Loading...

Knowledge Center


How to use Minimum Escalation Requirements (MER) tools with supported McAfee products
Technical Articles ID:   KB59385
Last Modified:  6/14/2018
Rated:


Environment

McAfee Minimum Escalation Requirements (MER) tools
Multiple McAfee products

Summary

Recent updates to this article:
Date Update
June 12, 2018 Updated the MER tool details for Host Intrusion Prevention for Linux 8.0.
April 16, 2018 Added a customization section that is available with WebMER version 4.0.
April 11, 2018 Updated the instructions to run the MER tool with Host Intrusion Prevention 8.0 - Linux Patch 11 and later.
March 21, 2018 Implemented the expand and collapse design.
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.


The MER tools collect the following McAfee product data from your computer, so that Technical Support can analyze and resolve issues:
  • Event logs
  • File version details
  • Files
  • Process details
  • Registry details

WebMER tool
The WebMER tool covers many McAfee products running on Windows operating systems. See KB69396 for the products and operating systems currently supported.

There is also an ePolicy Orchestrator (ePO) deployable version that uses the ePO console to run the tool on client computers. See KB69308 for details.

Contents
Click to expand the section you want to view:

  1. Download the WebMER tool:
    1. Log on to the ServicePortal.
    2. Download the WebMER tool at: https://support.mcafee.com/webmer

      Windows
      You can select from the following three download formats:
       
      Download Format File Comment
      EXE Mer.exe None
      ZIP Mer.zip None
      ProtectedZip MerProtected.zip Password is secret

      NOTE: If you download the file as a .zip file or Protected .zip file, you must extract the tool.

      Linux
      You can select one of the following downloads:
       
      Download Options
      GSD_LinuxMER
      SolidCore_LinuxMER

  2. Run the tool on the computer for which you need the report:
    1. Right-click Mer.exe, and select Run as Administrator.
    2. Select the required Language.
    3. Click I accept the 'End user License Agreement', and then click Next.
    4. By default, WebMER detects the installed products using Auto-Detect product(s). If you want the MER results for specific products, choose Select product(s) and then select the products you want.
    5. Click Start and wait for the WebMER tool to complete.
    6. Specify the location at which to save the <Computer_Name>_X.tgz file, and then click Save.
      NOTE: If the WebMER tool is run multiple times, the file name increments the value X by 1
       
  3. Upload the WebMER results to McAfee:
    1. When you are prompted to Upload to McAfee, click Yes.
    2. In the SR # field, type your Service Request (SR) reference number.
    3. In the Email Address field, type your email address for this request.
    4. Click Upload. This step uploads a file with the following file name: <Computer_Name>_<Service_Request_Number>X.tgz. Files uploaded in this way are attached to the provided SR automatically, and are viewable on the ServicePortal.
Custom Sanitization
  1. Download and open the WebMER client.
  2. At the bottom of WebMER product selection page, click Configure, to access the Custom Sanitization Settings options.
  3. Custom sanitization can be achieved with either of the following options:

    Please provide regular expression in Boost Perl syntax
    • Enter regular expression (comma separated)
    • Choose a regular expression file path
      NOTE: The user can select to browse to a text file (.txt format) which contains the regular expressions. Each line in the text file will contain only one regular expression.
       
  4. Click Save.
  5. Click Start.
The regular expressions a user must follow are 'boost regular expressions of Perl syntax type'.

For details about Regular Expression Syntax, see http://www.boost.org/doc/libs/1_53_0/libs/regex/doc/html/boost_regex/syntax/perl_syntax.html

Examples:
 
Regular Expression Comment
action(\w+).dll When a user wants to mask all '.dll' files which will start with action. In this example \w+ represents a word.
(\w+)\.saleszone\.internalzone\.com When a user wants to mask all server addresses which have the domain 'saleszone.internalzone.com'.
You can run the WebMER tool from Windows Explorer, but you can also start it from a command line. When you run the MER tool from the command line, you can use the following parameters:
 
Switch Function
/save [path] Saves MER results to the full path specified.
/help
/?
Provides help for the command line.
/listproducts Lists supported products.
/detected Collects MER for installed McAfee products.
/prods Selected products for running MER.
/logs Number of days of Application Logs, System Logs, and Security logs, to collect. Specify -1 to avoid collection for any of the event logs.
/silent MER runs in silent mode.
/sanitize Remove IP address, MAC address, Domain names, and Computer names from the MER result file.
/sr [SR number] Upload results to the provided SR number.

Example 1: MER.exe /detected /save c:\mer.tgz /silent
Example 2: MER.exe /prods "VirusScan Enterprise" /save c:\mer.tgz
Example 3: MER.exe /detected /save c:\mer.tgz /sr 1-123456789 /sanitize
These tools are for McAfee programs that use non-Windows operating systems. To collect MER data, download the appropriate MER tool using the following table:
McAfee Product Downloads Comments
Data Exchange Layer (DXL) Server MER tool is attached to KB82851. -
DLP Discover 9.4.x Gather additional logs manually. Run the WebMER tool and then see KB87249 to gather additional logs.
Email and Web Security appliance software 5.x
Email Gateway 7
Built into the appliance
troubleshooting tools.
See KB51709 - EWS and MEG built-in troubleshooting tools.
Endpoint Protection for Mac (EPM) Has a built-in MER tool.* See KB87626 for instructions to run the MER tool.
Endpoint Security for Linux Threat Prevention (ENSLTP) Has a built-in MER tool. See KB88197 for instructions to run the MER tool.
Endpoint Security for Mac (ENSM) Has a built-in MER tool. See KB87626 for instructions to run the MER tool.
Host Intrusion Prevention for Linux 8.0 (all versions) Patch 11 and later: Has a built-in MER tool.
Patch 10 and earlier: MER tool is attached to KB90492.
See KB90492 for instructions to run the MER tool.
McAfee Agent for Linux / UNIX MER tool is attached to KB83005. -
McAfee Agent for Mac MER tool is attached to KB86785. -
Network Security Manager (NSM) InfoCollector
InfoCollector is supplied with ISM. The path to InfoCollector depends on the location of the NSM Installation:

<Bootdrive>\IntruShield\diag\InfoCollector

Run the Infocollector.bat file to collect the logs. See the accompanying readme.txt for instructions.
Policy Auditor Agent 5.0, 5.0.1, 5.1.0, 5.2.0 - Linux, HP-UX, Mac, Solaris, AIX PA_MER_Unix.zip -
Preventsys preventsys_mer_tool.zip -
Threat Intelligence Exchange (TIE) Server MER tool is attached to KB82850. -
VirusScan Command Line Scanner for Linux / UNIX MER tool is attached to KB65782. -
VirusScan Command Line Scanner for Solaris MER tool is attached to KB65799. -
VirusScan for Mac (VSMAC)
Has a built-in MER tool.*

See KB87626 for instructions to run the MER tool.

VirusScan for UNIX linux-uvscan-mert.zip -

*For Apple System Profiler, see KB57072.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.