1 2 Previous Next 15 Replies Latest reply on Aug 28, 2014 8:29 AM by vinoo

    Announcing McAfee 5700 Engine Beta

    vinoo

      5700 Engine is now in beta and available from: http://www.mcafee.com/us/beta/public-betas/engines/5700-anti-malware-engine.aspx

       

      The 5700 Engine will succeed the current 5600 Anti-Malware Engine and includes the following improvements:

       

      Detection Enhancements

      • Enhancements to Java class format scanning to improve exploit detection capabilities
      • Live memory scanning on Windows for detecting and removing malicious processes, threads and files
      • Enhanced generic unpacking to detect more threats
      • Native unpacking for newer versions of ASPack, Autoit and MSI

       

      Performance Enhancements

       

      • General performance optimizations, including initialization and scanning
      • Improvement in extra.dat load times

       

      Platform Enhancements

       

      • New supported platforms: AIX 7.1, Linux 3.12 Kernel, FreeBSD 9.x, Solaris 11 on Intel
      • End of Life platforms: Win2000 SP4, FreeBSD 6.x, Mac on PowerPC, HP-UX on Itanium

       

      System Requirements

       

      Disk space and memory:

       

      • At least 512 MB of free hard disk space
      • At least an additional 512 MB of free hard disk space reserved for temporary files
      • At least 512 MB of RAM for scanning operations (1024 MB recommended minimum)
      • At least 1024 MB of RAM for updating operations

       

      Min OS Requirements

       

      • WinXP Sp3 32bit or WinXP Sp2 64bit (Win XP RTM /SP1 (32 & 64Bit) and Win XP SP2 (32-Bit) are unsupported)
      • Win2003 SP2 (Win 2003 RTM and Win2003 SP1 are unsupported)
      • Win Vista/7/8/2012 RTM onwards are supported.

       

      Release schedule for the 5700 Engine is currently as follows:

       

      • Beta on 6th May 2014
      • Release Candidate (RC) in June 2014
      • RTW (Elective download) end of June 2014
      • RTW (AutoUpdate) in Sept 2014
      • 5600 Engine End Of Life (EOL) 31st Dec 2014

       

      It is expected that VirusScan Command Line 6.05 with the 5700 Engine will be available a few weeks after Engine 5700 RTW.

       

      on 12/5/14 9:26:53 AM IST

       

      on 12/5/14 9:28:24 AM IST
        • 1. Re: [Upcoming] McAfee 5700 Engine
          crash101

          I was looking at the system requirements and seeing some interesting items related to the scan engine 5700.  With Microsoft marking XP end-of-life in April 2014 (no more security updates or support) and some of the other hardware requirements, I found it challenging to find which systems in a corporate managed ePO environments are at risk for running this upcoming engine.  You can query ePO to find certain systems and criteria, but not everything to meet the 5700 requirements.  Here's a modified SQL query that you can potentially use on the ePO SQL server to find which systems are at risk.  Everyone's environment is different especially with ePO version so your mileage may vary so feel free to modify to meet your needs.

           

          --pre-requisite for the McAfee scan engine 5700

          --at least 512 MB of free hard disk space

          --at least additional 512 MB of free hard disk space reserved for temporary files

          --at least 512MB of RAM (1024MB recommended minimum)

          --OS  Win XP RTM/SP1 and SP2 are unsupported.   XP EOL is April 2014 so all XP systems really need to be addressed

          --OS  Windows 2003 RTM and SP1 are unsupported

          --Additional tweaks should be performed to better match ones environment

          SELECT        EPOComputerProperties.ComputerName, dbo.EPOComputerProperties.OSType, dbo.EPOComputerProperties.OSServicePackVer, dbo.EPOLeafNode.Tags,

                                   dbo.EPOComputerProperties.IPAddress, dbo.EPOComputerProperties.NetAddress, dbo.EPOComputerProperties.DomainName,

                                   dbo.EPOComputerProperties.IPHostName, dbo.EPOLeafNode.LastUpdate, dbo.EPOComputerProperties.TotalPhysicalMemory,

                                   dbo.EPOComputerProperties.FreeDiskSpace, dbo.EPOComputerProperties.TotalDiskSpace, dbo.EPOComputerProperties.TimeZone

          FROM            dbo.EPOLeafNode INNER JOIN

                                   dbo.EPOComputerProperties ON EPOLeafNode.AutoID = EPOComputerProperties.ParentID INNER JOIN

                                   dbo.EPOProductProperties ON EPOLeafNode.AutoID = EPOProductProperties.ParentID AND EPOProductProperties.ProductCode LIKE 'VIRUSCAN%'

          WHERE        (dbo.EPOComputerProperties.OSType = 'windows xp') OR                                                                           --XP end-of-life is April 2014

                                   (dbo.EPOComputerProperties.OSType = 'Windows 2000') OR                                                                           --systems running Windows 2000

                                   (dbo.EPOComputerProperties.OSType = 'Windows NT') OR                                                                             --systems running Windows NT

                                   (dbo.EPOComputerProperties.OSType = 'Windows 2003') AND (dbo.EPOComputerProperties.OSServicePackVer <> 'service pack 2') OR      --systems running Windows 2003 RTM or SP1

                                   (dbo.EPOComputerProperties.TotalPhysicalMemory < '1024000000') OR                                                                --systems with less than 1GB of memory

                                   (dbo.EPOComputerProperties.FreeDiskSpace < '1024')                                                                               --systems with less than 1GB of free disk space

          ORDER BY dbo.EPOComputerProperties.ComputerName, dbo.EPOComputerProperties.OSType

          • 2. Re: [Upcoming] McAfee 5700 Engine
            brentil

            vinoo wrote:

             

            Release schedule for the 5700 Engine is currently as follows:

             

            • Beta in May 2014
            • Release Candidate (RC) in June 2014

             

            Will this beta group be updated to include the 5700 engine or will we need to join a new beta group? 

            • 3. Re: [Upcoming] McAfee 5700 Engine
              vinoo

              The 5700 Engine beta like any other McAfee Enterprise software beta program will be posted to http://www.mcafee.com/in/downloads/beta-programs/index.aspx (will require a registration to download).

              This group will get a notiication once the beta is made available on the mentioned site.

              • 4. Re: [Upcoming] McAfee 5700 Engine
                brentil

                Great, thank you for the update.

                • 5. Re: [Upcoming] McAfee 5700 Engine
                  finkemch

                  Hello,

                   

                  my question is - would be the 7zip packer extension included in 5700 ?

                  because we got many mails with 7z infected files and the MSME do

                  not detect them and also no executable blocking rule will help.

                   

                  We had learned since engine 5300 McAfee can add modules to the engine

                  to support newer requirements.

                   

                  would it be true ?

                  • 6. Re: [Upcoming] McAfee 5700 Engine
                    vinoo

                    7Zip was on the original 5700 project requirements  but had to be deferred due to some late priority requirements that came up.

                     

                    Unfortunately, 7zip needs to be unpacked via the Engine - the unpacking option available via the DATs cannot be used for 7Ziip due to performance issues. It's certainly on our roadmap for the next Engine.

                    • 7. Re: [Upcoming] McAfee 5700 Engine
                      crash101

                      Is there a stand-alone version of the 5700 beta that can be downloaded for testing?  I only see ePO packages.

                      • 8. Re: [Upcoming] McAfee 5700 Engine
                        vinoo

                        Attached is the 5700 Beta SDAT executable and the 5600 Engine downgrade package.

                        The 5700 SDAT might report in some cases that the latest Engine is already installed on 64bit systems but will eventually update it.

                        • 9. Re: [Upcoming] McAfee 5700 Engine
                          cdobol

                          Thanks for posting the engine Vinoo.   Question - One of the enhancements listed is "Live memory scanning on Windows for detecting and removing malicious processes, threads and files "

                           

                          Does this mean previous engines did not do this or is this function enhanced with this engine?

                           

                          Thanks in advance for your reply.

                          1 2 Previous Next