Product Guide. McAfee GetClean. version 2.0

Similar documents
Product Guide. McAfee GetSusp

McAfee Rogue Database Detection For use with epolicy Orchestrator Software

McAfee Firewall Enterprise epolicy Orchestrator Extension

McAfee SiteAdvisor Enterprise 3.5.0

Installation Guide. McAfee Web Gateway. for Riverbed Services Platform

Best Practices Guide. Amazon OpsWorks and Data Center Connector for AWS

McAfee Host Intrusion Prevention 8.0

Boot Attestation Service 3.0.0

Migration Guide. McAfee File and Removable Media Protection 5.0.0

Addendum. McAfee Virtual Advanced Threat Defense

McAfee Boot Attestation Service 3.5.0

McAfee epolicy Orchestrator Software

Product Guide. McAfee Plugins for Microsoft Threat Management Gateway Software

McAfee Endpoint Security

McAfee File and Removable Media Protection 6.0.0

McAfee Data Protection for Cloud 1.0.1

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

Product Guide Revision A. Endpoint Intelligence Agent 2.2.0

Endpoint Intelligence Agent 2.2.0

McAfee Network Security Platform 8.3

Installation Guide. McAfee epolicy Orchestrator Software. Draft for Beta

McAfee Change Control and McAfee Application Control 6.1.4

McAfee Firewall Enterprise and 8.3.x

McAfee Change Control and McAfee Application Control 8.0.0

McAfee Endpoint Security Threat Prevention Installation Guide - macos

Firewall Enterprise epolicy Orchestrator

McAfee MVISION Endpoint 1811 Installation Guide

McAfee MVISION Endpoint 1808 Installation Guide

SecureAPlus User Guide. Version 3.4

Product overview. McAfee Web Protection Hybrid Integration Guide. Overview

Interface Reference. McAfee Application Control Windows Interface Reference Guide. Add Installer page. (McAfee epolicy Orchestrator)

McAfee Network Security Platform 8.1

Client Proxy interface reference

McAfee Client Proxy Installation Guide

Product Guide Revision A. McAfee Customer Submission Tool 2.4.0

Release Notes McAfee Application Control 6.1.0

McAfee Application Control 8.0.0

Product Guide Revision A. McAfee Client Proxy 2.3.2

McAfee Network Security Platform 8.1

Product Guide. McAfee Web Gateway Cloud Service

McAfee Active Response 2.0.0

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

McAfee Network Security Platform 8.3

McAfee Enterprise Mobility Management 12.0 Software

Installing Client Proxy software

MCAFEE THREAT INTELLIGENCE EXCHANGE RESILIENT THREAT SERVICE INTEGRATION GUIDE V1.0

McAfee Network Security Platform 8.3

Installation Guide. McAfee Enterprise Mobility Management 10.1

Avira Ultimate Protection Suite. Short guide

============================================================

Product Guide. McAfee SiteAdvisor Enterprise 3.5 Patch2

Product Guide. McAfee Web Gateway Cloud Service

McAfee File and Removable Media Protection Installation Guide

McAfee Management of Native Encryption 3.0.0

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Firewall Enterprise

Addendum. McAfee Virtual Advanced Threat Defense

ESET Mobile Security for Windows Mobile. Installation Manual and User Guide - Public Beta

McAfee Network Security Platform

McAfee Network Security Platform Administration Course

McAfee Network Security Platform 9.1

Client Proxy interface reference

McAfee Endpoint Security

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

McAfee Network Security Platform 9.1

Client Proxy interface reference

McAfee VirusScan Enterprise for Storage 1.3.0

McAfee Network Security Platform 8.3

McAfee Network Security Platform 9.2

Install and upgrade Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

Reference Guide. McAfee Security for Microsoft Exchange 8.6.0

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

McAfee Network Security Platform

McAfee Network Security Platform 8.3

McAfee Firewall Enterprise Control Center


McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide

Comodo Antivirus Software Version 2.2

Network Security Platform 8.1

McAfee Application Control 6.2.0

McAfee epo Deep Command 1.0.0

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

McAfee Embedded Control

AdminStudio 10.0 ZENworks Edition

Dell License Manager Version 1.2 User s Guide

McAfee Web Gateway Administration

McAfee Network Security Platform 9.2

Perceptive TransForm E-Forms Manager 8.x. Installation and Configuration Guide March 1, 2012

Network Security Platform 8.1

Comodo Antivirus Software Version 2.1

McAfee Application Control Windows Installation Guide

EMC SourceOne Management Pack for Microsoft System Center Operations Manager

Network Security Platform 8.1

McAfee Content Security Reporter 2.6.x Installation Guide

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0)

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Threat Intelligence Exchange Installation Guide. (McAfee epolicy Orchestrator)

McAfee Network Security Platform 8.3

Guidelines for using Internet Information Server with HP StorageWorks Storage Mirroring

McAfee Advanced Threat Defense Migration Guide

Transcription:

Product Guide McAfee GetClean version 2.0

About this guide COPYRIGHT LICENSE INFORMATION Copyright 2013-2017 McAfee, LLC. YOUR RIGHTS TO COPY AND RUN THIS TOOL ARE DEFINED BY THE MCAFEE SOFTWARE ROYALTY-FREE LICENSE FOUND ON MCAFEE.COM WEBSITE. IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH BY THAT AGREEMENT, THEN DO NOT INSTALL THE SOFTWARE OR STOP ALL USE AND UNINSTALL THE SOFTWARE. TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. 2

About this guide Contents Preface 4 About this guide... 4 Audience... 4 Conventions... 4 Find product documentation... 4 Introducing GetClean 6 How GetClean works... 6 Benefits... 6 Features... 6 System requirements... 7 Understanding the GetClean user interface... 7... 9 Get ready to participate... 9 Download GetClean... 10 Scan directories and submit clean files... 10 Interpreting scan results... 11 Review scan results and upload clean files... 12 Track results... 13 Frequently asked questions 14 3

About this guide Preface This guide provides the information you need to configure, use, and maintain your McAfee GetClean. About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Customers and Partners People who use our product. Security Officers People who determine sensitive and confidential data, and define the corporate policy that protects the company s intellectual property. Reviewers People who evaluate the product. Conventions This guide uses the following typographical conventions and icons. Book title or Emphasis Bold User input, Path, or Code Hypertext Note: Tip: Important/Caution: Warning/Danger: Title of a book, chapter, or topic; introduction of a new term; emphasis. Text that is strongly emphasized. Commands and other text that the user types; the path of a folder or program; a code sample. A live link to a topic or to a website. Additional information, like an alternate method of accessing an option. Suggestions and recommendations. Valuable advice to protect your computer system, software installation, network, business, or data. Critical advice to prevent bodily harm when using a hardware product. Find product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. 4

Find product documentation 1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. 2 Under Self Service, access the type of information you need: To access User documentation Do this 1 Click Product Documentation. 2 Select a Product, then select a Version. 3 Select a product document. KnowledgeBase Click Search the KnowledgeBase for answers to your product questions. Click Browse the KnowledgeBase for articles listed by product and version. 5

How GetClean works Introducing GetClean McAfee GetClean is an initiative to collect and upload clean files from software vendors and customers. You can deploy the McAfee GetClean (GetClean henceforth) tool to submit information on your clean file repositories. Samples and metadata can then be uploaded to McAfee. After processing these samples and metadata, the McAfee Global Threat Intelligence database is populated with information about the submitted files. The files then become a part of McAfee test systems where they are scanned before release of any new DAT update. Contents How GetClean works Frequently asked questions How GetClean works GetClean incorporates participating customers and partners files into the McAfee test environment. Each day, in parallel with the anti-malware DAT update test process, we test each new DAT update against the participating customers files. Before every DAT release, the files that are submitted via GetClean are scanned for false positive detections. McAfee Labs researchers investigate any identification. The McAfee Labs Research team will be the final signoff authority for a high quality and error free DAT update. For participating customers, GetClean significantly reduces the chances of a false positive from McAfee GTI File Reputation technology on a laptop and server master images and offers an extra degree of protection against DAT based false positives. Benefits GetClean leverages McAfee Global Threat Intelligence (McAfee GTI) for file reputation lookup so that only files that are unknown to McAfee or falsely classified are reported. This considerably reduces the cost and complexity of submitting clean files to McAfee as the tool simplifies the entire process, saving time and network bandwidth. Instead of submitting entire COE images, customers can run GetClean on their COE image files or known clean software repositories. Features GetClean brings to you these features: Delivered as a single Windows executable file with no installation required Ability to add, browse, or remove custom directories for a scan Choice of reviewing results and deciding to submit actual files Option to submit actual samples or metadata of the files to McAfee Labs for whitelisting Option to retry file submission to McAfee Labs for whitelisting, if network gets interrupted 6

How GetClean works Supports GTI File Reputation lookups via McAfee GTI proxy System requirements Make sure to check for these requirements to use GetClean. Component Operating system Requirements One of the following Microsoft operating systems: Microsoft Windows 7, 8, 10, 2008 Server, 2012 Server, 2016 Server, Windows RS2, Windows RS3 Web Browser One of the following: Microsoft Internet Explorer, version 6 or later Mozilla Firefox, version 1.0 or later Hardware System memory 1 GB for scanning operations At least 4 GB of available disk space At least an additional 4GB of hard disk space for temporary files Network card (with access to McAfee GTI) Understanding the GetClean user interface The GetClean user interface is user-friendly and simple. 7

How GetClean works Option File Definition Enables you to save a report or close GetClean Save report to file Saves the scan report as a.txt to a system location. Close Closes the GetClean tool. Help Provides help to use GetClean Command Line Help Provides cli commands that can be used to perform various tasks. McAfee Labs Tools Navigates to the McAfee free tools downloads site. About GetClean Specifies GetClean version details. Stop Scan Now Preferences Scans the specified directories Stops the current scan process on directories Specifies customer details and mode of submitting the clean files Submission Mode Specifies if you wish to submit the complete samples(recommended) or only logs to McAfee. Execution Mode Specifies whether the.zip file is submitted online to McAfee with or without Auto-retry option. By default, the Submit files to McAfee and Auto-retry failed submission checkboxes are selected. Auto-retry failed submission If submit process fails due to network interruption, retries automatically to submit files to McAfee with an interval of 120 seconds for two times. Customer Information Specifies details like grant number, email address, company, and username. Save Location Specifies the location of the clean file on the system. The file is saved in.zip format. Proxy Settings Specifies server and port details for the proxy server. Upload Directories to scan If the Submit files to McAfee checkbox is deselected, Upload enables you to browse to the.zip location and upload the files to McAfee. Specifies the directories to be scanned. By default, based on the operating systems, few paths are displayed. Add Enables to specify a directory to scan. Browse Enables to navigate to a directory in the system. Remove Removes a specified directory from scan. Scanning window Displays the scan in progress and results. During the scan, you can view the file reputation as OK or Unknown. The OK status depicts that GTI whitelists these files. 8

Option Definition The complete scan results display the false positives, unknown digitally signed files, and unknown files based on GTI File Reputation lookup. The scan results are saved as a zip file on the system and the submitted files become a part of the McAfee Labs test environment for the next DAT update. You can scan directories, review scan reports, and submit clean files to McAfee. Contents Get ready to participate Download GetClean Scan directories and submit clean files Interpret scan results Review scan results and upload clean files Track results Get ready to participate Make sure to follow these guidelines prior to using GetClean. GetClean is free and open to only McAfee enterprise customers and partners. GetClean should only be run on the master COE image(s) that your IT uses to reimage systems or on clean software repositories. Note If GetClean is executed on an end user system, even if that system was originally built from a COE image, but then user(s) were allowed to download and install software themselves, the file is no longer of high trust. GetClean can submit only Windows executable files namely exe, dll, pif, scr, and sys. Data or document files are not harvested. GetClean should be run on a regular or scheduled basis on customer systems to capture the latest file and software updates. Note Volume of files submitted reduces significantly in repeat runs as only new files are submitted. Files submitted via GetClean are not distributed outside McAfee or shared with competitors and third party vendors. 9

Download GetClean Provide a valid grant number and download GetClean from the McAfee Downloads site. Task 1 Go to the McAfee Downloads site and provide a valid grant number. 2 Download the GetClean.zip file. 3 Extract the files, navigate to the folder, and view the files. Tip We recommend creating a folder specifically for GetClean. Scan directories and submit clean files Make sure to set the preferences for the scan and locations for the scan reports. The scan report is submitted to McAfee Labs. 1 Navigate to the GetClean folder and double-click the GetClean.exe file. 2 The McAfee GetClean window is displayed. The selected default directories are displayed. C:\Program Files C:\Program Files(x86) C:\ProgramData C:\Windows Note On Windows XP, the ProgramData folder and on all 32-bit Operating Systems, C:\Program Files (x86) folder does not exist and will not be part of the default scan locations. However, you can select the directories you wish to scan. 3 Click Add, Browse, or Remove to specify the directories that contain known clean files to be scanned. 4 Click Preferences and select the different types of execution and sample submission mode. By default, files are submitted to McAfee Labs in online mode. Click OK. 5 Click Scan Now to begin scanning the system for unknown files. 6 On the End User License Agreement window, accept the license agreement. Click OK. 7 The Scanning window displays the scan initiation, progress, and results for the scanned directories. The scan report files are zipped and uploaded to McAfee Labs via HTTPS whenever GetClean is scanned in online mode. Note The default password for the zip file is clean. 10

Interpreting scan results The scan results display false positives and unknown files. When the scan is in progress, the whitelisted files are displayed as OK. False positives GetClean is expected to be run only on clean systems. When McAfee GTI flags a file as Assumed_Dirty, Trojan, Virus, or PUP there is a high probability of falseness. McAfee Labs researchers manually analyze these files prior to adding them to the GTI whitelist. The scan results display these files as Artemis False file(s). Unknown digitally signed files In the scan results, there can unknown files that do not have a valid signature. For signed files, the xml file has a valid publisher and certificate. These unknown classified files undergo a thorough analysis prior to being whitelisted. The scan results display these files as Unknown Digitally Signed files(s). Discarding files before an upload You can review the scan results and decide on the files to upload to McAfee. Navigate to the scanned result zip file on your system, use WinRaR or 7Zip to open the zip file, and remove files from the archive. Upload the updated archive to McAfee. 11

Scan logs If a scan stops or gets interrupted before completion, you can view the logs that are stored in the same location from where GetClean is launched. The scan details are displayed. Review scan results and upload clean files You can scan the directories, review the scan results, and then decide to upload clean files. In case you are offline, you can choose to upload the files manually at a later point of time. 1 Navigate to the GetClean folder and double-click the GetClean.exe file. 2 The McAfee GetClean window is displayed. The selected default directories are displayed. 3 Click Add, Browse, or Remove to specify the directories that contain known clean files to be scanned. 4 Click Preferences and select the different types of execution and submission mode for samples or logs. Deselect the Submit files to McAfee checkbox. Click OK. 5 Click Scan Now to begin scanning the system for unknown files. 6 On the End User License Agreement window accept the license agreement. Click OK. 7 The Scanning window displays the scan initiation, progress, and results for the scanned directories. 8 Navigate to the location of the scan report and review the files to be submitted. 9 Click Upload and browse to the zip file. Click Open and then click OK. 12

Track results Once we receive the clean files, the files are validated, and become a part of McAfee Labs test system. We communicate and follow up with these updates. Give us few days for the files to be imported into the McAfee Labs test systems. McAfee validates the submitted files and sends an email acknowledgement. We then send a confirmation email that the submitted files have been added to McAfee Labs test systems. Note Typically, the acknowledgement emails are sent the same day of submission unless it is a large submission containing many files to process. Note If your request is urgent, you may wish to contact your local McAfee Support contact. Files submitted via GetClean are not distributed outside McAfee or shared with competitors and third party vendors. 13

Frequently asked questions Frequently asked questions This section provides you with answers to a few frequently asked questions about GetClean. Where and how is the data from files being used (primary and secondary)? 1 The harvested files are processed by a whitelisting team and their hashes are classified as clean in the McAfee Global Threat Intelligence database. 2 This information is used by all McAfee Global Threat Intelligence enabled products to trust the whitelisted files as clean. 3 The actual files are transferred to McAfee Labs test systems and are scanned by the latest DAT files daily before any DAT release. What kind of metadata is collected about the harvested files? The following metadata on executable files are logged in the files xml and uploaded to McAfee Labs. MD5 SHA1 Location File Name Attribute Company Description Product Version File Version File Size Publisher Vendor Start Date Expiry Date Additionally for digitally signed files, we collect information about publisher and certificate. What kind of details are collected about the user or system? GetClean collects information like system name, operating system, customer email address, and user comments. The following is an example of GetClean.xml displaying the type of user file being harvested. McAfee GetClean Scan Results GetClean Build 1.0.0.141 OS Version Computer Name Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit BANVTHOMASLT01 Scan Initiated Mon Mar 28 17:43:09 2011 Scan Finished Mon Mar 28 18:23:26 2011 Customer Email Comment vinoo_thomas@mcafee.com DELL 820 Laptop Image If you submit files for inclusion to the False Positive Test Rig, make sure that you are legally entitled to distribute the software outside of your organization. McAfee can t be held responsible for unauthorized software distribution. Refer to KB article KB66642 for more details. 14

Frequently asked questions If you choose to submit hashes, McAfee Labs processes only those hashes for which we have a sample in our collection. Other hashes are ignored. We need a copy of the actual file in order to run a scan using the DATs. You receive an email acknowledgement upon successful submission of files via GetClean. Depending on the volume of files submitted please give it 24-48 hours to get an acknowledgement. Upon processing of the files and adding them to the McAfee GTI whitelist and McAfee Labs test systems, a confirmation mail is sent to you. Does GetClean support command line parameters? Yes, GetClean supports command line parameters. Example: GetClean.exe silent email=john_doe@mcafee.com zippath= C:\Test Additional information Post whitelisting of the files submitted from a customer environment, Artemis /Network Heuristic settings on McAfee VirusScan products can be tuned up to Medium-Very High settings with minimal chance of a false since all known files on the customer end should have already been whitelisted in the cloud. 15

Frequently asked questions While GetClean helps McAfee build its whitelist of known clean files and reduce field falses memory or environmental based scenarios will always limit our ability to not false in the field. For best results, we recommend before running GetClean that customers install software that comes packaged as an installer so that it fully extracts all files onto a target system. While our backend automation systems attempt to unpack installers, in some cases we might be unable to harvest all files from a package due to use of custom installation scripts or those that download further components upon install. 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback