SNS Digest (September 2017)
NOTE: The monthly SNS Digest is being replaced with the SNS Weekly Roundup.
Subscribe to the Weekly Roundup via the SNS Subscription Center.
Support Notification Service (SNS) September 2017
SNS Digest - McAfee
  %7B915d455a-b178-4810-94c5-c8f4c6b55ef4%7D_arrow-left-1  Recent Publications and News
%7B915d455a-b178-4810-94c5-c8f4c6b55ef4%7D_arrow-left-1  Technical Product Updates
%7B915d455a-b178-4810-94c5-c8f4c6b55ef4%7D_arrow-left-1  Release Roundup
  %7B915d455a-b178-4810-94c5-c8f4c6b55ef4%7D_arrow-left-1  Product End of Life (EOL)
%7B915d455a-b178-4810-94c5-c8f4c6b55ef4%7D_arrow-left-1  Resource Links
Recent Publications and News
Disrupting the Disruptors, Art or Science?
Security professionals are in a fight every day to track down criminals who would disrupt governments, businesses, institutions, and lives. Attackers nearly always have the element of surprise in their favor. But is there a way to turn the tables on these digital thieves? Can we learn how to disrupt the disruptors? New evidence shows that, as security operations teams add proactive threat hunting capabilities and mature their security infrastructure with an automated and analytics-driven approach, they can begin to throw the attackers off their footing.

A study of more than 700 IT and security professionals around the world provides some useful insights and lessons for organizations that are looking to better understand and enhance their threat hunting capabilities. Threat hunting is loosely defined in practice, and most organizations believe they have threat hunters, though many lack formal programsand prioritize other activities over hunting.

Locky Ransomware Makes a Comeback with New.Diablo6 and.Lukitus Variants
Old threats die hard it seems as Locky ransomware, one of the most powerful threats out there, is back in town. Historically, we’ve seen this ransomware do serious damage, as it has rapidly adapted its capabilities to keep victims and security researchers bewildered. Now, it’s evolved with two new forms to become even more stealthy and advanced.
Android Banking Trojan MoqHao Spreading via SMS Phishing in South Korea
Last month, a number of users started posting on South Korean sites screenshots of suspicious SMS messages phishing texts (also known as smishing) to lure them into clicking on shortened URLs. When the victim clicks on the shortened URL using an Android device, a JavaScript script on the web server checks the user agent of the browser and shows an alert message asking to update Chrome to a new version, which is in fact a malicious fake Chrome Android app.
Time to Close vs. Root Cause – Are we measuring the wrong thing (again)?
When the Verizon Data Breach Investigation Report started reporting “time to” metrics around 2013 (time to detect, time to contain, time to remediate), most security operations managers started to monitor their own team’s performance against these stats. That’s not a bad thing – I’ve certainly touted these numbers in my posts before. They help assess workloads and justify investment. However, as managers, we need to add another lens to emphasize efficiency AND effectiveness. Closing cases (time to contain, time to remediate) without getting to root cause is like chopping off the arm of the starfish – the arm will likely grow back and may come back bigger and nastier.
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP

Technical Product Updates
Expert tips and documentation for leading McAfee products published in the last 30 days. Visit the McAfee Knowledge Center for additional products.
Product Links
  >   Recently Released Security Bulletins (Multiple Products)
>   (ePO) ePolicy Orchestrator
>   (VSE) VirusScan Enterprise
>   (ENS) Endpoint Security
>   (SIEM) Security Info & Event Mgmt
>   (NSP) Network Security Platform
>   (EP) Encryption Products
>   (MWG) Web Gateway
>   (HIPS) Host Intrusion Prevention
>   (DLP) Data Loss Prevention
>   (TIE) Threat Intelligence Exchange
>   (ATD) Advanced Threat Defense
Recently Released Security Bulletins
SB10207 — Threat Intelligence Exchange Server 2.1.0 Hotfix 1 update fixes Kernel related vulnerability and possible cross-site scripting attack (CVE-2017-1000364 and CVE-2017-3907)
SB10208 — ePolicy Orchestrator update fixes multiple Oracle Java vulnerabilities
SB10209 — Threat Intelligence Exchange Server 2.1.0 Hotfix 2 fixes two Linux kernel vulnerabilities (CVE-2017-1000111 and CVE-2017-1000112)
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(ePO) ePolicy Orchestrator
New ProTips
How to specify which events to store in the ePO database
See more ePO ProTips here
New KB Articles
KB89755— Please check in McAfee Agent 4.8 or higher into the Master Repository (when using the 'Getting Started' function)
KB89656 — Renamed Super Agents are automatically enabled in all Repository policies despite the ePO configuration
KB89638 — Mac client machines with an IPv6 subnet mask report as IPv4 (or are blank) in ePO system details
KB89621 — page cannot be displayed (error when editing the policy for Host Intrusion Prevention 8.0)
KB89644 — IP Address tags are not applied to each agent to server communication in ePO 5.9.0
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(VSE) VirusScan Enterprise
New KB Articles
KB89766 — How to use Profiler for Endpoint Security and VirusScan Enterprise
KB89663 — Change in Apple developer certificate (used for signing Mac installer packages) for McAfee for Mac products
KB89676 — Unable to access a shared folder when the Access Protection rule 'Make all shares read-only' is enabled
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(ENS) Endpoint Security
New ProTips
How to manually update the Scanning Engine or DATs
See more Endpoint Security ProTips here
New KB Articles
KB89766 — How to use Profiler for Endpoint Security and VirusScan Enterprise
KB89678 — Application and Change Control prevents installation of Endpoint Security
KB89715 — How to determine product version information for Endpoint Security for Linux Threat Prevention
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(MOVE) Management For Optimized Virtual Environments
New KB Articles
KB89720 — How to enable SSH on a MOVE AntiVirus Agentless 4.5.x Security Virtual Appliance
KB89645 — How to install Management for Optimized Virtual Environments AntiVirus Agentless 4.5.x NSX
KB89628 — How to upgrade Management for Optimized Virtual Environments AntiVirus Agentless 4.5.x NSX
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(SIEM) Security Info & Event Mgmt
New ProTips
How to troubleshoot SIEM system status LED issues
See more SIEM ProTips here
New KB Articles
KB89696 — Enterprise Security Manager: Required actions after a hardware replacement
KB89668 — Case ID skips several thousand numbers when selecting Case Management in Enterprise Security Manager 9.6.x
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(NSP) Network Security Platform
New ProTips
How to view Registered content
See more NSP ProTips here
(EP) Encryption Products
New KB Articles
KB89686 — How to create a custom theme for the Drive Encryption preboot environment
KB89663 — Change in Apple developer certificate (used for signing Mac installer packages) for McAfee for Mac products
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(MWG) Web Gateway
New KB Articles
KB89685 — How to submit a hardware issue to the Web Gateway Technical Support team
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(HIPS) Host Intrusion Prevention
New KB Articles
KB89746 — The MERGE statement attempted to UPDATE or DELETE the same row (Endpoint Migration Assistant fails to migrate Host Intrusion Prevention to Endpoint Security Firewall)
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(DLP) Data Loss Prevention
New KB Articles
KB89777 — Notifications are not being sent when an automatic mail notification rule is triggered
KB89692 — Hyperlinks created in User Notifications are active only when set to close manually
KB89691 — Data Loss Prevention Endpoint HelpDeskTool language cannot be switched from Japanese to English
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(TIE) Threat Intelligence Exchange
New ProTips
TIE recommended workflow
See more TIE ProTips here
(ATD) Advanced Threat Defense
New KB Articles
KB89740 — Addendum to requirements for Virtual Advanced Threat Defense
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP
News & Announcements


MPower Session Builder is Live!
The McAfee conference that you have supported for the past nine years is now the MPOWER Cybersecurity Summit. The 2017 MPOWER Cybersecurity Summit will be October 17-19 at the Aria Hotel and Casino in Las Vegas. MPOWER will feature a comprehensive agenda with targeted, highly technical breakouts in which attendees will gain valuable, tangible knowledge to help maximize their security solutions and tackle today’s security challenges. Click here to view sessions and plan your trip.
Webinars On Demand
Unable to attend a live McAfee webinar? Check out our on demand webcast libraries organized by global region.
>  Europe Events on Demand
>  North America Events on
>  Asia Pacific Events on
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP
Release Roundup
Week of August 29
Resigned installer packages for Endpoint Security for Mac
Patches Resolve ePolicy Orchestrator Vulnerabilities
Endpoint Security 10.5.2
Week of August 22
McAfee Active Response (MAR) Hotfix
Application Control and Change Control 8.0.0 HF2
Data Loss Prevention 9.4 Patch 3
McAfee Security for Microsoft Exchange (MSME) 8.6
Week of August 15
Application Control and Change Control 6.1.7 Cumulative Hotfix
Data Loss Prevention Prevent 10.0 Patch 2 Hotfix 5
Data Loss Prevention Prevent 11.0 Hotfix 2
Endpoint Security Threat Intelligence 10.2.3
Database Activity Monitoring vPatch update 88
Endpoint Upgrade Assistant 1.4.0
Week of August 8
No new releases this week
Week of August 1
Web Gateway (Main Branch)
Data Loss Prevention Hotfix
Endpoint Security for Linux Threat Prevention 10.2.1 HF1195156
VirusScan Enterprise For Linux 2.0.3 HF1196448
NOTE: To see release details, go to the McAfee ServicePortal and search the KnowledgeBase for the product and version.
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP
Product End of Life (EOL)
Oct 28
Advanced Threat Defense 3.4.x
Oct 1
Network DLP Software 9.2.2
Nov 30
SIEM Advanced Correlation Engine 9.5.x, 9.3.x, 9.2.x, 9.1.x
SIEM Application Data Monitor 9.5.x, 9.3.x, 9.2.x, 9.1.x
SIEM Database Event Monitor 9.5.x, 9.3.x, 9.2.x, 9.1.x
SIEM Enterprise Log Manager 9.5.x, 9.3.x, 9.2.x, 9.1.x
SIEM Enterprise Security Manager 9.5.x, 9.3.x, 9.2.x, 9.1.x
SIEM Event Receiver 9.5.x, 9.3.x, 9.2.x, 9.1.x
SIEM Nitro IPS 9.5.x, 9.3.x, 9.2.x, 9.1.x
Dec 31
ePolicy Orchestrator 5.1
Threat Intelligence Exchange Server 1.2.x
VirusScan Enterprise for Linux 2.0.2, 1.9.1
VirusScan Mobile Security for Android (All)
Web Gateway 7.5.x
Web Reporter (All)
NOTE: EOL dates can change — see all software and appliance EOL announcements.
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP
Resource Links
> SNS Digest Archive
> Community Forums
> Labs Security Advisories
> ServicePortal
> Product Download Site
> Product End of Life (EOL)
> DAT Release Notes
> Submit a Virus Sample
> Stinger Virus Removal Tool
> Free Support Tools
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP
Follow us:
LinkedIn   Twitter   YouTube   Facebook  

The McAfee Support Notification Service (SNS) delivers valuable product news to help increase
the functionality and protection capabilities of your McAfee products.

Securely manage your SNS email preferences.   |   Unsubscribe from all SNS communications.   |   For SNS questions, email
For support issues access Technical Support, ServicePortal, and the Knowledge Center. Enterprise (formerly Platinum) customers should contact their SAM for high severity issues. Visit the McAfee Community for product user groups and discussions.
The information in this document is provided only for educational purposes and for the convenience of McAfee customers, is subject to change without notice, and is provided "AS IS" without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. McAfee logos are registered trademarks or trademarks of McAfee LLC in the US and/or other countries. Other names and brands may be claimed as the property of others.

Copyright ©2017 McAfee LLC. All rights reserved. McAfee LLC | 2821 Mission College Blvd. | Santa Clara | CA 95054 | USA