Hello Everyone


Wanted to drop you all a note and introduce myself, I am the new Product Manager for MVM having taken over at the start of April from my good friend Brian Robison, whom many of you knew and worked with for a long time. I am very much looking forward to continuing Brian's great work with MVM and have some very exciting releases of the product planned.


I have been with McAfee just over two years and was formerly the Enterprise Solution Architect Lead for McAfee's Risk and Compliance products (including MVM) in EMEA. I currently live in the UK but am in the process of transferring to the USA, in fact have spent the past couple of weeks in California trying to find a house - which fingers crossed I have now done. All going to plan I will be in California from July this year.


As many of you know we have just released MVM 7.5 (formal announcement being posted here after I have finished this blog post) - which is packed full of exciting additions including vastly improved performance, brand new look and feel, support for ipv6 scanning, improvements to our web app assessment capability, new dashboards and a whole bunch of other features which I am sure you are going to love. Would highly recommend you update to this release as soon as possible - would love to hear your feedback.


More news on here to follow - watch out for webinar announcements where we can show you these new features, videos being posted (I know a lot of you have been missing those brown bag sessions) and more information just as soon as I can share it on what we have planned for the rest of this year - I cannot wait to let you know what we have in store.


MVM has evolved in most part due to our customers and I intend that tradition to continue - we look to you to help drive us and make sure we meet (and exceed!) your expectations! To that end I have set up an ideas forum for MVM - please do post your ideas there for what you think MVM should look like in the future. Please use that forum as an idea exchange - for formal product enhancement requests please continue to use the PER form on the support site and the Communities page. Think of the ideas forum as a gigantic virtual whiteboard to kick around ideas with your peers in the industry and us here at McAfee.


Well that's it for my first blog post, am at LAX and flight back to London is boarding shortly.


I look forward to working with you all. You can always reach me directly via email- darren_thomas@mcafee.com


Kind Regards



You can now download the March 2011 and June 2011 online seminars from the "Documents" tab here on the McAfee MVM Community.

In this month's session we have some good housekeeping items and reminders regarding supported versions and appliances.


Also we will be having a discussion on inside and outside network vulnerability scanning with your existing instances.


Register NOW!




Date and time:Thursday, June 16, 2011 1:00 pm
Pacific Daylight Time (San Francisco, GMT-07:00)
Duration:1 hour

We invite everyone to register and attend our upcoming March online webinar.




Date and time:Wednesday, March 16, 2011 11:00 am
Pacific Daylight Time (San Francisco, GMT-07:00)
Duration:1 hour

Come to our March online "Lunch and Learn" to learn about what's new with McAfee's latest release of McAfee Vulnerability Manager 7.0.2.


7.0.2 is the second release customer request release focusing on bringing highly requested features to the MVM 7.x platform.


We hope to see you there!!!!


-MVM Development Team

Come to our December online "Lunch and Learn" to learn about what's new with McAfee's latest release of McAfee Vulnerability Manager 7.0.1.


7.0.1 is a customer focused release bringing some highly requested features to the MVM 7.x platform.


Come to learn about:

  • Vulnerability Set creation and use
  • Vulnerable ports in reports
  • and Scan Controller capacity enhancements


Our guest speaker Braden Russell (Engineering Manager) will walk us through these new features.


View the recorded seminar from today:


McAfee Vulnerability Manager Brown Bag #6: What's new with MVM 7.0.1?


https://mcafeese.webex.com/mcafeese/lsr.php?AT=pb&SP=EC&rID=59483912&rKey=cfcf10 16814d8ee0

Please register and come join us at our November "Lunch and Learn" seminar: Deep dive into web application scanning!



Wednesday, November 17, 2010 12:00 pm Pacific Standard Time (GMT -8)



Web  applications have exploded to become the point of entry for hackers  wanting to do harm. Knowing how and where web applications are  vulnerable is key to sustaining goodwill and ensuring a positive  experience for those who rely on those applications. Learn tips and  techniques for effectively scanning web applications to keep them safe  and secure. Hear about best practices from other McAfee customers for  web application scanning.



Brian Robison, Senior Product Manager, McAfee, Inc.
Sven Schrecker, Software Architect, McAfee, Inc.


Register here:



We look forward to seeing you!

A common question I see is why after adding a FS850 using the Add Wizard doesn't it show up in the Enterprise Manager?

There are a few things that must take place before the FS850 will show up on the Manage Engines Page in the Enterprise Manager.

  • The Scan Engine on the FS850 must be upgraded to the same version as the Database.
  • The FS850 must be made an available scan engine.
  • The FS850 must have completed the Add Wizard process successfully at least once.

Most of the time the reason the FS850 doesn't show up in the EM is because it has not upgraded to the same version as the database resulting in a database version mismatch that can be seen in the daily log file.  Though the Add Wizard process triggers the upgrade of the FS850 by configuring the FCAgent with the FCServers IP Address it doesn't actually upgrade any components.

To better understand this let me describe what the Add Wizard process does and does not do.

What it does do:

  • Confirms Certificates
  • Allows the Change of
    • NetBIOS name
    • System Time
    • Time Zone
    • Password
  • Configure which database to connect too and validates the user name and password.
  • Configures the Windows update schedule
  • Connecting to the database for the first time will pull the FCServers IP Address information from the FMSServerSettings table.

What it does not do:

  • Upgrade any component
  • Add the FS850 as an available scan engine
  • Confirm connectivity to the FCAgent to FCServer

So if the Add Wizard doesn't upgrade any components what does?

The FCServer is the central location for managing component upgrades. The FCServer handles several other functions that are necessary for the MVM environment but we will cover that functionality in future tutorials.

So what does the FCServer have to do with the upgrade of an FS850?

  • The FCServer validates the default certificate when the FS850 first checks in and pushes out a customer specific certificate.
  • The FCServer takes the running component version information provides by the FCAgent and compares it to the ComponentVersion column in the FSUpdate table in the database. If the component version in the database is greater, an update will be pushed to the agent.

So when an FS850 is receiving the database version mismatch message it is normally because it has not been upgraded to the proper version. There are several reasons why this can happen.

Common Customer Site Specific Reasons:

  • In FCAgent is configured to use a FQDN and the FS850 can not resolve the name.
  • The FS850’s FCAgent has the wrong IP Address
  • The FCAgent can not contact the FCServer on TCP port 3801.

Some of these issues are easier to solve than others. I’ll break down each issue below.

In FCAgent is configured to use a FQDN and the FS850 can’t resolve the name.

This is pretty simple issue to address.

  • Configure the FS850 to use a DNS server if it isn’t and make sure the FQDN can be resolved.
  • You can also configure the Hosts file of the FS850 using the MWI interface.
  • You can also change the FQDN to use an IP Address using the MWI interface.

An additional step to do is if the FS850 received the FQDN during the Add Wizard process--but you want new FS850’s to receive an IP Address instead of an FQDN--you can change that by opening the FMSServerSettings table in the Faultline database.

The FS850’s FCAgent has the wrong IP Address.

This is a pretty simple issue to address.

  • In the MWI interface you can change the IP Address that the FCAgent uses to contact the FCServer.

The FCAgent can not contact the FCServer on TCP port 3801.

This issue isn't as easy to solve. We can prove that packets are not arriving at the FCServer by examining a packet capture and looking for communication from the FCAgents IP Address on TCP port 3801. What is more difficult to prove is that the FCAgent is sending packets to the FCServer. Since there is no way to gather a packet capture on the FS850 we will have to try and use a device on the same LAN as the FS850 to sniff all network traffic.

This issue gets a little more complicated if the customer is attempting to use static NATing between the FCAgent and the FCServer.  If there is an issue, and the FCAgent has the correct NATed IP Address, focus should be put on the customer’s router/firewall configuration.


Jeff Haynes

Follow us on Twitter

Posted by rrajaman Feb 24, 2010

Filter Blog

By date:
By tag: