Could you please explain me what is the exact technical difference between the McAfee Gateway Anti-Malware and the McAfee Antivirus both running on Webwasher ?
They do the same job or not ? Were can I find if a specific exploit is already recognized by McAfee Gateway Anti-Malware ?
For the customer is important to know if an eaxct exploit is recognized and until know I only found references for McAfee Antivirus and never for McAfee Gateway Anti-Malware.
Many thanks, Boris
Someone from McAfee may be able to offer a more specific explanation, but this is one of the products which McAfee acquired when Secure Computing merged with them in 2008.
Before it became a McAfee product the Anti-Malware element of WebWasher (which was it's name before McAfee became involved) was called "Secure Anti-Malware", and this name was used to separate it from the 3rd-party AV engines used if the had the "Anti-Virus" license feature.
As I understand it, Anti-Malware is a combination of this integrated anti-virus engine plus the Proactive Scanning module. Proactive Scanning, as per it's description in the management GUI adds the following protection:-
Proactive Scanning is a behavioral heuristics scanner, analyzing the potential behavior - or "intent" - of mobile code in realtime as it is downloaded through the Web Gateway. Whether it is an HTML page, a Windows Executable or a multi-media file: Proactive Scanning performs realtime content inspection to unveil any embedded code, buffer overflows or exploits, emulates and classifies potentially harmful activities the file would perform when allowed to run on the requesting client computer. The ability to scan multi-media files "on the fly" and to adapt heuristics to the type of website enables secured productivity.
Networking behavior of client computers is monitored by Proactive Scanning and allows to determine potential leakage of sensitive data, such as Password-Stealing Trojans trying to leak stolen user credentials and personal information out of the corporate network.
Proactive Scanning compliments the Anti-Virus portion of McAfee Gateway Anti-Malware and constitutes its first, preventive line of defense against Targeted Attacks, Zero-Day and Web Threats. New potential threats are collected and correlated in the back-end 24/7, automatically learning about new malicious behaviors, exploits and malware family structures.
Where as Anti-Virus is just signature-based anti-virus from one of the supported vendors.
It is possible to run Anti-Malware and Anti-Virus licences on the WebGateway product and choosing which order these processes should be used.