McAfee MOVE AntiVirus 4.5

Version 8

    What is MOVE AntiVirus ?

     

    Management for Optimized Virtual Environments (MOVE) AntiVirus is optimized for protecting virtual environments such as Virtual Machines running virtualization (hypervisor) software like VMware ESX, Citrix Xen Server or Microsoft HyperV. It removes the need to install an anti-virus application on every virtual machine (VM) by offloading all scanning to a dedicated security virtual machine (SVM) so that customers get the protection they need without sacrificing performance.  McAfee MOVE AntiVirus supports agentless deployment for VMware NSX and VMware vCNS and multi-platform deployment for all major hypervisors.

     

    New Features in MOVE AntiVirus 4.5

     

    This new release is focused on helping customers achieve the following outcomes for their private cloud deployments:

    • Faster threat detection and correction
    • Better coordinated threat defense across security solutions
    • More efficient resource utilization
    • Streamlined management of agentless and multi-platform deployments
    • Increased scanning precision and control

     

     

    The software includes two deployment options, “Multi-Platform” and “Agentless”. Both options provide consistent protection and are managed and reported on by McAfee ePO. For an explanation of the differences, see the customer documentation such as the Release Notes.

     

     

    Multi-Platform New Features

    New Windows Platform Support

    This release supports Windows Server 2016 (64-bit) for McAfee MOVE AntiVirus SVM and client

    systems.

     

    Support for SHA-256 for TIE integration

    This release supports both SHA-1 and SHA-256 lookup for McAfee® Threat Intelligence Exchange (TIE) reputation request and change event with McAfee MOVE AntiVirus. You can import TIE reputations XML file or a single file reputation by selecting Menu | Systems | TIE Reputations | File overrides | Actions | Import Reputations, so that global and local caches are updated with SHA-256 reputation for the respective file.

     

    Support for Threat Intelligence Exchange 2.0

    This release supports TIE 2.0.0 integration for quickly analysing files and content from the McAfee MOVE AntiVirus SVM in your environment and taking informed security decisions. TIE provides context-aware adaptive security for your virtual environment.

     

    Support for Advanced Threat Defense 3.8.0 and Virtual Advanced Threat Defense 3.10

    This release supports Advanced Threat Defense 3.8.0 and Virtual Advanced Threat Defense 3.10 for a multi-layered solution that involves various techniques to scan and detect the malware.

     

    Upgraded operating system for SVM Manager

    The operating system for SVM Manager is upgraded to Ubuntu 16.04 in this release. Before installing McAfee MOVE AntiVirus 4.5.0 or upgrading an existing version of McAfee MOVE

    AntiVirus, you must create the SVM Manager appliance (virtual machine) by deploying the SVM Manager OVF package and configuring a VM network for communication with the SVM Manager.

     

    Transport Driver Interface (TDI) driver to Winsock Kernel migration

    In this release, TDI driver is ported to Winsock Kernel.

     

    McAfee MOVE AntiVirus integration with Cloud Workload Discovery for remediation

    The remediation functionality in Cloud Workload Discovery 4.5.0 is used to secure instances in your network by installing McAfee MOVE AntiVirus (Multi-Platform) and correcting your firewall settings. After visualizing your cloud account structure, and seeing which systems are at risk, you can activate any missing protection with just few clicks. For details about remediation, see the product documentation for Cloud Workload Discovery.

     

     

     

    Agentless New Features

    Targeted On-Demand Scan

    Optimizes file scanning for files where the previous scanning is timed out for reasons such as large file size, file structure, and file composition. You can configure and schedule your targeted on-demand scan using McAfee ePO. For details, see the McAfee MOVE AntiVirus 4.5.0 Product Guide.

     

    Upgraded operating system for McAfee MOVE AntiVirus SVM

    The operating system for McAfee MOVE AntiVirus SVM is upgraded to Ubuntu 16.04 in this release.

     

    User and kernel space updates

    In this release, both user and kernel space updates are enabled by default.

     

     

    “Multi-Platform” deployment option

    • Integration with TIE and ATD
      • Provides multi-layered protection, including local reputation intelligence, sandbox testing and automatic immunization when malware is detected.
      • Historically, MOVE took advantage of McAfee Global Threat Intelligence (GTI), an exclusive technology based on real-time information from millions of sensors worldwide, which provides threat intelligence. However, threat information is even more valuable when complemented with local data, and users can now also leverage McAfee Threat Intelligence Exchange (TIE), a separate module sold separately, for local intelligence.  Along with TIE, McAfee Advanced Threat Defense (ATD) can also be used to analyze the behavior of unknown applications in a sandbox. All virtual endpoints can therefore be automatically immunized from newly detected malware.
    • Integration with NSP Virtual IPS
      • Results in unified perimeter and virtual machine protection to protect from threats whether they emerge from the endpoint or in the network
    • SVM Auto-scaling
      • Automatically adds or removes SVMs as demand fluctuates
    • Unification of MOVE Anti-Virus policies
      • The new, single, combined ePO extension enables administrators to configure security policies for agentless and multi-platform deployments from a single, centralized console / GUI (in ePO).
    • Separation of Scan Policies
      • MOVE AntiVirus 4.5 supports both On-Demand Scan and On-Access Scan and they are available as separate policies under “MOVE AntiVirus 4.5”
    • Migration Assistant

     

    “Agentless” deployment option

    • Unification of MOVE AntiVirus policies
    • Separation of Scan Policies
    • Migration Assistant
    • Scanning files on network drives

     

    Additional Information about MOVE AntiVirus 4.5

     

    Unified Product: Historically, MOVE was made available to customers as two separate packages (MOVE AntiVirus (Multi-Platform) & MOVE AntiVirus (Agentless)). Due to the Unified policy in 4.5 and the new, single combined ePO extension, MOVE 4.5 is available as a smaller set of packages.

     

    GUI Changes: Because of all the new features and enhancements, the MOVE 4.5 GUI’s in ePO have changed significantly from MOVE 3.x.

     

    Upgrade Support: MOVE AntiVirus (including the Migration Assistant) supports upgrade from MOVE 2.6.2 (Multi-Platform), 3.5.1 (both Multi-Platform and Agentless) and 3.6.1 (both Multi-Platform and Agentless). Because of the unification of Multi-Platform and Agentless policies and the separation of scan policies, MOVE 2.6.2 and 3.x customers need to carefully plan and do Agentless and Multi-Platform policy and client task migration as part of the upgrade process. To help customers do this, there is an ePO extension available that will install the MOVE AntiVirus Migration Assistant and a Migration Guide which explains the correct process.

     

    MOVE 2.6.2 Customers Should Upgrade: There is a significant proportion of MOVE customers still using MOVE 2.6.2, which was End Of Life (EOL) on April 1, 2016. These customers need to migrate/upgrade to MOVE 4.5, using the Migration Assistant and Migration Guide mentioned above.

     

    MOVE Scheduler: There is no new version of MOVE Scheduler. The latest version of MOVE Scheduler continues to be 2.5.2 but that functionality is now available in MOVE 4.5.

     

    McAfee Agentless Firewall (McAfee MOVE Firewall): There is no new version of McAfee Agentless Firewall (McAfee MOVE Firewall). The latest version of MOVE Firewall continues to be 3.5.

     

     

    End Of Life (EOL) Dates for Previous Versions of MOVE

     

    EOL Dates can be seen via the main Intel Security Product & Technology Support Lifecycle (EOL Information page)

    • MOVE AV 2.6.x & MOVE 3.0 – April 1, 2016
    • MOVE 3.5 – October 31, 2016
    • MOVE 3.6 – June 30, 2017
    • MOVE Scheduler – August 8, 2017
    • VirusScan Enterprise for Offline Virtual Images (OVI) 2.x – July 31, 2015

     

     

    Download Location, Localization & Documentation

     

    The product packages and documentation are available now from Intel Downloads behind appropriate grant numbers such as “McAfee MOVE AV for Virtual Desktops”, “McAfee MOVE AV for Virtual Servers” and McAfee Server Security Suites (multiple download locations).

     

    The product packages and documentation are also available via the McAfee ePO Software Manager from the ePO Console.

     

    Localization – MOVE AntiVirus 4.5 and documentation is available in English only.

     

     

    Documentation

     

    PD26804 - Management for Optimized Virtual Environments AntiVirus 4.5 Release Notes

    PD26805 - Management for Optimized Virtual Environments AntiVirus 4.5 Product

    PD26806 - Management for Optimized Virtual Environments AntiVirus 4.5 Installation Guide

    PD26807 - Management for Optimized Virtual Environments AntiVirus 4.5 Guide Migration Guide

     

    Additional Resources

     

    KB87402 - MOVE AntiVirus Agentless 4.x Known Issues

    KB87401 - MOVE AntiVirus Multi-Platform 4.x Known Issues

    KB83964 - FAQs for Managed Optimized Virtual Environments (MOVE)

    KB74865 - Supported Platforms, Environments, and Operating Systems for MOVE