Doc ID                : ADV264
Version              : 2.0 
Status                : Published
Published date : 08/18/2016
Categories  : Security Issue

I/A Series

Foxboro Evo
Last Modified date : 08/18/2016


Customer Advisory

Updates to the file scanning configuration settings for McAfee Products
August 18, 2016


Schneider Electric is committed to ensuring that our customers and employees are kept current on issues that might affect or improve product, system or process operation. We are dedicated to providing product and application reliability, and exceptional client service.   

Customer Advisories are intended to inform you of the possibility of a situation occurring at system installations, and the identified resolution. Schneider Electric recommends that our customers consider taking action to help prevent occurrence of the identified situation during your production process.

Potential Security Vulnerability:

It is recognized that the global threat environment is constantly changing and we are committed to helping our customers protect the security of their installations.  We have reviewed the issue described in this Customer Advisory and determined that, if no action is taken, there is potential security vulnerability that could allow an attacker to compromise the integrity, availability, or confidentiality of a product.  We strongly advise customers to take note of the actions recommended, to test such actions or patches on non-production systems as able, prior to deployment into production environments. This approach is recommended in order to minimize risk and exposure to announced vulnerabilities.

 

This advisory applies to all McAfee MOVE AV 3.5.1 and McAfee VirusScan Enterprise (VSE) 8.8 users.

SITUATION

McAfee recently released Technical Article KB87375 advising users about the potential for the EICAR/malware test strings not being properly detected within MOVE AV when the test string was contained within a text file (.txt). This was the result of a default configuration change within the McAfee MOVE AV product. In light of this announcement, Schneider-Electric has reviewed the recommended settings for McAfee products deployed within our systems. 

We have identified that our McAfee® MOVE Antivirus Product Installation and Configuration Guide Documentation B0700GP Rev B was missing the required configuration instructions as detailed in McAfee KB87375. Without the recomended changes to the MOVE AV policy contained within McAfee ePO, antivirus protection will not be provided for all file types.

Additionally  we have identified an issue with the instructions provided in B0700EQ Rev E for McAfee VirusScan Enterprise 8.8. The default McAfee VSE settings do not provide antivirus protection scanning for all File types.

SYMPTOMS

The McAfee default configuration does not provide scanning for all files and may not provide antivirus protections against all file types.

ACTIONS OR RESOLUTIONS

Updated instructions have been provided in the McAfee® MOVE Antivirus Product Installation and Configuration Guide Documentation B0700GP Rev C  to adequately reflect the requirement to scan ALL file types. Customers should follow the updated instructions to modify the current ePO policy for MOVE AV and apply the changes. 

The instructions in the McAfee VirusScan Enterprise 8.8 B0700EQ Rev F document have been updated as well to adequately scan ALL file types. Customers should follow the updated instructions and update the Scan file configuration settings. 

FOR INFORMATION

If you have any questions regarding this article, please contact your local Service Representative or a Schneider Electric Support Center at:  
 
GCS Center America's GCS Asia Pacific GCS EMEA GCS
Location Foxboro MA USA Shanghai Baarn NL
Phone +1-866-746-6477 +86 21 37180086  +31-3554-84125
Internationally +1-508-549-2424    
Fax +1-508-549-4999 +86 21 37180196 +31-3554-84230
Email America's GCS Asia Pacific GCS EMEA GCS

Regards,

John Petty
Director,
Global Customer Support



Distribution to Schneider Electric Customers and Internal Personnel Only
DO NOT REPRODUCE.
All trademarks are registered to their respective owners.
All brand names are property of their respective owners.


Advisory #: 2016035ABI

©Schneider Electric. All rights reserved