本帖最后由 驭龙 于 2015-8-20 19:41 编辑
好像之前的版本也有Exploit Prevention功能,不知为啥这次说是新变化之一,看起来是比缓冲区溢出保护更好的功能。
官方测试地址
http://www.mcafee.com/us/beta/pu ... security/#vt=vtab-1
Hello everyone and welcome to McAfee Endpoint Security 10.1 Beta Program!
We greatly value your input and are proud to provide you with this opportunity to test our new integrated client with enhanced protection and performance along with advanced security management, supporting ePO, ePO Cloud and self-managed. This portal is your primary point of contact to ask us questions, view test guides, and provide feedback.
New in ENS 10.1!
Better Protection and Performance
•McAfee AMCore anti-malware framework — More protection, smaller DAT files
•60-70% reduction in DAT sizes
•Zero-impact On-Demand Scan
•Advanced Exploit Prevention — Zero-day protection against vulnerabilities
•Shared threat intelligence between modules to provide greater threat efficacy
Touch Ready, Modular Client
•Touch ready interface — Support for your latest Windows 10 touch devices
•Integrated modular client – Pick and choose which Endpoint Security modules to install: Threat Prevention, Firewall and Web Control
•Reduced maintenance overhead — Installation, logging, and other functions are centralized
•Password protected uninstallation and interface access
Simplified Management
•Managed through McAfee ePO and McAfee ePO Cloud
•Register for McAfee ePO Cloud at http://beta.manage.mcafee.com (available as of 04-Aug-15)
•Can be installed on standalone systems
•Granular client controls with basic and advanced options for end users
谷歌机器翻译:
迈克菲终端安全10.1是我们的下一代终端的反恶意软件技术,速度更快,更简单,更有效。它包括增强的反病毒,反间谍软件,攻击防护,高级防火墙,网站评级和过滤功能,以保护从最新的病毒,木马,间谍软件,rootkits和其他威胁的系统。该公司通过其各个模块之间积极沟通提供集成,协作的安全性。
此版本配备了一个常用的扩展架构,可提供您在保护您的Macintosh和Windows端点无缝的管理经验。
更好的保护和性能
•迈克菲AMCore反恶意软件框架 - 在小尺寸DAT更好地保护
•〜60-70%的DAT尺寸减小
•零影响按需扫描
•先进的漏洞防护 - 零天保护,防止安全漏洞
•模块之间共享威胁情报,以提供更大的威胁功效
触摸就绪,模块化客户端
•触摸准备UI - 为了您最新的Windows 10的触摸设备
•集成的模块化客户端 - 挑选哪些模块安装的ENS的一部分
•威胁防御,防火墙和网络控制
•降低维护开销 - 安装,记录和其他组件都集中
•密码保护的卸载和用户界面的访问
简化管理
•通过EPO的前提下管理并通过EPO云
•在注册EPO云 - https://beta.login.mcafee.com/v1/Saml2SignIn
•可以在独立的终端节点安装
•与最终用户的基本和高级选项粒度客户端控件 Exploit Prevention
Key Benefit: Increased protection Threat Prevention 10.1 introduces content-based Exploit Prevention capability. This capability replaces the VirusScan Enterprise 8.8 Buffer Overflow Protection and provides broader range of coverage against vulnerabilities and exploits. The Exploit Prevention content is updated monthly, based on research done by our dedicated malware research team. The content is published in line with the Microsoft Black Tuesday vulnerability announcements. This content not only provides protection against zero-day exploits, but also gives you some flexibility in applying Microsoft patches. Exploit Prevention includes the following technologies:
GBOP
Generic Buffer Overflow Protection (GBOP) provides content-driven protection for a specific list of APIs against one of the most notorious form of attacks from the Internet. Buffer overflow attacks rely on the simple fact that programmers might make mistakes when dealing with memory space for variables.
DEP
Data Execution Prevention (DEP) is a Windows operating system security feature designed to prevent damage from viruses and other security threats by monitoring your programs to ensure that they use system memory safely. Because it is enforced by the operating system, this protection provides an increase in performance and API coverage. Exploit Prevention reports when DEP is triggered.
Kevlar
Kevlar is a kill bit security feature for web browsers and other applications using ActiveX controls. A kill bit specifies the Object Class Identifier (CLSID) of ActiveX controls identified as security vulnerability threats. This protection is also content driven.
Suspicious Caller Suspicious Caller protection enhances GBOP by detecting code that was injected by an attacker running in memory. These exploits attempt to bypass traditional security protection mechanisms such as GBOP and DEP. This protection also prevents Return-Oriented Programming-based attacks.
Configuring Exploit Prevention
In McAfee ePO, navigate to the Policy Catalog | Endpoint Security Threat Prevention | Exploit Prevention. This feature offers two protection levels: Standard and Maximum. Standard is the recommended default option. Increasing the protection level to Maximum requires policy tuning and testing.
谷歌翻译:
漏洞防护主要好处:增加保护威胁防御10.1引入了基于内容的漏洞防范能力。
此功能取代了的VirusScan Enterprise 8.8缓冲区溢出保护和提供更广泛的覆盖性,避免漏洞和漏洞的。该溢出防止内容每月更新的基础上,研究通过我们的专业恶意软件研究小组完成的。内容发布与微软黑色星期二漏洞公告一致。
此内容不仅提供了防范零日攻击,而且还为您提供了应用的微软补丁一定的灵活性。
溢出防止包括以下技术:
GBOP通用缓冲区溢出保护(GBOP)提供的API对来自Internet的攻击最臭名昭著的形式之一的特定列表内容驱动的保护。缓冲区溢出攻击依赖于一个简单的事实是,当内存空间的变量处理程序员可能会犯错误。
DEP数据执行保护(DEP)是一个旨在防止病毒和其他安全威胁的伤害监视您的程序,以确保他们所使用的系统内存安全地在Windows操作系统的安全功能。因为它是由操作系统执行的,这种保护提供增加的性能和API覆盖。利用DEP时被触发预防报告。
芳纶芳纶是使用ActiveX控件的Web浏览器和其他应用程序的一个kill bit安全功能。取消位指定标识为安全漏洞威胁的ActiveX控件的对象类标识符(CLSID)。这种保护也是驱动的内容。
可疑来电可疑来电保护增强GBOP通过检测,是由在内存中运行攻击者注入的代码。这些漏洞试图绕过传统的安全保护机制,如GBOP和DEP。这种保护也防止返回导向编程的攻击。
配置漏洞防护在在McAfee ePO,导航到策略目录|端点安全威胁防御|漏洞防范。该功能提供了两种保护级别:标准和最大。标准是推荐的默认选项。增加保护级别为最高要求的政策调整和测试。
访问保护的变化:
Enhanced Access Protection
Key Benefits: Flexible configuration and ease of use
Access Protection (AP) capabilities in the Threat Prevention 10.1 module have been enhanced to provide more flexibility to security administrators. These enhancements include the ability to:
Specify more file and registry operations (such as read, write, create, delete) compared to VirusScan Enterprise 8.8.
Create a single AP rule that protects files and registry entries, whereas VirusScan Enterprise 8.8 only protects one per rule.
Include or exclude processes at the rule level, based on file path, MD5, and digital signer. VirusScan Enterprise 8.8 only allows exclusions based on file path.
Create global exclusions that apply to all AP rules.
In addition, AP now proactively excludes all McAfee-signed processes from being subject to access controls. VirusScan Enterprise 8.8 doesn’t support this capability.
谷歌机器翻译
增强的访问保护
主要优点:
灵活的配置和易用性在威胁阻止访问保护(AP)功能的10.1模块已得到增强,以提供更多的灵活性,安全管理员。这些增强功能包括以下能力:
相比的VirusScan Enterprise8.8指定多个文件和注册表操作(如读取,写入,创建,删除)。
创建一个单独的AP规则来保护文件和注册表项,而VirusScan企业8.8只保护每个规则之一。
包含或排除过程中在规则级别的基础上,文件路径,MD5和数字签名。 VirusScan企业8.8只允许基于文件的路径排除。
创建适用于所有的AP规则的全局排除。此外,AP现在主动排除这方面有访问控制所有McAfee签名的过程。 VirusScan企业8.8不支持此功能。 |