Monday 29 February 2016

Troubleshooting On-Demand Scan Performance with VSE 8.8 Patch 5 and 6

After upgrading an endpoint to VSE 8.8 (patch 5 or 6), the system becomes slow or unresponsive during On-Demand Scans.  System performance can be improved by making some changes to the System Utilisation settings to reduce resource use.

Sunday 28 February 2016

McAfee Labs has released an updated Threat Advisory for W97M/Downloader and X97M/Downloader.

W97M/Downloader and X97M/Downloader are Microsoft Office files that contain a malicious macro. The only difference between them is that W97M detections are related to Word files and X97M detections are related to Excel files. The macro downloads and executes other malware on the infected machine. The malicious Office file usually arrives on a machine as an attachment as part of spam or phish emails. The file can be a Word document (.doc file and .docx file) or an Excel workbook (.xls file and .xlsx file).

Saturday 27 February 2016

McAfee Labs Threat Advisory for Ransomware-Locky

Ransomware-Locky is a ransomware that upon execution encrypts certain file types present in the user’s system.
The compromised user has to pay the attacker to get the files decrypted.

Friday 26 February 2016

End of Life for McAfee 5700 Anti-Malware Engine


The End of Life (EOL) and End of Support (EOS) date for the McAfee 5700 Anti-Malware Engine is February 29, 2016. Intel Security requests that all customers update to the McAfee 5800 Anti-Malware Engine as soon as possible.

For a product that uses the McAfee Anti-Malware Engine to be fully supported, a supported product version and a supported engine must both be deployed. If either the product version or the engine is not supported, then the total product configuration is not supported.

You can download the 5800 Engine from the Security Updates page

McAfee Agent 5.0.2 Hotfix 1110392 is now available

Multiple McAfee endpoint products include a private mechanism to access settings and files protected by self-protection rules. This mechanism is not sufficiently secure and may be misused to access registry keys and files that should be protected from tampering.
When VirusScan Enterprise (VSE) is present on the device, processes that attempt to use this private mechanism are scanned upon access, but if not detected as malware could gain access to McAfee products protected resources.
This trusted access bypass vulnerability allows access to resources normally protected by the vulnerable products.
Though McAfee Agent 5.0.x, ship the vulnerable technology, it has already transitioned to a new self-protection mechanism that doesn’t rely on the vulnerable technology. However it requires an update to fully disable the vulnerable technology.
This release includes:


  • Fixes as described in PD26386 - McAfee Agent 5.0.2 Hotfix 1110392 Release Notes
  • Hotfix 1110392 is rated mandatory due to a security fix as described in the release notes.

To download McAfee Agent 5.0.2 Hotfix 1110392 (MA502HF1110392WIN.zip), go to the product downloads site Refer to Security Bulletin SB10151 for additional details

VirusScan Enterprise 8.8 Patch 7 Now Available



VirusScan Enterprise 8.8 Patch 7 is now available. 

This update has been scored 'mandatory' by Intel Security. This score is based on the Security Vulnerability which has been previously identified and since patch in this release.

Multiple McAfee endpoint products include a private mechanism to access settings and files protected by self-protection rules. This mechanism is not sufficiently secure and may be misused to access registry keys and files that should be protected from tampering.

This release includes new features, fixes, and enhancements including:
  • A vulnerability is addressed in this release. See SB10151 for details.
  • This release is rated “Mandatory”.
  • See release notes for MA 5.x version restrictions. 
  • TIE customers are advised to use 1.0.140 or later.
  • Adds Windows 10 TH2 Support, including the Secure/UEFI feature.
  • Adds 5800 engine (for new installations)
  • Please review your Windows service dependencies practices. See KB85374.


For a full list of changes, see the Release Notes in PD26382
For a list of known issues, see KB70393

Wednesday 17 February 2016

McAfee Customer Submission Tool 2.4 Now Available

This tool integrates into Microsoft Outlook. It allows users to quickly and easily submit missed spam samples and samples that were wrongly categorized as spam to McAfee Labs. McAfee Customer Submission Tool version 2.4 can also be used with McAfee Quarantine Manager to black or white list email addresses when submitting the samples.

McAfee Customer Submission Tool (MCST) 2.4 is now available. This release includes new features, fixes, and enhancements including:

  • Support for Outlook 2013
  • Support for Exchange 2013
  • Bug fixes

To download MCST 2.4, go to the Product Downloads site.

For a full list of changes, see the Release Notes in PD26356

Tuesday 16 February 2016

SiteAdvisor Enterprise now supports Firefox 44

SiteAdvisor Enterprise 3.5 Patch 4 HF1076106 is now available.

This hotfix includes a signed SAE extension for use in Firefox with Firefox 44 support.

To download SiteAdvisor Enterprise 3.5 Patch 4 HF1076106, go to the Product Downloads site

Tuesday 9 February 2016

McAfee DAT Reputation 1.0.4 Mandatory Upgrade AutoUpdate Schedule

A new version of McAfee DAT Reputation for Enterprise, v1.0.4, will be available from the CommonUpdater3 download sites with DAT Reputation ON and Safety Pulse OFF.

This release is a mandatory upgrade for all customers running DAT Reputation and will include reported issues listed in the following Knowledge Base articles:


It will also include a new certificate required because of an upcoming expiry date.

An updated DAT Reputation ePO Extension (v1.0.2) will also be posted for DAT Reputation 1.0.4. This new extension is an optional update for existing DAT Reputation users and provides Windows 10 OS endpoint support.

Customers can test this release in a representative subset of their production environment by configuring the systems in this group to update from CommonUpdater3 locations. For details on how to configure AutoUpdate to use a different update location, see KB86251:

This update will be phased as follows:

CommonUpdater3 - Planned for February 9, 2016:

  • ftp://ftp.nai.com/commonupdater3
  • http://update.nai.com/products/commonupdater3

CommonUpdater - Planned for February 16, 2016:

  • http://update.nai.com/products/commonupdater
  • ftp://ftp.mcafee.com/commonupdater

CommonUpdater2 - Posting of DAT Reputation to CommonUpdater2 locations remains postponed:

  • ftp://ftp.nai.com/commonupdater2
  • http://update.nai.com/products/commonupdater2

McAfee Labs has released an updated Threat Advisory for W32/Pinkslipbot.

The W32/Pinkslipbot worm is capable of spreading over network shares, downloading files, and updating its software. Additionally, it is capable of receiving back door command from its IRC command and control center. It attempts to steal user information and upload it to FTP sites.

Monday 8 February 2016

ePolicy Orchestrator update fixes multiple Oracle Java vulnerabilities


ePO is vulnerable to the multiple CVEs reported in Oracle's January 2016 Java SE update. Collectively, these vulnerabilities affect confidentiality, integrity, and availability of the server.

AFFECTED SOFTWARE

  • ePO 5.1.3 and earlier
  • ePO 5.3.1 and earlier


REMEDIATED/PATCHED VERSIONS
The vulnerability is remediated in these versions:

  • ePO 5.1.3 + Hotfix 1117371 (EPO5xHF1117371.zip)
  • ePO 5.3.1 + Hotfix 1117371 (EPO5xHF1117371.zip) 


McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see McAfee Knowledge Base article SB10148.