Platinum Technical Support Newsletter - The Place at McAfee

Platinum Technical Support NewsletterFebruary 13, 2009McAfee Avert Labs Threat CenterCurrent MalwareOSX/IWService 22 Jan 2009W32/Waledac.gen.b 14 Jan 2009Downloader‐UA.h 02 May 2008BackDoor‐DNM 21 Feb 2008Downloader.gen.a 30 Jul 2007Current VulnerabilitiesMS09‐001 SMB RC 9586.. 13 Jan 2009MS09‐001 SMB BO 9586.. 13 Jan 2009MS08‐072 word 957173 09 Dec 2008MS wordpad RCE 09 Dec 2008MS IE databind RCE 09 Dec 2008MS09‐001 SMB DoS 958.. 14 Sep 2008Breaking AdvisoriesFebruary 5, 2009: Microsoft has posted their Advance notification for the February 2009 bulletin release (releasingFebruary 10). This release will include two 'Critical' updates (Internet Explorer and Microsoft Exchange). Updates forMicrosoft SQL Server and Visio will be includef as well. All four bulletins carry a potential impact of remote codeexecution.Learn MoreAudio ParasiticsEpisode 55 ‐ Part 2 of 2 ‐ Jim and Dave discuss the 2009 Threat Predictions, Trojans on Mac OS X, and theDATs hitting 500,000!Episode 54‐ Part 1 of 2 ‐ Jim and Dave discuss the 2009 Threat Predictions, Trojans on Mac OS X, and theDATs hitting 500,000!Episode 53‐ It's time to patch....Dave and Jim discuss W32/Conficker.worm and MS08‐067.…Previous Episodes…Listen via iTunes, Podzinger or direct from the Threat CenterMcAfee Monthly Spam Report for February is Available OnlineThis month's edition of the McAfee Monthly Spam Report is now online and available for download. Again, agreat example of our collective, global threat intelligence model in action!Download HereConcerned About PCI Compliance?McAfee is uniquely poised help organizations optimize their security posture while meeting PCI compliancethrough its breadth of solutions and services. Our comprehensive suite of solutions and services helps youexceed PCI requirements, via a layered security model.New McAfee PCI DSS Requirement Mapping Tool now availableMcAfee Inc © 2008 Platinum Technical Support Newsletter 2/13/2009 Page 1 of 6

Keeping Information Assets Secure as Organizational Boundaries GoGlobalTechnology and the Internet have transformed the traditional boundaries of organizations, resulting in adistributed network of unsecured economies, leaving informational assets such as intellectual property andsensitive information even more at risk of theft and misuse.This report investigates the Cybercrime risks in various global economies, and the need for organizations totake a more holistic approach to vulnerability management and risk mitigation in this ever‐evolving globalbusiness climate.Download the Unsecured Economies Report.Hear what more than 1,000 senior global IT decision makers have to say regarding the potential implicationsof doing business in specific countries as it pertains to securing informational assets.Learn how culture may have an impact on attitudes towards intellectual property and what types ofinformation are considered sensitive and not.Learn how organized crime, employee turnover, reverse engineering, phishing attacks and money mules areputting your company data assets at risk.Discover which countries are investing in information security and updating regulations to address thegrowing concern of protecting data assets, and those countries less concerned with the issue.Gain valuable insight from industry experts in data protection and intellectual property, including bestpractices for protecting the vital information of your organization.Download this report today to learn more about the issues of Cybercrime and unsecured economies puttingthe world's information assets at risk; how the trends could impact your organization and steps you can taketo build a stronger defense against threats.McAfee Rolls Out Artemis Technology to All Platinum CustomersMcAfee is extending the availability of Artemis threat protection technology to all Platinum Support customersrunning McAfee VirusScan Enterprise (VSE) 8.7i or 8.5i beginning January 28, 2009, at no additional cost.Artemis is successfully deployed on more than 10 million consumer, small and medium business, andenterprise customer nodes. Given the success of this new technology in providing greater real‐time protectionagainst malware combined with extremely low incidence of escalations, we are extending Artemis availabilityin Q1 to include all Platinum customers with VSE 8.7i or 8.5i.Platinum customers interested in assessing Artemis in a pilot environment or deploying it across theirenterprise network must contact their McAfee Support Account Managers (SAMs) to request the SDATpackages. SAMs will be contacting Platinum VSE customers proactively regarding this opportunity.Further details regarding how to enable Artemis in the near term and what is being planned are explained inKnowledgeBase article KB 53732. For more information, click here or contact your SAM.McAfee Inc © 2008 Platinum Technical Support Newsletter 2/13/2009 Page 2 of 6

ePO 4.5 Beta Now AvailableA beta version of McAfee’s flagship product – ePolicy Orchestrator (ePO) – is now available for customers totest, evaluate and give feedback. This is a great way to engaged with some of the new functionality in thisnext version.New features include:Multi‐tier architecture to greatly improve scalability• Reduced server hardware requirements• Failover managementImproved visibility and control across multiple ePO servers• Policy sharing & assignment reporting• Multiple server reporting• Moving agents between serversStreamline notification through automated rule based remediation response/workflow to events/incidents• Trouble Ticket generation ‐ Remedy & HP Service Desk• SNMP/email notificationsImproved user‐based management to more efficiently deploy security policy• Use Active Directory user rights for ePO permissions• Develop policies based on either users or groupsUser interface improvements to spend less time managing security• Drag & drop capabilities• Customizable shortcut toolbar• Query & extension groupingParticipate in this beta to get a first hand look at what this new version of ePO has to offer. The public betasare available to anyone who is interested in testing our enterprise software and providing feedback to ourengineering teams.Sign up and download the ePO 4.5 beta Here.McAfee Avert Labs Security AdvisoriesMcAfee Avert Labs Security Advisories are a free notification service backed by our global research team.McAfee Avert Labs Security Advisories map high profile threats to the McAfee technologies that protect yourenvironment.Sign up hereMcAfee Inc © 2008 Platinum Technical Support Newsletter 2/13/2009 Page 3 of 6

End‐of‐Life Notice:GroupShield for Domino 5.3, SpamKiller for Domino 2.1As a result of the obsolescence of Microsoft Windows 2000 SP1, McAfee plans to stop supporting GroupShieldfor Domino v5.3 and SpamKiller for Lotus Domino v2.1 running on Microsoft Windows 2000 SP1 on September1, 2009. To receive continued support, customers should upgrade their operating system to Windows 2003.As a result of McAfee's product lifecycle, McAfee plans to stop supporting GroupShield for Domino v5.3 onWindows and SpamKiller for Lotus Domino v2.1 on December 31st 2009. To receive continued support,customers should upgrade to the latest version of these McAfee products.Product documents and Knowledgebase articlesCheck out these useful Product Document and Knowledgebase articles from the Email & Web Security teamon the McAfee Knowledgebase at our ServicePortalMcAfee Email Security Appliance 5.0 Best Practices GuidePD20780McAfee Web Security Appliance 5.0 Best Practice GuidePD20781Upgrading the Appliance to Email and Web Security 5.0 Service Pack 1KB60300ERROR: Size of a request header field exceeds server limit (when using Kerberos Authentication) KB60332ERROR: Device Platform not supported, displayed when installing Appliance software KB60429Message from McAfee Avert LabsMcAfee Avert Labs would like to communicate out on McAfee’s strategy for addressing some of the criticalissues customers are having with regards to DAT size and growth rate containment. There are a few items thatare planned for the near future:ePO 4.0 Patch 4With ePO Patch 4, customer will have the option to configure the ePO server via registry key to allow for V2only DAT downloads as well as a global replication setting of Incremental files only. Each of these features wasdesigned to address the speed of replication along with the size of the content being delivered.To address the size of the content being replicated to distributed repositories, you can now configure ePO toonly replicate the V2 DAT content. This will eliminate over 50% of the DAT content being replicated. The ePOserver pull tasks will still download both content versions to the master repository. If you are using theproducts below you will still need to replicate both V1 and V2 DATs to your repositories. As this is a globalsetting, all repositories will either have V1 and V2, or V2 only content.Global incremental DAT replication can also be configured, but it is critical that it is understood that ePO willonly replicate the incremental files themselves and not the full DAT file. If systems need to have access to thefull DAT, when they are either 14 versions out of date or during a new VSE installation, then you will have tocopy the full DAT to the repositories. This can be accomplished with external file copy utility, such as“Robocopy”. As most customers will need to have the full DAT files available, this option is best suited for veryspecific use cases and should only be utilized after careful review of the environment.McAfee Inc © 2008 Platinum Technical Support Newsletter 2/13/2009 Page 4 of 6

ePO 4.0 Patch 4…ContinuedAnother key item to remember is that if a product needs content that is not available the agent it will checkeach of its configured repositories and eventually the fallback repository, if so configured. By default this is theMcAfee HTTP download site. A situation could arise where a large number of systems would either need theV1 DAT content or the full DAT file and end up downloading the files from our internet location which couldhave negative network impact. It will be crucial for customers to review their deployed products portfolio toensure that content is not needed prior to configuring V2 content only and/or incremental file onlyreplication.Incremental DATsIn March, we will be increasing the number of incremental DAT updates from 15 to 35. This means thatcustomers can be outdated from updating their DATs for up to 35 days before they will be forced to take thefull DAT file. This change will only impact Enterprise customers. We are planning to change this for SMB andour Consumer markets in a Phase 2 of the project. There will be no changed needed by the customer to makeuse of this modification.V2 Only Download SiteAlso in March, we will be launching a new ePO download site for V2 only DAT content. The existing site for V1and V2 will remain, but customers exclusively running 8.5 and higher will be able to point ePO to this new site.This will have immediate and clear benefits, as the V2 content is less than half of the package that customerscurrently must pull. There will be no forced change, meaning, unless a customer chooses to make use of thisnew site no change will automatically happen. The customer will always be able to revert back to the old site ifneeded.DAT OptimizationsAvert Labs, in an effort to provide the best detection quality along with the lowest impact to the user, willbegin DAT optimization effort February 16th. This effort is targeted at streamlining the content in our DATswith the end goal of reducing overall DAT size. A bi‐product of this will be a potential increase to the size ofthe incremental DAT files over the course of the 6 weeks from start to completion of the project. We do notexpect that the incremental updates will go beyond 500KB during this time. It is not guaranteed that theincremental DATs will consistently be this size; however, we would like our customers to be aware of thecause for this.Feel free to contact Anna Stepanov for any questions regarding the DAT updating roadmap.AStepanov@avertlabs.comFeel free to contact Ulli Tanurhan for any questions regarding the ePO Patch 4UTanurhan@mcafee.comMcAfee Inc © 2008 Platinum Technical Support Newsletter 2/13/2009 Page 5 of 6

Useful LinksMcAfee Corporate WebsiteMcAfee MER ToolMcAfee Knowledge SearchMcAfee WebMER (See NAI33333)McAfee DownloadsMcAfee Virtual Technician (MVT)McAfee Threat CenterMcAfee Global Solutions LabMcAfee Security UpdatesAVERT Tools and UtilitiesMcAfee Product & Support End of LifeBeta ProgramMcAfee Service PortalAvert BlogService Portal Help & FAQsFree McAfee ToolsFeature Modification RequestFree McAfee Foundstone ToolsMcAfee Product Content ReleasesMcAfee Inc © 2008 Platinum Technical Support Newsletter 2/13/2009 Page 6 of 6