Meltdown and Spectre – McAfee Product Compatibility Update

Technical Articles ID: KB90167
Last Modified: 10/31/2019

Environment

Multiple McAfee products

NOTE: This article applies only to McAfee business and enterprise products. If you need information or support for McAfee consumer or small business products, visit https://service.mcafee.com.

To view the article for McAfee consumer products, see TS102769.

Summary

This article provides updated information to our blog post titled "Decyphering the Noise Around 'Meltdown' and 'Spectre'."

Recent updates to this article

Date	Update
October 31, 2019	Removed Data Exchange Layer 3.x product category tag.
September 26, 2019	Updated Active Response and Web Gateway categories to reflect current supported versions.
February 6, 2019	Updated Advanced Threat Defense Appliance information. Updated article to note that testing is complete.
January 4, 2019	Removed GTI Proxy Appliance from the "Appliance Compatibility for McAfee Products" list.
September 6, 2018	Updated the "Appliance Compatibility for McAfee Products" list to include Web Gateway 7.7.2. Changed all "patch" references to "update." NOTE: McAfee updates were previously referred to as patches.

McAfee has completed testing to ensure product compatibility with operating system patches related to “Spectre” and “Meltdown.” This document contains the status of our testing.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

For more information about the “Spectre” and “Meltdown” attack methods, see our blog “Decyphering the Noise Around ‘Meltdown’ and ‘Spectre’”: https://securingtomorrow.mcafee.com/mcafee-labs/decyphering-the-noise-around-meltdown-and-spectre/.

Windows product compatibility for McAfee products

Microsoft has requested security vendors to perform additional testing with their January 3 update, to ensure compatibility with that update.
Microsoft introduced a new registry key with this update to control if the update is available through the Windows Update service.

Automated mechanism to deploy the registry key update
Starting with the January 10 DAT (3221.0) updates for Endpoint Security (ENS) 10.0.2 and later, the registry key will be automatically updated for customers.

NOTE: Safety Pulse, which is enabled by default, must be enabled to download ENS DAT 3221.0.

Starting with the January 12 DAT (8772), customers who use VirusScan Enterprise (VSE) 8.8 and receive DAT updates will have the registry key automatically updated.

The DAT adds the check for the registry key, and sets it if it is not present. Customers who have already set a registry key will not have any issues.

For customers using ENS 10.0.1 or earlier, see KB90180 - How to deploy the required registry key via automated executable.

NOTE: Microsoft no longer performs AV compatibility checks for supported Windows 10, 8.1, and 7 SP 1 devices. But, McAfee will continue to set this registry key to ensure compatibility for other devices. For more information, see the following Microsoft article: Important: Windows security updates and antivirus software.

Manual methods to deploy the registry key update
To receive patches through Windows Update, customers are advised to create the following new registry key:

RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name ="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD"
Data="0x00000000"

In environments with Active Directory, this key can be deployed through GPO. Instructions on how to deploy through GPO are available at: https://technet.microsoft.com/en-us/library/cc753092%28v=ws.11%29.aspx

Customers who are not using Windows Update can directly download and apply the Windows Update from the Windows Update Catalog at: support.microsoft.com/en-us/help/323166/how-to-download-updates-that-include-drivers-and-hotfixes-from-the-win.

NOTE: When you download Windows updates, Windows 7 operating systems must be updated to SP1 to pull updates from Microsoft Windows Update.

The following products have been tested and are confirmed as compatible:

Testing is complete for all McAfee products and no compatibility issues with the Microsoft update have been found.

Application and Change Control 6.1.0 and later
AV Engine 5900 and later
Data Exchange Layer 3.0.0 and later
Data Loss Prevention 9.3 and later*
Database Activity Monitor/Sensor 4.6 and later
Drive Encryption 7.1 and later
ePolicy Orchestrator (ePO) 5.1 and later
ePO MER 3.1 and later
ePO MVT 8.2 and later
Endpoint Intelligence Agent 2.6.2 and later
Endpoint Security 10.2 and later
File and Removable Media Protection 4.3.1 and later
Host Intrusion Prevention System 8.0 Update 4 and later
McAfee Active Response 1.1 and later
McAfee Agent 4.8 and later
McAfee Client Proxy 1.2 and later
MOVE Antivirus Multi-Platform 3.6 and later
Management of Native Encryption 4.0 and later
Network Security Manager 8.1 and later
Policy Auditor for Windows 6.2.0 and later
Rogue System Detection 5.0.5 and later
SaaS Endpoint 6.0.3 and later
Security for Domino Windows 7.5.3 and later
Security for Microsoft Exchange 8.0 and later
Security for Microsoft Sharepoint 3.0 and later
SiteAdvisor Enterprise 3.5 Update 3 and later
System Information Reporter 1.0 and later
Threat Intelligence Exchange Client for VSE 1.0.2 and later
VirusScan Enterprise 8.7 Update 5, 8.8 General Availability and later
VirusScan Enterprise for Storage 1.2 and later

*See KB90179 for information about an intermittent issue where Microsoft patches fail to install on Windows 7 systems protected by Data Loss Prevention Endpoint 11.0.130 or 10.0.330.

Linux and macOS compatibility for McAfee products:

Testing is complete for Linux and macOS-based products. No issues have been found.

Application and Change Control 6.1.7.771
Data Loss Prevention for Mac 11.0.2.5, 11.0.0.85, 10.0.0.123
Endpoint Security for Linux 10.2.2
Endpoint Security for Mac 10.2.3
Endpoint Protection for Mac 2.3
File and Removable Media Protection for Mac 5.0.5
Host Intrusion Prevention for Linux 8.0 Update 11 and later
Management of Native Encryption for Mac 4.1.3
McAfee Active Response for Linux 2.0.1.171, 1.1.0.282, 2.2.0.255, 2.0.1.165
McAfee Active Response for Mac 2.2.0.255
McAfee Agent 4.8 and later
McAfee Linux Firewall 8.0.3
Policy Auditor for Linux 6.3.0.195, 6.2.2.146, 6.2.0.322
VirusScan Enterprise for Linux 2.0.3, 1.9.2

Cloud services for McAfee and Skyhigh products:

McAfee and Skyhigh worked with vendors on patching and ensuring compliance in our cloud services infrastructure. No issues have been found.

Appliance compatibility for McAfee products:

Testing on McAfee appliance-based products is complete.

Advanced Threat Defense (ATD) - The following releases updated the MLOS kernel to address these vulnerabilities.
These updates are included in all subsequent ATD releases. This fix is implemented in software and microcode because both components are required.
While the microcode component could be resolved using a BIOS update, engineering chose to implement them via a software update.
- ATD 4.0.6 - For Release Notes, see PD27544.
- ATD 4.2.2 - For Release Notes, see PD27545.
Data Exchange Layer (DXL) - The following DXL hotfixes provide security fixes for vulnerabilities related to Meltdown:
- DXL 4.0.0 Hotfix 3
- DXL 3.0.0 Hotfix 10
- DXL 3.0.1 Hotfix 8
- DXL 3.1.0 Hotfix 11
- DXL 2.2.0 Hotfix 8
McAfee Active Response (MAR) Server 2.2.0 Hotfix 4. See SB10226 for reference.
MOVE Antivirus Agentless 4.5.1
Network Data Loss Prevention - The following releases provide kernel updates to address the Meltdown and Spectre vulnerabilities:
- 11.0.201 - For Release Notes, see PD27537.
- 10.0.301 - For Release Notes, see PD27538.
Network Security Manager Linux Appliance 9.1.7.49
SIEM - SIEM is a closed system. Unprivileged local users are not able to execute arbitrary code. Nevertheless, SIEM expects to address this vulnerability in a future version update. See SB10226 for reference.
Threat Intelligence Exchange (TIE) Server 2.1.1 Hotfix 3. See SB10226 for reference.
Vulnerability Manager 7.5.12
Web Gateway 7.x - The following releases provide kernel updates to address the Meltdown and Spectre vulnerabilities:
- Web Gateway 7.8.1 - For a list of resolved issues, see the Release Notes (PD27506).
- Web Gateway 7.7.2 - For a list of resolved issues, see the Release Notes (PD27714).

Affected Products

Advanced Threat Defense 4.6.x
Advanced Threat Defense 4.4.x
Advanced Threat Defense 4.2.x
Advanced Threat Defense 4.0.x
Application and Change Control 8.0.x
Application and Change Control 7.0.x
Application and Change Control 6.5.x
Application and Change Control 6.2.x
Data Exchange Layer 4.x
Data Loss Prevention - Monitor 11.x
Data Loss Prevention - Prevent 11.x
Data Loss Prevention - Prevent 10.0.x (EOL)
Data Loss Prevention Endpoint 11.0
Data Loss Prevention Endpoint 10.0
Drive Encryption 7.2
Drive Encryption 7.1 (EOL)
Endpoint Intelligence Agent 2.6
Endpoint Security Firewall 10.5.x
Endpoint Security for Linux Threat Prevention 10.x
Endpoint Security for Mac Firewall 10.x
Endpoint Security for Mac Threat Prevention 10.x
Endpoint Security for Mac Web Control 10.x
Endpoint Security Threat Prevention 10.5.x
Endpoint Security Web Control 10.5.x
ePolicy Orchestrator 5.9
File and Removable Media Protection 5.0.x
Host Intrusion Prevention 8.0
Management of Native Encryption 4.x
McAfee Active Response 2.x
McAfee Agent 5.5.x
McAfee Agent 5.0.x
McAfee Client Proxy 2.3.x
McAfee Client Proxy 2.2.x (EOL)
MOVE Antivirus Agentless 4.5.x (EOL)
MOVE Antivirus Multi-platform 4.6.x
MOVE Antivirus Multi-platform 4.5.x (EOL)
Network Security Manager 9.1.x
Network Security Manager 8.3.x (EOL)
Network Security Manager 8.1.x
Network Security Sensor Appliance 9.1.x
Policy Auditor 6.3
Policy Auditor 6.2 (EOL)
Rogue System Detection 5.0.x
Scan Engine
Security for Lotus Domino 7.5
Security for Microsoft Exchange 8.5
Security for Microsoft Exchange 8.0
Security for SharePoint (PortalShield) 3.5
SIEM Advanced Correlation Engine 10.2.x (EOL)
SIEM Application Data Monitor 10.2.x (EOL)
SIEM Database Event Monitor 10.2.x (EOL)
SIEM Direct Attached Storage (DAS) 10.2.x (EOL)
SIEM Enterprise Log Manager 10.2.x (EOL)
SIEM Enterprise Security Manager 10.2.x (EOL)
SIEM Event Receiver 10.2.x (EOL)
SiteAdvisor Enterprise 3.5
System Information Reporter
Threat Intelligence Exchange Server 2.2.x
Threat Intelligence Exchange Server 2.1.x
Threat Prevention and Removal
VirusScan Enterprise 8.8
VirusScan Enterprise for Linux 2.0.x
VirusScan Enterprise for Linux 1.9.x
VirusScan Enterprise for Storage 1.2.x
Vulnerability Manager Appliances (All models)
Web Gateway 8.2.x
Web Gateway 8.1.x
Web Gateway 8.0.x
Web Gateway 7.8
Web Gateway 7.7

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.

Knowledge Center

Environment

Summary

Affected Products

Languages:

Glossary of Technical Terms

Title

Title

Featured Solutions

Explore Our Portfolio

Security Outcomes

Industries

Products

Featured Solutions

Explore Our Portfolio

MVISION Products

Services & Training

Threat Research

Our Researchers

Threat Landscape Dashboard

Tools

Contact Us

Resources

Downloads

Product Help

Connect with Us

Explore

Our Company

Our Efforts

Other Resources

Careers

Partnerships

Knowledge Center

Environment

Summary

Affected Products

Languages:

Glossary of Technical Terms

Choose your region

Title

Title