Showing results for 
Search instead for 
Did you mean: 
Level 7

newbie questions - appliance vs. non-appliance scan engine solution


I have the task of procuring a new MVM scan engine to handle a NAT'd portion of our organization's network.  The new MVM scan engine will report results to a central MVM database maintained by our IT security dept.  The IT security folks currently use FS1000 appliances on other portions of the network, but they have favorable experience with non-appliance MVM (i.e. Foundstone Enterprise) installations.  They are giving me the option of appliance vs. non-appliance solution.  Following are are few questions:

--- FS1000 EOL?  Where is info on MVM3000 appliance?

I gather from this thread ( ) that the FS1000 is no longer being sold although I do see it available at some vendors.  The discussion of the MVM3000 sounds interesting, but I have been unable to find any specific information (e.g. datasheet) for this appliance.  Just some limited info on reseller sites.  A pointer to MVM3000 info would be appreciated.

--- non-appliance: which operating system exactly?

I am inclined to go with a non-appliance solution for this scan engine.  I have available h/w that exceeds mimum system requirements (dual Intel Xeon 5160); however, I have questions about which o/s to procure.  The MVM webpage ( ) says "Microsoft Windows 2003 Server Standard Edition with Service Pack 1" while the MVM datasheet ( ) says "Microsoft Windows 2003 Server (32-bit) with Service Pack 2".

My concerns/questions here are twofold:

(1) Does MVM really want to run on a 32-bit o/s even though 64-bit h/w is specified?

(2) I am concerned about spending $700+ on an o/s for which mainstream support ends next July.  Will MVM run under Windows 2008 Server?

--- hardening o/s for non-appliance solution

I understand that the appliance solutions include o/s hardening.  I assume this involves registry and policy edits to enhance security.  Are there instructions or scripts available for o/s hardening with non-appliance (i.e. MVM software-only) installations?



0 Kudos
3 Replies
Level 7

Re: newbie questions - appliance vs. non-appliance scan engine solution

Hi Shawn.

  A few answers to your questions:

  (1) For now,Vulnerability Manager will only install and run on a 32-bit OS, which is Windows Server 2003.  The next version of Vulnerability Manager will support a 64-bit OS and Windows Server 2008 R2.

  (2) And yes, there is a tool to harden the O/S for software only solutions.


0 Kudos
Level 11

Re: newbie questions - appliance vs. non-appliance scan engine solution

Hi James,

Is there a chance that policy adutor and rememdiation manager (software) will have a future version supporting ePO 4.5/Agent 4.5, windows 2008 r2 and windows 7?

When is next version of MVM expected? I couldnt find them in beta section. the current version is 6.8

If not, will McAfee offer  trade-in option for appliance?

Thank you

0 Kudos
Level 7

Re: newbie questions - appliance vs. non-appliance scan engine solution

Hi easy1ndian..

  Policy Auditor 5.2 already supports ePO 4.5 and McAfee Agent 4.5. And is supported on Windows Server 2008.  There is a hotfix for PA which allows it to have its client on a Windows 7 system.  The current released version of MVM is 6.8, while the next version of MVM will run on the current appliances as well as future appliances.  As for a trade-in option, I would suggest that you speak with your local sales rep. :-)

  Hope this helps.

0 Kudos