cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 3

Outdated threatfeeds from McAfee

I did some corelation on McAfee Threat feeds that have no vulnerability detector and McAfee MVM signatures. Both are up to date.

What I currently see in Risk Advisor is that there are 3464 threats that have the threat type of vulnerability but have no vulnerability detector.

If I look in Vulnerability Manager there are signatures for these threats to detect these vulnerabilities. Examples I see in Risk Advisor are Vmware ESX platforms, Linux and Oracle software.

Now some threats in Risk advisor do indeed not have a signature in MVM (Oracle Siebel CRM for instance). For that I would expect that the MVM team would add these known vulnerabilities to their signatures but that is not for this discussion or the right place.

Can someone from McAfee address these outdated feeds and add the available vulnerability detectors to them?

I've attached an Excelsheet with all current threats from Risk Advisor with no vulnerability detector. I have not checked all threats But a good example is threat ID 59219. This mentions a vulnerability in Red Hat that is fixed with update RHSA-2011-0007. No vulnerability detector is avaliabale but MVM has  Faultline ID 41551 available to check for the installation for update RHSA-2011-0007.

2 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 3

Re: Outdated threatfeeds from McAfee

Hi Robert,

Can you raise a ticket with McAfee Support so that we can officially track this request and provide a resolution/closure ?

Also , the solution to add missing coverage information will not be complete without a complete understanding of the context of how that information is being used in the context of your organization risk mitigation activities like what's the frequency of the Vulnerability Assessment/ patching cycle in your organization , which vendor patches are a priority (apart from MSFT) etc.

I would love to have an offline discussion about this and would request your time for this. Please write to me @ : deepak@mcafee.com for us to find a mutually convenient day/time to have this discussion.

Thanks

Deepak Kolingivadi

Product Manager - McAfee Risk Advisor , McAfee ePO Deep Command.

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 3

Re: Outdated threatfeeds from McAfee

Hi Deepak,

Thanks for the reply. I'll raise a ticket at mcafee support for this issue. It feels like (some) of these threatfeeds have been forgotten and have never gotten updates. These are just my thoughts offcourse. I don't know what really goes on behind the scenes

Discussion about Risk Management is always a good thing. I've been working with several customers on MVM and Risk Advisor and maybe my feedback can help you guys. I'll mail you later this (very busy with another MVM/MRA implementation)

Regards,

Robert

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community