Category Archives: Data Loss Prevention

Patches Resolve ePO 5.1.3 Vulnerability


Tags : , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

A vulnerability in ePO 5.1.3 has been discovered and resolved.



The vulnerability is remediated in these versions:
• ePolicy Orchestrator 5.1.3 Hotfix 1110787.
• Fix will be included in 5.1.4 (when available).
• Issue never impacted ePO 5.3.0 or higher

• CVE-2017-3902 (CVSS: 4.0; Severity: Medium)
A cross-site scripting (XSS) vulnerability in the Web user interface (UI) in ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation.

Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10184 – Intel Security – Security Bulletin: ePolicy Orchestrator update fixes cross-site scripting vulnerability (CVE-2017-3902) (

For more information on the hotfix see the ePO 5.1.3 Hotfix 1110787 Release Notes:
PD26861 –

Source : mcafee-antivirus-setup : Blog

Cloud Network Security for Amazon Web Services


Tags : , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

Security mammoth McAfee has declared the dispatch of another virtual security stage for Amazon Web Services (AWS) which intends to give propelled insurance to organizations working in people in general cloud.

The new item, named the Virtual Network Security Platform (vNSP), has been intended to secure workloads on AWS against cutting edge malware which can achieve a business through different channels, including cross-site scripting, SQL infusion assaults and botnets.

The risk in these cases likewise develops in the event that one virtual server is traded off, as malware can be exchanged to other powerless machines in a similar client condition.

As indicated by a McAfee release in lieu of observing the whole system section, the new vNSP works at the individual workload level. The organization contends this guarantees perceivability of between section activity, counteracts single purpose of disappointment hazard and uses security assets more productively than customary strategies.

View image on Twitter

‘AWS makes a considerable measure of progress, for example, security of the cloud, however clients are as yet in charge of their security in the cloud — including securing their working frameworks, applications and information movement,’ remarked Shishir Singh, VP and general administrator of the Network Security specialty unit at McAfee.

‘While firewall setups are imperative, security groups and cloud planners need to address misuse counteractive action, malware assurance and pick up perceivability into the parallel development of dangers. With McAfee Network Security Platform, clients can move past the essentials to more refined assurance of their cloud arrange,’ he included.

The security supplier is currently permitting free early sees of the innovation in 72-hour ‘test drive’ trials. Clients will have the capacity to direct tests to mirror certifiable digital assaults, design approach and audit the announcing dashboards.

Source : mcafee-antivirus-setup : Blog

Intel Security to become McAfee in 2017


Tags : , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

Intel Security is set to end up McAfee in April 2017, as per Chris Young, Intel Security general supervisor and future CEO of the new organization, in which Intel will hold a 49% stake.

“When we turn into an autonomous organization, we will be one of the biggest unadulterated play digital security organizations on the planet,” he told Intel Security’s yearly Focus meeting in Las Vegas.

“Not just will we be one of the biggest, however we won’t rest until we accomplish our objective of being the best,” said Young.

This is the principal Focus occasion since Intel reported arrangements to turn off its security business as a free organization in association with venture firm TPG, five years in the wake of procuring McAfee.

Young focused on his vision for the new company, its roadmap for achieving that, the need for rapid innovation and the importance of cross-industry collaboration.

“One of the things I love about this conference is that we all come together to find ways to win, to work together,” he said.

First, Young highlighted the publication of the book The Second Economy – the race for trust, treasure and time in the cyber security war.

The main objective of the book is to help chief information security officers (CISOs) communicate the battles facing everyone to others in the c-suite.

“So that we can recruit them into our fight. We need to enlist others on our journey if we are to be successful,” he said.

Challenging assumptions

The book is also aimed at encouraging information security professionals to challenge their own assumptions.

“I plan to send two copies of this book to the winner of the US presidential election, because cyber security is going to be one of the most important topics they could possibly face,” said Young.

“The book is about giving more people a view of the dynamism of what we face in cyber security, which is why we have to challenge our assumptions continually,” he said. “That is why we challenge our assumptions in the book as well as our assumptions about what we do every day.”

Young said Intel Security had been asking thousands of customers to challenge the company’s assumptions over the past 18 months so it can improve.

“This week, we are going to bring a lot of that feedback to life in the delivery of a tremendous amount of innovation across our entire portfolio,” he said.

Young then used a video to underline the message that the McAfee brand is built on the belief that there is power in working together, and that no one person, product or organisation can provide total security.

By enabling protection, detection and correction to work together, the company believes it can react to cyber threats faster.

By linking products from different providers to work together, the company believes the security of networks becomes better. By bringing companies together to share threat intelligence, better ways can be found to protect each other.

The company said cyber crime is the greatest challenge of the digital age, and this can only be overcome by working together. It revealed a new tagline: “Together is power”.

The video also revealed the new independent company’s logo, which Young called a symbol of its new beginning and a visual representation of what is core to the company’s strategy.

“The shield means defence, and the two interlocking components are a symbol of the togetherness we are about in the industry,” he said. “The red colour is a callback to our legacy in the industry.”

Three main reasons for independence

According to Young, there are three main reasons behind the decision to become an independent company.

First, is to be completely focused on cyber security at a company level, solving customers’ cyber security problems and dealing with customers’ cyber security challenges.

Second is innovation. “Because we are committed and dedicated to cyber security alone at company level, our innovation is centred around it,” said Young.

Third is growth. “Our industry is moving faster than any other sub-segment of IT. We have to grow as quickly, if not more quickly than everything that is happening in our space,” he said.

The new company will have 7,500 employees and more than $2bn in revenue with a growing profit base.

“The challenges in our industry have moved on and so must we,” said Young. “We are looking forward, and will accelerate what we are doing as a new organisation so we can be better at solving security challenges in the future.”

He added that in the past year, the company has invested more than $500m in research and development.

Record numbers

According to Young, the company also has 21% more engineers than at the start of 2016, as well as 25% more product managers and 19% more professional services staff, with another 11% to come in the next few months.

“This week, we are announcing 18 new product and partner innovations – a release across every single part of our product portfolio, in addition to the integration of new partners. It is a record number of solutions and innovations for any year in this company’s history,” he said.

He detailed some of these innovations, before announcing the company’s decision to make the McAfee data exchange layer (DXL) available to everyone in the industry for real-time threat intelligence sharing between different point products in their infrastructure.

“We are doing this because it is the right thing for our industry in order to move forward,” he said, calling on attendees to challenge every supplier they do business with to integrate with DXL.

“There are no more excuses. In the past, suppliers said they could not integrate with DXL because they first had to become members of the Intel Security Innovation Alliance. But there is no excuse now. It is open. Everybody can use it,” said Young.

Source : mcafee-antivirus-setup : Blog

New Server Security Release Makes Borderless Cloud Security a Reality


Tags : , Install McAfee , McAfee Internet Security , McAfee Total Protection , McAfee Antivirus , McAfee Smart Phone Security and McAfee Identity Protection.

Cloud Workload Discovery, initially declared in July 2016, secured Amazon Web Services (AWS) and Microsoft Azure. Cloud Workload Discovery for crossover cloud, accessible on December 15, 2016 stretches out scope to VMware and OpenStack private mists.

As the half and half server farm extends, finding the blind sides continues getting harder. Associations battle to survey their end-to-end security pose for workloads and stages, screen and ensure workloads over all mists and keep up administrative consistence.

Cloud Workload Discovery for crossover mists gives end-to-end perceivability into all workloads and their basic stages to make borderless cloud security a reality. With profound perceivability, appraisal and remediation for register, stockpiling, and system as appeared in the chart underneath, associations can evaluate end-to-end security act (workloads and stages), screen and ensure workloads over all private and open mists and keep up administrative consistence.

How Cloud Workload Discovery Works

Cloud Workload Discovery for hvbrid cloud provides three main capabilities:

  • Discovery of weak security controls for VMware, OpenStack, AWS and Microsoft Azure
  • Platform security audit, including firewall and encryption settings, for AWS and Microsoft Azure
  • Traffic and network threat visibility for AWS.

These insights lead to faster detection while while McAfee® ePolicy Orchestrator® (McAfee ePOTM)  or DevOps tools such as Chef, Puppet, and OpsWorks enable quick remediation.

Cloud Workload Discovery’s integration with McAfee ePO, a single management platform with simplified workflows, gives organizations effective control to help implement security solutions across physical, virtual and cloud environments.  Since Cloud Workload Discovery is agentless and powered by API integration with cloud providers, security administrators just enter their cloud account credentials in McAfee ePO to instantly discover workloads, address threat alerts and enforce policies.   Quick time to value and a low learning curve mean that you can significantly improve your cloud workload security with minimal involvement from your IT Security team.

Source : mcafee-antivirus-setup : Blog

Release Schedule Change – 5900 Anti-Malware Engine Beta Refresh


The McAfee Anti-Malware Engine, a core component of the McAfee Endpoint and Gateway products, uses patented technology to analyze potentially malicious code to detect and block Trojans, viruses, worms, adware, spyware, and other threats.

The 5900 Anti-Malware Engine Beta Refresh and VirusScan Command Line 6.1.0 Beta release schedule has changed to take an opportunity to further improve the engine performance in relation to new JavaScript versions, based on work done during the previous Beta cycle.

New planned schedule
5900 Engine Beta 3 – January 17, 2017
VirusScan Command Line 6.1.0 products Beta 3 – by January 21, 2017
Release Candidate (RC) packages of 5900 Engine and VirusScan Command Line 6.1.0 products – mid-February 2017
5900 Engine (Elective download) general availability (GA) and VirusScan Command Line 6.1.0 products GA – late February 2017
5900 Engine (AutoUpdate) GA – late April 2017

New features in the 5900 Anti-Malware Engine

The 5900 Anti-Malware Engine is a yearly Engine release that will succeed the current 5800 Engine and includes the following improvements:

Detection and Performance Enhancements:

Enhanced support of JavaScript to detect more threats.
Improved support for Microsoft Office (OLE) file format.
Improved unpacking of Dotfuscator and MPRESS packed files.
Enhancements to DAT content to improve predictability of content processing.

Platform Enhancements
New Platform Support
Windows 10 Anniversary Update
Windows Server 2016

Where are the Beta/RC Packages available?
They are available from the Engines area of the McAfee Enterprise Beta site:

For complete information about the 5900 Anti-Malware Engine, see KB66741:

Source : : Blog

McAfee Launches Free Tool That Removes Pinkslipbot Leftovers That Use Your PC as Proxy



McAfee launched AmlPinkC2 free tool which is window command line application. It deletes remnant files of Pinkslipbot infections that permission the malware to continue to use the previously infected computers as proxy relays, even if the original malware’s binary has been hose downed and removed from infected hosts.

typical Pinkslipbot control server

System Requirement:

To use this tool, you must have:

  • A computer running Windows XP or higher
  • An active network connection

What is the Pinkslipbot?

what is the pinkslipbot

Pinkslipbot is a banking trojan that became visible in 2007 and is also tracked under three other names, such as Qakbot, Qbot, and PinkSlip.

This banking trojan isn’t always active, and it keeps coming back in waves, as part of very well-planed campaigns. In the past years, numerous cyber-security companies have tracked its attacks and broken down its different versions [1, 2, 3, 4, 5, 6, 7, 8, 9, 10].

The most recent campaign was spotted by IBM security researchers, who noticed Pinkslipbot versions that caused Active Directory lockouts on infected computers.

McAfee finds new wrinkle in Pinkslipbot infections

One of the companies that have historically tracked Pinkslipbot campaigns is McAfee. Its researchers presented an analysis of the trojan’s C&C server infrastructure and its method C&C communications at last year’s Virus Bulletin security conference.

Last week, while looking over past and present Pinkslipbot campaigns, researchers found a new wrinkle in the trojan’s mode of operation.

Researchers say Pinkslipbot authors are much clever than they initially thought. According to McAfee, besides stealing the user’s data, the banking trojan also uses infected hosts as proxy servers to relay information from the central C&C server to other infected hosts, in a mesh-like network.

New McAfee tool removes last remnants of Pinkslipbot infections

According to McAfee, most security tools remove only the malware’s main binaries, crippling the trojan’s ability to collect passwords from infected hosts.

These Pinkslipbot removal procedures leave intact the code that creates these proxy servers, which run via the Windows UPnP (Universal Plug and Play) service.

McAfee’s new tool will remove these remaining files and prevent Pinkslipbot from using users’ PCs to relay C&C commands or to hide the exfiltration of stolen data through a mesh of proxies.

Source : : Blog

Dangerous hole found in McAfee ePO antivirus central management suit


Intel Security’s McAfee has released a patch for a critical SQL injection flaw in ePolicy Orchestrator or ePO, its admin console used to centrally manage software and antivirus on tens of millions of enterprise devices worldwide.

Cisco’s Talos security team disclosed details of the issue today, warning that anyone on the web can send a specially crafted HTTP POST in an SQL query that causes an ePO database to spill enough information to profile users or monitor IT infrastructure.

“An attacker can use any HTTP client to trigger this vulnerability,” Talos researchers said.

ePO is used by 30,000 enterprise customers worldwide, and is responsible for keeping 60 million devices secure, according to McAfee.

McAfee has given the bug the highest CVSS v3 Base score of 10.0, noting that the bug is not complex to exploit and doesn’t require user privileges or interaction.

Affected products include ePO 5.1.3 and earlier and ePO 5.3.2 and earlier. The company has released hotfix files to address the issue.

Security admins use the ePO console to centrally manage antivirus and software polices via software agents that are installed on endpoint devices. Talos researchers discovered that the bug can also be used to impersonate these agents and cause information disclosure.

McAfee ePO antivirus central management suit

Given ePO’s role in managing endpoint antivirus, the software is likely to be an attractive target to attackers. It serves as yet another reminder that flaws in security software can widen a user’s attack surface, as a former Mozilla engineer highlighted recently.

“Vulnerabilities like this can allow deep insight into the organization without an attacker requiring any privileged access to centralized platforms such as Active Directory, with this access an attacker can profile users and the infrastructure passively,” said Talos.

Talos says the vulnerability lies within the application server for ePO’s Apache Tomcat-based administrator management console. The server is reachable via the console directly, or by way of a custom protocol, known as SPIPE, that hands off communication between agents and the console.

Talos’ detailed writeup is available here, where it explains that to mitigate this attack ePO customers can shut off direct access to the console and limit it to SPIPE.

“To ensure that an attacker does not have direct access to the vulnerability and instead has to use just SPIPE as an agent, verify that port 8443 that the McAfee ePolicy Orchestrator Console is bound to is inaccessible by ePolicy Orchestrator’s agents and can only by accessed by Administrators,” wrote Talos.

Source : : Blog

McAfee Total Protection for Data Loss Prevention: Product overview


Intel Security’s McAfee Total Protection for Data Loss Prevention is a complex suite consisting of four distinct data loss prevention (DLP) tools that can be deployed on hardware and virtual appliances. The DLP suite includes McAfee DLP Monitor, McAfee DLP Discover, McAfee DLP Endpoint and McAfee DLP Manager. Endpoint agents for McAfee Total Protection for Data Loss Prevention are deployed and managed through the McAfee ePolicy Orchestrator, while the McAfee DLP Manager appliance acts as the central control hub for the full suite.

McAfee DLP Monitor

McAfee DLP Monitor is a network appliance-based tool for monitoring and controlling sensitive information that can be deployed using either Switched Port Analyzer ports or network taps.

This DLP product, which can track and report on sensitive data in motion in real time, is a network appliance capable of detecting over 300 content types transiting over any TCP-based port and protocol. It can classify content at up to 200 Mbps.

The appliance is available as either the hardware-based McAfee DLP 5500 appliance or as a VMware virtual machine.


McAfee DLP Discover

McAfee DLP Discover is a data at rest discovery tool capable of scanning and detecting over 300 content types in many different kinds of file repositories. Supported file types include Microsoft Office documents, multimedia files, source code, design files, archive files and encrypted files.

It is capable of scanning common file repositories, including Common Internet File System, Network File System, FTP/FTP Secure, HTTP/HTTPS, Microsoft SharePoint and EMC Documentum. It’s also capable of scanning Microsoft SQL, Oracle, DB2 and MySQL databases for sensitive information.

This appliance-based tool is available as either the hardware-based McAfee DLP 5500 appliance or as a VMware virtual machine.

McAfee DLP Endpoint

McAfee DLP Endpoint is a data in use monitoring and control data loss prevention tool supporting Windows 7 SP1 and 8.x and Mac OS X 10.8.5 to 10.10 endpoints.

This product is deployed and managed using McAfee ePolicy Orchestrator (ePO). It can be purchased separately from the McAfee DLP suite, thereby allowing smaller organizations already using McAfee ePO to field endpoint-only data loss prevention.

McAfee DLP Endpoint has a variety of rules and policies to help protect sensitive data in use. Cloud-aware cloud protection rules block sensitive files from being synced to cloud services, such as Box, Dropbox, Google Drive, Syncplicity and OneDrive. Application file access protection rules block access to sensitive files, through means such as Skype file transfer, Nero burning and iTunes syncs. Web protection rules now offer Google Chrome support, in addition to Mozilla Firefox and Internet Explorer (enhanced protected mode) support.


McAfee DLP Manager

The McAfee DLP Manager appliance is the central controller for the complete McAfee Total Protection for Data Loss Prevention suite, and it is the integration point for the McAfee ePolicy Orchestrator server.

While it can be used to manage select McAfee DLP tools, McAfee DLP Manager must be used with McAfee ePO to manage McAfee Endpoint.

The DLP Manager allows organizations to manage up to 39 McAfee DLP components and to view all incidents generated by McAfee DLP components. Searches and reports for all McAfee DLP components can be generated through the DLP Manager. It also comes with a number of preconfigured policies to help manage McAfee DLP components.


McAfee Total Protection for Data Loss Prevention is designed to cover the data protection needs of a variety of enterprises; those needs include controls and policies for corporate data standards, regulatory compliance and protection against both insider threats and external attackers.

The software suite is designed to scale easily from midsized organizations to large enterprises. It covers endpoint data in use, network data in transit and data at rest for several file types and databases. While McAfee Total Protection for Data Loss Prevention covers data generated and used by third-party cloud services, it does not cover mobile devices, like smartphones.

Organizations interested in the McAfee DLP suite should contact the vendor or an authorized reseller for more information on pricing and licensing.

Source : : Blog