You mean like the Mcafee security blog? Not a lot of answers there either. But a great idea for 100k Mcafee admins worldwide to call the support number for answers.
Its just very few of ur posts have been informative..we need answers and not mcafee apologists asuring us all is well....I work for the DOD..my customer wants clear answers..Mcafees driblets of information were certainly incomplete and often misleading....do u disagree...do u think their security blog entry is chock full o' facts? Do u think Mcafees response was timely when compared with Symantec? I wouldooove to see ur defense.
I realise that and I am merely a user (consumer side though) like you so our purpose is merely to point people to where the info may be. As far as we have been told the patch has been issued but I agree the wording attached to it is vague. The portal would know best and if you can't find that info there, then I apologise but nothing I can do about that.
I did ask someone to lend a hand here.....and am hoping they do.
We are TESTING the out-of-band emergency update Microsoft release today.
Communication is key. The SNS on 4/29 said nothing about the 7423 DAT ONLY working with CLS and Stinger. After making a big stink, assuring my customers they were protected (see my previous message w/ SS) until MS released a patch (whenever), spending hours of my time and theirs and my reputation....
Now the SNS released TODAY 5/1 says - "...7423...provide coverage for perimeter/gateway product and the csl. Full detection capabilities across all products will be released in the 7428 DAT..."
Someone messed up and is not admitting it. Poor communication!
Point Gun 2 Head
After checking and removing all bullets
Read all instructions 1st then Follow
Its not Rocket Surgery....I've been doin this crap for 30 years....and yeah people make mistakes but come on....either its covered or its not.
epository - please calm down a bit and absolutely, don't slap the voulenteer moderators - this is NOT McAfee Support, in fact, with few exceptions McAfee people steer clear of this forum because its for customers, by customers - we don't control it, and in fact almost all moderation (in fact it might indeed be all) is handled by non-employees like Ex_Brit.
If you want formal, timely support, walk over to your RSAM, call your Platinum support engineer, or log a ticket with Gold Support - they will follow the SLA process your company has singed up to and get you the information you need.
If you want the advice and opinion of your fellow users, post here.
Looking at MTIS 67,68,69, HIPS users had zero day coverage thanks to BOP protection, and as others have said DATs will be released on May 4th which will identify specific use of this exploit - as it's not coverage for a piece of malware, there is a LOT more testing which needs to be done to ensure we don't blow your machines up by falsing.
Reading between the lines (and I could be wrong because) it would seem Symantec had to release a sig to get any protection, whereas McAfee HIPS was already protecting people? If that's true of course, all your angst was about communcation over something you were already protected from (If you use HIPS of course).
So far this looks like just another buffer overflow attack which HIPS has always given zero day coverage for.Message was edited by: SafeBoot on 5/1/14 8:11:39 PM EDT
Thank you for your concern for my angst, however, I was getting called into meetings all day Monday fielding questions as to what protection EPO was going to be able to provide.
At that time, McAfee hadn't even acknowleged the threat....should I have told my customer to just "trust Mcafee" that HIPS is "expected" to catch it? Do you think their response was timely and thorough and well-disseminated?
Now, as to your assertions that HIPS had everything under control...the Security Blog states that it is "EXPECTED" to catch it....it doesnt even give the signature number.
And yes, I like to crowdsource my information hence using this forum...because if I relied on McAfee's Security Blog, I would still not be able to give the customer much reassurance. And the initial mention of the DAT 7423 omitted that it would not work with VSE 8.8.
So...the information you provided here is great, something I could actually tell the customer, but its a day late and a dollar short and really should have been posted on the Security Blog.
There are two drivers included and fully exposed in dailyDATs:
There is a third driver, SWF/Exploit-CVE-2014-1776 that will be unrestricted tomorrow/Friday, exposed to cls, Stinger and ODS today.