December 15th  2015


Announcing the availability of McAfee Management of Native Encryption (MNE) 4.0.0 for Apple FileVault and Microsoft BitLocker management via ePolicy Orchestrator (ePO).

Available now, McAfee announces the release of Management of Native Encryption (MNE) 4.0.0. This release contains several important new product enhancements and defect fixes. Details of the new enhancements in this release are listed in the section below.

 

MNE is the primary solution for Mac OS X and replaces McAfee “EEMac” that is EOL December 31, 2014, please refer to End of Life and End of Sale for Endpoint Encryption for Mac 7.0 KB79877



Please refer to the following articles for suitability in your environment:

New Enhancements in this Release:


Server Network Unlock

Servers are a high profile asset that are commonly targeted for breaching attacks. Leveraging MNE Server Support, Network Unlock enables the ability to automatically unlock data volumes on network servers based on predefined access control via McAfee ePO system tree groups.The data volumes on the target servers are protected by encryption keys which are held by McAfee ePO server and released to endpoints on request according to workflows that the Administrator can define.Audit reports via McAfee ePO will help the Administrator to review the state of volume access control within the server estate.


Additional BitLocker Policy Options via MNE policy

In this release MNE 4.0 exposes additional BitLocker policy options to simplify basic BitLocker policy configuration. These settings are included under advanced settings, and defaulted appropriately for customers who do not wish to concern themselves with them.


  • Deny write access to fixed drives not protected by BitLocker
  • Prevent memory overwrite on restart
  • Configure use of hardware-based encryption
  • Encrypt only used space (Enforce drive encryption type)
  • Reset platform validation data after BitLocker recovery


MNE Control Panel Applet

Credential management is the key to maintaining an effective security posture and usability within a managed estate. MNE 4.0 adds the ability for end users to change the BitLocker password or PIN using a dedicated MNE user-interface, accessed through the control panel, allowing the administrator to disable the BitLocker control panel through GPO settings on the domain server.Disabling the BitLocker control panel removes the ability for the end user to disable BitLocker protection, manage TPM and the saving or printing of the recovery password that may fall outside of a company's security best practices.


End User Postpone Activation

Sometimes it is not convenient for a product to be installed or updated in busy periods or perhaps during a customer meeting, and allowing the flexibility to defer this action can improve user experience during a deployment phase.This new feature provides the means to postpone activation until a predefined later timeframe when a reminder will be sent again so that the activation task can be completed.


Find System by Username (Including WebAPI)

Administrators are now able to locate systems based upon the username of a user who is logged against those systems. Note that on BitLocker, this will include all users who have previously logged into Windows, whereas on FileVault it's all users that have preboot login capability.This new feature is particularly useful in the scenario when the owner of a system calls in and reports their system lost or stolen or does not have the system details to hand.


Define and Report on Security Posture (Mac OS X)

Many organizations implement a companywide Endpoint security posture based on criteria around regulatory compliance. This can entail adherence to laws, regulations, guidelines and specifications relevant to its line of business.MNE 4.0 extends the Security Posture reporting to the Mac platform, enabling Security Officers to independently define the Company Security Posture, and then run reports on systems that meet or fall short of such criteria. Areas such as FileVault encryption status, FIPS compliance and encryption algorithms can form part of such reports.


Management of Native Encryption 4.0.0 (MNE 4.0.0) is available in the following languages:

  • ePO Extensions (MNEAdmin, DPSSP): English, Japanese, French, Spanish, German
  • Mac OS X Client: English, Japanese, French, Spanish, German, Korean, Chinese-Simplified, Chinese-Traditional
  • Windows Client: English, Japanese, French, Spanish, German, Korean, Chinese-Simplified, Chinese-Traditional, Italian, Portuguese Brazilian, Czech, Danish, Dutch, Finnish, Greek, Hungarian, Norwegian, Polish, Portuguese, Russian, Slovak, Slovenian, Swedish, and Turkish.


Useful links:


For more information:

  • Supported Platforms, Environments, and Operating Systems for Management of Native Encryption: KB79375
  • Support for Windows To Go: KB82249
  • Management of Native Encryption 4.0 Known Issues: KB84167


Availability:

The product is now available for customers from McAfee Product Downloads with a valid grant number.

 

Many thanks to everyone who participated in this release and made it possible.

 

If you have any questions, please feel free to reach out to:

Stuart Bayliss (Group Product Manager)

Patrick Correia (Senior Product Marketing Manager)

 

Best Regards,


McAfee Management of Native Encryption Team