McAfee Advanced Threat Defense 3.6.0



Similar documents
McAfee Threat Intelligence Exchange Software

McAfee Network Security Platform 8.2

How To Fix A Fault Notification On A Network Security Platform (Xc) (Xcus) (Network) (Networks) (Manual) (Manager) (Powerpoint) (Cisco) (Permanent

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform

Data Center Connector for vsphere 3.0.0

Managing Latency in IPS Networks

McAfee Network Security Platform Administration Course

McAfee Web Gateway 7.4.1

McAfee Host Intrusion Prevention Patch 6 Software

Endpoint Security for DeltaV Systems

Data Center Connector for OpenStack

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

Release Notes for McAfee(R) VirusScan(R) Enterprise for Linux Version Copyright (C) 2014 McAfee, Inc. All Rights Reserved.

McAfee Data Loss Prevention Endpoint

McAfee Cloud Single Sign On

Network Security Platform 7.5

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Network Security Platform 8.1

Performance Optimizer Software

McAfee MOVE AntiVirus (Agentless) 3.6.0

System Compatibility. Enhancements. Security. SonicWALL Security Appliance Release Notes

McAfee Asset Manager Console

McAfee Endpoint Encryption for PC 7.0

McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide

Manage Licenses and Updates

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course

McAfee Public Cloud Server Security Suite

McAfee Data Loss Prevention Endpoint

Installation Guide. McAfee VirusScan Enterprise for Linux Software

Implementing Endpoint Protection in System Center 2012 R2 Configuration Manager

ESET NOD32 Antivirus 4 for Linux Desktop. Quick Start Guide

MALWAREBYTES PLUGIN DOCUMENTATION

Best Practices Guide Revision B. McAfee epolicy Orchestrator Software

McAfee VirusScan and epolicy Orchestrator Administration Course

GRAVITYZONE HERE. Deployment Guide VLE Environment

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

Novell Sentinel Log Manager 1.2 Release Notes. 1 What s New. 1.1 Enhancements to Licenses. Novell. February 2011

Migration Guide Revision A. McAfee and Web Security McAfee Web Gateway 7.x

Symantec Advanced Threat Protection: Network

McAfee SiteAdvisor Enterprise 3.5 Patch 2

McAfee Data Loss Prevention Endpoint 9.4.0

Product Guide. McAfee Endpoint Security for Mac Threat Prevention

Release Notes 7.5 [formerly IntruShield]

McAfee DAT Reputation Implementation Guide. Version 1.0 for Enterprise

McAfee MOVE AntiVirus Multi-Platform 3.5.0

McAfee Firewall Enterprise 8.3.1

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

WildFire Cloud File Analysis

Juniper Secure Analytics Release Notes

McAfee Firewall for Linux 8.0.0

McAfee Endpoint Security Software

Malwarebytes Enterprise Edition Best Practices Guide Version March 2014

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Panorama High Availability

Bandwidth consumption: Adaptive Defense and Adaptive Defense 360

Web Application Firewall

Junos WebApp Secure (formerly Mykonos)

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...

Installing and Configuring vcloud Connector

About this release. McAfee Application Control and Change Control Addendum. Content change tracking. Configure content change tracking rule

McAfee Vulnerability Manager 7.5.1

McAfee Firewall Enterprise 8.2.1

McAfee Enterprise Security Manager 9.3.2

Extreme Networks Security Upgrade Guide

WildFire Features. Palo Alto Networks. PAN-OS New Features Guide Version 6.1. Copyright Palo Alto Networks

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Security Provider Integration Kerberos Authentication

Sophos Mobile Control as a Service Startup guide. Product version: 3.5

Zscaler Cloud Web Gateway Test

Intel Security Certified Product Specialist McAfee Network Security Platform (NSP)

Desktop Release Notes. Desktop Release Notes 5.2.1

ADSP Infrastructure Management Compliance Audit. How-To Guide

McAfee Security Architectures for the Public Sector

Hardware Sizing and Bandwidth Usage Guide. McAfee epolicy Orchestrator Software

McAfee Content Security Reporter Software

ESET NOD32 ANTIVIRUS 9

VMware Mirage Web Manager Guide

ESET NOD32 ANTIVIRUS 8

Copyright 2013 EMC Corporation. All Rights Reserved.

ESET SMART SECURITY 9

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

Time Matters and Billing Matters Release Notes. Obtaining the Software. Before You Install. LexisNexis Time Matters and Billing Matters 15.

Kaspersky Security 10 for Mobile Implementation Guide

SECURE ICAP Gateway. Blue Coat Implementation Guide. Technical note. Version /12/13. Product Information. Version & Platform SGOS 6.

Release Notes for McAfee epolicy Orchestrator 4.5

Best Practices Guide. McAfee Endpoint Protection for Mac 1.1.0

Steps for Basic Configuration

Introduction to Google Apps for Business Integration

HP IMC User Behavior Auditor

Security Provider Integration RADIUS Server

McAfee Endpoint Protection Products

McAfee VirusScan Enterprise for Linux Software

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Integration Guide. McAfee Asset Manager. for use with epolicy Orchestrator 4.6

FOR MAC. Quick Start Guide. Click here to download the most recent version of this document

The client transfer between epo servers guide. McAfee Drive Encryption 7.1.3

Transcription:

Release Notes McAfee Advanced Threat Defense 3.6.0 Revision C Contents About this release New Features Enhancements Resolved issues Installation and upgrade notes Known issues Product documentation About this release This release notes announces the availability of McAfee Advanced Threat Defense software version 3.6.0 for McAfee Advanced Threat Defense Appliance models ATD-3000 and ATD-6000. If you plan to integrate this version of McAfee Advanced Threat Defense and with other supported products, then the minimum software combination supported is as listed below: We strongly recommend you to upgrade your McAfee Advanced Threat Defense software to 3.4.2.32 or a later version to integrate with these products. Product Name McAfee Network Security Platform McAfee Web Gateway Version Network Security Manager: 8.0.5.9 or later Signature set: 8.6.18.10 or later M-series Sensor software: 8.0.3.10 or later NS-series Sensor software: 8.0.5.8 or later Virtual IPS Sensor software: 8.0.7.9 or later 7.4.0-16053 or later 1

Product Name McAfee Email Gateway Version 7.6.3 or later McAfee Next Generation Firewall (McAfee NGFW) 5.9.0 5.10.3 McAfee Data Exchange Layer 1.0.0.1070 or later McAfee Threat Intelligence Exchange 1.0.0.824 or later McAfee Security Information & Event Management 9.5.0 MR4 or later McAfee Enterprise Security Manager (McAfee ESM) 9.4.1 or later McAfee epolicy Orchestrator 5.1.1 [Build:357] McAfee Active Response 1.1.0.158 New Features This release of McAfee Advanced Threat Defense includes the following new features. Auto-synchronization of VM profiles in a load-balancing cluster With this release, upon adding a node to a cluster or upon modifying a VM profile of Primary node, VM configurations in Primary node are pushed to VMs in secondary nodes, thereby automatically synchronizing all the VMs in a cluster. Active Response integration McAfee Active Response is a threat detection and response tool. It provides real-time information about endpoints on your network. With this release, Advanced Threat Defense integrates with McAfee Active Response. The integration enables Advanced Threat Defense to identify all the endpoints in your network which are infected with a malicious file having a threat score of 3 and above. Use set mar-timeout to configure a timeout period after which Advanced Threat Defense stops querying MAR server for results. Use show mar-timeout to display a configured timeout period after which Advanced Threat Defense stops querying MAR server for results. Global whitelisting Whitelist database lists the MD5/SHA-256 hash values of trusted files, which need not be analyzed. With this release, you can use the Advanced Threat Defense web application to manage whitelisted records. Also, it is now possible for a user to whitelist VBA macros. Use the whitelistmerge command to manually copy the Global Whitelist database of the Active node onto Secondary/Backup nodes. This is only a one-time activity, after which the Whitelist database of Secondary/Backup nodes is automatically overwritten by that of the Active node at 0000 hours on a daily basis. Full Logic Path With this new functionality, Advanced Threat Defense can identify malicious actions that are triggered only under specific circumstances, for example on a particular day or when a certain file is present or when a certain command is received. This feature allows you to explore multiple execution paths thus revealing executable hidden logic and representing them in a graphical manner. It is an experimental 2

feature, so the following message appears once you select this feature: This feature is in Technical Preview mode, enabling it will adversely affect the processing speed of the device. Some limitations associated with this feature are listed as follows. It is available only for Windows 7 32-bit systems. VM with this feature enabled has results pertaining to Full Logic Path only and no other detection results. It is suitable only for deeper analysis as it has performance tradeoffs. Usability Following are the usability improvements achieved as part of this release. Prioritizing files for analysis You can select the priority for a sample file execution. The following options are available: Run now Add to queue Enhancements This release of the product includes these enhancements. Appliance performance improvements Following are the performance improvements achieved as part of this release. The sample analysis rate for Advanced Threat Defense increases by 25%. The sample submission rate in a cluster in a load-balancing scenario increases by 50%. Automatic synchronization of VM profiles in a LB Cluster. Usability Single File Submission to Multiple VMs You can submit a file to multiple VMs for analysis simultaneously. You can select multiple VM profiles in the Analyzer Profile. Maximum of 5 VM profiles can be selected for an Analyzer Profile. Support Bundle enhancements The user has the ability to selectively choose the log file categories to be downloaded and the number of most recent log files to be displayed. Also, the blocking call for downloading log files are now removed. Family Classification enhancements Family classification provides the categorization of malware into specific families based on their malicious behavior. The following family classification enhancements are achieved with this release. Family Classification for.net The functionality is extended to samples with.net extension as well. Family Classification for 64-bit samples Earlier the family classification functionality was supported only for 32-bit samples. With this release, the functionality is extended to 64-bit samples as well. 3

Resolved issues These issues are resolved in this release of the product. For a list of issues fixed in earlier releases, see the Release Notes for the specific release. Resolved McAfee Advanced Threat Defense Appliance software issues The following table lists the resolved high-severity issues: ID # Issue Description 1128141 The Advanced Threat Defense Appliance stops processing samples due to Android VM unmount failure. 1127422 The factorydefaults CLI command does not reset the LDAP configuration. 1122758 The XMode and Activation uses the default Advanced Threat Defense certificate even when the custom Web Certificate is uploaded. 1117520 The user interface stops using the custom Web Certificate after upgrading the Advanced Threat Defense Appliance from 3.4.8.142 to 3.4.8.178. The following table lists the resolved medium-severity issues: ID # Issue Description 1125988 The Advanced Threat Defense product guide has to be updated with contents for VM Profile column in the Analysis Results page. 1125902 Passwords containing ":" is printed in clear text in the Audit log. 1125813 The Advanced Threat Defense product guide has to be updated with file analysis sequence for heuristics, docfilter, and Skip files if previously analyzed. 1124054 The Advanced Threat Defense Appliance System Health toggles between Good and Bad states. 1120205 Random account is selected while editing a particular Advanced Threat Defense user account. 1115542 Some of the samples in queue are not picked for analysis after the Advanced Threat Defense Appliance reboots. 1109067 The first sample Status is displayed as Invalid for the ATD supported file type. 1106627 All the samples submitted shows invalid status when the zombie network virtual interface is activated. 1105761 The document URLs for Gateway Anti-Malware and Anti-Virus engines have to be updated in the Advanced Threat Defense product guide. 1077010 After reboot, the samples in queue submitted through URL and URL download are displayed as invalid. Installation and upgrade notes Review the following before you install Advanced Threat Defense in your network. If you have already deployed Advanced Threat Defense and you require information on how to upgrade to this release of Advanced Threat Defense, refer to step 4 below. 4

If you are installing Advanced Threat Defense, then review the steps below. 1 Review the Warnings and cautions and the Usage restrictions sections in the McAfee Advanced Threat Defense 3.6.0 Product Guide. 2 Refer to Before you install the Advanced Threat Defense Appliance section and Setting up Advanced Threat Defense section under Setting up the Advanced Threat Defense Appliance chapter in McAfee Advanced Threat Defense 3.6.0 Product Guide for information on how to install the Advanced Threat Defense Appliance. 3 You can also refer to the McAfee Advanced Threat Defense Quick Start Guide for information on how to set up the Appliance. 4 Refer to the Upgrade McAfee Advanced Threat Defense and Android VM section in the McAfee Advanced Threat Defense 3.6.0 Product Guide and upgrade the embedded McAfee Advanced Threat Defense software to 3.6.0. If the current version is below than 3.4.8 and you want to upgrade to 3.6.0, you need to upgrade the McAfee Advanced Threat Defense to 3.4.8 first. Refer to the sections listed below for guidance on upgrade to 3.4.8. Upgrade ATD software from 3.4.2.32 to 3.4.8 section under Managing Advanced Threat Upgrade ATD software from 3.4.4.63 to 3.4.8 section under Managing Advanced Threat Upgrade ATD software from 3.4.6 to 3.4.8 section under Managing Advanced Threat Defense chapter in McAfee Advanced Threat Defense 3.6.0 Product Guide If the current version is 3.4.8.190 or 3.4.8.193, you can directly upgrade to 3.6.0. Refer to the sections listed below for guidance on upgrade to 3.4.8. Upgrade ATD software from 3.4.8.190 to 3.6.0 section under Managing Advanced Threat Upgrade ATD software from 3.4.8.193 to 3.6.0 section under Managing Advanced Threat If the current Android version is 4.3, you need to upgrade to Android Analyzer VM 5.0. Refer to Upgrade the Android Analyzer VM section under Managing Advanced Threat Defense chapter in McAfee Advanced Threat Defense 3.6.0 Product Guide Before upgrading to version 3.6.0, we either need to remove the Android VM from the analyzer profiles or upgrade the Android VM to 5.0. This is a pre-requisite to create an Android VM. 5 Refer to McAfee Advanced Threat Defense 3.6.0 Product Guide and configure it for malware analysis. 6 To integrate with Network Security Platform, refer to the corresponding Network Security Platform release notes as well as the latest Network Security Platform Integration Guide. Recall that you need a Manager and a Sensor on version 8.1 or later. 7 To integrate with McAfee Web Gateway, you need McAfee Web Gateway 7.4.0-16053 or later. Refer to the McAfee Web Gateway 7.4.0 Product Guide. 8 To integrate with McAfee epo, you need version 5.1.1 or later. In order to integrate Advanced Threat Defense with McAfee Threat Intelligence Exchange (TIE), you need 5.1.1 or above version of McAfee epo. The information for this integration is in the McAfee Advanced Threat Defense 3.6.0 Product Guide. 5

Known issues McAfee Advanced Threat Defense software issues in this release: KB86947. Product documentation Every McAfee product has a comprehensive set of documentation. Find product documentation 1 Go to the McAfee ServicePortal at http://mysupport.mcafee.com and click Knowledge Center. 2 Enter a product name, select a version, then click Search to display a list of documents. 3.6.0 product documentation list The following software guides are available for Advanced Threat Defense 3.6.0 release: Quick Start Guide Product Guide API Reference Guide Copyright 2016 McAfee, Inc. www.intelsecurity.com Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/ registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others. 00

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information