Loading...

Knowledge Center


Meltdown and Spectre – McAfee Product Compatibility Update
Technical Articles ID:   KB90167
Last Modified:  4/11/2018
Rated:


Environment

Multiple McAfee products

{CONSREDIR.EN_US}

To view the consumer article, see TS102769.

Summary


This article provides updated information to our blog post titled "Decyphering the Noise Around 'Meltdown' and 'Spectre'."

Recent updates to this article
Date Update
April 11, 2018 Updated the "Appliance Compatibility for McAfee Products" list to include Advanced Threat Defense 4.0.6 and 4.2.2. 
March 19, 2018 Updated the "Appliance Compatibility for McAfee Products" list to include SIEM.
February 27, 2018 Updated the "Appliance Compatibility for McAfee Products" list to include Data Exchange Layer 4.0.0 Hotfix 3.
February 15, 2018 Updated the "Appliance Compatibility for McAfee Products" list to include Network Data Loss Prevention 11.0.201 and 10.0.301 release information.
February 8, 2018 Updated to include the following products: SaaS Endpoint 6.0.3 and later, Data Exchange Layer hotfixes (Appliance), and Web Gateway 7.8.1 (Appliance).

McAfee is testing to ensure product compatibility with operating system patches related to “Spectre” and “Meltdown.” This document contains the current status of this testing, and will be updated as additional results are available. 

{GENSUB.EN_US}
We have not seen and do not expect to see any issues with any versions of our product. 

For more information about the “Spectre” and “Meltdown” attack methods, also see our blog “Decyphering the Noise Around ‘Meltdown’ and ‘Spectre’”: https://securingtomorrow.mcafee.com/mcafee-labs/decyphering-the-noise-around-meltdown-and-spectre/
 
Windows Product Compatibility for McAfee Products
Microsoft has requested security vendors to perform additional testing with their January 3 update, to ensure compatibility with that update.
Microsoft introduced a new registry key with this update, to control whether or not the update will be available via the Windows Update service. 
 
Automated Mechanism to Deploy the Registry Key Update
Starting with the January 10th DAT (3221.0) updates for Endpoint Security (ENS) 10.0.2 and later, the registry key will be automatically updated for customers.

NOTE: Safety Pulse (enabled by default) must be enabled to download ENS DAT 3221.0. ​

Starting with the January 12th DAT (8772), customers who use VirusScan Enterprise (VSE) 8.8 and receive DAT updates will have the registry key automatically updated.

The DAT adds the check for the registry key, and sets it if it is not present. Customers who have already set a registry key should not have any issues.

For customers using ENS 10.0.1 or earlier, see KB90180 - How to deploy the required registry key via automated executable.

IMPORTANT: The compatibility registry key is a Microsoft requirement, and will be required for this and future Microsoft updates.

Manual Methods to Deploy the Registry Key Update
To receive patches via Windows Update, customers are advised to create the following new registry key:
 
RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name ="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD"
Data="0x00000000"
 
In environments with Active Directory, this key can be deployed via GPO. Instructions on how to deploy via GPO are available at: https://technet.microsoft.com/en-us/library/cc753092%28v=ws.11%29.aspx
 
Customers who are not using Windows Update can directly download and apply the Windows Update from the Windows Update Catalog at: support.microsoft.com/en-us/help/323166/how-to-download-updates-that-include-drivers-and-hotfixes-from-the-win

NOTE: When downloading Windows updates, Windows 7 operating systems should be updated to SP1 for pulling updates from Microsoft Windows Update. 
 
The following products have been tested and are confirmed as compatible:
Testing is ongoing for all McAfee products and no compatibility issues with the Microsoft update have been found so far. We expect all of our testing to be complete on our endpoint products soon, and will update this article when we have a new estimated completion date.
  • Application and Change Control 6.1.0 and later
  • AV Engine 5900 and later
  • Data Exchange Layer 3.0.0 and later
  • Data Loss Prevention 9.3 and later*
  • Database Activity Monitor/Sensor 4.6 and later
  • Drive Encryption 7.1 and later
  • ePO 5.1 and later
  • ePO Deep Command 2.4 and later
  • ePO MER 3.1 and later
  • ePO MVT 8.2 and later
  • Endpoint Intelligence Agent 2.6.2 and later
  • Endpoint Security 10.2 and later
  • File and Removable Media Protection 4.3.1 and later
  • Host IPS 8.0 Patch 4 and later
  • McAfee Active Response 1.1 and later
  • McAfee Agent 4.8 and later
  • McAfee Client Proxy 1.2 and later
  • MOVE Antivirus Multi-Platform 3.6 and later
  • Management of Native Encryption 4.0 and later
  • Network Security Manager 8.1 and later
  • Policy Auditor for Windows 6.2.0 and later
  • Rogue System Detection 5.0.5 and later
  • SaaS Endpoint 6.0.3 and later
  • Security for Domino Windows 7.5.3 and later
  • Security for Microsoft Exchange 8.0 and later
  • Security for Microsoft Sharepoint 3.0 and later
  • SiteAdvisor Enterprise 3.5 Patch 3 and later
  • System Information Reporter 1.0 and later
  • Threat Intelligence Exchange Client for VSE 1.0.2 and later
  • VirusScan Enterprise 8.7 Patch 5, 8.8 RTW and later
  • VirusScan Enterprise for Storage 1.2 and later

    *See KB90179 for information about an intermittent issue where Microsoft patches fail to install on Windows 7 systems protected by Data Loss Prevention Endpoint 11.0.130 or 10.0.330.

NOTE: This list will be updated with additional versions and products as compatibility testing continues. We do not anticipate any issues, and have received no reports of any issues.
 
Linux and MacOS Compatibility for McAfee Products:
Because the underlying issue impacts multiple operating systems, testing is also underway on Linux and MacOS-based products. No issues have been found so far. 
  • Application and Change Control 6.1.7.771
  • Data Loss Prevention for Mac 11.0.2.5, 11.0.0.85, 10.0.0.123
  • Endpoint Security for Linux 10.2.2
  • Endpoint Security for Mac 10.2.3
  • Endpoint Protection for Mac 2.3
  • File and Removable Media Protection for Mac 5.0.5
  • Host Intrusion Prevention for Linux 8.0 Patch 11 and later
  • Management of Native Encryption for Mac 4.1.3
  • McAfee Active Response for Linux 2.0.1.171, 1.1.0.282, 2.2.0.255, 2.0.1.165
  • McAfee Active Response for Mac 2.2.0.255
  • McAfee Agent 4.8 and later
  • McAfee Linux Firewall 8.0.3
  • Policy Auditor for Linux 6.3.0.195, 6.2.2.146, 6.2.0.322
  • VirusScan Enterprise for Linux 2.0.3, 1.9.2

Cloud Services for McAfee and Skyhigh Products:
McAfee and Skyhigh are in the process of working with vendors on patching and ensuring compliance in our cloud services infrastructure. No issues have been found so far.
 
Appliance Compatibility for McAfee Products:
Because the underlying issue is hardware specific, testing is also underway on McAfee appliance-based products.
  • Advanced Threat Defense (ATD) - The following releases provide kernel updates to address the Meltdown vulnerability:
    • ATD 4.0.6 - For Release Notes, see PD27544
    • ATD 4.2.2 - For Release Notes, see PD27545
  • Data Exchange Layer (DXL) - The following DXL hotfixes provide security fixes for vulnerabilities related to Meltdown:
    • DXL 4.0.0 Hotfix 3
    • DXL 3.0.0 Hotfix 10
    • DXL 3.0.1 Hotfix 8
    • DXL 3.1.0 Hotfix 11
    • DXL 2.2.0 Hotfix 8
  • GTI Proxy Appliance - See KB90240 for mitigation information.
  • MOVE Antivirus Agentless 4.5.1
  • Network Data Loss Prevention - The following releases provide kernel updates to address the Meltdown and Spectre vulnerabilities:
    • 11.0.201 - For Release Notes, see PD27537.
    • 10.0.301 - For Release Notes, see PD27538.
  • Network Security Manager Linux Appliance 9.1.7.49
  • SIEM - SIEM is a closed system. Unprivileged local users are not able to execute arbitrary code. Nevertheless, SIEM expects to address this vulnerability in a future version update. See SB10226 for reference.
  • Vulnerability Manager 7.5.12
  • Web Gateway 7.8.1 - For a list of resolved issues, see the Release Notes (PD27506).

Disclaimer

The content of this article originated in English. If there are differences between the English content and its translation, the English content is always the most accurate. Some of this content has been provided using Machine Translation translated by Microsoft.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Affected Products


Advanced Threat Defense 4.2.x
Application and Change Control 8.0.x
Application and Change Control 7.0.x
Application and Change Control 6.5.x
Application and Change Control 6.2.x
Data Exchange Layer 3.x
Data Exchange Layer 2.x
Data Loss Prevention Endpoint 9.4
Data Loss Prevention Endpoint 11.0
Data Loss Prevention Endpoint 10.0
Drive Encryption 7.2
Drive Encryption 7.1
Endpoint Security Firewall 10.5.x
Endpoint Security Firewall 10.2.x
Endpoint Security for Linux Threat Prevention 10.x
Endpoint Security for Mac Firewall 10.x
Endpoint Security for Mac Threat Prevention 10.x
Endpoint Security for Mac Web Control 10.x
Endpoint Security Threat Prevention 10.5.x
Endpoint Security Threat Prevention 10.2.x
Endpoint Security Web Control 10.5.x
Endpoint Security Web Control 10.2.x
ePolicy Orchestrator 5.9
ePolicy Orchestrator 5.3
File and Removable Media Protection 5.0.x
File and Removable Media Protection 4.3.x
Global Threat Intelligence (GTI) Proxy 2.x (EOL)
Host Intrusion Prevention 8.0
McAfee Active Response 2.x
McAfee Active Response 1.x
McAfee Agent 5.5.x
McAfee Agent 5.0.x
McAfee Agent 4.8 (EOL)
McAfee Client Proxy 2.3.x
McAfee Client Proxy 2.2.x
McAfee Client Proxy 2.1.x (EOL)
McAfee Client Proxy 2.0.x (EOL)
McAfee Client Proxy 1.x (EOL)
MOVE Antivirus Agentless 4.5.x
MOVE Antivirus Multi-platform 4.6.x
MOVE Antivirus Multi-platform 4.5.x
Network Security Manager 9.1.x
Network Security Sensor Appliance 9.1.x
Policy Auditor 6.3
Policy Auditor 6.2
Security for Lotus Domino 7.5
Security for Microsoft Exchange 8.5
Security for SharePoint (PortalShield) 3.5
Security for SharePoint (PortalShield) 3.0
SIEM Advanced Correlation Engine 10.2.x
SIEM Advanced Correlation Engine 10.0.x
SIEM Application Data Monitor 10.2.x
SIEM Application Data Monitor 10.0.x
SIEM Database Event Monitor 10.2.x
SIEM Database Event Monitor 10.0.x
SIEM Direct Attached Storage (DAS) 10.2.x
SIEM Direct Attached Storage (DAS) 10.0.x
SIEM Enterprise Log Manager 10.2.x
SIEM Enterprise Log Manager 10.0.x
SIEM Enterprise Security Manager 10.2.x
SIEM Enterprise Security Manager 10.0.x
SIEM Event Receiver 10.2.x
SIEM Event Receiver 10.0.x
SiteAdvisor Enterprise 3.5
System Information Reporter
Threat Prevention and Removal
VirusScan Enterprise 8.8
VirusScan Enterprise for Linux 2.0.x
VirusScan Enterprise for Linux 1.9.x
VirusScan Enterprise for Storage 1.2.x
Vulnerability Manager 7.5
Web Gateway 7.8

Languages:

This article is available in the following languages:

English United States
Japanese

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.