McAfee Vulnerability Manager 7.5.1 The McAfee Vulnerability Manager 7.5.1 quarterly release adds features to the product without having to wait for the next major release. This release notes file contains information about new features for this release. New features Here is a list of new and updated features included with this release of McAfee Vulnerability Manager 7.5.1. RealTime scanning McAfee integrates McAfee Vulnerability Manager and McAfee Asset Manager to provide RealTime scanning. Operating system (OS) identification The product allows you to set the operating system for a single asset or a group of assets. You can also clear the operating system assigned to a single asset or group of assets. McAfee product integration McAfee Vulnerability Manager can now use information from other products, like McAfee Asset Manager. McAfee Asset Manager can provide operating system information for an asset. Vulnerability information for mobile platforms The product can provide vulnerability information for some mobile devices (requires McAfee Asset Manager integration). epolicy Orchestrator assets in the assets table epo assets are now added to the McAfee Vulnerability Manager asset table, so epo assets can be added from the Targets tab. Microsoft Windows 8 and Microsoft Windows Server 2012 The product allows you to scan assets running Microsoft Windows 8 or Microsoft Windows Server 2012. Note: Installing McAfee Vulnerability Manager on a Microsoft Windows Server 2012 system is not supported. Using McAfee Vulnerability Manager with Microsoft Internet Explorer 10 (IE10) is not supported.
RealTime scanning McAfee Vulnerability Manager RealTime scanning allows you to continuously scan assets on your network. You can have only one RealTime scan assigned to a scan engine. Before you start Before you can use a RealTime scan: Install the McAfee Asset Manager Sensors. Install the McAfee Asset Manager Console. Configure the McAfee Asset Manager Sensors to communicate with the McAfee Asset Manager Console. Install and configure McAfee Vulnerability Manager. Use the McAfee Asset Manager Integration Guide to integrate McAfee Asset Manager and McAfee Vulnerability Manager. Create a RealTime scan To create a RealTime scan, create a scan configuration and select the RealTime Scan checkbox. 1 Select Scans New Scan. 2 Select the base settings for your scan or select a template. 3 Select RealTime Scan, then click Next. 4 Type a name for the scan, select your target settings, then click Next. You cannot add targets to a RealTime scan, because the assets are imported from McAfee Asset Manager. 5 Select your scan settings, then click Next. 6 Select your report options, then click Next. No reporting options are enabled, by default. 7 Select your schedule options. This includes selecting a scan engine and the amount of time delayed between continuous scans. a Select Engine Select the scan engine to run the RealTime scan. Only one RealTime is allowed per scan engine. Scan engines with an active RealTime scan are removed from the Select Engine list. You must select Active to enable the Select Engine list. b Delay between scans Set the amount of time between when a RealTime scan completes and when it starts again. By default, this is five minutes. The shortest time delay is one minute, the longest is 1,440 minutes (24 hours). 8 Click Schedule Scan. If you selected Inactive, then click Save. 2
Use a RealTime scan Note the following about RealTime scanning: By default, a RealTime scan is set to continuous. After a RealTime scan completes, the scan goes into the Pending state until the next scheduled scan (five minutes by default). Change the time between continuous scans on the Schedule page in the product. If you cancel a Pending RealTime scan, the scan engine is no longer associated with that scan. You can then create another RealTime scan associated with the scan engine and activate it. If you attempt to run two RealTime scans on the same scan engine, for one root organization, you will see an error message stating this is not possible. RealTime conditions The dynamic asset tag and custom report filters now provide a way of identifying assets based on RealTime scanning conditions. Use the RealTime conditions in your dynamic asset tags to help you search for assets that are within your RealTime requirements or not within your RealTime requirements. Use the RealTime conditions in your custom reports to report on which assets are within your RealTime requirements or not within your RealTime requirements. RealTime conditions Condition Description Created date Last scanned date Matches an asset if the asset's creation date is less than or greater than the set number of days. Matches an asset if the asset was last scanned in less than or greater than the set number of days. Real time discovered Matches an asset if the asset was discovered or not discovered by McAfee Asset Manager. Real time scanned Matches an asset if the asset was scanned or not scanned in a RealTime scan. 3
Operating system identification The product allows you to manually set the operating system identified on an asset. Set OS identification using asset management You can set the operating system for an asset on the Asset Management page. 1 Select Manage Assets. 2 Right-click an asset, then select Properties. You can select multiple assets using the Ctrl or Shift buttons. 3 Select Change Operating System. 4 Type the operating system in the Operating System Name field. 5 Select the Operating System Category, then click Submit. Clear OS identification using asset management You can clear the operating system 1 Select Manage Assets. 2 Right-click an asset, then select Properties. You can select multiple assets using the Ctrl or Shift buttons. 3 Select Change Operating System. 4 Select Unknown from the Operating System Category. A message states you are about to clear the operating system information. 5 Click OK, then click Submit. Set OS identification using asset search You can conduct a search on the Asset Management page and then manually apply an operating system to the search results. 1 Select Manage Assets. 2 Conduct an asset search. 3 Click With all search results, then select Update Operating System. 4 Type the operating system in the Operating System Name field. 5 Select the Operating System Category, then click Submit. 4
Clear OS identification using asset search OS identification prioritization The product applies a priority based on the source of the operating system identification. If there is an external source (like epo or McAfee Asset Manager) with operating system information for an asset with a priority value greater than or equal to that of the information already in the product, the information from the external source replaces the information in the product. Determining which source to use for identifying the operating system on an asset happens during the asset reconciliation Operating system weight value (priority) Source Weight External source and only the operating system category is known McAfee Vulnerability Manager discovery scan without credentials External source and the complete operating system is known Unmanaged epo assets epo operating system information McAfee Vulnerability Manager discovery scan with credentials Manually set operating system 0 Note: The OS category would be Microsoft Windows, not Microsoft Windows Server 2008 R2. 0-100 Note: Some operating systems allow access to a target registry without using credentials, like a NULL session. In these cases, a score of 200 is applied to the target. 95 95 150 200 1000 5
Integrate third party OS identification The product allows you to integrate other McAfee products, like McAfee Asset Manager, and use that asset information to improve the accuracy of your scan results. See the McAfee Asset Manager documentation for information about integrating with McAfee Vulnerability Manager. Vulnerability information for mobile devices With mobile device information from McAfee Asset Manager, McAfee Vulnerability Manager can add these mobile devices as assets to your asset table and Asset Management page. When you run a scan that includes mobile devices, the product can provide you with a list of known vulnerabilities related to the software version running on the device. The product does not connect to the mobile device during a scan, but does run FSL scripts to identify vulnerabilities based on the mobile device information. Note: To run a scan against the mobile device information, the mobile device must be wirelessly connected to your network, and the wireless access point must be connected to a McAfee Asset Manager sensor. Mobile devices appear in the Asset Management page with the IP address and operating system. The DNS name (device name) and NetBIOS name appear if that information is available. Mobile devices appear in the asset table when adding assets to a scan. McAfee Vulnerability Manager can provide vulnerability information for the following mobile operating systems: Apple ios 1.0 and later Android OS 2.0 and later Blackberry OS 4.0 and later Windows Mobile OS 5.0 and later 6
epolicy Orchestrator assets in the asset tree Your epo assets are now included with the McAfee Vulnerability Manager assets and can be added to a scan configuration from the Targets tab. You can still add your epo assets by selecting the epo Asset Source on the Browse tab. Microsoft Windows 8 and Microsoft Windows Server 2012 The product can scan assets running Microsoft Windows 8 or Microsoft Windows Server 2012. Note: Installing McAfee Vulnerability Manager on a Microsoft Windows Server 2012 system is not supported. Using McAfee Vulnerability Manager with Microsoft Internet Explorer 10 (IE10) is not supported. Known issues For a list of known issues for this release, see the following KnowledgeBase article: KB76601 7
Resolved issues The following are the issues were resolved with this release. This application installs only the patch needed to update the McAfee Vulnerability Manager system. Fixed infinite loop in Discovery module during TCP/UDP fingerprinting. (Reference: 768854) Fixed form authentication using a credential that includes the character "ñ". (Reference: 779317) Fixed FSAssessment crash in the FASLModule. (Reference: 771899) Fixed date format specification for the FSUpdate table SQL query. (Reference: 788878) Fixed XCCDF Benchmark reports for STIG templates. (Reference: 756499) Fixed date conversion error while updating the job state on a British-English SQL Server. Fixed the MVM Data Import task invoked by the MVM epo extension. (Reference: 776590) Fixed the Vuln Set rule editor to hide the preview button until the editor has completed processing. (Reference: 761499) Fixed the workgroup-delete operation to display an error when the delete fails. (Reference: 766309) Fixed the role editor to allow the viewing of the complete organization tree. Fixed the FASL engine script launcher to avoid running too many scripts simultaneously against a single target. Fixed Dashboard Risk Trend Graph not Loading. (Reference: 795166) Fixed premature timeout determination made by the API and script monitoring object and improved its performance when running on networks with significant network latency. (Reference: 803904) 8