Windows 10 corporate support, Mcafee VSE and WSUS status 05.08.2015

by butsch 5. August 2015 03:38

 

Windows 10, WSUS Integration

If you support Server 2012R2 and 8.1 then you have the Updates on the WSUS you will see the new Categorys straight away.

Windows 10, Mcafee VSE 8.8 with Patch 6 which should be released 26. August 2015

https://kc.mcafee.com/corporate/index?page=content&id=KB51111

https://community.mcafee.com/community/business/blog/2015/08/02/windows-10-support-updates

 

Product Version

Product
Build

Release Notes

Known Issues

Release Date

EOL Date

Comments

VSE 8.8 Patch 6 (under development)

TBD

TBD

TBD

Target July 30, 2015 for private release
Target Aug 26, 2015 for full release

n/a

Adds support for the Windows 10 platform.

NOTE: Patch 6 is currently available in managed release. To obtain the patch and participate in the managed release program, contact your Support Account Manager.

 

31.08.2015 And here comes Patch 6 and you already wait for release 7 (DLP 9.4 DOES Not work, Protection rules not visible)

 

McAfee VirusScan Enterprise (VSE) 8.8

Summary

This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article will be updated if new issues are identified post-release or if additional information becomes available. To read the Release Notes, see: PD26069

Release to World (RTW): August 26, 2015
 
Known Issues

IMPORTANT NOTES: 
  • Data Loss Prevention (DLP) customers: This release upgrades a common component used by DLP, which may cause the system to hang. Customers using DLP 9.4.0 are advised to delay installing VSE 8.8 Patch 6 until further notice. Development is in progress for updating the DLP 9.4 version to work with VSE 8.8 Patch 6. This updated release will be required prior to installing VSE 8.8 Patch 6. This article will be updated as more detail becomes available.

    To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged in to subscribe.

     
  • VirusScan Enterprise for Storage (VSES) customers: VSE 8.8 patches 5 and 6 are not supported for use with VSES. Do not deploy VSE 8.8 Patch 5 or 6 to nodes running VSES. Instead, Intel Security recommends you deploy VSE 8.8 Patch 4 to nodes running VSES.

CRITICAL: There are currently no critical known issues.
Reference Number Related Article Issue Description
1090227 KB85551 Issue: VirusScan threat events do not parse to the ePO database with VirusScan Enterprise Reports Extension 1.2.0.263.
Workaround: Check in the Patch 5 Reporting Extension (1.2.0.250) until an updated extension becomes available.
Status: Intel Security is investigating this issue. See the related article for workaround steps.


Non-critical:

Reference Number Related Article Issue Description
966892 KB84913 Issue: Access Protection rules are not visible in the ePolicy Orchestrator console after checking in the Patch 5 or Patch 6 management extension.
Resolution: See the related article. This is tentatively planned to be resolved in VSE 8.8 Patch 7, which is not currently available.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged in to subscribe.
1074199 n/a Issue: Environments using Lotus Notes mail, with the Lotus Notes mail scanner feature enabled, encounter Access Protection violations after installing Patch 6.
Resolution: Add the Lotus Notes process (NLNOTES.EXE) to the Processes to Exclude list for the Access Protection rule that is being violated (for example, Common Standard Protection:Prevent modification of McAfee files and settings).
n/a n/a Issue: Detection count is inconsistent with detections displayed in the On-Demand Scan (ODS) progress window.
Resolution: The product is functioning as designed.

If you require a change to this functionality in a future version of the product, you can submit a Product Enhancement Request (PER) by logging in at: https://mcafee.acceptondemand.com/.

To register as a new user, click McAfee Customers Register Here at the top of the page. For additional information, see KB60021.
1065335 KB84084 Issue: Modification to the Artemis FQDN field for the Network Heuristic Check feature requires a reboot on the client before the change takes effect.
Resolution: Restart the McShield service or reboot the system.
1077854 n/a Issue: Outlook closes unexpectedly (crashes) when sending mail after installing VSE 8.8 Patch 6 on systems with DLP 9.4.0 (RTW).
Resolution: Upgrade to DLP 9.4 Patch 1 (expected Q4 2015 release date) or later.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged in to subscribe.
n/a = not available

Tags:

Client Management | Hotfixes / Updates | Mcafee VSE, EPO, DLP | WSUS

W7, 64BIT, WMI Hotfixes do date post SP1

by butsch 29. July 2015 06:30

 

WMI Hotfixes to date 29.07.2015

During IE11 projects we have seen problems with some WMI and WUSA.EXE KB installations. It sometimes seems that the WMI provider

who offers that info hangs or is out of date. Even with some command to refresh it0s stuck. This is a list of Hotfixes we found in that direction

For Existing Windows 7 64BIT Deployments with SP1.

 

IE11patch Infos:

http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx

 

YES = Installs on W7 SP1 64BIT with all Updates from WSUS do date 29.07.2015

NO = Does not install on same system

 

001 (YES)

https://support.microsoft.com/en-us/kb/2705357

2705357

Windows6.1-KB2705357-v2-x64.msu

 

002 (YES)

http://support.microsoft.com/kb/2692929

2692929

Windows6.1-KB2692929-x64.msu

 

003 (YES but choose 2617858)

Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7

http://support.microsoft.com/kb/2465990

2465990 > SUPERSEEDED > Replaced by > 2617858 (https://support.microsoft.com/en-us/kb/2617858)

2465990 > Windows6.1-KB2465990-v3-x64.msu (Older)

2617858 > Windows6.1-KB2617858-x64.msu (Newer, Superseeds the old one)

 

004 (YES)

https://support.microsoft.com/en-us/kb/2492536

2492536

Windows6.1-KB2492536-x64.msu

 

005 (NO)

https://support.microsoft.com/en-us/kb/982293

982293

Windows6.1-KB982293-x64.msu

 

 

 

Tags:

Client Management | Deployment | Hotfixes / Updates | Scripting | WMI | WSUS

Internet Explorer 10 / 11 IE Warnung, GPO, Gruppenrichtlinien, Group Policy

by butsch 26. May 2015 23:35

Internet Explorer 10 / 11 IE Warnung, GPO, Gruppenrichtlinien, Group Policy

Error or PUP UP in IE10/IE11

Deutsch:

Sie sind im Begriff, sich Seiten über eine sichere Verbindung anzeigen zu lassen. Keine Information, die Sie mit dieser Seite austauschen, kann von anderen Personen im Web gesehen werden.

English:

You are about to view pages over a secure connection.

https://social.technet.microsoft.com/Forums/en-US/65e8f915-6300-4367-8aa5-626539a62240/disable-ie-10-11-security-alert-popup-w-group-policy?forum=winserverGP

 

This seems not be possible with GPO or within an ADM/X from MS. You need to deploy a HKCU key.

Change this key from 1 > 0 per USER (HKCU)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

WarnOnIntranet

REG_DWORD

0

WarnonZoneCrossing

REG_DWORD

0

0 = ZERO = DO NOT SHOW WARNING

 

Integrate that into a GPO

 

 

 

Make sure you have a WMI filter so you only catch IE11 on clients:

 

See our Blog for infos on how to do that

 

 

 

 

 

Tags:

Client Management | Deployment | Hotfixes / Updates

Mcafee GETSUSP (Stinger V2) free Virus Scan / HIPS

by butsch 27. April 2015 01:13

http://www.mcafee.com/us/downloads/free-tools/getsusp.aspx

http://www.mcafee.com/us/downloads/free-tools/index.aspx

http://www.mcafee.com/uk/downloads/free-tools/how-to-use-getsusp.aspx

Bei Virenbefall würde ich auf einzelnen Clients ab sofort das Tool mcafee GETSUSP laufen lassen. Dies zusätzlich zum VSE.

  1. GETSUSP Macht Scan auf GTI-basis (Cloud DB von Mcafee Online) (Manuell kann man auch Binaries uploaden um diese zu analysieren)
  2. Aktiviert (Nicht installiert) eine HIPS (IPS) Firewall welche den Netzwerk traffic überwacht wenn das Tool läuft (Scan Echtzeit Viren und Botnet traffic)
  3. Das Netzwerk HIPS Tool gibt es auch kostenlos fuer das TRAY (RAPTOR) (Dieses kann man einmal starten und ggf. nach dem Reboot aktivieren [Autostart]). Nach Säuberung von clients dieses Tool einige Tage drauf lassen.

 

Nachteile: Client muss online sein da P2P/GTI/Cloud check der files.

Vorteil: Es gibt eine EPO Version.

 

Hier kann man Binaries/Files auch online checken:

www.virustotal.com

https://www.hybrid-analysis.com

 

Mcafee Raptor (Kostenlose HIPS Firewall)

 

Mcafee GETSUPS (Stinger V2.0)

 

Upload Files to check online:

 

 

HTML Report:

 Sample Found RADMIN Remote Control Software (False). This was catched on FULL SCAN with mcafee

and not based on HIPS Activity. We had the tools running on two clients and it did not show up any further info

during work. Only thing we heard that LYNCS client is unable to check Status while raptor is active.

 

Other Links to such Tools: 

Please also try Microsoft Safety Scanner and Norton Power Eraser:

http://www.microsoft.com/security/scanner/en-hk/default.aspx

 

Tags:

Client Management | Mcafee VSE, EPO, DLP

Internet Explorer 9/11 GPO old IE9 not visible / WMI checks

by butsch 17. March 2015 22:31

 

Problem 1, Internet Explorer Maintenance Tab not visible

 

E: Internet Explorer Maintenance Tab not visible

D: Internet Explorer Wartung nicht sichtbar (Fehlende Einstellungen der Internet Explorer-Wartung für Internet Explorer 11) (IEM-Einstellungen)

 

During an Internet Explorer 11 Migration you discover that you can see your old IE8/9 settings which you made under Internet Explorer Maintenance Tab but you can't adapt or change them.

PROXY, Favorites, Quicklinks etc.

 

Solution:

You can only modify the OLD IE7/8/9 setting on a DC or ADMIN PC where IE10/11 is NOT installed and you have the GPO management console. So during migration you need two GPO machines

  1. One for the NEW GPO with IE10/11 and RSAT Remote Administration Tools (Or Domain Controller)
  2. One for the OLD GPO with IE8/9 and RSAT Remote Administration Tools

 

TO install the RSAT GPO management console a Windows 7 Admin PC:

  1. Search and download: Windows6.1-KB958830-x64-RefreshPkg.msu (http://www.microsoft.com/de-de/download/details.aspx?id=7887) [Remoteserver-Verwaltungstools für Windows 7 mit Service Pack 1 (SP1)]
  2. Over Software / Add Windows Features install GPO Console

 

 

Now on the GPO machine you can open an edit the old parts from IE7/8/9

Problem 2, WMI Filter because you have two GPO (IE9/11)

 

Because you PC's with IE9 and IE11 as example you may have to separate the GPO.

This is best done with WMI-Filters or Active Directory user groups:

Here is how to check in WMIExplorer.

SELECT path,filename,extension,version FROM CIM_DataFile WHERE path="\\Program Files\\Internet Explorer\\" AND filename="iexplore" AND extension="exe" AND version like "9.%"

Checks if client has IE9

SELECT path,filename,extension,version FROM CIM_DataFile WHERE path="\\Program Files\\Internet Explorer\\" AND filename="iexplore" AND extension="exe" AND version like "11.%"

Checks if client has IE11

 

 

Please also see our post from MSDN Social and Blog:

http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx

 

MSDN:

Fehlende Einstellungen der Internet Explorer-Wartung für Internet Explorer 11

https://msdn.microsoft.com/de-de/library/dn338129.aspx

Microsoft HAS made a list what goes where this FROM IE9 to (IEAK or/AND NEW SETTINGS). Most can be done with a clean and good IEAK setup.

https://technet.microsoft.com/de-de/library/jj890998.aspx (Where goes what)

Below is for people or team WHO don't know how to use IEAK (Please be carefull if you don't NEED to change Favorites or PROXY every month)

there is NO need to do the Regsitry HKCU things metioned. This can setup in IEAK 11 setup and then the regular GPO things.

 

https://thommck.wordpress.com/2013/11/08/the-new-way-to-configure-internet-explorer-proxy-settings-with-group-policy/

http://www.alexheer.co.uk/it-blog/configuring-ie11-settings-via-group-policy

http://blogs.msdn.com/b/asiatech/archive/2014/05/12/how-to-apply-the-content-of-ie-settings-in-gpo-which-used-iem-ie-maintenance-before-ie10-to-ie10-version-since-iem-has-been-deprecated-begin-from-ie10.aspx

 http://www.windowspro.de/wolfgang-sommergut/zentrale-ie-konfiguration-internet-explorer-wartung-vs-gpo-vs-ieak

http://blogs.msdn.com/b/asiatech/archive/2014/12/16/how-to-apply-favorites-amp-links-to-ie10-ie11-in-gpo-without-iem.aspx

 

 

Tags:

Client Management | Deployment | Hotfixes / Updates | WSUS