Hi,

Seem still no update yet

BTW, we need time to test Hotfix before deploy to production

May it be any scheduled plan?

Regards

Tony

Hello,

fully understand this but I cannot say any date as I do not know any.
So please monitor the KB until the fix is delivered.

Yesterday, there was another SNS with this content:
"The upcoming Web Gateway releases will address CVE-2020-1472 with our reference ID WP-3024.

McAfee guarantees that this fix will be available before the start of Microsoft's enforcement phase which is scheduled for February 9, 2021.

The solution can’t be made available currently as it is a new implementation of protocols that requires extensive testing.

See KB93377 for further details about the CVE, schedule, and workaround:
 
https://kc.mcafee.com/corporate/index?page=content&id=KB93377"

hello, do we have any updates on this release?

Hello,

not yet, but official updates will be shared in KB article if available:
https://kc.mcafee.com/corporate/index?page=content&id=KB93377

Regards,
Marcel

I'd consider switching to kerberos, but I'm concerned about any "gotcha" issues.  We use MCP exclusively and web hybrid.  What are the drawbacks to using kerberos for authentication instead of NTLM? 

If you are using MCP exclusively you don't even need to join the domain and you will never encounter the warnings. The only "gotcha" with kerberos is that the group names are SID rather than common name, while you can get common names with NTLM lookup that would give the warnings, so if you need to use common group names then you would need to do the lookup of the group names with LDAP instead. This is part of the Kerberos setup information also in community.

Hello,

is really only MCP used for clients to connect to local/cloud MWG?

Because then other authentication methods might be obsolete as you use MCP authentication!?

If cloud receives request from MCP client, then it automatically performs MCP authentication anyway.
If local MWG receives requests via MCP, then you MUST configure MCP authentication rule set as the client request comes in with X-SWEB-Headers containing all important information such as client username, usergroups, IP and so on. MWG is then configured to decrypt these header to retrieve its information and then writes all in the known properties such as Authentication.Username, Authentication.Usergoups etc.
Means, neither Kerberos nor NTLM are necessary.

But at the end, this is just providing information based on guessing as I do not know your setup 😊

We're running over a dozen MWG appliances, and the director appliance is the only one generating Event ID 5829 on our DC's.  So even though we're running MCP agents exclusively I see both the "Authentication with McAfee Client Proxy" rule in the the rule set, but I also see "Authentication Server" in the rule set and that is enabled with NTLM authentication.  I wonder if that rule is unnecessary since we're running MCP agents, and if the "Authentication Server" rule using NTLM should be disabled?

Could you be using NTLM to authenticate administrators? If you are exclusively using MCP to authenticate users and administrators are authenticated by something other than NTLM. You do not need to join the domain for any appliances.