I was looking at the system requirements and seeing some interesting items related to the scan engine 5700. With Microsoft marking XP end-of-life in April 2014 (no more security updates or support) and some of the other hardware requirements, I found it challenging to find which systems in a corporate managed ePO environments are at risk for running this upcoming engine. You can query ePO to find certain systems and criteria, but not everything to meet the 5700 requirements. Here's a modified SQL query that you can potentially use on the ePO SQL server to find which systems are at risk. Everyone's environment is different especially with ePO version so your mileage may vary so feel free to modify to meet your needs.
--pre-requisite for the McAfee scan engine 5700
--at least 512 MB of free hard disk space
--at least additional 512 MB of free hard disk space reserved for temporary files
--at least 512MB of RAM (1024MB recommended minimum)
--OS Win XP RTM/SP1 and SP2 are unsupported. XP EOL is April 2014 so all XP systems really need to be addressed
--OS Windows 2003 RTM and SP1 are unsupported
--Additional tweaks should be performed to better match ones environment
SELECT EPOComputerProperties.ComputerName, dbo.EPOComputerProperties.OSType, dbo.EPOComputerProperties.OSServicePackVer, dbo.EPOLeafNode.Tags,
dbo.EPOComputerProperties.IPAddress, dbo.EPOComputerProperties.NetAddress, dbo.EPOComputerProperties.DomainName,
dbo.EPOComputerProperties.IPHostName, dbo.EPOLeafNode.LastUpdate, dbo.EPOComputerProperties.TotalPhysicalMemory,
dbo.EPOComputerProperties.FreeDiskSpace, dbo.EPOComputerProperties.TotalDiskSpace, dbo.EPOComputerProperties.TimeZone
FROM dbo.EPOLeafNode INNER JOIN
dbo.EPOComputerProperties ON EPOLeafNode.AutoID = EPOComputerProperties.ParentID INNER JOIN
dbo.EPOProductProperties ON EPOLeafNode.AutoID = EPOProductProperties.ParentID AND EPOProductProperties.ProductCode LIKE 'VIRUSCAN%'
WHERE (dbo.EPOComputerProperties.OSType = 'windows xp') OR --XP end-of-life is April 2014
(dbo.EPOComputerProperties.OSType = 'Windows 2000') OR --systems running Windows 2000
(dbo.EPOComputerProperties.OSType = 'Windows NT') OR --systems running Windows NT
(dbo.EPOComputerProperties.OSType = 'Windows 2003') AND (dbo.EPOComputerProperties.OSServicePackVer <> 'service pack 2') OR --systems running Windows 2003 RTM or SP1
(dbo.EPOComputerProperties.TotalPhysicalMemory < '1024000000') OR --systems with less than 1GB of memory
(dbo.EPOComputerProperties.FreeDiskSpace < '1024') --systems with less than 1GB of free disk space
ORDER BY dbo.EPOComputerProperties.ComputerName, dbo.EPOComputerProperties.OSType
- Beta in May 2014
- Release Candidate (RC) in June 2014
Will this beta group be updated to include the 5700 engine or will we need to join a new beta group?
The 5700 Engine beta like any other McAfee Enterprise software beta program will be posted to http://www.mcafee.com/in/downloads/beta-programs/index.aspx (will require a registration to download).
This group will get a notiication once the beta is made available on the mentioned site.
Great, thank you for the update.
my question is - would be the 7zip packer extension included in 5700 ?
because we got many mails with 7z infected files and the MSME do
not detect them and also no executable blocking rule will help.
We had learned since engine 5300 McAfee can add modules to the engine
to support newer requirements.
would it be true ?
7Zip was on the original 5700 project requirements but had to be deferred due to some late priority requirements that came up.
Unfortunately, 7zip needs to be unpacked via the Engine - the unpacking option available via the DATs cannot be used for 7Ziip due to performance issues. It's certainly on our roadmap for the next Engine.
Is there a stand-alone version of the 5700 beta that can be downloaded for testing? I only see ePO packages.
Thanks for posting the engine Vinoo. Question - One of the enhancements listed is "Live memory scanning on Windows for detecting and removing malicious processes, threads and files "
Does this mean previous engines did not do this or is this function enhanced with this engine?
Thanks in advance for your reply.