SNS Digest (July 2017)
Support Notification Service July 2017
SNS Digest - McAfee
  %7B915d455a-b178-4810-94c5-c8f4c6b55ef4%7D_arrow-left-1  Upcoming Webcasts
%7B915d455a-b178-4810-94c5-c8f4c6b55ef4%7D_arrow-left-1  Recent Publications and News
%7B915d455a-b178-4810-94c5-c8f4c6b55ef4%7D_arrow-left-1  Technical Product Updates
  %7B915d455a-b178-4810-94c5-c8f4c6b55ef4%7D_arrow-left-1  Release Roundup
%7B915d455a-b178-4810-94c5-c8f4c6b55ef4%7D_arrow-left-1  Product End of Life (EOL)
%7B915d455a-b178-4810-94c5-c8f4c6b55ef4%7D_arrow-left-1  Resource Links
Upcoming Webcasts
Getting to ENS 10.5.1 Successfully
Wednesday, July 19, 2017 | REGISTER
8:00 AM PDT | 10:00 AM CDT | 11:00 AM EDT
Today, viruses are complex, sophisticated attacks that need layers of protection. Traditional techniques alone have proven insufficient to address today’s enterprise security challenges. Meanwhile, to reduce administrative burden, and cost, many organizations are now considering replacing their traditional anti-virus tools. Endpoint Security 10.5 addresses the diverse needs for today’s customers. Join McAfee SE Specialist Darlene Connelly, to discuss using the Endpoint Upgrade Assistant and Policy Migration tools to enable our customers to seamlessly move to Endpoint Security 10.5 and take advantage of the new solution strategies.
Tech Talk Webinar: How to Implement Advanced Network Security in the AWS Cloud
APAC Wednesday, Aug 9, 2017 | REGISTER
3:00 PM AEST
EMEA Wednesday, Aug 9, 2017 | REGISTER
3:00 PM BST | 4:00 PM CEST
Americas Wednesday, Aug 9, 2017 | REGISTER
11:00 AM PDT | 1:00 PM CDT | 2:00 PM EDT
McAfee Technical Manager Stan Golubchik will explain the responsibility you have as a security professional when adopting Amazon Web Services (AWS), and demonstrate how security technology architected for AWS can protect your infrastructure-as-a-service and solve new security problems you may not be aware of when entering a virtualized, public cloud environment.
Recent Publications and News
McAfee Labs Threats Report (June 2017)
In this report, McAfee experts review three key topics: evasion techniques and how malware authors use them to accomplish their goals; steganography in the digital world ( hides information in benign-looking objects such as images); and Fareit, the most famous password-stealing malware.

Over the last year, McAfee has analyzed many malware samples that contain evasion capabilities. The most common evasion techniques include:

  • Obfuscation: Protects data, variables, and network communications. Randomizes names of variables or functions. Can be performed using XOR or any other encoding technique.
  • Environment checking: Avoids analysis; malware detects tools or artefacts related to virtual environments.
  • Sandbox detection: Malware performs disk checks to detect files or processes related to a sandbox.

While several campaigns use similar methods to avoid analysis and detection, McAfee found that attackers use a variety evasion techniques at many steps in the attack flow.

Evasion Techniques

To learn how McAfee products can help protect against evasive malware, see the Protecting Against Evasive Malware Solutions Brief.
Related Resources:
Related Blogs
Full Report
New Variant of Petya Ransomware Spreading Like Wildfire
Ransomware Petya has been around since at least March 2016 and differs from usual ransomware families because it encrypts a system’s MBR in addition to encrypting files. This double stroke renders the disk inaccessible and prevents most users from recovering anything on it. The new variant found last month has further increased its nastiness by adding a spreading mechanism similar to what we saw in WannaCry just a few weeks ago. Petya comes as a Windows DLL with only one unnamed export, and uses the same EternalBlue exploit when it attempts to infect remote machines.
McAfee Discovers Pinkslipbot Exploiting Infected Machines as Control Servers; Releases Free Tool to Detect, Disable Trojan
McAfee Labs has discovered that banking malware Pinkslipbot (also known as QakBot/QBot) has used infected machines as control servers since April 2016, even after its capability to steal personal and financial data from the infected machine has been removed by a security product. These include home users whose computers are usually behind a network address translation router. To do so, Pinkslipbot uses universal plug and play (UPnP) to open ports, allowing incoming connections from anyone on the Internet to communicate with the infected machine.
Can You See Me Now? Unpacking Malware for Advanced Threat Analysis
A recent McAfee blog ‘Malware Packers Use Tricks to Avoid Analysis, Detection’, highlighted the use of packers as an effective way to slow down analysis and decrease detection by antimalware products.
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP

Technical Product Updates
Expert tips and documentation for leading McAfee products published in the last 30 days. Visit the McAfee Knowledge Center for additional products.
Product Links
  >   Recently Released Security Bulletins (Multiple Products)
>   (ePO) ePolicy Orchestrator
>   (VSE) VirusScan Enterprise
>   (ENS) Endpoint Security
>   (MOVE) Management for Optimized Virtual Environments
>   (SIEM) Security Info & Event Mgmt
  >   (MEG) Email Gateway
>   (EP) Encryption Products
>   (IPS) Host Intrusion Prevention
>   (DLP) Data Loss Prevention
>   (TIE) Threat Intelligence Exchange
>   (ATD) Advanced Threat Defense
Recently Released Security Bulletins
SB10201 — Web Gateway update fixes NTPD vulnerability (CVE-2016-9042)
SB10202 — Data Loss Prevention Endpoint ePO extension update fixes Cross Site Scripting (XSS) vulnerability (CVE-2017-3948)
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(ePO) ePolicy Orchestrator
New ProTips
How to execute a command to rebuild indexes after upgrading to ePO 5.9
See more ePO ProTips here
New KB Articles
KB89426 — Replication to distributed repositories can fail while rebuilding FramePkg.exe when the SuperAgent names change frequently
KB89427 — Duplicate entries are created in the System Tree when performing an AD Sync in ePolicy Orchestrator 5.9.0 even if the option "Leave systems in their current System Tree location only" is selected
KB89428 — Tags with "contains pattern" criteria are not correctly applied on each agent-server communication with ePolicy Orchestrator 5.9
KB89438 — Automatic responses for Endpoint Security Threat Prevention threat events contain an IDS string for the variable "Threat Action Taken"
KB89439 — Upgrade from ePolicy Orchestrator 5.3.x to 5.9.x fails with Product Improvement Program/Telemetry extension 1.6
KB89450 — McAfee Agent fails to communicate with the ePolicy Orchestrator server intermittently with a curl error <7> or curl error <28>
KB89461 — ERROR: The transaction log for database 'ePO_DBNAME' is full due to 'ACTIVE_TRANSACTION' (ePolicy Orchestrator upgrade fails)
KB89451 — ePolicy Orchestrator Application Server service (Tomcat) becomes unresponsive when attempting to edit the VirusScan Enterprise Access Protection policy
KB89486 — LDAPSync server task never completes or takes an excessively long time to complete
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(VSE) VirusScan Enterprise
New ProTips
Upgrading to McAfee Endpoint Security
Considerations when using a third-party deployment solution to install VSE
See more VirusScan ProTips here
New KB Articles
KB89425 — Security for Microsoft Exchange or VirusScan Enterprise policy is unexpectedly enforced after a reboot when it is set to not enforce
KB89429 — A system restart may be required after upgrading the Threat Exchange Module for VirusScan Enterprise from 1.0.1 to 1.0.2
KB89451 — ePolicy Orchestrator Application Server service (Tomcat) becomes unresponsive when attempting to edit the VirusScan Enterprise Access Protection policy
KB89483 — McAfee Support for Windows 10 Creators Update with upgrade from VirusScan Enterprise 8.8 Patch 7 to Endpoint Security 10.5.1
KB89482 — McAfee Support for Windows 10 Creators Update with upgrade from VirusScan Enterprise 8.8 Patch 7 to Patch 9
KB89480 — McAfee Support for Windows 10 Creators Update with fresh installation of VirusScan Enterprise 8.8 Patch 9
KB89485 —McAfee Support for Windows 10 Creators Update with upgrade from VirusScan Enterprise 8.8 Patch 8 to Endpoint Security 10.5.1
KB89478 — McAfee Support for Dynamic Endpoint (DyE) solution adoption with upgrade from VirusScan Enterprise 8.8 Patch 7 to Endpoint Security 10.2
KB89484 — McAfee Support for Windows 10 Creators Update with upgrade from VirusScan Enterprise 8.8 Patch 7 to Endpoint Security 10.2.1
KB89435 — Lotus Notes email no longer works after uninstalling VirusScan Enterprise 8.8 or upgrading to Endpoint Security 10.5.x
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(ENS) Endpoint Security
New KB Articles
KB89534 — AMCore content update fails if you check in Endpoint Security hotfix packages to a branch different from Current in the Master Repository
KB89510 — Endpoint Security AMCore scanner fails to initialize with old AMCore AMContent
KB89519 — mfefw.exe is crashing with FirewallBLObject.dll as the faulting module
KB89456 — This page can't be displayed (displays in Internet Explorer when attempting to check in the Endpoint Security software bundle to the ePolicy Orchestrator Master Repository)
KB89511 — How to run an ePolicy Orchestrator query for DAT compliance on Endpoint Security for Linux Threat Prevention systems
KB89422 — Endpoint Security Firewall Location Aware Group with local networks defined using a subnet address does not match traffic
KB89407 — Windows 7 system hangs with Endpoint Security Threat Prevention 10.5.x Exploit Prevention enabled
KB89474 — Web application fails to run in the browser with Endpoint Security Threat Prevention Exploit Prevention enabled
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(MOVE) Management For Optimized Virtual Environments
New KB Articles
KB89580 — SVM Manager displays MOVE SVM status as connecting and never connects
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(SIEM) Security Info & Event Mgmt
New KB Articles
KB89541 — Setting up a redundant Enterprise Security Manager 10.x results in an immediate error message requesting that you check connectivity
KB89447 — The call home pop-up message does not automatically close after a call home is initiated
KB89432 — Use of escape characters in the remote command "Launch URL" adds unwanted characters to URL when it launches
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(EP) Encryption Products
New KB Articles
KB89487 — Software encryption disk information not available, Start Sector 1 and Sector Count -1
KB89494 — McAfee Installation success or error status 1603 (Encryption product fails to install)
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(MEG) Email Gateway
New KB Articles
KB89546 — July 2017 changes for the McAfee RBL service
KB89506 — Email Gateway incorrectly adds the message disclaimer as an attachment rather than inline
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(IPS) Host Intrusion Prevention
New KB Articles
KB89467 — Host Intrusion Prevention 8.0 Patch 9 for Linux Known Issues
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(DLP) Data Loss Prevention
New ProTips
Searching Knowledge Base content by Product Group
See more DLP ProTips here
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(TIE) Threat Intelligence Exchange
New ProTips
How to configure the TIE server infrastructure in a multiple-ePO environment
See more TIE ProTips here
New KB Articles
KB89436 — How to set the affinity of search capabilities in Threat Intelligence Exchange Server
KB89522 — TIE Server cannot connect to GTI with error "Exception during GTI method invocation"
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(ATD) Advanced Threat Defense
New KB Articles
KB89552 — After you migrate from Advanced Threat Defense 3.8.x to 4.0, Microsoft Windows or Office requests you perform product activation
KB89446 — When your password contains the $ character, 'Test Connection to ePO' from Advanced Threat Defense fails
KB89424 — Maximum allowed file size for this type is 10,000,000 Bytes (MSI files are incorrectly detected as a Microsoft Office CDF file)
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP
News & Announcements
Ready to Upgrade to Endpoint Security 10.5?
McAfee now has complimentary upgrade training for Endpoint Security version 10.5. To register, click on one of the links below and create an account. At check out, use the promo code ENSTRAIN17 to take your course for no charge.

eLearning Course | REGISTER

Anytime access to classroom content and demos on an unlimited basis (see the course description here).

Two-day instructor-led class | REGISTER

Find a class near you, or take the class as a remote student where available. (NOTE: One seat available per customer, on a first-come, first-served basis).

Webinars On Demand
Unable to attend a live McAfee webinar? Check out our on demand webcast libraries. Each one is broken down by region, but many events apply globally.
>  Europe Events on Demand
>  North America Events on
>  Asia Pacific Events on
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP
Release Roundup
Week of June 27
Network Security Platform 8.1 FIPS Maintenance Software
ePO-MER 3.0
Advanced Threat Defense 4.0
Week of June 20
McAfee Active Response Hotfix
ENS 10.5.1 Hotfix 2
McAfee Web Gateway
Endpoint Security for Mac 10.2.2 Hotfix 1191059
Week of June 13
McAfee Application Control Extension
McAfee Application Control 7.0.1 Hotfix 4
Application Control and Change Control For Linux 6.1.7-504
Week of June 6
Web Gateway (Main Branch)
Web Gateway 7.7.2
Data Loss Prevention 11
McAfee Application Control Extension
NOTE: To see release details, go to the McAfee ServicePortal and search the KnowledgeBase for the product and version.
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP
Product End of Life (EOL)
Aug 5
Database Security - Standalone Server 4.4.x
Database Security - ePO-integrated 5.1.x
Aug 8
MOVE Scheduler, All
Aug 15
TIE Server 1.1.0
Sep 1
Endpoint Security 10.1
Sep 6
Command Line Scanner 6.0
Scan Engine - Macintosh OSX 5800
Scan Engine - Microsoft 5800
Scan Engine - Linux 5800
NOTE: EOL dates can change — see all software and appliance EOL announcements.
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP
Resource Links
> SNS Digest Archive
> Community Forums
> Labs Security Advisories
> ServicePortal
> Product Download Site
> Product End of Life (EOL)
> DAT Release Notes
> Submit a Virus Sample
> Stinger Virus Removal Tool
> Free Support Tools
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP
Follow us:
LinkedIn   Twitter   YouTube   Facebook  

The McAfee Support Notification Service (SNS) delivers valuable product news to help increase
the functionality and protection capabilities of your McAfee products.

Securely manage your SNS email preferences.   |   Unsubscribe from all SNS communications.   |   For SNS questions, email
For support issues access Technical Support, ServicePortal, and the Knowledge Center. Enterprise (formerly Platinum) customers should contact their SAM for high severity issues. Visit the McAfee Community for product user groups and discussions.
The information in this document is provided only for educational purposes and for the convenience of McAfee customers, is subject to change without notice, and is provided "AS IS" without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. McAfee logos are registered trademarks or trademarks of McAfee LLC in the US and/or other countries. Other names and brands may be claimed as the property of others.

Copyright ©2017 McAfee LLC. All rights reserved. McAfee LLC | 2821 Mission College Blvd. | Santa Clara | CA 95054 | USA