With this release, you can monitor the status of your appliances and also manage your appliance from McAfee ePolicy Orchestrator.
You can directly manage your appliances from ePolicy Orchestrator, without needing to launch the interface for each appliance.
In ePolicy Orchestrator, the user interface pages that you use to configure and manage your Email and Web Security Appliances have a familiar look-and-feel to the pages that you find within the appliances. However, there are some differences between the options available in Email and Web Security Appliance and where they are located, and those that are available when running Email and Web Security Appliance from ePolicy Orchestrator. For more information, see KB70679.
Message Search provides you with a convenient method to locate email messages on your appliance.
A common request from users is "What happened to the email message I sent yesterday?", or "My supplier emailed me on Monday, why haven't I received his message yet?"
From a single location within the user interface, Message Search allows you to confirm the status of email messages that have passed through the appliance. It provides you with information about the email, including whether it was delivered or blocked, if the message bounced, if it was quarantined or held in a queue pending further action.
The Data Loss Prevention features enable you to upload and analyze your sensitive documents — known as training — by using the Email and Web Security Appliances user interface or ePolicy Orchestrator, and to create fingerprints representing each document.
When scanning your outgoing email messages, the appliance extracts all content and creates further fingerprints. These fingerprints are then compared with the trained fingerprints from your sensitive documents. If these fingerprints match either the whole or partial document, then the appliance applies the actions that you configure.
By using fingerprints of your sensitive data, none of the content of your sensitive documents are located on your appliances.
This release of the McAfee Email and Web Security Appliance software includes enhancements to compliance filtering incorporating a large selection of template compliance rules and dictionaries covering multiple countries and regulations.
When managing your Email and Web Security appliances, having the image for each appliance stored on a protected partition on the hard disk of each appliance enables you to remotely reimage your appliances.
The rescue image negates the requirement for remote access cards to be fitted to your appliance (if you have suitable appliance models) for the appliances to be reimaged from a remote location.
In addition to installing the software image on the protected partition, you can also create a bootable image on a USB drive for your appliances.
McAfee analyzes data about detections and alerts, threat details, and usage statistics from a broad set of customers to combat electronic attacks, protect vulnerable systems from exploit, and thwart cyber crime. By enabling this feedback service in your product, you will help us improve McAfee Global Threat Intelligence, thereby making your McAfee products more effective, as well as help us work with law enforcement to address electronic threats.
McAfee Global Threat Intelligence tracks the entire threat lifecycle, enabling predictive security to guard against the latest vulnerabilities, ensure regulatory and internal compliance, and lower the cost of remediation.
This release of Email and Web Security Appliance software includes the ability to carry out remote URL category lookups, using the McAfee Global Threat Intelligence web reputation service.
This release provides 3rd party integration for system logging (syslog) reporting using ArcSight and Splunk monitoring systems.
In addition to the Kerberos authentication method already available within Email and Web Security Appliances, this release now includes RADIUS authentication as an option within the Role-Based User Accounts.
| • | DAT version: 6175.000 |
| • | Engine Version: 5400 |
| • | Release Date: December 15, 2010 |
Thank you for choosing this McAfee product. This document contains important information about the current release. We strongly recommend that you read the entire document.
| We do not support the automatic upgrade of a pre-release software version. To upgrade to a production release of the software, you must first uninstall the existing version. |
This release introduces several new features. Some of these features have resulted in changes to the user interface. This section details some of these changes.
Here is a list of known issues that we were aware of at production time. For up-to-date information about these issues, see Knowledgebase article KB70676, available from https://mysupport.mcafee.com.
ePolicy Orchestrator "Back" button does not function correctly when editing Email and Web Security policy.
When editing the Email and Web Security policy from within ePolicy Orchestrator, the Back button does not function correctly.
To work around this issue, click the Back button twice.
See Knowledgebase article KB70641 for further information.
The "Change passphrases" button should not appear in ePolicy Orchestrator
When using ePolicy Orchestrator to modify the settings within Logging | SNMP Monitor Settings, the Change passphrases button should be hidden from the interface when SNMP Monitor using Protocol version: v3 is selected.
See Knowledgebase article KB70644 for further information.
Blank settings within your ePO configuration overwrite appliance configuration
Be aware that if you leave some settings blank within your ePO-generated configuration for your appliance (such as the DNS or routing information), the blank settings will overwrite the existing configuration when the configuration is next pushed to your appliance. This may lead your appliance to stop functioning.
See Knowledgebase article KB70655 for further information.
Language-dependent settings not pushed when ePolicy Orchestrator is displaying a different language
If you are configuring language-dependant settings, such as the default alert messages, from your ePolicy Orchestrator server, ensure that the language you configure the alerts in (within ePolicy Orchestrator) is the same as the appliance language.
See Knowledgebase article KB70647 for further information.
Error shown on appliance Dashboard — Unsuccessful attempts to communicate
Where your appliance is configured to use IPv6 to communicate with ePolicy Orchestrator, the appliance Dashboard displays an error regarding unsuccessful attempts to communicate with the ePolicy Orchestrator server, despite all communication being successful.
This error can be ignored, or, to work around this issue, use IPv4 when configuring your appliance to communicate with ePolicy Orchestrator.
See Knowledgebase article KB70648 for further information.
All DLP events are not displayed on the ePolicy Orchestrator Dashboard
The events are generated correctly on the appliance and sent to the ePolicy Orchestrator database. Monitored DLP events are displayed correctly on ePolicy Orchestrator, but Blocked DLP events are not.
See Knowledgebase article KB70664 for further information.
Data Loss Prevention database does not roll back as expected
If you add Data Loss Prevention categories and documents to your scanning policies, and later modify these categories, when you roll back your Email and Web Security Appliance configuration to the previous version, the Data Loss Prevention database does not roll back as expected.
See Knowledgebase article KB70649 for further information.
Fingerprints for Lotus WordPro (.lwp) files differ depending on the operating system used when fingerprinting
When fingerprinting Lotus WordPro files, the fingerprints differ depending on the operation system used.
To work around this, ensure that you create the fingerprints on the same operating system where the files are going to be detected.
See Knowledgebase article KB70650 for further information.
Fingerprinting compressed files that contain double-byte characters without selecting appropriate character encoding may cause an error
Attempting to upload compressed folders that include file names that use double-byte characters may cause an error message if you do not select an appropriate character encoding from the user interface.
See Knowledgebase article KB70659 for further information.
Applying configuration can take a few minutes when adding a large file to the database
After a large document is added to the DLP database, any files added afterwards take a long time to register, regardless of their size.
See Knowledgebase article KB70670 for further information.
When preparing files for fingerprinting, please consider the following:
| • | XML files cannot be fingerprinted (will have zero fingerprints) unless the XML file has text nodes. |
| • | Fingerprinting GIFs, JPEGs, and RAR files will give an error 'Not enough text to create fingerprints'. |
| • | When fingerprinting EML files, body elements or attachments inside the email will be fingerprinted instead of fingerprinting the EML file itself. |
| • | When fingerprinting ZIPs and BZ files, the files within the container will be extracted and the individual files fingerprinted. |
| • | Protected files and encrypted files cannot be fingerprinted. |
See Knowledgebase article KB70671 for further information.
Viewing and editing message digests
Microsoft Internet Explorer 6 displays HTML source, rather than WYSIWYG content to view and edit Quarantine Digest messages. To avoid this issue, McAfee recommends that you use Internet Explorer 7 or above with Email and Web Security Appliance 5.6.
See Knowledgebase article KB70645 for further information.
LDAP Synchronization
LDAP Synchronization fails with an error 'sizeLimitExceeded'. When using openLDAP, there is a limit for the maximum number of entries that is returned for a user or group query operation. If you experience the 'sizeLimitExceeded' error, McAfee recommends you increase the size limit.
See Knowledgebase article KB67306 for further information.
Error returned after restoring a configuration file
Restoring a backup configuration file from a previous version of the software that contains a corrupted rules.xml file or importing a dictionary from a corrupted rules file produces a schema validation error.
See Knowledgebase article KB70672 for further information.
Error returned when *a is used as a condition when searching a dictionary
In Microsoft Internet Explorer 7, using the a* character as a condition when searching a dictionary produces an error.
See Knowledgebase article KB70653 for further information.
Incorrect time shown in the Message Search user interface.
When a queued email is delivered after retrying, queued time is shown instead of the delivered time.
See Knowledgebase article KB70654 for further information.
In resilient mode, configuring the out-of-band network may cause bridge loops
If the external switch used to set up out-of-band management for the blade server in resilient mode doesn't support PVST+ then this may cause bridge loops. This applies to M3 and M7 enclosures only if GBe2c interconnects are used for out-of-band management. This does not apply to the M7 enclosure if you connect to the out-of-band management network using the passthrough modules.
See Knowledgebase article KB70656 for further information.
Scanning blades show as FAULTY on the master blade Dashboard
After an "Option 2" upgrade to a blade system that has McAfee Web Gateway (formerly Webwasher) enabled, the scanning blades show 'FAULTY' in the Load Balancing area on the master blade Dashboard because the Web Gateway license file may not be present to automatically license the scanning blades.
To resolve this issue, upload the Web Gateway license file again using the Setup Wizard available in the user interface (System | Setup Wizard).
See Knowledgebase article KB70657 for further information.
Web Gateway configuration is not preserved using installation option 2b to upgrade
If you use Option 2b to upgrade the software on a blade server that has McAfee Web Gateway (formerly Webwasher) enabled, all Web Gateway configuration information is lost.
To avoid this issue, McAfee recommends that you use Option 2 instead. Alternatively, back up the configuration and restore it after the upgrade. To ensure that the Web Gateway license file installs correctly, use the Setup Wizard to upload it again.
See Knowledgebase article KB70646 for further information.
On a master blade server, the /var/log/httpd/error_log contains "permission denied" errors when updating
The error message is benign in this circumstance.
See Knowledgebase article KB70645 for further information.
English only online help for Resilient Mode
The help page for the Resilient Mode is available in English for all languages.
See Knowledgebase article KB70660 for further information.
McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.
| 1 | Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. | ||||||||||||||||
| 2 |
Under Self Service, access the type of information you need:
|
Copyright © 2010 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.