Embed Size (px)
Citation preview
Release Notes
McAfee Endpoint Security 10.5.2
Contents About this release What's new Resolved issues Installation information Known issues Product documentation
About this releaseThis document contains important information about the current release. We recommend that you read thewhole document.
Release date
August 28, 2017
Release build
Endpoint Security 10.5.2.2041
Endpoint Security Common 10.5.2.2072 extension 10.5.2.2013
Endpoint Security Threat Prevention 10.5.2.2108 extension 10.5.2.2015
Endpoint Security Firewall 10.5.2.2030 extension 10.5.2.2017
Endpoint Security Web Control 10.5.2.2028 extension 10.5.2.2014
Endpoint Security Adaptive Threat Protection 10.5.2.2078 extension 10.5.2.2037
Endpoint Security Migration Assistant extension 10.5.2.2006
1
This release was developed for use with:
• McAfee® Endpoint Security 10.5.0
• McAfee® ePolicy Orchestrator® (McAfee® ePO™) 5.1.1 and later
Important notes about this release
Endpoint Security 10.5.2 lists these products and versions in the Master Repository on the McAfee ePO server.
Product Version Minor version
Endpoint Security Common Patch 10.5.0 2
Endpoint Security Common 10.5.0 2072
Endpoint Security Threat Prevention Patch 10.5.0 2
Endpoint Security Threat Prevention 10.5.0 2108
Endpoint Security Firewall Patch 10.5.0 2
Endpoint Security Firewall 10.5.0 2030
Endpoint Security Web Control Patch 10.5.0 2
Endpoint Security Web Control 10.5.0 2028
Endpoint Security Adaptive Threat Protection 10.5.0 2078
Endpoint Security 10.5.2 lists these products and versions in the About dialog box of McAfee Agent and EndpointSecurity, and McAfee ePO product properties.
Product Version
Endpoint Security Common 10.5.2.2072
Endpoint Security Threat Prevention 10.5.2.2108
Endpoint Security Firewall 10.5.2.2030
Endpoint Security Web Control 10.5.2.2028
Endpoint Security Adaptive Threat Protection 10.5.2.2078
Purpose
This release of McAfee Endpoint Security contains improvements and fixes. This release also includes the abilityto disable scanners from the McAfee system tray, adds support for the Endpoint Security Profiler Tool, andprovides Extra.DAT support for Adaptive Threat Protection.
We recommend that you verify this update in test and pilot groups before mass deployment.
Rating — Critical
Mandatory Critical High Priority Recommended
• Critical for all environments.
• Failure to apply a Critical update might result in severe business impact.
• A hotfix for a Severity 1 or Severity 2 issue is considered Critical.
For more information, see KB51560.
2
What's newThe current release of the product includes these enhancements and changes.
McAfee ePO rollup reporting support
The McAfee ePO rollup reporting feature includes the ability to run queries that report summary data frommultiple databases.
Endpoint Security Profiler Tool support
The Endpoint Security Profiler Tool works with this release of Endpoint Security.
• Analyzes on-access scanner activity
• Gathers statistics on processes and files accessed by the on-access scanner
• Uses the Default, Low, and High scanning profiles to present data based on different configurations
• Analyzes activity from Threat Prevention and Adaptive Threat Protection modules
Using the collected data, decide if you want to exclude a file, exclude a folder, or change how scanning isapplied to a process' activity by placing it into a different scan profile.
McAfee Cloud Threat Detection support
McAfee®
Cloud Threat Detection (McAfee®
CTD) adds cloud-based sandboxing capability to your existing securityinfrastructure through McAfee
®
ePolicy Orchestrator®
(McAfee®
ePO™
) software.
For information about configuring McAfee CTD to work with Endpoint Security, see the McAfee Cloud ThreatDetection documentation.
Common enhancements
Log file updates — Changes the activity, error, and debug log files for all Endpoint Security modules so they arenow written in English only, regardless of system locale. This behavior is not configurable.
Installation improvements — Adds a secondary validation check when a validation failure occurs through theValidation and Trust Protection service. The secondary check succeeds if the calling process is signed by McAfee,and all loaded modules are chained to a trusted certificate authority. This allows Endpoint Security processes tooperate normally in the presence of legitimate third-party software applications that inject processes, anddigitally sign the software.
Threat Prevention enhancements
• Adds the option for disabling Endpoint Security scanners to the Quick Settings menu, accessed from theMcAfee system tray icon.
• Adds support for Early Load Anti-Malware (Windows 8 and later). This feature collects the list of devicedrivers loaded during the system boot process, then scans them when the scanning services run.
Firewall enhancements
• The Endpoint Security Firewall: Events from McAfee GTI query is now called Endpoint Security Firewall: Events from McAfeeGTI in the last 6 months. Previously, this query had no date limit; now it only queries results from the last 6months.
3
Adaptive Threat Protection enhancements
• Adds the option for disabling Endpoint Security scanners to the Quick Settings menu, accessed from theMcAfee system tray icon.
• Adds Extra.DAT support for Real Protect. You can install an Extra.DAT file to suppress false positivedetections until the next scheduled ATP content update is released.
• The behavior of the Allow action for ATP threat notifications changed between 10.2 and 10.5. In 10.2, if a userselected Allow, the application was contained. In 10.5, the Allow action lets the application run uncontained.
• Adds the ability to view the Adaptive Threat Protection content version.
• Integrates several Real Protect performance improvements, including the resolution of a Google Chromefalse positive issue.
Migration Assistant enhancements
This release adds a notification for unsupported characters in migrated Access Protection exclusions.
VirusScan Enterprise uses the semicolon ( ; ) characters to separate include and exclude processes, but theMigration Assistant recognizes only the comma ( , ) characters. When you migrate exclusions that usesemicolons to separate multiple include and exclude processes, the processes are migrated to AccessProtection as a single process. The result is that migrated policies do not contain all the inclusions andexclusions that were in the original policy.
Best practice: Review source VirusScan Enterprise policies before migration. Locate all semicolons and changethem to commas.
If you migrate policies with unrecognized semicolons, the Migration Assistant notifies you before completingmanual migration that policies have unsupported characters. You can cancel the migration, revise the sourcepolicies, then begin manual migration again. You can also edit your migrated policies later.
Updated components
• VSCore 15.6.0.2770 • McAfee Agent 5.0.6
• SysCore 15.6.0.2830 • McAfee Anti-Malware Engine 5900
• AMCore 1.5.0.3142
Endpoint Security rollup result typesUse these Endpoint Security result types in the Query Builder wizard for querying consolidated data.
• Endpoint Security Firewall Rolled-Up Systems
• Endpoint Security Platform Rolled-Up Systems
• Endpoint Security Rolled-Up Threat Events
• Endpoint Security Threat Prevention Rolled-Up Systems
• Endpoint Security Web Control Rolled-Up Events
• Endpoint Security Web Control Rolled-Up Systems
4
Roll up system or event data for Endpoint SecurityCompile data from multiple servers at the same time using McAfee ePO Roll Up Data server tasks.
Task1 From the McAfee ePO console, open the Server Task Builder.
a Select Menu | Automation | Server Tasks.
b Click New Task.
2 On the Description page, type a name and description for the task, and select whether to enable it, thenclick Next.
3 Click Actions, then select Roll Up Data.
4 From the Roll up data from: drop-down list, select one:
• All registered servers
• Selected registered servers — Select the servers you want, then click OK.
5 To roll up system data:
a For the Data Type, select Managed Systems.
b Select the Additional Types: Configure link, and select the Endpoint Security types you want to include.
6 To roll up event data:
a Click the + button at the end of the table heading to add another data type, then select Threat Events.
b Click Additional Types: Configure, and select the Endpoint Security types you want to include.
7 Schedule the task, then click Next.
8 Review the settings, then click Save.
Resolved issuesThe current release of the product resolved these issues. For a list of issues fixed in earlier releases, see theRelease Notes for the specific release.
Installation
Reference Resolution
1185007 An error no longer occurs, in rare cases, when migrating VirusScan Enterprise 8.8 to EndpointSecurity.
1187221 This release resolves a compatibility issue with HEAT Desktop & Server Management (DSM),allowing a successful installation.
1193300 Endpoint Security 10.1.1 extensions now successfully upgrade to 10.5.2.
Common
Reference Resolution
1180277 Explorer now successfully accesses UPnP devices when Application Protection rules are enabled.
1189307 McAfee GTI connectivity status is now properly displayed immediately after a configurationchange.
5
Threat Prevention
Reference Resolution
1167578 On-access scan no longer blocks access to Hyper-V configuration files that reside on a ClusterShared Volume (CSV).
1175984 You can now configure the ability to disable scanning from the McAfee system tray icon underQuick Settings.
1178903 ScriptScan is now compatible with Internet Explorer 11.
1190143 On-demand scans now display the correct number of files when a file was cached during aprevious scan.
1195284 On-access scan and on-demand scan exclusions are no longer duplicated when systems restart.
Firewall
Reference Resolution
1189926 After upgrading the Endpoint Security extension in McAfee ePO, the Firewall Rules policy and FirewallCatalog now display Local Network and Remote Network columns correctly.
1195643 mfefw.exe no longer crashes due to a rarely seen unhandled exception.
Adaptive Threat Protection
Reference Resolution
1175984 You can now configure the ability to disable scanning from the McAfee system tray icon underQuick Settings.
1199945 The Adaptive Threat Protection client no longer submits erroneous application and DLL telemetryto the TIE server when that telemetry was already sent.
Installation informationUse this information while installing Endpoint Security.
For more information, see the McAfee Endpoint Security Installation Guide.
Best practice: Restart the client system after installing this release of the product.
RequirementsThis release installs Endpoint Security on Windows systems that are self-managed and managed with McAfeeePO or McAfee ePO Cloud.
For a complete list of current system requirements, see KB82761.
Important information about McAfee Host IPS
The Endpoint Security 10.5.2 installation package includes McAfee Host Intrusion Prevention Content8.0.0.7850. This content version is required by McAfee Host IPS and adds support for the new digital signaturesused by Endpoint Security 10.5.2. The installation updates the content on systems running McAfee Host IPSwith previous versions of the content.
6
Management software
• McAfee ePO 5.1.1
McAfee ePO 5.3.1
McAfee ePO 5.9.0
• McAfee ePO Cloud
For the latest Endpoint Security management entitlement and license information, see KB87057.
• McAfee Agent 5.0 Patch 2 (5.0.2.333) (minimum)
McAfee Agent 5.0.5 (recommended)
For systems running an earlier version of McAfee Agent:
• On systems managed by McAfee ePO, upgrade the McAfee Agent manually before deployment.
• On systems managed by McAfee ePO Cloud, no action is required. The new agent is installedautomatically on managed systems from the McAfee ePO Cloud installation URL sent to users.
• On self-managed systems, no action is required to upgrade version 4.0 and later. For earlier versions,upgrade McAfee Agent manually.
For more information, see the McAfee Endpoint Security Installation Guide.
Supported legacy products (required for migration only)
Migration supports all patch levels for these legacy products.
• McAfee® VirusScan® Enterprise 8.8
• McAfee® VirusScan® Enterprise for Linux 2.0.2
• McAfee® Host Intrusion Prevention 8.0
• McAfee® SiteAdvisor® Enterprise 3.5
• McAfee® Endpoint Protection for Mac 2.3 or McAfee® VirusScan for Mac 9.8
Products and platforms no longer supported
• McAfee Agent 5.0.2.132 • Windows Server 2008
• McAfee Agent 5.0.1 • Windows Vista Service Pack 2 (SP2)
• McAfee Agent 5.0.0
Known issuesFor a list of known issues in this product release, see KB82450.
7
Updates to documentationSome updates to Endpoint Security 10.5.2 are not reflected in the product guide or Help.
Documentation Incorrectinformation
Updated information
McAfee EndpointSecurity 10.5.0 ProductGuide and CommonHelp
Proxy Server forMcAfee GTI
Proxy Server for McAfee GTI is now Proxy Server. Proxy support appliesto multiple technologies, including the Real Protect feature ofAdaptive Threat Protection.This text will be updated in the next version of thedocumentation.
McAfee EndpointSecurity 10.5.0 ProductGuide and AdaptiveThreat Protection Help
Server Settings —Adaptive ThreatProtection pageMissinginformation aboutAdaptive ThreatProtection content.
Server Settings — Adaptive Threat Protection pageIf you manage clients running Adaptive Threat Protection andeither the Threat Intelligence Exchange module for McAfeeEndpoint Security or Threat Prevention from the same McAfeeePO server, the rule displayed in the Server Settings page dependson the content checked in to the Master Repository. If the AMCoreContent Package is checked in, Adaptive Threat Protection displaysrules from that content package. Otherwise, Adaptive ThreatProtection displays rules from the Threat Intelligence Exchangemodule Content. If neither are present in the Master Repository, theServer Settings page for Adaptive Threat Protection is blank.Adaptive Threat Protection displays rules from only one contentsource.
If an update to Adaptive Threat Protection module Contentincludes changes to rules, those changes don't appear in ServerSettings (and can't be edited) until AMCore Content Package isupdated with those changes.
This text will be included in the next version of thedocumentation.
Product documentationMcAfee Endpoint Security includes the following documentation.
• McAfee Endpoint Security Release Notes (this document)
• McAfee Endpoint Security Installation Guide
• McAfee Endpoint Security Migration Guide
• McAfee Endpoint Security Client Help
• Endpoint Security Common Help
• Endpoint Security Threat Prevention Help
• Endpoint Security Firewall Help
• Endpoint Security Web Control Help
• Endpoint Security Adaptive Threat Protection Help
8
Getting product information by emailThe Support Notification Service (SNS) delivers valuable product news, alerts, and best practices to help youincrease the functionality and protection capabilities of your McAfee products.
To receive SNS email notices, go to the SNS Subscription Center at https://sns.secure.mcafee.com/signup_loginto register and select your product information options.
Where to find product documentationGo to docs.mcafee.com to find the product documentation for this product.
Go to support.mcafee.com to find supporting content on released products, including technical articles.
Copyright © 2017 McAfee, LLC
McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Othermarks and brands may be claimed as the property of others.
0-00
