• No results found

McAfee Vulnerability Manager 7.5.1

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "McAfee Vulnerability Manager 7.5.1"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

McAfee Vulnerability Manager 7.5.1

The McAfee® Vulnerability Manager 7.5.1 quarterly release adds features to the

product without having to wait for the next major release. This release notes file contains information about new features for this release.

New features

Here is a list of new and updated features included with this release of McAfee Vulnerability Manager 7.5.1.

• RealTime scanning — McAfee integrates McAfee Vulnerability Manager and McAfee Asset Manager to provide RealTime scanning.

• Operating system (OS) identification — The product allows you to set the operating system for a single asset or a group of assets. You can also clear the operating system assigned to a single asset or group of assets.

• McAfee product integration — McAfee Vulnerability Manager can now use information from other products, like McAfee Asset Manager. McAfee Asset Manager can provide operating system information for an asset.

• Vulnerability information for mobile platforms — The product can provide

vulnerability information for some mobile devices (requires McAfee Asset Manager integration).

• ePolicy Orchestrator assets in the assets table — ePO assets are now added to the McAfee Vulnerability Manager asset table, so ePO assets can be added from the Targets tab.

• Microsoft Windows 8 and Microsoft Windows Server 2012 — The product allows you to scan assets running Microsoft Windows 8 or Microsoft Windows Server 2012.

Note: Installing McAfee Vulnerability Manager on a Microsoft Windows Server 2012 system is not supported. Using McAfee Vulnerability Manager with Microsoft Internet Explorer 10 (IE10) is not supported.

(2)

RealTime scanning

McAfee Vulnerability Manager RealTime scanning allows you to continuously scan assets on your network. You can have only one RealTime scan assigned to a scan engine.

Before you start

Before you can use a RealTime scan:

• Install the McAfee Asset Manager Sensors. • Install the McAfee Asset Manager Console.

• Configure the McAfee Asset Manager Sensors to communicate with the McAfee Asset Manager Console.

• Install and configure McAfee Vulnerability Manager.

• Use the McAfee Asset Manager Integration Guide to integrate McAfee Asset Manager and McAfee Vulnerability Manager.

Create a RealTime scan

To create a RealTime scan, create a scan configuration and select the RealTime Scan checkbox.

1 Select Scans | New Scan.

2 Select the base settings for your scan or select a template. 3 Select RealTime Scan, then click Next.

4 Type a name for the scan, select your target settings, then click Next. You cannot add targets to a RealTime scan, because the assets are imported from McAfee Asset Manager.

5 Select your scan settings, then click Next.

6 Select your report options, then click Next. No reporting options are enabled, by default.

7 Select your schedule options. This includes selecting a scan engine and the amount of time delayed between continuous scans.

a Select Engine — Select the scan engine to run the RealTime scan. Only one RealTime is

allowed per scan engine. Scan engines with an active RealTime scan are removed from

the Select Engine list. You must select Active to enable the Select Engine list.

b Delay between scans — Set the amount of time between when a RealTime scan completes

and when it starts again. By default, this is five minutes. The shortest time delay is one minute, the longest is 1,440 minutes (24 hours).

(3)

Use a RealTime scan

Note the following about RealTime scanning:

• By default, a RealTime scan is set to continuous. After a RealTime scan completes, the scan goes into the Pending state until the next scheduled scan (five minutes by default). Change the time between continuous scans on the Schedule page in the product.

• If you cancel a Pending RealTime scan, the scan engine is no longer associated with that scan. You can then create another RealTime scan associated with the scan engine and activate it.

• If you attempt to run two RealTime scans on the same scan engine, for one root organization, you will see an error message stating this is not possible.

RealTime conditions

The dynamic asset tag and custom report filters now provide a way of identifying assets based on RealTime scanning conditions.

Use the RealTime conditions in your dynamic asset tags to help you search for assets that are within your RealTime requirements or not within your RealTime requirements. Use the RealTime conditions in your custom reports to report on which assets are within your RealTime requirements or not within your RealTime requirements. RealTime conditions

Condition Description

Created date Matches an asset if the asset's creation date is less than or greater than the set number of days.

Last scanned date Matches an asset if the asset was last scanned in less than or greater than the set number of days.

Real time discovered Matches an asset if the asset was discovered or not discovered by McAfee Asset Manager.

Real time scanned Matches an asset if the asset was scanned or not scanned in a RealTime scan.

(4)

Operating system identification

The product allows you to manually set the operating system identified on an asset.

Set OS identification using asset management

You can set the operating system for an asset on the Asset Management page. 1 Select Manage | Assets.

2 Right-click an asset, then select Properties. You can select multiple assets using the Ctrl or Shift buttons.

3 Select Change Operating System.

4 Type the operating system in the Operating System Name field. 5 Select the Operating System Category, then click Submit.

Clear OS identification using asset management

You can clear the operating system

1 Select Manage | Assets.

2 Right-click an asset, then select Properties. You can select multiple assets using the Ctrl or Shift buttons.

3 Select Change Operating System.

4 Select Unknown from the Operating System Category. A message states you are about to clear the operating system information.

5 Click OK, then click Submit.

Set OS identification using asset search

You can conduct a search on the Asset Management page and then manually apply an operating system to the search results.

1 Select Manage | Assets. 2 Conduct an asset search.

3 Click With all search results, then select Update Operating System. 4 Type the operating system in the Operating System Name field. 5 Select the Operating System Category, then click Submit.

(5)

Clear OS identification using asset search

OS identification prioritization

The product applies a priority based on the source of the operating system identification.

If there is an external source (like ePO or McAfee Asset Manager) with operating system information for an asset with a priority value greater than or equal to that of the information already in the product, the information from the external source replaces the information in the product.

Determining which source to use for identifying the operating system on an asset happens during the asset reconciliation

Operating system weight value (priority)

Source Weight

External source and only the operating system category is known

0

Note: The OS category would be Microsoft Windows, not Microsoft Windows Server 2008 R2.

McAfee Vulnerability Manager discovery scan without credentials

0 - 100

Note: Some operating systems allow access to a target registry without using credentials, like a NULL session. In these cases, a score of 200 is applied to the target.

External source and the complete operating system is known 95 Unmanaged ePO assets 95 ePO operating system information 150 McAfee Vulnerability Manager discovery scan with credentials

200

Manually set

(6)

Integrate third party OS identification

The product allows you to integrate other McAfee products, like McAfee Asset

Manager, and use that asset information to improve the accuracy of your scan results. See the McAfee Asset Manager documentation for information about integrating with McAfee Vulnerability Manager.

Vulnerability information for mobile devices

With mobile device information from McAfee Asset Manager, McAfee Vulnerability Manager can add these mobile devices as assets to your asset table and Asset Management page.

When you run a scan that includes mobile devices, the product can provide you with a list of known vulnerabilities related to the software version running on the device. The product does not connect to the mobile device during a scan, but does run FSL scripts to identify vulnerabilities based on the mobile device information.

Note: To run a scan against the mobile device information, the mobile device must be wirelessly connected to your network, and the wireless access point must be connected to a McAfee Asset Manager sensor.

Mobile devices appear in the Asset Management page with the IP address and operating system. The DNS name (device name) and NetBIOS name appear if that information is available.

Mobile devices appear in the asset table when adding assets to a scan.

McAfee Vulnerability Manager can provide vulnerability information for the following mobile operating systems:

• Apple iOS 1.0 and later • Android OS 2.0 and later • Blackberry OS 4.0 and later • Windows Mobile OS 5.0 and later

(7)

ePolicy Orchestrator assets in the asset tree

Your ePO assets are now included with the McAfee Vulnerability Manager assets and can be added to a scan configuration from the Targets tab.

You can still add your ePO assets by selecting the ePO Asset Source on the Browse tab.

Microsoft Windows 8 and Microsoft Windows Server

2012

The product can scan assets running Microsoft Windows 8 or Microsoft Windows Server 2012.

Note: Installing McAfee Vulnerability Manager on a Microsoft Windows Server 2012 system is not supported. Using McAfee Vulnerability Manager with Microsoft Internet Explorer 10 (IE10) is not supported.

Known issues

For a list of known issues for this release, see the following KnowledgeBase article:

(8)

Resolved issues

The following are the issues were resolved with this release.

This application installs only the patch needed to update the McAfee Vulnerability Manager system.

• Fixed infinite loop in Discovery module during TCP/UDP fingerprinting. (Reference: 768854)

• Fixed form authentication using a credential that includes the character "ñ". (Reference: 779317)

• Fixed FSAssessment crash in the FASLModule. (Reference: 771899)

• Fixed date format specification for the FSUpdate table SQL query. (Reference: 788878)

• Fixed XCCDF Benchmark reports for STIG templates. (Reference: 756499) • Fixed date conversion error while updating the job state on a British-English SQL

Server.

• Fixed the MVM Data Import task invoked by the MVM ePO extension. (Reference: 776590)

• Fixed the Vuln Set rule editor to hide the preview button until the editor has completed processing. (Reference: 761499)

• Fixed the workgroup-delete operation to display an error when the delete fails. (Reference: 766309)

• Fixed the role editor to allow the viewing of the complete organization tree. • Fixed the FASL engine script launcher to avoid running too many scripts

simultaneously against a single target.

• Fixed Dashboard Risk Trend Graph not Loading. (Reference: 795166)

• Fixed premature timeout determination made by the API and script monitoring object and improved its performance when running on networks with significant network latency. (Reference: 803904)

References

Download now ( PDF - 8 Page - 94.12 KB )

Related documents

Review: McAfee Vulnerability Manager

McAfee Vulnerability Manager--especially when used within the McAfee ePolicy Orchestratorâ„¢ security management platform--provides IT admins with a powerful and effective tool

Solutions Brochure. Security that. Security Connected for Financial Services

Connecting the broad McAfee portfolio of network, endpoint, and content controls, McAfee Enterprise Security Manager, our security and information event management platform,

McAfee Vulnerability Manager 7.0.2

Select vulnerabilities from the vuln tree when you want to include specific vulnerabilities in your scan configurations, asset reports, and asset tags.. A vuln tree based

Security Intelligence in Action: SANS Review of McAfee Enterprise Security Manager (ESM) 9.2

A similar integration with McAfee Vulnerability Manager can enable ESM to trigger vulnerability scans, and the integration with Network Security Platform (NSP) enables the

Extreme Networks Security Vulnerability Manager User Guide

In Extreme Networks Security Vulnerability Manager, the Scan Results Asset Details page shows asset, vulnerability, and open services data.. By using the options on the toolbar, you

McAfee Policy Auditor software

The task does not retrieve results from McAfee Vulnerability Manager, but requests McAfee Vulnerability Manager to update and assemble audit results from data in preparation

Virtualization Guide. McAfee Vulnerability Manager Virtualization

10,000 Two product servers: One configured as enterprise manager web portal and the other configured as a database, API server, scan controller, and a scan engine with

Installation Guide. McAfee Vulnerability Manager 7.5

Installing and configuring McAfee Vulnerability Manager on a single server Other McAfee Vulnerability Manager configuration applications and services include a scan controller,