cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
akl71
Level 10
Report Inappropriate Content
Message 11 of 46
‎07-28-2011 12:49 AM

Re: VSE 8.8 Patch 1 - taking security up a notch 

wwarren schrieb:
Hi Everyone,
Here's a thread to potentially spur some discussion 
In the coming release of Patch 1 for VSE 8.8, we will be introducing a new Access Protection rule that will be enabled by default.
The rule protects certain McAfee processes from DLL injection, which is a technique used by malware that allows the ill-intentioned code to then run inside a McAfee process. And since certain security measures "Trust" our own McAfee processes, the malware is then allowed to perform some pretty darstedly deeds... like terminating a scanner.
With the new AP rule, this technique will not be possible - for certain critical processes of ours, like scanners.
But this DLL injection technique is used by many a legitimate 3rd party application too. Often leveraging it to gain insightful information about the processes they inject into, perhaps for application metering, usage monitoring, encryption, and more. Those legitimate applications will be prevented from injecting into our process...

I hope with this AP rule we can get rid of those mfehidk-Warnings with VSE8.8 installed?

0 Kudos
Reply
wwarren
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 12 of 46
‎07-28-2011 09:26 AM

Re: VSE 8.8 Patch 1 - taking security up a notch 

akl71 wrote:
I hope with this AP rule we can get rid of those mfehidk-Warnings with VSE8.8 installed?


Yes, it will. They will no longer occur because the 3rd party will no longer be able to inject our VSTSKMGR or scanner processes.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
0 Kudos
Reply
robpow
Level 10
Report Inappropriate Content
Message 13 of 46
‎07-28-2011 04:52 AM

Re: VSE 8.8 Patch 1 - taking security up a notch

What 3rd party applications have you noticed are interacting with the McAfee processes in question so far?

I recall seeing lots of AP events from WSRM.exe which seems to have a penchant for attaching to running processes with a read/write handle.

Matt

0 Kudos
Reply
wwarren
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 14 of 46
‎07-28-2011 09:39 AM

Re: VSE 8.8 Patch 1 - taking security up a notch 

robpow wrote:
What 3rd party applications have you noticed are interacting with the McAfee processes in question so far? 
I recall seeing lots of AP events from WSRM.exe which seems to have a penchant for attaching to running processes with a read/write handle.
Matt


There have been less than 10 by my count. Citrix has been the most popular, injecting no less than 12 of their DLLs into our processes.

The frequency with which you see our Event log entries, warning of the 3rd party code inside our process, is dependent on how active the 3rd party code is. Every time their code does something, it runs through our validation code - we see it's not our code that's executing, and log an event.

Blocking the 3rd parties from injecting our process will put an end to those events.

What we don't know is how those 3rd parties will then react. We expect they'll fail gracefully, but it's up to you to verify their behavior and make sure it's "OK" for you to have our new AP rule enabled. Just remember it's an essential rule to have enabled if you wish to be protected against the latest of malware threats.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
Reply
psolinski
Level 10
Report Inappropriate Content
Message 15 of 46
‎08-09-2011 04:55 AM

Re: VSE 8.8 Patch 1 - taking security up a notch

When can we expect 8.8 P1 ?

0 Kudos
Reply
apoling
Level 14
Report Inappropriate Content
Message 16 of 46
‎08-09-2011 05:00 AM

Re: VSE 8.8 Patch 1 - taking security up a notch

I was told Managed Release is planned on 18th August. RTW is way later.

Reply
wwarren
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 17 of 46
‎08-09-2011 12:24 PM

Re: VSE 8.8 Patch 1 - taking security up a notch

We are reworking the schedule as I type, actually. This new set back will likely put us toward end of August perhaps into September for the RTS release date.

Keep in mind the general availability release (where we post the patch to the web) is expected about 4 weeks later.

This has some impact too for the 8.7i hotfix we were planning to release Aug 11 - it's expected the release of that fix will now be toward end of August also.

In the interest of quality we will keep these fixes as long as we need to, so we hope it's understood that any delay on our part is because assessment of the issue warranted the time needed to address it.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
0 Kudos
Reply
psolinski
Level 10
Report Inappropriate Content
Message 18 of 46
‎08-19-2011 06:38 AM

Re: VSE 8.8 Patch 1 - taking security up a notch

Thanks William,

Can you confirm that this issue will be fixed in the Patch 1:

https://kc.mcafee.com/corporate/index?page=content&id=KB71660

Apart of mfehidk warnings issue we also experience scriptscan errors as wek keep ss disabled due to performance issues. Unregistering the DLL helps.

Is P1 readme already available?

Regards

Piotr

0 Kudos
Reply
wwarren
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 19 of 46
‎08-19-2011 10:52 AM

Re: VSE 8.8 Patch 1 - taking security up a notch 

Can you confirm that this issue will be fixed in the Patch 1:
  
https://kc.mcafee.com/corporate/index?page=content&id=KB71660


Patch 1 will address that issue.

The readme is not expected to be added to the KB until the managed release begins, end of August being the expected timeframe there.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
0 Kudos
Reply
online83
Level 9
Report Inappropriate Content
Message 20 of 46
‎09-14-2011 12:07 PM

Re: VSE 8.8 Patch 1 - taking security up a notch

Hi,

are there any updates regarding RTW date of Patch 1?

regards

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC