From what I have been able to find out McAfee is not vulnerable to this bug
It's not that simple. The servers used for this Community site are not affected, but some McAfee products may need a patch or HotFix.
There are questions and some answers in the Business section. Keep an eye on the following threads there :
- see especially "Correct AnswerRe: OpenSSL CVE-2014-0160"
I talked to the support manager and there will be an official response in form of a SNS (support notification service). I encourage every customer to subscribe, as important official information is provided through this channel. You can find more details on
Please look out for the SNS which will contain all necessary information. I am not allowed to give any kind of official response, so please follow the notification. In case questions remain I still recommend to file an SR with support to have some official response and updates.
It's a server-side problem so I don't know what effect if any it will have on Mcafee's Consumer products.Message was edited by: Hayton on 08/04/14 23:06:31 IST
some versions of ePo look vulnerable from this kb article for an older issue:
The current release of ePO 4.6.6 and 5.0 include OpenSSL version 1.0.1e and are not affected. ePO 4.5.7 (slated for mid-May release) will also have this updated OpenSSL version.
It would appear that epo version 4.6.6 and 5.0, using OpenSSL version 1.0.1e, are VULNERABLE.
Check your OpenSSL version: C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Apache2\OPENSSL-README.txt
The heartbleed bug was introduced in OpenSSL 1.0.1 and is present in
The bug is not present in 1.0.1g, nor is it present in the 1.0.0 branch nor the 0.9.8 branch of OpenSSL some sources report 1.0.2-beta is also affected by this bug at the time of writing, however it is a beta product and I would really recommend not to use beta quality releases for something as fundamentally important as OpenSSL in production.
There are some testing tools available to check a site for vulnerabilities. The one I have been using is http://filippo.io/Heartbleed/
I have signed up for the alerts 3 times for textr messages. I even went through support to assist me last time and every time i get the text message, and i reply back as requested and yet I never get these alerts via text message. Just my email