Windows 10 corporate support, Mcafee VSE and WSUS status 05.08.2015


Windows 10, WSUS Integration

If you support Server 2012R2 and 8.1 then you have the Updates on the WSUS you will see the new Categorys straight away.

Windows 10, Mcafee VSE 8.8 with Patch 6 which should be released 26. August 2015


Product Version


Release Notes

Known Issues

Release Date

EOL Date


VSE 8.8 Patch 6 (under development)




Target July 30, 2015 for private release
Target Aug 26, 2015 for full release


Adds support for the Windows 10 platform.

NOTE: Patch 6 is currently available in managed release. To obtain the patch and participate in the managed release program, contact your Support Account Manager.


31.08.2015 And here comes Patch 6 and you already wait for release 7 (DLP 9.4 DOES Not work, Protection rules not visible)


McAfee VirusScan Enterprise (VSE) 8.8


This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article will be updated if new issues are identified post-release or if additional information becomes available. To read the Release Notes, see: PD26069

Release to World (RTW): August 26, 2015
Known Issues

  • Data Loss Prevention (DLP) customers: This release upgrades a common component used by DLP, which may cause the system to hang. Customers using DLP 9.4.0 are advised to delay installing VSE 8.8 Patch 6 until further notice. Development is in progress for updating the DLP 9.4 version to work with VSE 8.8 Patch 6. This updated release will be required prior to installing VSE 8.8 Patch 6. This article will be updated as more detail becomes available.

    To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged in to subscribe.

  • VirusScan Enterprise for Storage (VSES) customers: VSE 8.8 patches 5 and 6 are not supported for use with VSES. Do not deploy VSE 8.8 Patch 5 or 6 to nodes running VSES. Instead, Intel Security recommends you deploy VSE 8.8 Patch 4 to nodes running VSES.

CRITICAL: There are currently no critical known issues.
Reference Number Related Article Issue Description
1090227 KB85551 Issue: VirusScan threat events do not parse to the ePO database with VirusScan Enterprise Reports Extension
Workaround: Check in the Patch 5 Reporting Extension ( until an updated extension becomes available.
Status: Intel Security is investigating this issue. See the related article for workaround steps.


Reference Number Related Article Issue Description
966892 KB84913 Issue: Access Protection rules are not visible in the ePolicy Orchestrator console after checking in the Patch 5 or Patch 6 management extension.
Resolution: See the related article. This is tentatively planned to be resolved in VSE 8.8 Patch 7, which is not currently available.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged in to subscribe.
1074199 n/a Issue: Environments using Lotus Notes mail, with the Lotus Notes mail scanner feature enabled, encounter Access Protection violations after installing Patch 6.
Resolution: Add the Lotus Notes process (NLNOTES.EXE) to the Processes to Exclude list for the Access Protection rule that is being violated (for example, Common Standard Protection:Prevent modification of McAfee files and settings).
n/a n/a Issue: Detection count is inconsistent with detections displayed in the On-Demand Scan (ODS) progress window.
Resolution: The product is functioning as designed.

If you require a change to this functionality in a future version of the product, you can submit a Product Enhancement Request (PER) by logging in at:

To register as a new user, click McAfee Customers Register Here at the top of the page. For additional information, see KB60021.
1065335 KB84084 Issue: Modification to the Artemis FQDN field for the Network Heuristic Check feature requires a reboot on the client before the change takes effect.
Resolution: Restart the McShield service or reboot the system.
1077854 n/a Issue: Outlook closes unexpectedly (crashes) when sending mail after installing VSE 8.8 Patch 6 on systems with DLP 9.4.0 (RTW).
Resolution: Upgrade to DLP 9.4 Patch 1 (expected Q4 2015 release date) or later.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged in to subscribe.
n/a = not available

Mcafee GETSUSP (Stinger V2) free Virus Scan / HIPS

Bei Virenbefall würde ich auf einzelnen Clients ab sofort das Tool mcafee GETSUSP laufen lassen. Dies zusätzlich zum VSE.

  1. GETSUSP Macht Scan auf GTI-basis (Cloud DB von Mcafee Online) (Manuell kann man auch Binaries uploaden um diese zu analysieren)
  2. Aktiviert (Nicht installiert) eine HIPS (IPS) Firewall welche den Netzwerk traffic überwacht wenn das Tool läuft (Scan Echtzeit Viren und Botnet traffic)
  3. Das Netzwerk HIPS Tool gibt es auch kostenlos fuer das TRAY (RAPTOR) (Dieses kann man einmal starten und ggf. nach dem Reboot aktivieren [Autostart]). Nach Säuberung von clients dieses Tool einige Tage drauf lassen.


Nachteile: Client muss online sein da P2P/GTI/Cloud check der files.

Vorteil: Es gibt eine EPO Version.


Hier kann man Binaries/Files auch online checken:


Mcafee Raptor (Kostenlose HIPS Firewall)


Mcafee GETSUPS (Stinger V2.0)


Upload Files to check online:



HTML Report:

 Sample Found RADMIN Remote Control Software (False). This was catched on FULL SCAN with mcafee

and not based on HIPS Activity. We had the tools running on two clients and it did not show up any further info

during work. Only thing we heard that LYNCS client is unable to check Status while raptor is active.


Other Links to such Tools: 

Please also try Microsoft Safety Scanner and Norton Power Eraser:


VMWARE / VDI malware Protection Symantec, Trend and Mcafee

Symantec Endpoint Protection still has no Agentless Virus scan version like Trend or Mcafee with Move. Those use VSHIELD API from VMware and need no direct Software running in the VM. (

BUT test have shown that even with the Agent in the VM/VDI Symantec SEP 12.X is faster in daily tracking, stable status, scanning but only slow if the machine does Virus pattern updates once a day.

Keep in mind that most virus producers only update the main definitions once a day (mcafee 17:00 CET) and the rest is GTI/0-day releases on all three.

So even with the Agent in VDI machines you over the thumb get more or even performance.

Also keep in mind that Virus API like the one from Microsoft has been sources for a lot of trouble, false events and fights the last few years. You can decide if you want that between:

  1. your antivirus producer and MS


  2. Between your antivirus producer and VMWARE

To mention on that part would be a solution with Hypervisor which mixes up things again.

The problem in general may be not so actual since Netapp and all the new companies who come out with Flash/SSD Storage try to solve it on the other side.

Gartner Magic Quadrant

Mentioned products in terms of VM in those articles:


McAfee's Management for Optimized Virtual Environments (MOVE) has offered optimized anti-malware scanning in virtualized environments for two years, and now MOVE 2.5 offers agentless anti-malware scanning in VMware environments using native vShield API integration.


Symantec does not yet offer an "agentless" version for optimizing anti-malware scanning in virtualized environments (although its shared Insight cache feature can be used to improve performance).

2012 Symantec SEP 12.1 and Mcafee MOVE under VMware 5.X

2012 Symantec SEP 12.1 and Trend

Back in 2011 Trend was faster

2011 Symantec SEP 11, Trend and Mcafee


Massive Spam Reply wave in Switzerland 08.08.2013 – Federal E-Mail domain involved

Subject Range: RE: [#SMV-xxxxxxxxxxxxxxxxxxxx]: Transfer - Ueberweisung


Since today 08.08.2013 starting around 17:10 O'clock CET we see a large amount of "Reply – Delete me also" spam running through all kind devices and also large enterprise

Spam filters. We even have a reply from Swiss federal E-Mail domain which hosts all or most E-Mail accounts of Swiss federal employee. We also see large

Amount of Reply Switzerland's university's and college's which most of them are experts in SPAM defense and have developed Grey Listening modules which commercial spam filters use.

That's means that this E-mail drops though all very expensive commercial and Linux mail filters currently.


Most of those people have/had the E-Mail already opened and some of them already replied WHICH then makes another wave of spam. It's to date unclear If the E-Mail contains a 0-day

Exploit. Mcfaee VSE 8.8 SP2, SEP Corporate Edition client side with actual Defintions, CLAM-AV and Group shield with actual Defintions did not show any malware at 22:00 CET European time.

  1. Do NOT reply to the E-Mail (You will generate another wave with thousands of E-Mail)
  2. And yes above link is also involved in the SPAM wave itself, so reporting to them and telling them to "teach their employee HOW to use E-mail nefore handing out a client or mobile"


Two vulnerabilities in McAfee ePolicy Orchestrator May 2013

Two vulnerabilities in McAfee ePolicy Orchestrator (ePO) have been discovered and resolved.


Affected Product Versions

·         ePO 4.5 (RTW) to ePO 4.5.6

·         ePO 4.6 (RTW) to ePO 4.6.5


Protected Versions

These products are NOT affected:

·         ePO 4.5.7 (or later)

·         ePO 4.6.6 (or later)

·         ePO 5.0 (or later)



·         VESVM-2013-001 (CVSS: 6.2; Severity: High) is a server-side pre-authenticated SQL Injection within the Agent-Handler component (Agent-Server communication channel) that, if exploited, can lead to remote code execution (RCE).

·         VESVM-2013-002 (CVSS: 3.4; Severity: Low) is a server-side pre-authenticated directory path traversal within a file upload process that, if exploited, can lead to an arbitrary file upload under the ePO installation folder.



McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes.


For full instructions and information, see McAfee KnowledgeBase article SB10042, McAfee Security Bulletin - ePO update fixes two vulnerabilities reported by Verizon (