Release Notes. McAfee Active Response Content Update

Similar documents
Data Loss Prevention Discover 11.0

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

Installation Guide. McAfee Endpoint Security for Servers 5.0.0

McAfee Data Protection for Cloud 1.0.1

McAfee Policy Auditor 6.2.2

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator)

McAfee Host Intrusion Prevention 8.0

Installation Guide. McAfee Web Gateway Cloud Service

McAfee MVISION Endpoint 1808 Installation Guide

McAfee Endpoint Security

McAfee Content Security Reporter 2.6.x Migration Guide

Migration Guide. McAfee Content Security Reporter 2.4.0

McAfee MVISION Endpoint 1811 Installation Guide

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud)

McAfee Investigator Product Guide

McAfee Client Proxy Installation Guide

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator)

Migration Guide. McAfee File and Removable Media Protection 5.0.0

McAfee Firewall Enterprise epolicy Orchestrator Extension

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

McAfee File and Removable Media Protection 6.0.0

McAfee epolicy Orchestrator 5.9.1

McAfee Rogue Database Detection For use with epolicy Orchestrator Software

Addendum. McAfee Virtual Advanced Threat Defense

McAfee Boot Attestation Service 3.5.0

McAfee File and Removable Media Protection Installation Guide

Product Guide Revision A. McAfee Client Proxy 2.3.2

McAfee Content Security Reporter 2.6.x Installation Guide

McAfee Endpoint Security Threat Prevention Installation Guide - macos

McAfee Application Control Windows Installation Guide

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide

Boot Attestation Service 3.0.0

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Application Control Windows Installation Guide. (Unmanaged)

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0

McAfee MVISION Mobile epo Extension Product Guide

McAfee Endpoint Security for Servers Product Guide

McAfee MVISION Mobile Microsoft Intune Integration Guide

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Performance Optimizer 2.1.0

Addendum. McAfee Virtual Advanced Threat Defense

McAfee MVISION Mobile IBM MaaS360 Integration Guide

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0

McAfee Change Control and McAfee Application Control 8.0.0

McAfee Client Proxy Product Guide

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

McAfee MVISION Mobile Citrix XenMobile Integration Guide

McAfee epolicy Orchestrator Software

Archiving Service. Exchange server setup (2010) Secure Gateway (SEG) Service Administrative Guides

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

Reference Guide. McAfee Security for Microsoft Exchange 8.6.0

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0)

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide

Hardware Guide. McAfee MVM3200 Appliance

Product Guide. McAfee Performance Optimizer 2.2.0

Reference Guide. McAfee Application Control 7.0.0

McAfee MVISION Mobile AirWatch Integration Guide

McAfee MVISION Mobile Microsoft Intune Integration Guide

Reference Guide. McAfee Application Control 8.0.0

McAfee Network Security Platform

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator)

McAfee MVISION Mobile Silverback Integration Guide

McAfee Network Security Platform

McAfee File and Removable Media Protection Product Guide

Scripting Guide. McAfee Drive Encryption 7.2.0

Product Guide. McAfee Web Gateway Cloud Service

Product Guide. McAfee Web Gateway Cloud Service

Best Practices Guide. Amazon OpsWorks and Data Center Connector for AWS

McAfee Active Response 2.0.0

Account Management. Administrator Guide. Secure Gateway (SEG) Service Administrative Guides. Revised August 2013

McAfee MVISION Mobile MobileIron Integration Guide

McAfee Management of Native Encryption 3.0.0

Cloud Workload Discovery 4.5.1

Installation Guide. McAfee Web Gateway. for Riverbed Services Platform

Release Notes - McAfee Deep Defender 1.0

McAfee Cloud Identity Manager

Revision A. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

McAfee Cloud Identity Manager

Product Guide. McAfee Content Security Reporter 2.4.0

McAfee Cloud Identity Manager

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Cloud Identity Manager

Firewall Enterprise epolicy Orchestrator

McAfee SiteAdvisor Enterprise 3.5.0

Installation Guide Revision B. McAfee Active Response 2.2.0

McAfee Application Control and McAfee Change Control Linux Product Guide Linux

McAfee Content Security Reporter Product Guide. (McAfee epolicy Orchestrator)

McAfee Rogue System Detection 5.0.5

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager

Release Notes for McAfee(R) VirusScan Enterprise for Linux Version Hotfix Copyright (C) 2013 McAfee, Inc. All Rights Reserved

McAfee MOVE AntiVirus Installation Guide. (McAfee epolicy Orchestrator)

McAfee Cloud Workload Security Product Guide

McAfee Data Exchange Layer Product Guide. (McAfee epolicy Orchestrator)

Transcription:

Release Notes McAfee Active Response Content Update 1.1.0.239

COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, epolicy Orchestrator, McAfee epo, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence, McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfee Total Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Active Response Content Update 1.1.0.239 Release Notes

Contents 1 About this content update 5 2 What's included? 7 CommandLineHistory collector............................. 9 DisksAndPartitions collector.............................. 9 DNSCache collector................................. 10 EnvironmentVariables collector............................ 10 HostEntries collector................................ 10 HostInfo collector................................. 11 InstalledCertificates collector............................. 11 InstalledDrivers collector............................... 12 InteractiveSessions collector............................. 12 InstalledUpdates collector.............................. 13 LocalGroups collector................................ 13 NetworkSessions collector.............................. 13 NetworkShares collector............................... 14 ScheduledTasks collector............................... 14 Services collector.................................. 15 Startup collector.................................. 15 UsbConnectedStorageDevices collector......................... 16 UserProfiles collector................................ 16 3 Installation instructions 17 4 Finding Product Documentation 19 Index 21 McAfee Active Response Content Update 1.1.0.239 Release Notes 3

Contents 4 McAfee Active Response Content Update 1.1.0.239 Release Notes

1 About 1 this content update This content updates the Active Response built-in collectors. Release Date: September, 2016 Developed for use with: McAfee Active Response 1.1 Urgency rating: Optional. Apply this update if needed. Content updates are cumulative and include all content from previous content update versions. New content 1.1.0.239 InteractiveSessions collector A fix was implemented that solves the problem where the name output field was empty when searching on Windows endpoints. (BZ-1139731) Content from previous updates 1.1.0.214 HostInfo collector The physical interface IP address is reported for all hosts, instead of any virtual IP address. (BZ-1150489) InteractiveSessions collector The name output field now shows usernames from Linux endpoints. (BZ-1151820) Services collector On Linux endpoints, the collector returns information on recently stopped services. (BZ-1142734) 1.1.0.211 UserProfiles collector The 'Group' output field was renamed to 'Groups' to clarify that all user groups are listed in the field. (BZ-1145778) UserProfiles collector Member and group information was reformatted for better presentation. (BZ-1146293) 1.1.0.205 DNSCache collector Now the collector runs non-english Windows endpoints. (BZ-1139706) InteractiveSessions collector A change was made so that the name output field shows usernames from Windows endpoints. (BZ-1139731) UserProfiles collector The installdate output field now shows the date when the home folder was created for a new Windows user, not the date when the new user itself was created. (J-3099) 1.1.0.203 McAfee Active Response Content Update 1.1.0.239 Release Notes 5

1 About this content update CommandLineHistory collector NetworkSessions collector DisksAndPartitions collector NetworkShares collector EnvironmentVariables collector ScheduledTasks collector InstalledCertificates collector UsbConnectedStorageDevices collector Privacy notice Active Response collects information from the network, such as user names, system names, IP addresses, and audit data. Access to this information is available in Active Response pages within McAfee epo. Make sure that access to these pages is authorized and appropriately managed. McAfee epo restrictions to the System Tree through access management configuration do not prevent Active Response users from receiving information from systems outside their authorized segment of the system tree. Make sure that Active Response users are qualified and trained to appropriately handle private information from your users systems. 6 McAfee Active Response Content Update 1.1.0.239 Release Notes

2 What's 2 included? This content update provides a set of new Active Response collectors. CommandLineHistory Returns the command line history from managed Linux endpoints. DisksAndPartitions Collects information of disks and partitions. DNSCache Shows DNS information on endpoint local cache. EnvironmentVariables On Windows endpoints, EnvironmentVariables shows system, current user, volatile and processes variables. On Linux endpoints, EnvironmentVariables shows information from virtual files located in / proc/$processid/environ, where $PROCESSID is the process id number. HostEntries Returns the IP Address and Hostname from hosts file on Windows and Linux Systems. HostInfo Returns hostname, physical IP address and OS version. InstalledCertificates Returns information about installed certificates. InstalledDrivers Returns details about drivers installed on endpoint systems. InstalledUpdates Returns all installed updates, hot fixes and security updates. InteractiveSessions Gathers information about ongoing interactive sessions on managed systems. LocalGroups Shows the local groups on a host along with domain, description, and SID. McAfee Active Response Content Update 1.1.0.239 Release Notes 7

2 What's included? NetworkSessions Gets information of currently open network sessions on the endpoint. NetworkShares Finds network shared paths accessible from each managed endpoint. ScheduledTasks Shows the status of scheduled tasks on Windows endpoints, and also when it is scheduled to run next. Services List of registered services. Startup Shows information about start-up programs on endpoint systems. UsbConnectedStorageDevices Find which users have used USB mass storage devices on managed endpoints. This collector gets details on last usage and device details. UserProfiles Gathers data about local users on Windows endpoints. Contents CommandLineHistory collector DisksAndPartitions collector DNSCache collector EnvironmentVariables collector HostEntries collector HostInfo collector InstalledCertificates collector InstalledDrivers collector InteractiveSessions collector InstalledUpdates collector LocalGroups collector NetworkSessions collector NetworkShares collector ScheduledTasks collector Services collector Startup collector UsbConnectedStorageDevices collector UserProfiles collector 8 McAfee Active Response Content Update 1.1.0.239 Release Notes

What's included? CommandLineHistory collector 2 CommandLineHistory collector Returns the command line history from managed Linux endpoints. Collector output (Only on Linux) user String The user who runs the command. ID Number The incremental execution sequence number (number 1 is the first command executed). CommandLine String The command executed. The history of the command_line and the number depend on the previous configuration available on each endpoint. Show history of the usage of the service command CommandLineHistory where CommandLineHistory command_line contains "service" DisksAndPartitions collector Collects information of disks and partitions. Table 2-1 Collector output disk String Numeric index of the physical disk. model String Model of the physical disk. disk_size String Size of the physical disk. logical_sector String Size of the logical sector in bytes. On Windows, only NTFS partitions are supported. physical_sector virtual_loc disk_flags partition volume partition_size partition_freespace file_system type partition_flags String Size of the physical sector in bytes. String Virtual location of the physical device. (Only for Linux) String Flags of the disk. (Only for Linux) String Numeric index of the partition on a physical disk. String Volume of the partition or location where it is mounted. String Size of the partition. String Free space available in the partition. String Name of the file system. String Type of physical device. For example, fixed hard disk media, removable disk media. (Only for Windows) String Flags of the partition. Show the models of physical disks connected to endpoint "john-pc" DisksAndPartitions model where HostInfo hostname equals "john-pc" McAfee Active Response Content Update 1.1.0.239 Release Notes 9

2 What's included? DNSCache collector DNSCache collector The DNSCache collector shows DNS information on endpoint local cache. Table 2-2 Collector output hostname String The host name. ipaddress String The IP address for the host. Show DNS information for host "ping.alot.com" DNSCache where DNSCache hostname equals "ping.alot.com" EnvironmentVariables collector On Windows endpoints, EnvironmentVariables shows system, current user, volatile and processes variables. On Linux endpoints, EnvironmentVariables shows information from virtual files located in / proc/$processid/environ, where $PROCESSID is the process id number. Collector output username String The owner of the process that is running on the environment where this variable is set. process_id Number ID given by operating system to the process. name String The variable's name. value String Value set by variable. Show the PATH environment variable set on endpoint 192.168.0.5 EnvironmentVariables where EnvironmentVariables name equals "PATH" and HostInfo ip_address equals 192.168.0.5 HostEntries collector The HostEntries collector shows the IP addresses and host names from hosts file on Windows and Linux endpoints. Table 2-3 Collector output ipaddress IP An IP address set in the hosts file. hostname String The host name mapping for the IP address. Find endpoints whose hosts file configures access to www.malware.com. HostEntries where HostEntries hostname equals "www.malware.com" 10 McAfee Active Response Content Update 1.1.0.239 Release Notes

What's included? HostInfo collector 2 HostInfo collector The HostInfo collector shows an endpoint's host name, physical IP address, and operating system version. Table 2-4 Collector output hostname String The endpoint's host name. ip_address IP The endpoint's first physical IP address os String The endpoint's operating system version. Find all endpoints with Windows operating system. HostInfo where HostInfo os contains "Windows" InstalledCertificates collector Returns information about installed certificates. Collector output issued_to String The subject field identifies the entity associated with the public key stored in the subject public key field. issued_by String Identifies the entity that has signed and issued the certificate. expiration_date Time stamp Indicates the expiration date of the certificate. purposes String The key usage extension defines the purpose (for example, encipherment, signature, and certificate signing) of the key obtained in the certificate. The usage restriction might be employed when a key that could be sent for more than one operation is to be restricted. purposes_extended String This extension indicates one or more purposes for which the certified public key might be used, in addition to or in place of the basic purposes indicated in the key usage extension. In general, this extension appears only in end entity certificates. This field is optional. (Extended Key Usage on Linux and Enhanced Key Usage on Windows). friendly_name String Displays a more friendly name of the certificate. (Only on Windows) On Linux files and certificates are ca-bundle.crt and ca-bundle.trust.crl at /etc/pki/tls/certs and on Windows certificates must be registered in the drivers at Certs:. Otherwise, the certificates aren't displayed. Show the installed certificates issued by Intel where installed_certificates issued_by contains "Intel" McAfee Active Response Content Update 1.1.0.239 Release Notes 11

2 What's included? InstalledDrivers collector InstalledDrivers collector The InstalledDrivers collector shows details about drivers installed on managed endpoints. Table 2-5 Collector output displayname String The display name for the driver. description String A description for the driver. installdate Timestamp A date-time value indicating when the driver was installed. name String A short name that uniquely identifies the driver. servicetype String The type of service provided to calling processes. startmode String The driver start-up mode. Boot the driver is started by the operating system loader. System the driver is started by the operating system. Automatic the driver starts automatically at system start-up. Manual the driver starts by the service control manager. Disabled the driver can no longer be started. state String The current state of the driver. path String The fully qualified path to the driver file. Show drivers which are disabled on endpoints. InstalledDrivers where InstalledDrivers state equals "disabled" InteractiveSessions collector The InteractiveSessions collector gathers information about ongoing interactive sessions on managed systems. Table 2-6 Collector output userid String The username that is logged into the session. name String The user's full name. Show interactive sessions for user 'owilde' InteractiveSessions where InteractiveSessions userid equals "owilde" On Windows endpoints, information of past sessions may appear in the results if they belonged to accounts from different domains that have the same userid as the currently active one. 12 McAfee Active Response Content Update 1.1.0.239 Release Notes

What's included? InstalledUpdates collector 2 InstalledUpdates collector The InstalledUpdates collector gathers data about installed updates, hotfixes, and security updates on Windows endpoints. Table 2-7 Collector output description String The description for the update package. hotfix_id String Microsoft knowledge base identifier for the update package. install_date Timestamp The date when the package was installed. installed_by String The user name that performed the installation, qualified by its namespace. Show which hotfix packages where installed by bad_user. InstalledUpdates where InstalledUpdates description equals "Hotfix" and InstalledUpdates installed_by contains "bad_user" LocalGroups collector The LocalGroups collector gathers data on local system groups. Table 2-8 Collector output groupname String The name of the group. groupdomain String The domain name of the local group. groupdescription String The description of the local group. islocal String Confirms that the group is stored locally on the endpoint. sid String The security identifier for the group. Show local groups under the "corp.sensitive" domain. LocalGroups where LocalGroups groupdomain contains "corp.sensitive" NetworkSessions collector Gets information of currently open network sessions on the endpoint. Collector output computer String IP or hostname of remote endpoint. user String User logged on to host through the network session. client String Remote session command provider. (Only on Windows.) file String Path of local resource being accessed by client. (Only on Windows.) idletime String Time since last session activity. (Only on Windows.) McAfee Active Response Content Update 1.1.0.239 Release Notes 13

2 What's included? NetworkShares collector Show which shared resources are being accessed by username "owilde" NetworkSessions where NetworkSessions user equals "owilde" NetworkShares collector Finds network shared paths accessible from each managed endpoint. Collector output name String Name of shared resource. description String Description of shared resource set either by the user or by default. path String Local path to the resource. When Samba service is started, only resources configured at /etc/samba/smb.conf are returned by the collector. It obtains information of the Network File System (NFS) from file /etc/samba/smb.conf. Show which paths on endpoint "owilde-office" are being shared NetworkShares path where HostEntries hostname equals "owilde-office" ScheduledTasks collector Shows the status of scheduled tasks on Windows and Linux endpoints, and also when it is scheduled to run next. Collector output folder taskname String The path from where the scheduled task runs. (Empty in Linux) String Name of task. nextruntime Date Time and date when the task will run. status task_run String Current task status can be ready, disabled, setting, running, or could not start. String Full command line to execute tasks. last_run Date Last time the task ran successfully. username schedule_on log_on_type String Name of the user that executed the task. String See Trigger field documentation. String Security logon method required to run tasks. See Log on Type documentation. (Only for Windows) 14 McAfee Active Response Content Update 1.1.0.239 Release Notes

What's included? Services collector 2 Show when will the task called 'backupdaily' run next ScheduledTasks taskname, nextruntime where ScheduledTasks taskname equals "backupdaily" Services collector The Services collector lists services installed on managed endpoints. Table 2-9 Collector output description String A description of the service's functionality. name String A short name that uniquely identifies the service. startuptype String The start-up mode. Boot specifies a device driver started by the operating system loader. System specifies a device driver started by the operating system. Automatic specifies a service that starts automatically at system start-up. Manual specifies a service started by the service control manager. Disabled specifies a service that can no longer be started. status String The current status of the service. user String The user that owns the service's process. Show services that are currently running and are set to start manually by users. Services where Services status equals "Running" and Services startuptype equals "Manually" Startup collector The Startup collector shows information about start-up applications on managed endpoints. Table 2-10 Collector output caption String The short name set by the application. command String The command line that starts the application. description String The description set by the application. name String The application's file name. user String The user name for whom this start-up command will run. Show applications that start up automatically for user 'owilde' Startup where Startup user equals "owilde" McAfee Active Response Content Update 1.1.0.239 Release Notes 15

2 What's included? UsbConnectedStorageDevices collector UsbConnectedStorageDevices collector Find which users have used USB mass storage devices on managed endpoints. This collector gets details on last usage and device details. Collector output vendor_id product_id serial_number device_type guid String Device's vendor ID. String Device's product ID. String Device's serial number. String Only "USB storage" type is supported. String ID provided by operating system. (Only on Windows) last_connection_time Date Last time the device was plugged. (Only on Windows) user_name String User that mounted the device. If no user was logged in when device was mounted, then the field will be empty. (Only on Windows) last_time_used_by_user Date Last time the operating system touched the device. Show all USB storage devices that were connected to computers with running Windows UsbConnectedStorageDevices where HostInfo os contains "win" UserProfiles collector The UserProfiles collector gathers data about local users on Windows endpoints. Collector output accountdisabled String True if the account is disabled. False otherwise. domain String The domain that holds the user. fullname String The user's full name. installdate Timestamp The creation date for the user's home folder (C:\Users\user name). The user must log in at least once for this date to be returned. localaccount String True if the user is stored locally on the endpoint. False otherwise. lockedout String True if the user has been locked out from the endpoint. False otherwise. accountname String The user's account name. sid String The security identifier for the user. passwordexpires String True if the password is configured to expire. False otherwise. group String A list of groups that contain the user account. Find user accounts that have been locked out from endpoints. UserProfiles where UserProfiles lockedout equals "true" 16 McAfee Active Response Content Update 1.1.0.239 Release Notes

3 3 Installation instructions Active Response Content Update package is automatically installed when the package is pulled in to the Master Repository. You must log in to McAfee epo as an administrator to complete these instructions. Task For option definitions, click? in the interface. 1 In McAfee epo, select Menu Software Master Repository and click Pull Now. 2 Select a Source site, a Branch, and Options according to you deployment needs. Then click Next. 3 In Package options section, select Selected packages. 4 In Package types section, select Active Response Content 1.1.0. Then click Next. 5 Click Start Pull. 6 Confirm the upgrade was successful. a Select Menu Systems Section Active Response Catalog. b Check that the new content appears on the catalog. McAfee Active Response Content Update 1.1.0.239 Release Notes 17

3 Installation instructions 18 McAfee Active Response Content Update 1.1.0.239 Release Notes

4 Finding Product Documentation Every McAfee product has a comprehensive set of documentation. Product Guide -- PD26296 Known Issues -- KB84472 McAfee Active Response Content Update 1.1.0.239 Release Notes 19

4 Finding Product Documentation 20 McAfee Active Response Content Update 1.1.0.239 Release Notes

Index B built-in collectors DNSCache collector 10 EnvironmentVariables collector 10 HostEntries collector 10 HostInfo collector 11 InstalledDrivers collector 12 InstalledUpdates collector 13 InteractiveSessions collector 12 LocalGroups collector 13 NetworkSessions collector 13 NetworkShares collector 14 ScheduledTasks collector 14 Services collector 15 Startup collector 15 UsbConnectedStorageDevices collector 16 UserProfiles collector 16 D DNSCache collector, See built-in collectors E EnvironmentVariables collector, See built-in collectors H I InstalledDrivers collector, See built-in collectors InstalledUpdates collector, See built-in collectors InteractiveSessions collector, See built-in collectors L LocalGroups collector, See built-in collectors N NetworkSessions collector, See built-in collectors NetworkShares collector, See built-in collectors P processes collector, See built-in collectors S ScheduledTasks collector, See built-in collectors Services collector, See built-in collectors Startup collector, See built-in collectors U UsbConnectedStorageDevices collector, See built-in collectors UserProfiles collector, See built-in collectors HostInfo collector, See built-in collectors McAfee Active Response Content Update 1.1.0.239 Release Notes 21

0-00

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback