Release Notes - McAfee Deep Defender 1.0.1

About this document

Thank you for using McAfee® Deep Defender 1.0.1. This document contains important information about this release. We strongly recommend that you read the entire document.

Important: We do not support the automatic upgrade of a pre-release software version. To upgrade to a production release of the software, you must first uninstall the existing version. Make sure that you uninstall the existing McAfee Agent package, installed as part of the pre-release software version, from your client system before installing the latest McAfee Deep Defender software.

About this release

McAfee Deep Defender is hardware-assisted endpoint security, enabled by McAfee DeepSAFE technology, to operate below the operating system. It detects, blocks, and remediates advanced rootkits.

McAfee DeepSAFE technology was co-developed with Intel® and enables McAfee Deep Defender to identify malware that is hard to detect by any traditional security solutions.

McAfee DeepSAFE technology delivers:

Features

McAfee Deep Defender performs real-time memory and CPU monitoring, zero-day detection and protection. It can be installed as a standalone product or can be managed with the McAfee® ePolicy Orchestrator® platform.

The following features of McAfee Deep Defender are important for your organization's system security.

  • Real-time malicious kernel event, rootkit and APT monitoring, blocking and remediation
  • Alerting, blocking, and remediation based on configurable sensitivity levels
  • Monitoring of predefined kernel memory locations
  • Attribution of suspicious memory I/O events to threats on disk
  • GTI/Cloud integration for telemetry and proactive protection

ePolicy Orchestrator (McAfee ePO) administration

McAfee Deep Defender integrates itself fully into the ePolicy Orchestrator management software and provides these features to use the software effectively.

  • Deploy and manage the product through the McAfee ePO console
  • Push McAfee Deep Defender-specific policies
  • Push McAfee Deep Defender-specific content
  • Report product properties to administrators in the McAfee ePO console
  • Remotely configure global settings through the McAfee ePO console
  • Send McAfee Deep Defender-generated events to the McAfee ePO server

Pre-install scan

McAfee Deep Defender can be installed on systems already infected with malware and rootkits. To increase the chance of a successful installation of the product on these systems, the pre-install scan prepares a secured and malware-free environment.

The pre-install scan eliminates malware that can potentially attack the installer itself. It ensures protection for files that are being installed by the installer. When the scanner detects a known rootkit, it performs appropriate repair and remediation action, including:

  • Repair the file.
  • Delete the file or, if the file is locked, mark it to be deleted on reboot.
  • Back up or quarantine the original file.

What is new in this release

  • It is now possible to install Deep Defender on client systems with (U) EFI mode enabled.
  • The Clear IBP mode option has been implemented in this release. This option enables the client system to restart in a normal (functional) mode, after three continuous BSOD, where you can locate and remove the driver that is causing BSOD. This option is disabled by default. For more details, refer to the Enable and disable IBP mode section of the McAfee Deep Defender 1.0.1 Product Guide.
  • Block self-signed drivers from installing — Enabling this option prevents unsigned (test signed) 64-bit drivers from loading and functioning. This option is enabled by default.
  • The Enable unknown driver logging option has been implemented in this release. Enabling this option displays events in the event viewer when any driver that is not part of the whitelist or blacklist, tries to load.
  • Policy management for Blacklisting and Whitelisting drivers through McAfee ePO has been enhanced in this release.
  • This release has better malware coverage and detection on 64-bit systems.

Requirements

Verify that your system meets these requirements before you start the installation process.

NOTE: These are the minimum requirements for McAfee Deep Defender. You must also consider system requirements for any other products you are installing, such as McAfee ePolicy Orchestrator.

System requirements

Systems Requirements
McAfee ePO server systems See the product documentation for ePolicy Orchestrator 4.5/4.6
Client systems for McAfee Deep Defender
  • RAM: 2 GB (32-bit) or 4 GB (64-bit)
  • Hard Disk: 16 GB (32-bit) or 20 GB (64-bit) free disk space

Software requirements

Software (or package names) Requirements
McAfee management software
  • McAfee ePolicy Orchestrator 4.5 or 4.6
  • McAfee Agent for Windows 4.6 Patch 1
McAfee Deep Defender software
  • Extension—DeepDefenderMETA.ZIP
  • McAfee Deep Defender software package—Deep Defender_<build number>_PKG.ZIP

Operating system requirements

Systems Software
McAfee ePO server systems See the product documentation for ePolicy Orchestrator 4.5/4.6
Client systems for McAfee Deep Defender Microsoft Windows 7 32-bit and 64-bit

Hardware requirements

Systems Remarks
Intel® Core™ i3, i5, and i7 processors with Intel® VT technology Intel® VT must be enabled in BIOS and should be available for McAfee Deep Defender.
Important: Make sure that you enable the NX bit/data execution bit (XD bit) in BIOS.

Intel® VT Technology

Intel® VT technology needs to be enabled in BIOS and it should always be available to McAfee Deep Defender during installation and for its other functions like detection and protection.

NOTE: McAfee Deep Defender cannot be installed on systems having Type 1 Hypervisors, because these virtual systems are already using the Intel® VT technology, and the VT bit is not available to McAfee Deep Defender. However, some of the Type 2 Hypervisors are supported. For more details on Type 2 Hypervisors support, refer to the KnowledgeBase article https://kc.mcafee.com/corporate/index?page=content&id=KB73629

Known issues

For McAfee Deep Defender 1.0.1 known issues, refer to the KnowledgeBase article https://kc.mcafee.com/corporate/index?page=content&id=KB75205.

NOTE: For McAfee Deep Defender 1.0 known issues, refer to the KnowledgeBase article https://kc.mcafee.com/corporate/index?page=content&id=KB73515.

Documentation

This release of McAfee Deep Defender 1.0.1 includes the following documentation set.

  • McAfee Deep Defender 1.0.1 Release Notes
  • McAfee Deep Defender 1.0.1 Product Guide

KnowledgeBase article for Deep Defender 1.0.1

How to install Deep Defender in Disabled Mode: https://kc.mcafee.com/corporate/index?page=content&id=KB75266.

Before installing McAfee Deep Defender 1.0.1

Before installing the McAfee Deep Defender software, make sure that your client system is ready and meets all requirements.

NOTE: Make sure that you uninstall the existing McAfee Agent package, installed as part of the pre-release software version, from your client system before installing the latest McAfee Deep Defender software.

Compatibility testing

McAfee provides a tool to determine which systems are compatible for installing McAfee Deep Defender. The tool can be run on managed systems or standalone systems.

Standalone systems — You must run the CompatibilityTester.exe application manually on each system, to test for the conditions required for McAfee Deep Defender compatibility. The return value of the application determines whether the tested system is compatible with McAfee Deep Defender.

Managed systems — If the system is connected to the McAfee ePO server, it sends its compatibility status to ePolicy Orchestrator through the McAfee Agent. The administrator runs the executable through the software deployment task in ePolicy Orchestrator.

For complete instructions on running the compatibility tool, see the McAfee Deep Defender 1.0 .1 Product Guide.

Installing McAfee Deep Defender 1.0.1

You can install and configure the software as a managed product or as a standalone product.

  • Standalone product — Use the Setup utility to install the software, then synchronize the target systems with the ePolicy Orchestrator server to configure and manage McAfee Deep Defender.
  • Managed product — Install the software using the McAfee ePO server.

For instructions on installing and configuring McAfee Deep Defender, see the McAfee Deep Defender 1.0.1 Product Guide.

COPYRIGHT

Copyright © 2012 McAfee, Inc. Do not copy without permission.

TRADEMARK ATTRIBUTIONS

McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.

LICENSE INFORMATION License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.