Revision C McAfee Network Security Platform 8.1 (8.1.7.91-8.1.3.124 Manager-M-series Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product documentation About this release This document contains important information about the current release. We recommend that you read the whole document. This maintenance release of Network Security Platform is to provide few fixes on the Manager and M-series Sensor software. Release parameters Version Network Security Manager software version 8.1.7.91 Signature Set 8.7.99.4 M-series Sensor software version 8.1.3.124 This version of 8.1 Manager software can be used to configure and manage the following hardware: Hardware NS-series Sensors (NS3100, NS3200, NS5100, NS5200, NS7100, NS7200, NS7300, NS9100, NS9200, NS9300) Virtual IPS Sensors (IPS-VM100 and IPS-VM600) 8.1 Virtual Security System Sensors (IPS-VM100-VSS) 8.1 Version 8.1 1
Hardware Version M-series Sensors (M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050, M-6050, M-8000) 8.1 Mxx30-series Senors (M-3030, M-4030, M-6030, M-8030) 8.1 XC Cluster Appliances (XC-240) 8.1 NTBA Appliances (T-200, T-500, T-600, T-1200) 8.1 Virtual NTBA Appliances (T-VM, T-100VM, T-200VM) 8.1 Manager and Sensor communication continues to use 2048-bit RSA keys for encryption and are signed with SHA1 certificate. The above mentioned Network Security Platform software version support integration with the following product versions: Table 1-1 Network Security Platform compatibility matrix Product Version supported McAfee epo 5.9.0, 5.3.2, 5.1.1 McAfee Global Threat Intelligence Compatible with all versions McAfee Advanced Threat Defense 3.8.0.29, 3.6.2.21 McAfee Endpoint Intelligence Agent 2.6 McAfee Logon Collector 3.0.6 McAfee Vulnerability Manager 7.5.10, 7.5.7 McAfee Host Intrusion Prevention 8.0 Currently port 4167 is used as the UDP source port number for the SNMP command channel communication between Manager and Sensors. This is to prevent opening up all UDP ports for inbound connectivity from SNMP ports on the sensor. Older JRE versions allowed the Manager to bind to the same source port 4167 for both IPv4 and IPv6 communication. But with the latest JRE version 1.7.0_45, it is no longer possible to do so, and the Manager uses port 4166 as the UDP source port to bind for IPv6. 2
Manager 8.1 uses JRE version 1.7.0_51. If you have IPv6 Sensors behind a firewall, you need to update your firewall rules accordingly such that port 4166 is open for the SNMP command channel to function between those IPv6 Sensors and the Manager. Network Security Platform version 8.1 replaces 8.0 release. If you are using version 8.0 and require any fixes, note that the fixes will be provided in version 8.1. There will not be any new maintenance releases or hot-fix releases on version 8.0. With release 8.1, Network Security Platform no longer supports the Network Access Control module and N-series Sensors. If you are using Network Access Control with N-series (NAC-only) Sensors, McAfee recommends that you continue to use the 7.1.3.6 version. If you are using the Network Access Control module in M-series Sensors, continue to use the 7.5.3.30 version. That is, you should not upgrade the Manager or the Sensors to 8.1 for such cases. Manager software version 7.5 and above are not supported on McAfee-built Dell based Manager Appliances. To re-import SSL certificates for Sensor versions using 1024 bit encryption channel, follow the steps shown here: 1 Disable SSL decryption in the Manager. 2 Delete SSL server certificates for this Sensor from the Manager database. Refer Delete SSL certificates section in the McAfee Network Security Platform 8.1 IPS Administration Guide. 3 Upgrade the Sensor software to switch to the Manager ports 8501, 8502, and 8503. 4 Re-import server certificates. Refer Re-import an SSL certificate file section in the McAfee Network Security Platform 8.1 IPS Administration Guide. Only SHA2 certificates can be imported, SHA1 or weaker certificates can't be imported and the operation fails. 5 Select Setup Decryption SSL Decryption Enable SSL Decryption on this Device to re-enable SSL decryption on the Sensor New features This release of Network Security Platform includes the following new feature: Integration with epo 5.9 This release of the Manager supports integration with McAfee epo version 5.9. For more information, see McAfee Network Security Platform Integration Guide. Enhancements This release does not include any enhancements. 3
Resolved issues The current release of the product resolved these issues. For a list of issues fixed in earlier releases, see the Release Notes for the specific release. Resolved Manager software issues The following table lists the medium-severity Manager software issues: ID # Issue Description 1185999 High-risk endpoints are not shown in the Manager. 1183929 Summary page of the failover peer displays two different names. 1179146 The attempt to add a username that includes an apostrophe in the Add a User page fails. 1173256 The Manager user interface fails to load in Internet Explorer version 11. 1172736 LDAP over SSL does not work after a Manager upgrade. 1165342 Quarantined hosts generate alerts in the Threat Analyzer. 1164024 Sensor performance alert causes alert channel to go down. 1153987 A difference exists between severity of detected alerts and configured severity 1150753 The Manager incorrectly considers a Sensor to be part of a failover pair. 1148771 The Manager is vulnerable to CVE-2016-5385. 1146980 The Devices tab does not display the tab options. 1146835 When an attack is blocked using the Recommended for Smart Blocking (RfSB) feature, its attack result in the SNMP trap displays [777] instead of "Smart Blocked". 1143464 Direct link to view the Sensor status on the System Health monitor of the Dashboard page is disabled. 1143395 The "An internal application error occurred" message is displayed when trying to access the Global Threat Intelligence page. 1138335 Sensors show as disconnected in the Manager after the Manager service is restarted. 1132046 Old signature files are not getting deleted using the file pruning option. 1126704 The Manager command channel should request for TLS1.2 connection with NTBA. 1125670 SNMP trap shows incorrect port names. Resolved Sensor software issues The following table lists the medium-severity Sensor software issues: ID # Issue Description 1176466 The Sensor does not free the data on successive connections to an unresponsive Network Threat Behavior Analysis/Endpoint Intelligence Agent which causes the Sensor to reboot. 1171752 Most of the datapath cores are suspended in the M-8000 Sensor. 1171194 The Sensor is vulnerable to NTPD vulnerability (VU#633847). 1170675 Invalid characters are sent as URL information to Advanced Threat Defense. 1170217 Alerts are generated even after disabling informational signatures in the IPS policy. 1167334 The Sensor fails to detect exploit attacks. 1164047 Filename and domain in URl path contain duplicate domain name information when submitted to Advanced Threat Defense. 1161600 The sensor-scan-during-update option is not preserved after a reboot. 1159776 Sensor vulnerability is reported with nessus scan. 4
ID # Issue Description 1159576 Out-of-order TCP segments are queued for download which results in timeout or in exceptionally long delays. 1159229 The Sensor fails to send packet log information when the packet log resources are not initialized. 1153541 The Sensor is unable to send a response to the Manager when a sample is submitted for dynamic analysis in Advanced Threat Defense. 1152472 The Sensor is vulnerable to NTPD vulnerability (VU#321640). 1150815 The events.log does not persist after Sensor reboot. 1146928 The TCP: Microsoft Windows TCP IP Driver Denial of Service alert is generated due to incorrect packet length. 1145843 In a rare condition when multiple connection attempts, between the Sensor and Advanced Threat Defense Appliance or NTBA Appliance, fails in a short span of time, the Sensor reboots. 1144514 The factory defaults command does not display the default IP address. 1140389 The Sensor cannot quarantine IP addresses that incorrectly matches with the Trusted IP list. 1139962 The ICMP Nachi attack is generated incorrectly. 1139454 The Sensor generates a false positive alert for the IGMP: Fragmented IGMP Packet Attack alert. 1138571 The Connection Count for TCP/UDP in the Next Generation report always shows 0. 1137501 The Sensor is vulnerable to NTPD vulnerability (VU#718152). 1137363 The authentication channel is not established after the switchover from MDR to standalone and also when the secondary Manager which is in standby mode becomes the active Manager. 1136618 The ISAKMP traffic is not dropped by the Sensor firewall policy when it is configured to drop such packets. 1135590 In scenarios where the configuration changes are significantly larger than the previous configuration between Sensor diagnostic trace uploads, the Sensor reboots. 1133662 The Sensor experiences the datapath exception when signature file is pushed multiple times with segments containing the rate limiting information. 1133656 Block unsupported SSL/TLS connections. 1129065 Manual update of the signature set causes the Sensor to reboot. 1122077 The Sensor is vulnerable to [CVE-2015-3197] OpenSSL vulnerability. 1117263 The Sensor generates SSL: Connections Exhausted message due to incorrect handling of SSL internal resources. 1114845 During a configuration update, few UDP packets are dropped. 1090900 Attack time in syslog is reported in 12 hour format without the AM/PM notation. 1051747 The Sensor does not send traffic as a measure of bytes. 5
Installation instructions Manager server/client system requirements The following table lists the 8.1 Manager server requirements: Operating system Minimum required Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition, English operating system, SP1 (64-bit) (Full Installation) Windows Server 2008 R2 Standard or Enterprise Edition, Japanese operating system, SP1 (64-bit) (Full Installation) Windows Server 2012 Standard Edition (Server with a GUI) English operating system Windows Server 2012 Standard Edition (Server with a GUI) Windows Server 2012 R2 Standard Edition (Server with a GUI) Windows Server 2012 R2 Standard Edition (Server with a GUI) Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Only x64 architecture is supported. Recommended Same as the minimum required. Memory 8 GB 8 GB or more CPU Server model processor such as Intel Xeon Same Disk space 100 GB 300 GB or more Network 100 Mbps card 1000 Mbps card Monitor 32-bit color, 1440 x 900 display setting 1440 x 900 (or above) The following are the system requirements for hosting Central Manager/Manager server on a VMware platform. 6
Table 5-1 Virtual machine requirements Component Minimum Recommended Operating system Any of the following: Windows Server 2008 R2 Standard or Enterprise Edition, English operating system, SP1 (64-bit) (Full Installation) Windows Server 2008 R2 Standard or Enterprise Edition,, SP1 (64-bit) (Full Installation) Windows Server 2012 Standard Edition (Server with a GUI) Windows Server 2012 Standard Edition (Server with a GUI) Windows Server 2012 R2 Standard Edition (Server with a GUI) Windows Server 2012 R2 Standard Edition (Server with a GUI) Windows Server 2012 R2 Datacenter Edition (Server with a GUI) Windows Server 2012 R2 Datacenter (Server with a GUI) Only X64 architecture is supported. Same as minimum required. Memory 8 GB 8 GB or more Virtual CPUs 2 2 or more Disk Space 100 GB 300 GB or more Table 5-2 VMware ESX server requirements Component Minimum Virtualization software ESXi 5.0 ESXi 5.1 ESXi 5.5 Update 3 ESXi 6.0 Update 1 CPU Intel Xeon CPU ES 5335 @ 2.00 GHz; Physical Processors 2; Logical Processors 8; Processor Speed 2.00 GHz Memory Internal Disks Physical Memory: 16 GB 1 TB 7
The following table lists the 8.1 Manager client requirements when using Windows 7, Windows 8, or Windows 10: Operating system Minimum Windows 7 English or Japanese Windows 8 English or Japanese Windows 8.1 English or Japanese Windows 10 English or Japanese The display language of the Manager client must be same as that of the Manager server operating system. Recommended RAM 2 GB 4 GB CPU 1.5 GHz processor 1.5 GHz or faster Browser Internet Explorer 9, 10 or 11 Mozilla Firefox Google Chrome is not supported since the NPAPI plug-in is disabled by default and will not be supported by Google going forward. This means that Java applet support is also disabled by default. Internet Explorer 11 Mozilla Firefox 41.0.2 or above In Mozilla Firefox version 52 and above the NPAPI plug-in is disabled and will not be supported by Mozilla going forward. This means that pages that uses Java in the Manager will not render properly on Mozilla Firefox version 52 and above. For the Manager client, in addition to Windows 7 and Windows 8, you can also use the operating systems mentioned for the Manager server. The following table lists the 8.1 Central Manager / Manager client requirements when using Mac: Mac operating system Lion Mountain Lion Browser Safari 6 or 7 For more information, see McAfee Network Security Platform Installation Guide. Upgrade recommendations McAfee regularly releases updated versions of the signature set. Note that automatic signature set upgrade does not happen. You need to manually import the latest signature set and apply it to your Sensors. The following is the upgrade matrix supported for this release: Component Minimum Software Version Manager/Central Manager software 8.1: 8.1.7.33, 8.1.7.82 M-series Sensor software 8.1: 8.1.3.89, 8.1.3.100 8
Known issues For a list of known issues in this product release, see this McAfee KnowledgeBase article: Manager software issues: KB81373 M-series Sensor software issues: KB81374 Product documentation Every McAfee product has a comprehensive set of documentation. Find product documentation 1 Go to the McAfee ServicePortal at http://mysupport.mcafee.com and click Knowledge Center. 2 Enter a product name, select a version, then click Search to display a list of documents. 8.1 product documentation list The following software guides are available for Network Security Platform 8.1 release: Quick Tour Custom Attacks Definition Guide Installation Guide XC Cluster Administration Guide Upgrade Guide Integration Guide Manager Administration Guide NTBA Administration Guide Manager API Reference Guide Best Practices Guide CLI Guide Troubleshooting Guide IPS Administration Guide Copyright 2018 McAfee, LLC McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. 0C00