Release Notes Revision A
McAfee Data Loss Prevention 9.3.0
Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Additional Information Find product documentation
About this release Thank you for choosing McAfee® Data Loss Prevention (McAfee DLP). This document contains important information about the current release. We strongly recommend that you read the entire document. McAfee DLP version 9.3.0 introduces feature enhancements and resolves issues present in the previous release. You must have version 9.2.0, 9.2.1, or 9.2.2 installed on your target system before installing version 9.3.0. Version 9.3.0 does not support coexistence with previous versions; therefore, in a managed environment, all appliances must be upgraded to version 9.3.0 at the same time. For virtual appliance installation instructions, see the McAfee Data Loss Prevention Virtual Appliance Installation Guide.
Supported McAfee DLP products This release supports these McAfee DLP product versions: •
McAfee Data Loss Prevention Manager 9.3.0
•
McAfee Data Loss Prevention Monitor 9.3.0
•
McAfee Data Loss Prevention Discover 9.3.0
•
McAfee Data Loss Prevention Prevent 9.3.0
•
McAfee Data Loss Prevention Endpoint Agent 9.3.0.637
1
These host extensions are supported: •
9.3.1.4 — For use with a unified McAfee DLP policy
•
9.3.0.617 — For use with only incident management in McAfee® ePolicy Orchestrator® (ePolicy Orchestrator)
These extensions are compatible with ePolicy Orchestrator versions 4.5, 4.6, and 5.0.
Supported systems The following platform versions and operating systems are supported: •
McAfee DLP 4400/5500 appliances — McAfee Linux Operating System 1.1.5 (McafeeNDLPmlos‑1.1.5‑1.x86_64.rpm)
•
McAfee DLP 1650/3650 appliances — Fedora‑3 Linux Operating System
•
Virtual appliances — VMware vSphere ESX 4.x, ESXi 5.x
®
Compatible McAfee point products The following McAfee product versions were tested for compatibility with McAfee DLP 9.3.0 software: •
McAfee ePolicy Orchestrator 4.5, 4.6, 5.0
•
McAfee Web Gateway 6.x, 7.x
•
McAfee Email Gateway 7.x
•
McAfee® Logon Collector 1.x, 2.0
®
®
Supported repositories McAfee DLP Discover supports the following: Database repositories
File systems and servers
• DB2 — 5x iSeries, 6.1 iSeries, 7.x– • 9.x • • Microsoft SQL Server 2000, 2005, • 2008, 7.0, MSDE 2000 • • MySQL (Enterprise) 5.0.x, 5.1 • • Oracle 8i, 9i, 10g, 11g • • EMC Celerra 5.6
EMC Documentum 5.3, 6.0, 6.5 Microsoft SharePoint 2007, 2010 FTP HTTP/HTTPS NFS (Network File System) CIFS (Common Internet File System) • Microsoft Windows Server 2003, 2008, 2008 R2 cluster • Microsoft Windows XP Professional SP3 or later (32‑bit) • Microsoft Windows Vista SP1 or later Enterprise and Business editions (32‑bit) • Microsoft Windows 7 SP1 or later (32‑ and 64‑bit) • NetApp 7.2, 7.3
Supported browsers McAfee DLP supports the following third‑party browsers. These versions were tested for compatibility with the software:
2
•
Microsoft Internet Explorer 7, 8, 9, 10
•
Mozilla Firefox 17 and earlier
Supported languages In scanned content, McAfee DLP supports the following languages: •
English
•
Italian
•
Chinese (Traditional)
•
Japanese
•
Chinese (Simplified)
•
Korean
•
Hebrew
•
Russian
•
Arabic
•
Dutch
•
French
•
Greek
•
German
•
Hungarian
•
Spanish
•
Czech
•
Portuguese
•
Turkish
New features This release of the product includes these new features. •
Model 5500 appliances — McAfee DLP version 9.3.0 software can run on model 5500 hardware appliances. Disaster recovery backups from models 1650, 3650, 4400, and virtual appliances can be migrated to a model 5500 appliance. When restoring a backup, the software version of the backup must match the software version installed on the appliance.
For information on the model 5500, see the McAfee Data Loss Prevention Hardware Guide.
Enhancements This release includes these enhancements. •
Active Directory — Improves synchronization performance between Active Directory and McAfee DLP
•
ePolicy Orchestrator — Adds support for version 5.0
•
Microsoft SharePoint — The SharePoint crawler for McAfee DLP Discover is redesigned to use out‑of‑the‑box (OOTB) Webservices (WSS 3.0) APIs, resulting in faster crawling and better object detection When configuring a SharePoint scan, verify that the credentials provided have full read permission to access any subsites.
3
•
Microsoft Internet Explorer — Adds support for versions 8, 9, and 10 When using Internet Explorer version 8, 9, or 10, McAfee recommends enabling Compatibility View in the browser to make sure the McAfee DLP user interface pages are correctly displayed. If you use McAfee DLP Discover, see Resolve Internet Explorer browser messages when testing scan credentials.
•
Mozilla Firefox — Updates support to version 17 and earlier
•
SNMP — Adds support for SNMP queries on model 1650 and 3650 appliances
See also Resolve Internet Explorer browser messages when testing scan credentials on page 12
Resolved issues These issues are resolved in this release of the product. For a list of issues fixed in earlier releases, see the release notes for the specific release.
Dashboards and incidents •
Resolves a rule issue where the rule included an Organizational Unit containing a space (818385)
•
Resolves an issue where notification emails were not sent to all recipients when using the ##Recipients dynamic variable in an action rule (826053)
•
Resolves an issue in SMTP attachments where the file names were displayed as "Unknown" (844038)
Installation and upgrades Resolves an installation or upgrade failure due to the watchdog timer (842373)
McAfee DLP Discover scans •
Corrects an error when running an inventory scan on a large database (817042)
•
Resolves a system process error when processing corrupt XLS files (846391)
•
Fixes inconsistent results with SharePoint inventory scans when two scan tasks tried to access the same repository simultaneously, or when certain links were inaccessible (849422)
Policies and rules
4
•
Resolves an issue when a default expression was removed from a concept and the expression still triggered rules (823453)
•
Resolves an issue where specifying an exclusion of type File Owner and value of NT Authority/System in a rule did not properly exclude matching files (832878)
•
Resolves a system process failure on model 1650 and 3650 appliances when a rule contained a meta query and a large word query (834778)
•
Resolves an issue where an email message might not have been properly blocked when different action rules matched different email attachments (847171)
Scanned content •
Resolves an issue with concept matching in RTF files and extracting text containing nested brackets in PDF files (839806)
•
Resolves a system process error when processing SMTP objects with a very large number of "To" tags in the email body (843341)
•
Resolves a system process failure when processing TurboCAD files (874602)
•
Resolves an issue with inconsistent results when extracting content from PDF files using a keyword matching concept (893746)
•
Resolves an issue where registered documents were not successfully retrieved when trying to view the documents through the user interface (897833)
•
Resolves a performance issue with generating incidents for database scans (899918)
Searches Resolves a search issue where using the email address field and an exact keyword phrase returned results with any keyword instead of exact keyword matches (885681)
System •
Log files •
Fixes a log file from growing too large due to aborted connections; the log file rotates after it reaches a certain size (832658)
•
Fixes a log file from exposing sensitive information (844218)
•
Fixes a log file from displaying session IDs (844230)
•
Managed devices — Resolves an issue where LDAP GroupSID information was not synchronized from McAfee DLP Manager to managed devices when the managed appliance became unreachable during multiple AD synchronization sessions (845682)
•
Memory — Fixes incorrect memory utilization display (842771)
•
Users and passwords
•
•
Disables password autocomplete when logging on to the user interface (829721)
•
Adds configuration for an alert when the same user has multiple logon sessions open to the user interface (829728)
•
Prevents the password from being changed by a forged HTTP request (829734)
•
Adds a required password change if the default password is used for the user interface admin account or the command line interface root account (829738)
•
Fixes SNMP passwords displayed in HTML source (829739)
•
Supports using the colon character in a user password (872338)
Vulnerabilities — Common Vulnerabilities and Exposures (CVE) •
Prevents ICMP netmask and time stamp requests being allowed from arbitrary hosts (887345, CVE‑1999‑0524)
•
Adds authentication for single user mode (887345, CVE‑2000‑0219)
•
Fixes TCP window scaling to prevent sequence numbers from being identified (887345, CVE‑2004‑0230)
5
•
Other •
Adds the HTTPOnly flag to session cookies (829720)
•
Adds encryption to SSH keys (829737)
•
Fixes a vulnerability with cross‑site scripting attacks (829745)
•
Resolves a system process error due to failed connections on port 49158; McAfee DLP no longer initiates connections on this port (833679)
•
Resolves an issue with high CPU use when performing port scans (844488)
•
Fixes networking ports not needed for external communication from binding to all interfaces (875752)
•
Fixes the system from using weak cipher algorithms in TLS and SSL connections (887085)
•
Adds stronger partition mounting restrictions (887345)
•
Disables TCP time stamps in responses (887345)
•
Disables ICMP redirection (899408)
Installation instructions Install or upgrade your appliance to version 9.3.0. Tasks •
Download the archive on page 6 Download the software from the McAfee downloads site.
•
Install a new image on 4400 or 5500 appliances on page 7 Install a new image on the primary and secondary disks.
•
Install a new image on 1650 or 3650 appliances on page 8 To install a product on 1650 or 3650 appliances, run the platform and application scripts.
•
Upgrade the products on 4400 or 5500 appliances on page 9 If your product is at version 9.2.0, 9.2.1, or 9.2.2, you can upgrade directly to 9.3.0.
•
Upgrade the products on 1650 or 3650 appliances on page 11 If your product is at version 9.2.0, 9.2.1, or 9.2.2, you can upgrade directly to 9.3.0.
•
Resolve Internet Explorer browser messages when testing scan credentials on page 12 If you use Internet Explorer 8, 9, or 10, a browser message might appear when testing McAfee DLP Discover scan credentials.
Download the archive Download the software from the McAfee downloads site. Before you begin Locate the grant number you received after purchasing the product. The McAfee DLP products correspond with these archive names.
6
Product
Archive name
McAfee DLP Manager
imanager
McAfee DLP Monitor
iguard
Product
Archive name
McAfee DLP Prevent
iprevent
McAfee DLP Discover
idiscover
Task 1
In a web browser, go to www.mcafee.com/us/downloads.
2
Enter your grant number, then select the appropriate product and version.
3
In the Software Downloads tab, download the archive. •
1650 or 3650 appliances — Select and save the appropriate *.bz2 file.
•
4400 or 5500 appliances — Select and save the appropriate *.tgz file.
Install a new image on 4400 or 5500 appliances Install a new image on the primary and secondary disks. Before you begin Download the product archive and copy it to the appliance. Task 1
Using a command line session, log on to the appliance as root. The default root password is mcafee.
2
Make an installation directory. # mkdir /data/install
3
Copy the archive to the appliance. •
If you downloaded the archive to a Windows‑based computer, use WinSCP.
•
If you downloaded the archive to a Linux server, log on to the server and use the SCP command. scp ‑rp root@:/data/install
4
Go to the /data/install directory. # cd /data/install
5
Extract the contents of the archive. # tar xvzf ndlp_.tgz
6
Run the installation script. Before you type the command, run pwd to establish that you are in the correct product directory. You must be sure that you are running the updated scripts in the upgrade archive that you just downloaded and extracted.
# ./install_new_full . where is imanager, iguard, idiscover, or iprevent. The product image installs on the primary and secondary disks.
7
7
Restart the system. # reboot Restarting the system might take 10–15 minutes.
8
Log on to the appliance as root and verify the installation. If you are using the default root password, you are prompted to change the password after logging on.
# cat /data/stingray/etc/version If the Release field contains 9.3.0, installation is complete. If the installation fails, do not perform the installation again. Call McAfee support and submit an installation log file.
Install a new image on 1650 or 3650 appliances To install a product on 1650 or 3650 appliances, run the platform and application scripts. Before you begin Download the product archive and copy it to the appliance. Task 1
Using a command line session, log on to the appliance as root.
2
Make an installation directory. # mkdir /data/install
3
Copy the archive to the appliance. •
If you downloaded the archive to a Windows‑based computer, use WinSCP.
•
If you downloaded the archive to a Linux server, log on to the server and use the SCP command. scp ‑rp root@:/data/install
4
Go to the /data/install directory. # cd /data/install
5
Extract the contents of the archive. # tar jxf .bz2
6
Run the platform installation script. Enter ./install_platform for help on available options.
# ./install_platform ‑P After the platform script finishes, you might be instructed to restart the system. This message can be ignored; you do not need to restart the system until after the Stingray script finishes. 7
Run the application installation script. # ./install_stingray ‑P The script finishes, then instructs you to restart.
8
8
Restart the system. # reboot Restarting the system might take 10–15 minutes.
9
Log on to the appliance as root and verify the installation. If you are using the default root password, you are prompted to change the password after logging on.
# cat /data/stingray/etc/version If the Release field contains 9.3.0, installation is complete. If the installation fails, do not perform the installation again. Call McAfee support and submit an installation log file.
Upgrade the products on 4400 or 5500 appliances If your product is at version 9.2.0, 9.2.1, or 9.2.2, you can upgrade directly to 9.3.0. Before you begin
•
•
Download the product archive.
•
Stop all scans and search tasks, and wait until they are completely stopped.
If you are running version 9.2.0 on a McAfee DLP Manager or a standalone McAfee DLP product on a model 4400 appliance, and you want to perform a backup before upgrading, you must apply hotfix 754037_45668_01. McAfee recommends performing frequent backups. Without a backup, the data, settings, and configuration on your appliance might be lost in the event of a system failure.
•
To upgrade a product, you must install the new image on the disk that is not used by the previous installation. This ensures that the original image can still be accessed after the upgrade is complete. The system automatically boots from the latest image. The install_to_pri and install_to_sec scripts install the upgrade. After the process runs, the existing configuration and database are copied to the new image. If you use the wrong script, you will write over your existing installation.
Task 1
Using a command line session, log on to the appliance as root.
2
Make an installation directory. # mkdir /data/install
3
Copy the archive to the appliance. •
If you downloaded the archive to a Windows‑based computer, use WinSCP.
•
If you downloaded the archive to a Linux server, log on to the server and use the SCP command. scp ‑rp root@:/data/install
9
4
Verify which version is currently installed. You must be at version 9.2.0, 9.2.1, or 9.2.2 to upgrade to version 9.3.0. # cat /data/stingray/etc/version
5
Go to the /data/install directory. # cd /data/install
6
Extract the contents of the archive. # tar xvzf ndlp_.tgz
7
Run the system_info utility to determine if the system is currently using the primary or secondary image. # /data/stingray/ksh/system_info Install the update on the disk that is not used. Example: Install the update on the secondary disk with install_to_sec if system_info returns this message: "The system is currently running from the primary image."
8
Run the installation script. Before you type the command, run pwd to establish that you are in the correct product directory. You must be sure that you are running the updated scripts in the upgrade archive that you just downloaded and extracted.
# ./install_to_pri . or # ./install_to_sec . where is imanager, iguard, idiscover, or iprevent. The product image installs on the primary or secondary disk. When the upgrade is complete, a message appears stating which image the appliance will boot to next. 9
Restart the system. # reboot Restarting the system might take 10–15 minutes.
10 Log on to the appliance as root and verify the installation. If you are using the default root password, you are prompted to change the password after logging on.
# cat /data/stingray/etc/version If the Release field contains 9.3.0, installation is complete. If the installation fails, do not perform the installation again. Call McAfee support and submit an installation log file.
10
Upgrade the products on 1650 or 3650 appliances If your product is at version 9.2.0, 9.2.1, or 9.2.2, you can upgrade directly to 9.3.0. Before you begin •
Download the product archive and copy it to the appliance.
•
Stop all scans and search tasks, and wait until they are completely stopped. McAfee recommends performing a backup before upgrading. Without a backup, the data, settings, and configuration on your appliance might be lost in the event of a system failure.
Task 1
Using a command line session, log on to the appliance as root.
2
Make an installation directory. # mkdir /data/install
3
Copy the archive to the appliance. •
If you downloaded the archive to a Windows‑based computer, use WinSCP.
•
If you downloaded the archive to a Linux server, log on to the server and use the SCP command. scp ‑rp root@:/data/install
4
Verify which version is currently installed. You must be at version 9.2.0, 9.2.1, or 9.2.2 to upgrade to version 9.3.0. # cat /data/stingray/etc/version
5
Go to the /data/install directory. # cd /data/install
6
Extract the contents of the archive. # tar jxf .bz2
7
Run the platform installation script. Type ./install_platform for help on available options.
# ./install_platform ‑U ‑P After the platform script finishes, you might be instructed to restart the system. This message can be ignored; you do not need to restart the system until after the Stingray script finishes. 8
Run the application installation script. # ./install_stingray ‑U ‑P The script completes, then instructs you to reboot.
11
9
Restart the system. # reboot Restarting the system might take 10–15 minutes.
10 Log on to the appliance as root and verify the installation. If you are using the default root password, you are prompted to change the password after logging on.
# cat /data/stingray/etc/version If the Release field contains 9.3.0, installation is complete. If the installation fails, do not perform the installation again. Call McAfee support and submit an installation log file.
Resolve Internet Explorer browser messages when testing scan credentials If you use Internet Explorer 8, 9, or 10, a browser message might appear when testing McAfee DLP Discover scan credentials. Click OK or Cancel to continue operation. To prevent this message, perform these steps. Task 1
Clear the browser cache and close the browser window.
2
Open a new browser window and make sure Compatibility View is enabled.
3
Log on to the McAfee DLP user interface.
Depending on the browser version and service pack, the message might still appear. You can safely ignore this message.
Known issues For known issues in this product release, refer to KnowledgeBase article KB78146.
12
Additional Information At version 9.3.0, McAfee DLP does not use the Windows rwl_client.exe application over port 49158 to collect Active Directory IP address or SID information. Integrate McAfee® Logon Collector with McAfee DLP to provide this function.
Find product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. Task 1
Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.
2
Under Self Service, access the type of information you need: To access...
Do this...
User documentation
1 Click Product Documentation. 2 Select a product, then select a version. 3 Select a product document.
KnowledgeBase
• Click Search the KnowledgeBase for answers to your product questions. • Click Browse the KnowledgeBase for articles listed by product and version.
Copyright © 2013 McAfee, Inc. Do not copy without permission. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. A00
