Blog Archives

End of Life for McAfee Database Security Scanner - All Versions

2/2/2017

Intel Security announces the End of Life (EOL) for McAfee Database Security Scanner effective March 31, 2017.

Intel Security recommends migrating to McAfee Vulnerability Manager for Databases to benefit from the latest software developments, and to avoid interruption of product support.

See KB88289 for details (https://kc.mcafee.com/corporate/index?page=content&id=KB88289).

The EOL product list and policy is available at: http://mcafee.com/us/support/support-eol.aspx

SIEM Data Sources Updated to Remove (ASP) from the Name

2/2/2017

SIEM data source names were updated on January 24, 2017, to remove (ASP) references from the name. Nearly all data sources are parsed with ASP, and the distinction in the name is no longer necessary.

The update affects the name only. Data source configuration, data collection, and data parsing are not affected by this change.

This update applies to the following products:

Enterprise Security Manager (versions 8.x.x and later)
Event Receiver (8.x.x and later)

For a complete list of name changes made to each data source, see KB88494. This article is only available to registered users. Log in to https://support.mcafee.com and search for the article ID.

Network Data Loss Prevention Hotfix 9.3.4.1.4 Now Available

2/2/2017

Network Data Loss Prevention Hotfix 9.3.4.1.4 is now available. This release contains fixes and enhancements including:

Resolves an issue where incidents from a capture search showed the wrong user ID instead of "unknown" when the source IP address was external.
Resolves an issue where the flowAnalyser process would core dump when analyzing 7zip attachments.
Resolves an issue where a rule configured to block based on a recipient email address would incorrectly block when that email address was in the attachment, even if that email address was not the recipient of the email.

To download Network Data Loss Prevention Hotfix 9.3.4.1.4, go to the Product Downloads site at:
http://www.mcafee.com/us/downloads/downloads.aspx.

For a full list of changes, see the Release Notes in PD26864:
https://kc.mcafee.com/corporate/index?page=content&id=PD26864.

For a list of Known Issues, see KB83958:
https://kc.mcafee.com/corporate/index?page=content&id=KB83958

Release Schedule Change - 5900 Anti-Malware Engine Beta Refresh and VirusScan Command Line 6.1.0 Beta packages

2/2/2017

The McAfee Anti-Malware Engine, a core component of the McAfee Endpoint and Gateway products, uses patented technology to analyze potentially malicious code to detect and block Trojans, viruses, worms, adware, spyware, and other threats.

The 5900 Anti-Malware Engine Beta Refresh and VirusScan Command Line 6.1.0 Beta release schedule has changed to take an opportunity to further improve the engine performance in relation to new JavaScript versions, based on work done during the previous Beta cycle.

New planned schedule

5900 Engine Beta 3 – January 17, 2017
VirusScan Command Line 6.1.0 products Beta 3 – by January 21, 2017
Release Candidate (RC) packages of 5900 Engine and VirusScan Command Line 6.1.0 products – mid-February 2017
5900 Engine (Elective download) general availability (GA) and VirusScan Command Line 6.1.0 products GA – late February 2017
5900 Engine (AutoUpdate) GA – late April 2017

New features in the 5900 Anti-Malware Engine
The 5900 Anti-Malware Engine is a yearly Engine release that will succeed the current 5800 Engine and includes the following improvements:

Detection and Performance Enhancements:
Enhanced support of JavaScript to detect more threats.
Improved support for Microsoft Office (OLE) file format.
Improved unpacking of Dotfuscator and MPRESS packed files.
Enhancements to DAT content to improve predictability of content processing.

Platform Enhancements

New Platform Support
Windows 10 Anniversary Update
Windows Server 2016

Where are the Beta/RC Packages available?
They are available from the Engines area of the McAfee Enterprise Beta site:
http://www.mcafee.com/us/beta/public-betas/engines/5900-anti-malware-engine.aspx

For complete information about the 5900 Anti-Malware Engine, see KB66741: https://kc.mcafee.com/corporate/index?page=content&id=KB66741

End of Sale and End of Life for McAfee Deep Command, all versions

2/2/2017

Intel Security announces the End of Sale (EOS) and End of Life (EOL) for McAfee ePO Deep Command (EDC), all versions, effective on the following dates:

End of Sale: April 10, 2017
End of Life: April 10, 2018

There is no replacement or migration product available for McAfee Deep Command user licenses.

See KB88454 for details:
https://kc.mcafee.com/corporate/index?page=content&id=KB88454

See the Product Lifecycle page for a full EOL product list and policy:
http://mcafee.com/us/support/support-eol.aspx

Patches Resolve ePO 5.1.3 Vulnerability

2/2/2017

A vulnerability in ePO 5.1.3 has been discovered and resolved.

AFFECTED SOFTWARE: 5.1.3.188

REMEDIATED/PATCHED VERSIONS
The vulnerability is remediated in these versions:
• ePolicy Orchestrator 5.1.3 Hotfix 1110787
• Fix will be included in 5.1.4 (when available)
• Issue never impacted ePO 5.3.0 or higher

IMPACT
• CVE-2017-3902 (CVSS: 4.0; Severity: Medium)
A cross-site scripting (XSS) vulnerability in the Web user interface (UI) in ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation.

RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10184 - Intel Security - Security Bulletin: ePolicy Orchestrator update fixes cross-site scripting vulnerability (CVE-2017-3902) (https://kc.mcafee.com/corporate/index?page=content&id=SB10184)

For more information on the hotfix see the ePO 5.1.3 Hotfix 1110787 Release Notes:
PD26861 - https://kc.mcafee.com/corporate/index?page=content&id=PD26861

McAfee Agent 5.0.4 Hotfix 1174804 Now Available

2/2/2017

McAfee Agent (MA) 5.0.4 Hotfix 1174804 is now available. This release includes new features, fixes, and enhancements including:

Adds support for Mac OS Sierra 10.12.2.
Several bug fixes - see release notes for details.
Fix for SB10183 - https://kc.mcafee.com/corporate/index?page=content&id=SB10183.

To download MA 5.0.4 Hotfix 1174804, go to the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.

For a full list of changes, see the Release Notes in PD26863: https://kc.mcafee.com/corporate/index?page=content&id=PD26863

Hotfix Resolves McAfee Agent Vulnerability

2/2/2017

McAfee Agent update fixes a vulnerability in its remote log viewing feature (CVE-2017-3896).

AFFECTED SOFTWARE

McAfee Agent versions prior to 5.0.4.449

REMEDIATED/PATCHED VERSIONS
The vulnerability is remediated in these versions:

McAfee Agent 5.0.4 Hotfix 1174804 (5.0.4.449) and later

IMPACT

CVE-2017-3896 (CVSS: 7.5; Severity: High) is a vulnerability in the remote log viewing functionality, where an input parameter passed through the URL was not completely validated. This issue is encountered only if both of the following two conditions are met (not enabled by default):
- McAfee Agent remote log viewing functionality is enabled.
- Remote logs access is not restricted to ePolicy Orchestrator administrators only.

RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10183, Intel Security - Security Bulletin: McAfee Agent update fixes a vulnerability in its remote log viewing feature (CVE-2017-3896) (https://kc.mcafee.com/corporate/index?page=content&id=SB10183)

Exploit Prevention Content version update 8.0.0.7510 for Endpoint Security and Host Intrusion Prevention is now available

2/2/2017

Exploit Prevention Content version update 8.0.0.7510 is now available for Host IPS 8.0 and Endpoint Security 10.2 and 10.5.

This update was posted to the update repository on January 10, 2017.

For more information, see the Release Notes:
http://www.mcafee.com/us/content-release-notes/index.aspx
and
http://www.mcafee.com/us/content-release-notes/exploit-prevention/index.aspx
NOTE: The Exploit Prevention Content Release Notes location has been updated. Use the new URLs above to update your shortcuts

McAfee MOVE AV Multi-Platform 4.0 SVM Hotfix 1172390 Now Available

2/2/2017

McAfee MOVE AV Multi-Platform 4.0 SVM Hotfix 1172390 is now available. This release includes new features, fixes, and enhancements including:

Resolves the issue where mvserver.exe process is writing thousands of files in the folder: C:\Users\AllUsers\Microsoft\Crypto\RSA\ folder

To download MOVE AV Multi-platform 4.0 SVM hotfix 1172390, go to the McAfee ServicePortal site at: https://support.mcafee.com

Log in using a valid grant number and then search for "1172390" to download the hotfix.

For a full list of changes, see the Release Notes in PD26862: https://kc.mcafee.com/corporate/index?page=content&id=PD26862

For additional information about this issue, see KB88268: https://kc.mcafee.com/corporate/index?page=content&id=KB88268

weebly
analytics