Mcafee: Endpoint Migration Assistant Shows NULL shortly after upgrade to EPO 5.3.X

Mcafee: Endpoint Migration Assistant Shows NULL shortly after upgrade to EPO 5.3.X

There is a knowledgebase which describes a cache Bug after you Update EPO 5.1 to 5.3.x. The same BUG is valid if you check in Endpoint 10.2 and want to migrate

the Policy's. Clear all in Internet Explorer 11 Cache and it will display correct after that.

https://kc.mcafee.com/corporate/index?page=content&id=KB77920

https://community.mcafee.com/message/419967#419967

 

Ende WSUS-Patchday ab Oktober 2016 > Ende stabile Enterprise Umgebungen…

Ende WSUS-Patchday ab Oktober 2016 > Ende stabile Enterprise Umgebungen…

 

Das wird eine Katastrophe sind sich alle einig und "Nein" es gab noch nie Problem mit WSUS-Updates bei Microsoft ;-)

Zum Glück betrifft dies nur die OS-Patche und keine Framework und Office Patche.

 

  • Es wird ein kumulative Patch Sammlung pro Monat oder Woche geben
  • SEPARAT: Framework werden separat in einem kumulativen Patch pro Monat Releases
  • SEPARAT: Office Patche wie bis anhin einzeln
  • Falls bekannt ist das ein fehlerhafter dabei ist > kann man das Ganze CUMU nicht installieren und muss eventuell die einzelnen HOTFIXE alle bei MS MPSS Requesten.
  • Schon installiert > Falls ein fehlerhafter dabei ist muss das ganze CUMU Deinstalliert werden und das System bleibt unsicher

     

 

https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/

http://www.heise.de/security/meldung/Letzter-klassischer-Microsoft-Patchday-bringt-sieben-kritische-Updates-3321310.html

 

4K Sector Server and client Disk Fall 2016 follow-up

This table compares native 512-byte sectors to the new advanced formats:

Format

Logical Sector Size

Physical Sector Size

512n

512

512

512e

512

4,096

4Kn

4,096

4,096

    

Does current GA version of vSphere and VSAN support 4K Native drives?

No. 4K Native drives are not supported in current GA releases of vSphere and VSAN.

Does current GA version of vSphere and VSAN support 512e drives?
No. 512e drives are not supported with the current versions of vSphere and VSAN due to potential performance issues when using these drives.

 

Fujitsu:

https://www.fujitsu.com/global/Images/150807_DXS3seriesWP_E_online_05.pdf

Dell:

http://i.dell.com/sites/doccontent/shared-content/data-sheets/en/Documents/512e_4Kn_Disk_Formats_120413.pdf

Larger German ISP/Assembler of Servers:

https://www.thomas-krenn.com/de/wiki/Sektorgr%C3%B6%C3%9Fen_von_Datentr%C3%A4gern

VMware:

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2091600

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1008885

 

Heise on Client Disk and Alignment

http://www.heise.de/ct/hotline/FAQ-Festplatten-mit-4K-Sektoren-1378642.html

For the Terminal Bastlers ;-)

http://www.brianmadden.com/opinion/Advanced-Format-4k-disk-drives-and-performance-How-will-this-impact-your-virtual-disks

 

Intel/Migration Mcafee EPO VSE 8.8 auf Endpoint 10.X First Look and Tips

Migration Mcafee VSE 8.8 auf Endpoint 10.X Migration First Look

Put together by Butsch from all the presentation online, Channel presentations and first lab dives with 10.X

 

Current Release is Mcafee Endpoint Security 10.2

Most of the things we be cleaner (Some things will be merged)

HIPS

 

As example 4 OLD VSE 8.8 POLICY Merged in 1 "ON ACCESS SCAN Policy"

New here:

 

NEU: Workstation und Server NICHT mehr möglich in gleicher Policy (Dropdown)

 

  1. Migration Workstation Automatic
  2. After that, the Servers MANUALLY )OR both manually)
  3. You will have to separate "Workstation" and "Server" in the GUI under an OU (I hope you anyway doo above 100+ endpoints!) (Or use TAG for Policies)

NEW: You will have do a separate POLICY for "Workstation" and "Servers"

Some does not work anymore: Exclusion alt **\WILDCARDS ohne DRIVE LETTER > GEHT nicht mehr in EPS 10.X

There is a Remark in Migration Wizard who will tell you again!

 

What you need before you think to start

 

  • Basis fuer Update für bestehende Umgebungen
  • Base your nee das existing customer running EPO

There is a special Migration Help tool which you can install

You can select which Policy's to migrate and change Policy's during Migration

 

 

Quiz Questions from Butsch

 

When can i do what?

Is there any risk for my environment?

Is the Migration safe?

Before the 10.1 PACKAGE is deployed NOTHING will happen to the CLIENTS. You can migrate POLICYS BEFORE and THAN at the end deploy the VSE 10.

As soon as YOU deploy the VSE 10.1 package the Migration CLIENT side begins. As with a regular PATCH 8 for VSE or 7.5 to 8 migrations you TEST DEPLOY

a few client s for a week or days and THEN you can deploy (Migrate) the other clients. All other clients will KEEEP pulling the VSE 8.x POLICYS.

$

 

Question: We just want Virus Protection; we don't want HIPS or Site Advisor because we have other clients like Fort client or Windows Firewall.

  • There are still 3 parts and modules
  • You can DEPLOY them with separate Deployment Jobs
  • Only what you deploy of that gets on the client and like with other endpoints you don't have 75% Parts of the clients which you don't use because integrated with other brands already

 

 

 

 

 

 

 

See more Infos:

https://www.youtube.com/watch?v=H4vUFnhaHro

https://community.mcafee.com/docs/DOC-8364

https://community.mcafee.com/docs/DOC-8364#jive_content_id_VIDEO__Migrating_from_McAfee_VirusScan_Enterprise_88_to_McAfee_Endpoint_Security

 

Live Ransomware samples Subject, Sender August/July 2016 Switzerland

An overview what Swiss hospitals get in these days?

If you still don't get it and understand how critical this point is:

  • Budget is NOT the limit to use an attachment Analyze sandbox or not.
  • Modern version of Cerber SPREAD through Share Credentials from Microsoft Windows and jump to all clients. A customer with 13'000 clients was infected in Asia in a few hours.
  • If you are above 100+ employees or if you think your business is important BUY a Sandbox for Mail Analyze and use Mcafee TIE/ATD for Files.
  • If you are too small > No solution. Do not accept attachment anymore! The step to take all Mail Flow and Exchange to the cloud will not help you! Spend massive money in security or take the risk that you close your business once because of Ransomware

http://www.scmagazine.com/microsoft-office-365-hit-with-massive-cerber-ransomware-attack-report/article/505845/ (June 2016)

Updated: Millions of Microsoft Office 365 users were potentially exposed to a massive zero-day Cerber ransomware attack last week that not only included a ransom note, but an audio warning informing victims that their files were encrypted.

Steven Toole, a researcher for the cloud-security firm Avanan, blogged that his company saw the first attack roll in at 6:44 a.m. on June 22 and that at least 57 percent of all Office 365 customers on Avanan's platform received at least one phishing attempt that contained the infected attachment and Avanan extrapolated that the same number of all Office 365 users were involved. While Avanan did not supply a specific number of those possibly hit, Microsoft reported in its first quarter 2016 earnings report that there are 18.2 million Office 365 subscribers.

http://www.butsch.ch/post/Ransomware-Schweiz-Mcafee-TIE-Threat-Intelligence-Exchange-im-Einsatz.aspx

http://www.butsch.ch/post/RansomwareDeutschlandSchweiz-Healthcare-Deutscher-Bund-warnt-und-reagiert.aspx

http://www.butsch.ch/post/200216-Ransomware-Locky-Trojan-Germany-high-infection-rates.aspx

https://www.fireeye.com/blog/threat-research/2016/08/locky_ransomwaredis.html

 

The malware was sent from THOSE company's listed. The sender address where spoofed/Forged.

Date

Time

Client

Message

From

27.07.2016

04:44:34

mx2.ait.ac.at [62.218.164.132]

The file Alphabet Incorporation.docx is infected with MSWord/Phishing.C97F!phish.

anja.koengeter@ait.ac.at

16.08.2016

13:44:58

[62.152.169.139]

The file dhl_bestellung.docx is infected with JS/Nemucod.AAP!tr.dldr.

buro@dhl.com

20.07.2016

13:40:36

mo4-p03-ob.smtp.rzone.de [81.169.146.172]

The file Paketnummer0221036778.zip is infected with JS/Ransom.AP!tr.

c.zaehringer@microtracer.de

16.08.2016

13:31:43

fysiohoevensevld.demon.nl [80.100.200.39]

The file dhl_rechnung.docx is infected with JS/Nemucod.AAP!tr.dldr.

donotreply@dhl.com

18.07.2016

17:34:31

host-212-68-196-182.dynamic.voo.be [212.68.196.182]

The file coop.ch_rechnung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

18.07.2016

17:30:10

mail.grosvenor-carpets.co.uk [91.135.7.205]

The file coop_bestellung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

18.07.2016

17:20:25

91.98.235.122.pol.ir [91.98.235.122]

The file coop_ch_rechnung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

18.07.2016

17:09:24

gw.paph.co.uk [82.33.219.82]

The file coop.ch_quitung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

18.07.2016

17:07:35

[82.79.49.226]

The file coop_bestellung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

18.07.2016

17:01:47

gw.paph.co.uk [82.33.219.82]

The file coop.ch_bestellung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

18.07.2016

16:54:46

gw.paph.co.uk [82.33.219.82]

The file coop_quitung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

18.07.2016

16:52:15

[82.78.203.146]

The file coop.ch_quitung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

18.07.2016

16:39:59

82-76-211-44.rdsnet.ro [82.76.211.44]

The file coop.ch_bestellung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

18.07.2016

16:39:40

gw.paph.co.uk [82.33.219.82]

The file coop.ch_bestellung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

18.07.2016

16:07:52

82-76-211-44.rdsnet.ro [82.76.211.44]

The file coop_bestellung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

18.07.2016

14:45:18

host-48-166-108-91.as10.ldn.uk.sharedband.net [91.108.166.48]

The file coop.ch_zahlung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

18.07.2016

14:29:21

host-212-68-196-182.dynamic.voo.be [212.68.196.182]

The file coop_ch_rechnung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

18.07.2016

13:49:33

91-189-60-54.riz.pl [91.189.60.54]

The file coop_zahlung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

18.07.2016

13:36:58

static.imatel.es [91.200.117.76]

The file coop_zahlung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

18.07.2016

13:13:35

91-189-60-54.riz.pl [91.189.60.54]

The file coop_ch_rechnung.docx is infected with JS/Nemucod.C060!tr.dldr.

info@coop.ch

15.08.2016

15:41:43

static-84-42-159-115.net.upcbroadband.cz [84.42.159.115]

The file bestellung_15_08_2016.docx is infected with JS/Nemucod.AAP!tr.dldr.

info@credit-suisse.com

15.08.2016

15:18:33

[193.85.159.72]

The file rechnung_15_08.docx is infected with JS/Nemucod.AAP!tr.dldr.

info@credit-suisse.com

15.08.2016

13:19:41

148.63.249.5.rev.vodafone.pt [5.249.63.148]

The file bestellung_15_08.docx is infected with JS/Nemucod.AAP!tr.dldr.

info@credit-suisse.com

15.08.2016

13:12:11

148.63.249.5.rev.vodafone.pt [5.249.63.148]

The file zahlung_15.08.2016.docx is infected with JS/Nemucod.AAP!tr.dldr.

info@credit-suisse.com

16.08.2016

12:12:37

fysiohoevensevld.demon.nl [80.100.200.39]

The file Zahlung_DHL.docx is infected with JS/Nemucod.AAP!tr.dldr.

info@dhl.com

24.08.2016

06:39:32

ncr-100-66.primenet.in [203.115.100.66]

The file PRIVATE CASH.zip is infected with W32/Inject.ABHZO!tr.

info@infobitsystem.com

09.08.2016

17:23:43

88.250.40.151.static.ttnet.com.tr [88.250.40.151]

The file zahlung_09.08.2016.docx is infected with Malware_Generic.P0.

info@post.ch

09.08.2016

17:04:24

[88.208.35.108]

The file zahlung_09.08.2016.docx is infected with Malware_Generic.P0.

info@post.ch

09.08.2016

16:57:18

[86.34.227.40]

The file quittung_09.08.2016.docx is infected with JS/Nemucod.AAP!tr.dldr.

info@post.ch

09.08.2016

16:36:59

80.179.6.66.static.012.net.il [80.179.6.66]

The file zahlung_09.08.docx is infected with JS/Nemucod.AAP!tr.dldr.

info@post.ch

09.08.2016

14:51:07

llamentin-656-2-209.w81-248.abo.wanadoo.fr [81.248.1.209]

The file zahlung.docx is infected with JS/Nemucod.AAP!tr.dldr.

info@post.ch

09.08.2016

16:08:59

comox.a-enterprise.ch [62.12.150.213]

The file rechnung 09_Aug.docm is infected with WM/Obfuscated.V!tr.

m12e@bluewin.ch

09.08.2016

15:46:01

zhhdzmsp-smtp14.bluewin.ch [195.186.136.32]

The file rechnung 09_Aug.docm is infected with WM/Obfuscated.V!tr.

migrol.stans@bluewin.ch

19.07.2016

14:45:56

[189.126.194.34]

The file migros_rechnung.doc is infected with WM/Agent.DWX!tr.

no-reply@migros.ch

19.07.2016

14:39:17

fysiohoevensevld.demon.nl [80.100.200.39]

The file migros_zahlung.doc is infected with WM/Agent.DWX!tr.

no-reply@migros.ch

19.07.2016

14:37:47

[181.49.220.34]

The file migros_quittung.doc is infected with WM/Agent.DWX!tr.

no-reply@migros.ch

19.07.2016

14:25:22

[181.49.220.34]

The file migros_quittung.doc is infected with WM/Agent.DWX!tr.

no-reply@migros.ch

19.07.2016

13:47:29

[181.49.220.34]

The file migros_bestellung.doc is infected with WM/Agent.DWX!tr.

no-reply@migros.ch

20.07.2016

17:30:54

mail.ofekltd.co.il [81.218.132.237]

The file paypal_rechnung.docx is infected with JS/Nemucod.C060!tr.dldr.

noreply@paypal.com

20.07.2016

16:23:30

mail.ofekltd.co.il [81.218.132.237]

The file paypal_zahlung.docx is infected with JS/Nemucod.C060!tr.dldr.

noreply@paypal.com

28.07.2016

15:58:43

ms1.webland.ch [92.43.217.101]

The file copier@asa-spitaeler.ch_20160720076718.docm is infected with WM/Agent.BJC!tr.dldr.

no-reply=23=copier@asa-spitaeler.ch

16.08.2016

15:38:36

fysiohoevensevld.demon.nl [80.100.200.39]

The file dhl_packet_16.08.2016.docx is infected with JS/Nemucod.AAP!tr.dldr.

paket@dhl.com

16.08.2016

13:14:02

[62.152.169.139]

The file dhl_packet_16_08_2016.docx is infected with JS/Nemucod.AAP!tr.dldr.

reply@dhl.com

27.07.2016

14:00:52

expertno-analit-zentr.ch.govorit.ru [89.221.61.75]

The file Paypal_Zahlung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@paypal.ch

27.07.2016

13:53:50

expertno-analit-zentr.ch.govorit.ru [89.221.61.75]

The file Paypal_Zahlung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@paypal.ch

20.07.2016

16:12:32

host81-137-222-56.in-addr.btopenworld.com [81.137.222.56]

The file paypal_rechnung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@paypal.com

20.07.2016

15:54:40

cpc87465-finc19-2-0-cust332.4-2.cable.virginm.net [82.17.37.77]

The file paypal_rechnung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@paypal.com

20.07.2016

15:20:16

cpc87465-finc19-2-0-cust332.4-2.cable.virginm.net [82.17.37.77]

The file paypal_zahlung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@paypal.com

20.07.2016

14:41:39

lmontsouris-657-1-208-29.w80-11.abo.wanadoo.fr [80.11.48.29]

The file paypal_rechnung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@paypal.com

21.07.2016

16:38:27

166.109.94.80.dynamic.monaco.mc [80.94.109.166]

The file zurich.com_rechnung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@zurich.com

21.07.2016

16:04:30

166.109.94.80.dynamic.monaco.mc [80.94.109.166]

The file zurich.com_bestellung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@zurich.com

21.07.2016

16:01:00

82-137-118-134.ip.btc-net.bg [82.137.118.134]

The file zurich.com_rechnung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@zurich.com

21.07.2016

15:58:54

host81-133-60-254.in-addr.btopenworld.com [81.133.60.254]

The file zurich.com_quittung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@zurich.com

21.07.2016

15:34:28

82-137-118-134.ip.btc-net.bg [82.137.118.134]

The file zurich.com_zahlung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@zurich.com

21.07.2016

15:08:05

166.109.94.80.dynamic.monaco.mc [80.94.109.166]

The file zurich.com_zahlung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@zurich.com

21.07.2016

14:13:25

166.109.94.80.dynamic.monaco.mc [80.94.109.166]

The file zurich.com_quittung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@zurich.com

21.07.2016

13:28:41

mail.aretilaw.com [81.4.136.98]

The file zurich.com_bestellung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@zurich.com

21.07.2016

13:16:01

mail.aretilaw.com [81.4.136.98]

The file zurich.com_quittung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@zurich.com

21.07.2016

13:04:58

166.109.94.80.dynamic.monaco.mc [80.94.109.166]

The file zurich.com_rechnung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@zurich.com

21.07.2016

13:00:48

host81-133-60-254.in-addr.btopenworld.com [81.133.60.254]

The file zurich.com_quittung.docx is infected with JS/Nemucod.C060!tr.dldr.

service@zurich.com

26.07.2016

11:36:01

lputeaux-657-1-16-200.w90-63.abo.wanadoo.fr [90.63.199.200]

The file viagogo.com_zahlung.docx is infected with JS/Nemucod.C060!tr.dldr.

ticketalerts@info.viagogo.com

20.07.2016

13:17:02

[81.28.170.24]

The file zoo.ch_quittung.docx is infected with JS/Nemucod.C060!tr.dldr.

zoo@zoo.ch

20.07.2016

12:54:45

[81.28.170.24]

The file zoo.ch_quittung.docx is infected with JS/Nemucod.C060!tr.dldr.

zoo@zoo.ch