATD as TAXII publisher
Redesigned and optimized sandbox report
Transition to new Tech pubs portal
Increased hypervisor support - Hyper-V and ESXi 6.5
Increased OS & App coverage – Ichitaro Japanese office support
Increased detection rate – enhanced DNN to reduce False positives
Single report to multiple Syslog servers
Universal migration tool
ATD VMDK and VHD provisioning platform and tool
Telemetry to collect crash dump and debug data

To download ATD or vATD 4.2, go to the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx
vATD is also available via the Azure Marketplace.
For a full list of changes, see the Release Notes in PD27385: https://kc.mcafee.com/corporate/index?page=content&id=PD27385
For a list of Known Issues, see KB89507: https://kc.mcafee.com/corporate/index?page=content&id=KB89507

McAfee Installation Designer Version 8.8.10 is Now Available

6/12/2017

This release of McAfee Installation Designer can be installed to 32-bit and 64-bit environments.
Features:
Adds support for 64-bit
Includes Enterprise 8.8 Patch 10 Global Exclusion Rule -
This release includes the ability to add the new VirusScan Enterprise 8.8 Patch 10 AAC Global Exclusion Rule. For more information about the policy, see KB89933. To use this feature, you must have McAfee Installation Designer 8.8.10, VSE Patch 10, ePO 5.1.3 or higher.
Known Issues:
• Create a VirusScan Enterprise installation package with an invalid .msp patch, the installation package file (Setup.exe) fails.
• Configuration files (.cab) are not supported for use with McAfee ePO.
• Alert Manager configuration is still available within McAfee Installation Designer.
• When running Setupvse.exe on a fresh OS image, a package created on a McAfee ePO managed client system fails to later install, showing error "1920: unable to start framework service".
For details, see the following documents:
Installation Designer 8.8 Release Notes - Rev B (PD23074):
https://kc.mcafee.com/corporate/index?page=content&id=PD23074
McAfee Installation Designer 8.8 Known Issues (KB75031):
https://kc.mcafee.com/corporate/index?page=content&id=KB75031
Installation Designer 8.8 Product Guide (PD23073):
https://kc.mcafee.com/corporate/index?page=content&id=PD23073

Download legacy ePO install packages before November 30, 2017

6/12/2017

McAfee will be reposting our ePolicy Orchestrator (ePO) installation packages prior to ePO 5.3.3 and 5.9.1 so they no longer include a java runtime environment (JRE) on November 30, 2017.
If any possibility exists that you will need to install ePO 5.9.0 or 5.3.2 or earlier after this date, for disaster recovery or other purposes, McAfee strongly recommends you download them from the Product Downloads site now.
See KB89799 for details: https://kc.mcafee.com/corporate/index?page=content&id=KB89799

McAfee Announces Intention to Acquire Skyhigh Networks IMPORTANT

6/12/2017

** Important Announcement**

November 27, 2017

McAfee Customers,
Nearly eight months ago, McAfee became one of the world’s largest pure-play cybersecurity companies. At that time, I committed to our customers, partners and employees that we would be a company focused on innovation and growth with a singular pledge of keeping the world safe from cyber threats. Today, we continue the journey by announcing that McAfee will acquire Skyhigh Networks, the worldwide leader in the cloud access security broker (CASB) market segment.

Skyhigh is an ideal complement to McAfee’s strategy—one focused on building and optimizing mission-critical cybersecurity environments for the future. Cloud security has historically been an afterthought of, or impediment to, cloud adoption. With customers’ most valuable asset, data, increasingly finding residence in the cloud, it’s time security move to the forefront. At the same time, security cannot hinder cloud adoption, as the transformation the cloud promises extends far beyond the corridors of IT to every facet of modern business.

Skyhigh had this prescience five years ago, when it distinguished itself as the first cybersecurity provider to launch what is now a burgeoning CASB category. They purpose-built a cloud platform for both frictionless experiences and coordinated control. They envision a world where the cloud is not only secure—but the most secure environment for business. Many of the world’s largest companies have put their confidence in Skyhigh. And, major industry analysts agree, positioning Skyhigh as a leader. Skyhigh earned these accolades by putting customers at the core of their business—a value shared by McAfee.

Indeed, McAfee and Skyhigh share more in common than values. We both aspire to make cybersecurity an accelerant to the limitless potential of our digital age. We both know that our employees are at the heart of everything we do. And, we both are committed to modernizing cybersecurity environments for the future.

McAfee is placing our bets on where we believe those environments are best modernized—where endpoint and cloud serve as the architectural control points linked by the security operations center with actionable threat intelligence, analytics and orchestration, and enabled by an open ecosystem. McAfee started its legacy in endpoint; Skyhigh in cloud. Each company is known as a leader in the category it helped create. And, upon this transaction close, both legacies will meet under one company, McAfee, to offer our mutual customers market-leading capabilities in the two control points that matter most.

We hope to finalize the transaction shortly after completing certain regulatory approvals and satisfying customary closing conditions. Until then, it’s business as usual for both McAfee and Skyhigh. Once the deal closes, you can be confident that the combined force of these two companies will be a whole greater than the current sum of its parts—yet one more example that together truly is power. And our pledge to keep our customers, communities, governments and nations safe from cyberattacks will be stronger still.

Onward,
Christopher D. Young
Chief Executive Officer
McAfee

weebly
analytics