Release Notes - McAfee Deep Defender 1.0 About this document About this release Features Known issues Documentation Before installing McAfee Deep Defender 1.0 Installing McAfee Deep Defender 1.0 About this document Thank you for using McAfee Deep Defender 1.0. This document contains important information about this release. We strongly recommend that you read the entire document. Important: We do not support the automatic upgrade of a pre-release software version. To upgrade to a production release of the software, you must first uninstall the existing version. About this release McAfee Deep Defender is hardware-assisted endpoint security, enabled by McAfee DeepSAFE technology, to operate below the operating system. It detects, blocks, and remediates advanced rootkits. McAfee DeepSAFE technology was co-developed with Intel and enables McAfee Deep Defender to identify malware that is hard to detect by any traditional security solutions. McAfee DeepSAFE technology delivers: A technology platform for future security solutions A trusted view of system events beyond the operating system A new method to block sophisticated advanced persistent threats (APTs) and stealth techniques in real time, before they have a chance to hide The ability to uncover threats that traditional operating system-based security does not detect
Features McAfee Deep Defender performs real-time memory and CPU monitoring, zero-day detection and protection. It can be installed as a standalone product or can be managed with the McAfee epolicy Orchestrator platform. The following features of McAfee Deep Defender are important for your organization's system security. Real-time malicious kernel event, rootkit and APT monitoring, blocking and remediation Alerting, blocking, and remediation based on configurable sensitivity levels Monitoring of predefined kernel memory locations Attribution of suspicious memory I/O events to threats on disk GTI/Cloud integration for telemetry and proactive protection epolicy Orchestrator (McAfee epo ) administration McAfee Deep Defender integrates itself fully into the epolicy Orchestrator management software and provides these features to use the software effectively. Deploy and manage the product through the McAfee epo console Push McAfee Deep Defender-specific policies Run tasks on the end nodes to scan for hidden processes Push McAfee Deep Defender-specific content Report product properties to administrators in the McAfee epo console Remotely configure global settings through the McAfee epo console Send McAfee Deep Defender-generated events to the McAfee epo server Pre-install scan McAfee Deep Defender can be installed on systems already infected with malware and rootkits. To increase the chance of a successful installation of the product on these systems, the pre-install scan prepares a secured and malware-free environment. The pre-install scan eliminates malware that can potentially attack the installer itself. It ensures protection for files that are being installed by the installer. When the scanner detects a known rootkit, it performs appropriate repair and remediation action, including: Repair the file. Delete the file or, if the file is locked, mark it to be deleted on reboot. Back up or quarantine the original file. Verify that your system meets these requirements before you start the installation process.
NOTE: These are the minimum requirements for McAfee Deep Defender. You must also consider system requirements for any other products you are installing, such as McAfee epolicy Orchestrator. System requirements McAfee epo server systems Client systems for McAfee Deep Defender See the epolicy Orchestrator product documentation for versions 4.5 or 4.6 RAM: 2 GB (32-bit) or 4 GB (64-bit) Hard Disk: 16 GB (32-bit) or 20 GB (64-bit) free disk space Software requirements Software (or package names) McAfee management software McAfee epolicy Orchestrator 4.5 or 4.6 McAfee Agent for Windows 4.6 McAfee Deep Defender software Extension DeepDefenderMETA.ZIP McAfee Deep Defender software package Deep Defender_<build number>_pkg.zip Operating system requirements McAfee epo server systems Client systems for McAfee Deep Defender Software See the documentation for McAfee epolicy Orchestrator 4.5 or 4.6 Microsoft Windows 7 32-bit and 64-bit Hardware requirements Intel Core i3, i5, and i7 processors with Intel VT technology Remarks Intel VT must be enabled in BIOS and should be available for McAfee Deep Defender. Important: The BIOS should be in legacy BIOS compatibility mode, not in EFI mode. Also, make sure that you enable the NX bit/data execution bit (XD bit) in BIOS. Intel VT Technology Intel VT technology needs to be enabled in BIOS and it should always be available to McAfee Deep Defender during installation and for its other functions like detection and protection. NOTE: McAfee Deep Defender cannot be installed on systems having Type 1 Hypervisors, because these virtual systems are already using the Intel VT technology, and the VT bit is not available to McAfee Deep Defender. However, some of the Type 2 Hypervisors are supported. For more details
on Type 2 Hypervisors support, refer to the KnowledgeBase article https://kc.mcafee.com/corporate/index?page=content&id=kb73629 Known issues For McAfee Deep Defender 1.0 known issues, refer to the KnowledgeBase article https://kc.mcafee.com/corporate/index?page=content&id=kb73515. Documentation This release of McAfee Deep Defender 1.0 includes the following documentation set. McAfee Deep Defender 1.0 Release Notes McAfee Deep Defender 1.0 Product Guide McAfee Deep Defender standalone Help help_dd_100 (McAfee epo Help Extension for McAfee Deep Defender 1.0) Before installing McAfee Deep Defender 1.0 Before installing the McAfee Deep Defender software, make sure that your client system is ready and meets all requirements. Compatibility testing McAfee provides a tool to determine which systems are compatible for installing McAfee Deep Defender. The tool can be run on managed systems or standalone systems. Standalone systems You must run the CompatibilityTester.exe application manually on each system, to test for the conditions required for McAfee Deep Defender compatibility. The return value of the application determines whether the tested system is compatible with McAfee Deep Defender. Managed systems If the system is connected to the McAfee epo server, it sends its compatibility status to epolicy Orchestrator through the McAfee Agent. The administrator runs the executable through the software deployment task in epolicy Orchestrator. For complete instructions on running the compatibility tool, see the McAfee Deep Defender 1.0 Product Guide. Installing McAfee Deep Defender 1.0 You can install and configure the software as a managed product or as a standalone product. Standalone product Use the Setup utility to install the software, then synchronize the target systems with the epolicy Orchestrator server to configure and manage McAfee Deep Defender. Managed product Install the software using the McAfee epo server.
For instructions on installing and configuring McAfee Deep Defender, see the McAfee Deep Defender 1.0 Product Guide. COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.