5 Replies Latest reply on Nov 5, 2014 1:21 PM by neelima

    VSE, Solidcore & Memory Protection

    avilt

      When I have both VSE & Solidcore installed, is there going to be conflict on memory protection feature? In the solidcore best practices guide I do not see any references on this.

        • 1. Re: VSE, Solidcore & Memory Protection

          No, there wont be.

          • 2. Re: VSE, Solidcore & Memory Protection
            Troja

            Hi,

            yes there is a problem. You should always use just one memory protection feature if several McAfee products are installed.

             

            Enclosed the information from the MAC best practice guide (Page 24).

             

            MAC.jpg

            Cheers,

            Thorsten

            • 3. Re: VSE, Solidcore & Memory Protection
              avilt

              Thank You,

              But with respect to memory protection, both VSE & Solidcore provides the same functionality right? Both provides same full features?

              • 4. Re: VSE, Solidcore & Memory Protection
                Troja

                Hi,

                there are big differences between the products and the security level, memory protection is not memory protection.

                - VSE uses Access Protection and Buffer Overflow Protection. VSE Buffer Overflow Protection signatures includes only a limited amount of detections.

                - HIPS uses generic buffer overflow protection. Which includes much more functionality und detections (Kernel-mode protection).

                Therefore, VSE Buffer Overflow protection is disabled automatically if HIPS is also installed on endpoint.

                 

                Actualy, from my side it is not absolutely clear if MAC memory protection or HIPS delivers more security. I think, actually, it is a settings how HIPS and MAC can coexist on an endpoint and where MAC memory protection feature is not struggling the HIPS memory features.

                 

                Cheers,

                Thorsten

                • 5. Re: VSE, Solidcore & Memory Protection

                  MAC and HIPS memory protection provide the same level of protection. MAC's memory protection capabilities are completely signature agnostic - which also means that the event reporting is also very generic(aka does not have signature specific information).

                   

                  HIPS reporting on the other hand has this advantage and also gives a method to provide admins a way to define signatures.

                   

                  So depending on the environment(Connected vs isolated), one over another could be chosen.

                   

                  But enabling one of them is sufficient.