Release Notes

McAfee® Risk Advisor 2.7.0

For use with ePolicy Orchestrator® 4.5.0 and 4.6.0 Software

About this document
New features
System Requirements
Installing and verifying the extension
Known issues
Find product documentation

About this document

Thank you for choosing this McAfee product. This document contains important information about the current release. We strongly recommend that you read the entire document.

New features

New and updated features in the current release of the software are described below:

Option Definition
Advanced Reporting Group Perform selective threat-asset reporting by creating groups of systems based on groups or tags and threats based on tags. For example, determine the impact a specific set of threats are having on your server class machines or assets belonging to a specific business unit.
User-defined countermeasures Specify countermeasures that are not integrated with McAfee Risk Advisor. Declare a user-defined countermeasure to consider a set of assets as protected against a set of threats during analysis.
Suppressions Suppress a selection of threats for a selection of assets to perform analysis based on your requirements. The selected threat-asset combination is temporarily excluded from analysis.
Countermeasure override Override a countermeasure for selected assets from an asset-centric page to consider them as not protected by the countermeasure during analysis. For example, override McAfee Network Security Platform countermeasure declaration for an asset.
McAfee Application Control integration Import application inventory and countermeasure data from McAfee Application Control.
Patch Tuesday reports Generate and view Patch Tuesday specific reports using the Security Bulletin dashboard and additional Patch Report queries to make decision on patching efforts and assess the effectiveness of patching operations over a period of time.
The MRA: Security Bulletin Dashboard includes the following monitors:
MRA Patch Report: Microsoft Patch Tuesday Threats Trend — Displays the number of Patch Tuesday threats released over the last three months.
MRA Patch Report: Risk Score for Systems Group across Patch Tuesday Threats — Displays the aggregated risk scores of each system group over the latest Microsoft Patch Tuesday threats.
MRA Patch Report: Assets at Risk from Patch Tuesday Threats by Criticality — Displays the assets based on their criticality that are at-risk by Patch Tuesday threats released over the last three months.
MRA Patch Report: Assets at Risk from Patch Tuesday Threats by System Group — Displays the assets based on their reporting groups that are at-risk by Patch Tuesday threats released over the last three months.
McAfee Network Security Platform focused queries Create and run these additional McAfee Network Security Platform queries:
Predefined queries:
MRA: NSP Sensor-Port-Policy with Attacks set to block — Retrieves information about the blocked attacks for every McAfee Network Security Platform sensor, port, and policy association.
MRA: NSP System Attack Coverage — Retrieves information about the attacks for every McAfee Network Security Platform sensor, port, and policy association for each system.
MRA: NSP System Coverage — Retrieves information about the sensor, port, and policy association for the systems covered by McAfee Network Security Platform.
MRA: Systems Not Protected by NSP — Retrieves information about the assets that are not protected by McAfee Network Security Platform.
Custom queries:
NSP Sensor-Port-Policy Attack Configuration — Retrieves information about the attacks for every McAfee Network Security Platform sensor, port, and policy association.
NSP System Association — Retrieves information about the sensor, port, and policy association for the systems covered by McAfee Network Security Platform.
NSP Threat Asset Protection — Retrieves information about the countermeasure protection status for threat-asset combinations.
Enhanced automatic responses Configure actions to take when specific events occur in your environment, including: asset-based events and risk score-based events.
Enhanced what-if analysis Select systems based on groups or tags to perform the what-if analysis.
Enhanced search capability Perform Quick Search based on threat filters in threat-centric pages.
Localization Product and threat data are localized in two languages: Chinese (Simplified) and Spanish; and documentation in six languages: Chinese (Simplified and Traditional), Japanese, Spanish, French, and German.

System Requirements

This release supports a full installation of the product as well as an upgrade from the previous versions.

Supported upgrades
McAfee Risk Advisor 2.5.x
McAfee Risk Advisor 2.6.x
Supported McAfee ePolicy Orchestrator version(s)
ePolicy Orchestrator 4.5 patch 4 or later
ePolicy Orchestrator 4.6

Supported managed products

McAfee Risk Advisor analyzes data from the following managed products that are integrated with ePolicy Orchestrator through their product extensions.

Managed product Required extension
McAfee® Application Control Solidcore extension 5.0.2 or later
McAfee® Host Intrusion Prevention 7.0.0 or later
McAfee® Network Security Platform Rogue System Detection 2.0.2 or later
McAfee® Policy Auditor 5.3.0 or later
McAfee® Vulnerability Manager Foundstone 6.8.0 or later
McAfee® VirusScan® Enterprise No extension required

Rollup reporting requirements

Master refers to the reporting server and slave refers to the server from where the data is to be rolled up. The following master-slave server combinations are supported:

Product Master version Slave version
ePolicy Orchestrator 4.6.x 4.6.x or 4.5.x
4.5.x 4.5.x
McAfee Risk Advisor 2.7 2.7 or 2.6.x

Supported Database

Microsoft SQL 2005 or 2008

Database requirements

McAfee Risk Advisor does not function properly if Microsoft SQL 2005 is running in SQL 2000 Compatibility Mode. Any customization to the Microsoft SQL Server installation should follow the best practice guidelines provided by the database vendor.
McAfee Risk Advisor does not support the use of SQL Express.
The database user must have sysadmin privilege.
Make sure that the database collation is SQL_Latin1_General_Cp1_CI_AS.
(Optional) For application data reconciliation, SQL Server's Full Text Search must be installed and the service running prior to the McAfee Risk Advisor install or upgrade.

Disk Space Requirements

McAfee Risk Advisor requires a minimum of 4 GB free disk space for the database. The actual disk space required depends upon the number of assets being managed by the ePolicy Orchestrator server. For database sizing guidelines, refer to the McAfee Risk Advisor 2.7 Database Sizing and Resource Usage Guide.

Installing and verifying the extension

Task
1 Close the ePolicy Orchestrator console.
2 Run the installation program for McAfee Risk Advisor, Setup.exe.
If this is an upgrade, a message appears about the upgrade. Click Yes to continue.
3 In the Setup Requirements screen, verify that the message All required applications were found appears, then click Next.
If this message does not appear, cancel the installation and install the applications specified, then run the McAfee Risk Advisor installation program again.
4 In the Welcome screen, click Next to display the license agreement screen.
5 From the drop-down lists, select a license type and the location where the product will be used. Select I accept the terms in the license agreement, then click OK.
6 If this is an upgrade, skip to the next step. Otherwise, in the Choose Destination Location screen, accept the default location or browse to another location, then click Next.
7 In the Set Administrator Information screen, provide the ePolicy Orchestrator global administrator user name and password, then click Next.
8 From the list that appears in the Set Optional Information screen, select the appropriate options and click Next. Options are:
Application Awareness — Select this to use Application Inventory data during risk analysis. (requires support for Full Text Search in your database)
Risk Advisor Rollup Reporting — Select this for rollup reporting.
Third party Vulnerability Detector extension — Select this to import vulnerability data from non-McAfee detectors.
Products — Select the McAfee product from which you want McAfee Risk Advisor to import data, or click Select All for all available McAfee product extensions.
CautionSelect all the products and features you want, even if you didn't select them during your previous installation.
9 In the Start Copying Files screen, review your installation settings, then click Next to continue.
10 When the installation is complete, click Finish.
11 Verify that McAfee Risk Advisor is upgraded with all the features selected during installation.
To verify that McAfee Risk Advisor was successfully installed, click Menu | Software | Extensions, select Risk Advisor from the Extensions list, then verify that version is 2.7.0 and status is Installed for the core extension and other data import extensions.
Verify that the McAfee Risk Advisor data import extensions for the features and McAfee products selected during installation are available. For example, MRA Application Core, MRA Application Inventory, MRA Foundstone, MRA HIPS, MRA Network Security Platform, MRA Rollup Reporting, MRA Solidcore, MRA Third Party, MRA VSE, and MRA Policy Auditor.
If application awareness was selected during installation, verify that —
The Application Inventory extension is installed.
The data import extensions such as MRA Application Inventory and MRA Solidcore, if selected, are installed under Risk Advisor.
The McAfee Application Inventory package is installed under Menu | Software | Master Repository.

Known issues

For known issues in this product release, refer to KnowledgeBase article KB73805.

Find product documentation

McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.

Task
1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.
2 Under Self Service, access the type of information you need:
To access... Do this...
User documentation
1Click Product Documentation.
2Select a product, then select a version.
3Select a product document.
KnowledgeBase
Click Search the KnowledgeBase for answers to your product questions.
Click Browse the KnowledgeBase for articles listed by product and version.