SNS Digest (May 2017)
Support Notification Service May 2017
SNS Digest - McAfee
Upcoming Webcasts
CASB Tech Talk: Unifying Data Protection—Across Endpoint, Network and Cloud
APAC Wednesday, June 7, 2017 | REGISTER
3:00 PM AEDT
EMEA Wednesday, June 7, 2017 | REGISTER
3:00 PM GMT | 4:00 PM CET
Americas Wednesday, June 7, 2017 | REGISTER
11:00 AM PDT | 1:00 PM CDT | 2:00 PM EDT
Learn more about McAfee's newest Pervasive Data Protection solution along with CASB. Join Dave Bull, Director of Data Protection Solutions, to learn how McAfee Pervasive Data Protection will allow you to discover and protect your on premise and cloud resident data from compromise via a centralized control plane.
Recent Publications and News
WannaCry Ransomware Outbreak and Analysis
Last Friday, multiple sources in Spain began reporting an outbreak of the ransomware now identified as WannaCry. Upon learning of these incidents, McAfee immediately began working to analyze samples of the ransomware and develop mitigation guidance and detection updates for its customers. By Friday afternoon, McAfee’s Global Threat Intelligence system was updated to identify all known WannaCry samples and the company had delivered DAT signature updates to all its customers.

This week’s attacks leveraging the WannaCry ransomware were the first time we’ve seen an attack combine worm tactics along with the business model of ransomware. The weaponization of the Eternal Blue exploit made public weeks ago, and unpatched MS-17-010 Windows OS vulnerabilities by the thousands enabled WannaCry to infect hundreds of thousands of computers, across industries, across continents, and within just a day.

Related Resources:
KB89335— Protecting against Ransom-WannaCry (May 2017)
An Analysis of the WannaCry Ransomware Outbreak
Further Analysis of WannaCry Ransomware
2017 Verizon Data Breach Investigations Report
Annual Verizon Data Breach Investigations Report (DBIR) was published recently, and once again, it is a hefty report that is sure to become one of the most referenced data breach reports in the world. Verizon's analysis is based on a broad set of real breach data collected from 65 law enforcement agencies, security product vendors, and security consulting firms. In fact, this year's report analyzed more than 42,000 incidents and 1,900 confirmed breaches spanning 84 countries and 20 industries. Although the data set is neither comprehensive nor a random sample, it certainly looks at a large set of data and is very likely to be directionally accurate.
The report reconfirms many of the things we already know, but it also provides many "aha" moments.
Related Resources:
'Aha' Moments from the 'Verizon 2017 Data Breach Investigations Report'
McAfee Blogs Related to the Verizon DBIR
McAfee Threat Landscape Dashboard
Every week, we read in the news of another breach or targeted campaign, as more patches are released to protect against the next strain of sophisticated malware. For the administrators responsible for safeguarding a company's systems, networks, and digital information, keeping up is an overwhelming task, made doubly difficult because it is often hard to determine the most significant threats.
To serve those admins, McAfee began work nine months ago to design a new dashboard that identifies the most significant threats and illustrates the relationships between them. We want to assist security practitioners when they make decisions about which vulnerabilities should be patched first, based on the prevalence of attacks that exploit those vulnerabilities.
Related Resources:
McAfee Threat Center
Threat Landscape Dashboard
Advanced Threat Research Team
Shamoon Returns, Bigger and Badder
In November 2016, we published a blog that drew comparisons between samples that we had received to that of the 2012 'Shamoon' campaign. Since November, there has been a considerable amount of research corroborating our initial assertions, which we have reviewed against our own continuing analysis. We found that the latest Shamoon campaigns are attacking a wider range of organizations, they are connected to other notable campaigns, and the increase in sophistication suggests investment, collaboration and coordination beyond that of a single hacker group, but rather that of the comprehensive operation of a nation-state.
Are Embedded OEM Device Manufacturers Responsible for Ensuring Their Devices are Secured?
Today's devices are becoming more internet-connected as we speak. As our world becomes further intertwined with technology, new doors open directly into our lives for potential threats. Hackers are quickly advancing with their attacks, making it detrimental for end users if security is not provided. Consumers within the retail, medical, industrial controls and now even the automotive industries are concerned with using devices in their environment due to the potential risk of a cyberattack. Thus, it is critical for device manufacturers and embedded OEMs to provide security within their devices.
Banned Chinese Qvod Lives on in Malicious Fakes
Qvod used to be a popular video player and developer in China. Due to piracy allegations and a threatened fine, the company went out of business in 2014. In spite of this, we have recently seen a number of malicious fake versions of Qvod.
Technical Product Updates
Expert tips and documentation for leading McAfee products published in the last 30 days. Visit the McAfee Knowledge Center for additional products.
Product Links
  > (ePO) ePolicy Orchestrator
> (VSE) VirusScan Enterprise
> (ENS) Endpoint Security
> (DXL) Data Exchange Layer
> (MOVE) Management for Optimized Virtual Environments
> (SIEM) Security Info & Event Mgmt
> (EP) Encryption Products
> (MWG) Web Gateway
> (IPS) Host Intrusion Prevention
> (DLP) Data Loss Prevention
> (TIE) Threat Intelligence Exchange
(ePO) ePolicy Orchestrator
New ProTips
SNS ProTip for ePolicy Orchestrator: Supported upgrade paths for ePolicy Orchestrator
See more ePO ProTips here
New KB Articles
KB89075 — The server's host key is not cached in the registry. You have no guarantee that the server is the computer (in server task log after deploying McAfee Agent to a Mac fails)
KB89093 — The Tomcat service stops working when running old Active Directory sync tasks
KB89055 — How to install McAfee Active Response 2.0.1 using ePolicy Orchestrator 5.9
KB89130 — An ePolicy Orchestrator Disaster Recovery Snapshot task fails on a clustered ePO server
KB89133 — Threat Intelligence Exchange Server installation fails to retrieve FIPS Mode
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(VSE) VirusScan Enterprise
New KB Articles
KB85097 — Error Install_SysCore_AddAACStickyPolicy returned actual error code 1603 (installation/upgrade of VSE fails)
KB89066 — System crash (blue screen) when accessing exFAT-formatted removable media encrypted with File and Removable Media Protection
KB89123 — VirusScan (VShield) system tray icon is no longer visible after disabling the McAfee Agent (McTray) icon the via ePolicy Orchestrator policy
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(ENS) Endpoint Security
New ProTips
SNS ProTip for ENS: How to be notified whenever a Knowledge Base article is updated
See more Endpoint Security ProTips here
New KB Articles
KB89103 — Endpoint Security Firewall Catalog from ePolicy Orchestrator shows a blank screen
KB89079 — McAfee Agent installation file FramePkg.exe is blocked by anti-virus software
KB89077 — How to view the process load order for Endpoint Security and other installed McAfee products
KB89060 — The Data Exchange Layer Client cannot connect to the DXL Broker
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(DXL) Data Exchange Layer
New KB Articles
KB89060 — The Data Exchange Layer Client cannot connect to the DXL Broker
KB89090 — Data Exchange Layer Brokers and Clients require equivalent or greater Extension versions to function correctly
KB89055 — How to install McAfee Active Response 2.0.1 using ePolicy Orchestrator 5.9
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(MOVE) Management For Optimized Virtual Environments
New KB Articles
KB89065 — /var folder consumes 100% disk space causing MOVE Agentless SVM Manager to crash
KB89085 — Event delivery to ePolicy Orchestrator fails to occur on MOVE Antivirus Agentless clients
KB89074 — Static IP Address is not assigned to the MOVE AntiVirus Agentless SVM during NSX Manager deployment
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(SIEM) Security Info & Event Mgmt
New ProTips
SNS ProTip for SIEM: Receiving notification whenever a Knowledge Base article is updated
See more SIEM ProTips here
New KB Articles
KB89191 — Mounting remaining file systems... [FAIL] (during Advanced Correlation Engine boot sequence)
KB89177 — Network interface configuration settings revert to an unconfigured state after successfully enabling additional network interfaces
KB89122 — Error: Invalid Value(ER61) (while creating a data enrichment source with a non-English path during CIFS configuration in Enterprise Security Manager)
KB89092 — /etc/rc.d/rc3.d/S51mfs is not a valid symlink. [WARN] (during Enterprise Security Manager boot or shutdown sequence)
KB89064 — Customized logo cannot be applied to the Enterprise Security Manager console
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(EP) Encryption Products
New KB Articles
KB89121 — Support for Non-Volatile Memory Express drives
KB89072 — ePolicy Orchestrator continues to display the previous version after a successful Drive Encryption upgrade
KB89061 — Autoboot fails when the policy is set to use the Trusted Platform Module after installing Drive Encryption 7.2.0 or 7.2.1
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(MWG) Web Gateway
New KB Articles
KB89196 — ERR_CERT_COMMON_NAME_INVALID (Web Gateway incompatibility with Google Chrome 58)
KB89080 — McAfee Anti-Malware 5900 Engine phased rollout for Web Gateway
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(HIPS) Host Intrusion Prevention
New KB Articles
KB89132 — Error Message: java.lang.NullPointerException (when running the Host Intrusion Prevention query "Events From Host IPS Trusted Networks")
KB89071 — Applications that generate loopback traffic are blocked though the Host Intrusion Prevention Firewall when adaptive mode is enabled
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(DLP) Data Loss Prevention
New KB Articles
KB89089 — Microsoft Edge browser is not supported for use with Data Loss Prevention Endpoint
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
(TIE) Threat Intelligence Exchange
New KB Articles
KB89133 — Threat Intelligence Exchange Server installation fails to retrieve FIPS Mode
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up back to product links
News & Announcements
SNS Domain Change
On May 12, 2017, the Support Notification Service (SNS) domain changed to This may impact your receipt of SNS notices. Please see the SNS FAQ article for whitelisting instructions.
Webinars On Demand
Unable to attend a live McAfee webinar? Check out our on demand webcast libraries. Each one is broken down by region, but many of the events apply globally.
Europe Events on Demand
North America Events on Demand
Asia Pacific Events on Demand
Patch Tuesday
Due to changes in the Microsoft Patch Tuesday format, McAfee's May Patch Tuesday Newsletter will be our final issue. You can find the May analysis on the McAfee Community website.
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP
Release Roundup
Week of Apr 25
Data Loss Prevention 10 Patch 2 Hotfix 30
Week of Apr 17
5900 Anti-Malware Engine
Advanced Threat Defense 3.8.2 HF1
Active Response Hotfix
Rogue System Detection 5.0.5
Data Loss Prevention 10.0 Patch 2
Week of Apr 10
ENS for Linux Threat Prevention 10.2.1 (ENSL 10.2 Patch 1)
VirusScan Enterprise for Storage (VSES) 1.2.0 HF1135217
Week of Apr 3
McAfee Agent 5.0.5
Web Gateway,,
Cloud Workload Discovery 4.5.1
Management of Native Encryption 4.1.1
Drive Encryption 7.2 Patch 1
ENS 10.5 Patch 1
ENS 10.2 Patch 1
ENS for Mac 10.2.2
Host IPS 8.0 Patch 9
Active Response 2.0 Patch 1
VirusScan Enterprise 8.8 Patch 9
NOTE: To see release details, go to the McAfee ServicePortal and search the KnowledgeBase for the product and version.
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP
Product End of Life (EOL)
May 1
Endpoint Encryption for PCs 7.0.x
May 12
VirusScan Enterprise for Storage 1.0, 1.1
Jun 30
Endpoint Encryption for Files and Folders 4.2.x
Risk Advisor 2.7.2
MOVE 3.6
Aug 5
Database Security - Standalone Server 4.4.x
Database Security - ePO-integrated 5.1.x
Aug 8
MOVE Scheduler, All
NOTE: EOL dates can change — see all software and appliance EOL announcements
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP
Resource Links
> SNS Digest Archive
> Community Forums
> Labs Security Advisories
> ServicePortal
> Product Download Site
> Product End of Life (EOL)
> DAT Release Notes
> Submit a Virus Sample
> Stinger Virus Removal Tool
> Free Support Tools
%7Bd90239ea-95e9-40fc-bb84-73f2b3d2d609%7D_triangle-up TOP
Follow us:
LinkedIn   Twitter   YouTube   Facebook  

The McAfee Support Notification Service (SNS) delivers valuable product news to help increase the functionality and protection capabilities of your McAfee products.

Securely manage your SNS email preferences.   |   Unsubscribe from all SNS communications.   |   For SNS questions, email
For support issues access Technical Support, ServicePortal, and the Knowledge Center. Enterprise (formerly Platinum) customers should contact their SAM for high severity issues. Visit the McAfee Community for product user groups and discussions.
The information in this document is provided only for educational purposes and for the convenience of McAfee customers, is subject to change without notice, and is provided "AS IS" without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. Intel and the McAfee logos are registered trademarks or trademarks of Intel Corporation or McAfee, Inc. in the US and/or other countries. Other names and brands may be claimed as the property of others.

Copyright ©2017 McAfee LLC. All rights reserved. Intel Corporation | 2200 Mission College Blvd. | Santa Clara | CA 95052-8119 | USA