查看: 15080|回复: 38
收起左侧

[资讯] McAfee Endpoint Security 10.1 Beta Program【新功能-高级漏洞防御?优化特征库】

[复制链接]
驭龙
发表于 2015-8-20 18:49:11 | 显示全部楼层 |阅读模式
本帖最后由 驭龙 于 2015-8-20 19:41 编辑

好像之前的版本也有Exploit Prevention功能,不知为啥这次说是新变化之一,看起来是比缓冲区溢出保护更好的功能。
官方测试地址
http://www.mcafee.com/us/beta/pu ... security/#vt=vtab-1
Hello everyone and welcome to McAfee Endpoint Security 10.1 Beta Program!

We greatly value your input and are proud to provide you with this opportunity to test our new integrated client with enhanced protection and performance along with advanced security management, supporting ePO, ePO Cloud and self-managed. This portal is your primary point of contact to ask us questions, view test guides, and provide feedback.

New in ENS 10.1!

Better Protection and Performance
•McAfee AMCore anti-malware framework — More protection, smaller DAT files
•60-70% reduction in DAT sizes
•Zero-impact On-Demand Scan
•Advanced Exploit Prevention — Zero-day protection against vulnerabilities
•Shared threat intelligence between modules to provide greater threat efficacy

Touch Ready, Modular Client
•Touch ready interface — Support for your latest Windows 10 touch devices
•Integrated modular client – Pick and choose which Endpoint Security modules to install: Threat Prevention, Firewall and Web Control
•Reduced maintenance overhead — Installation, logging, and other functions are centralized
•Password protected uninstallation and interface access

Simplified Management
•Managed through McAfee ePO and McAfee ePO Cloud
•Register for McAfee ePO Cloud at http://beta.manage.mcafee.com (available as of 04-Aug-15)
•Can be installed on standalone systems
•Granular client controls with basic and advanced options for end users

谷歌机器翻译:
迈克菲终端安全10.1是我们的下一代终端的反恶意软件技术,速度更快,更简单,更有效。它包括增强的反病毒,反间谍软件,攻击防护,高级防火墙,网站评级和过滤功能,以保护从最新的病毒,木马,间谍软件,rootkits和其他威胁的系统。该公司通过其各个模块之间积极沟通提供集成,协作的安全性。

此版本配备了一个常用的扩展架构,可提供您在保护您的Macintosh和Windows端点无缝的管理经验。

更好的保护和性能
•迈克菲AMCore反恶意软件框架 - 在小尺寸DAT更好地保护
•〜60-70%的DAT尺寸减小
•零影响按需扫描
•先进的漏洞防护 - 零天保护,防止安全漏洞
•模块之间共享威胁情报,以提供更大的威胁功效

触摸就绪,模块化客户端
•触摸准备UI - 为了您最新的Windows 10的触摸设备
•集成的模块化客户端 - 挑选哪些模块安装的ENS的一部分
•威胁防御,防火墙和网络控制
•降低维护开销 - 安装,记录和其他组件都集中
•密码保护的卸载和用户界面的访问

简化管理
•通过EPO的前提下管理并通过EPO云
•在注册EPO云 - https://beta.login.mcafee.com/v1/Saml2SignIn
•可以在独立的终端节点安装
•与最终用户的基本和高级选项粒度客户端控件
Exploit Prevention  
Key Benefit: Increased protection     Threat Prevention 10.1 introduces content-based Exploit Prevention capability. This capability replaces the VirusScan Enterprise 8.8 Buffer Overflow Protection and provides broader range of coverage against vulnerabilities and exploits. The Exploit Prevention content is updated monthly, based on research done by our dedicated malware research team. The content is published in line with the Microsoft Black Tuesday vulnerability announcements. This content not only provides protection against zero-day exploits, but also gives you some flexibility in applying Microsoft patches.   Exploit Prevention includes the following technologies:  
GBOP
Generic Buffer Overflow Protection (GBOP) provides content-driven protection for a specific list of APIs against one of the most notorious form of attacks from the Internet. Buffer overflow attacks rely on the simple fact that programmers might make mistakes when dealing with memory space for variables.
DEP
Data Execution Prevention (DEP) is a Windows operating system security feature designed to prevent damage from viruses and other security threats by monitoring your programs to ensure that they use system memory safely. Because it is enforced by the operating system, this protection provides an increase in performance and API coverage. Exploit Prevention reports when DEP is triggered.
Kevlar
Kevlar is a kill bit security feature for web browsers and other applications using ActiveX controls. A kill bit specifies the Object Class Identifier (CLSID) of ActiveX controls identified as security vulnerability threats. This protection is also content driven.
Suspicious Caller Suspicious Caller protection enhances GBOP by detecting code that was injected by an attacker running in memory. These exploits attempt to bypass traditional security protection mechanisms such as GBOP and DEP. This protection also prevents Return-Oriented Programming-based attacks.  
Configuring Exploit Prevention  
In McAfee ePO, navigate to the Policy Catalog | Endpoint Security Threat Prevention | Exploit Prevention. This feature offers two protection levels: Standard and Maximum. Standard is the recommended default option. Increasing the protection level to Maximum requires policy tuning and testing.   

谷歌翻译:
漏洞防护主要好处:增加保护威胁防御10.1引入了基于内容的漏洞防范能力。
此功能取代了的VirusScan Enterprise 8.8缓冲区溢出保护和提供更广泛的覆盖性,避免漏洞和漏洞的。该溢出防止内容每月更新的基础上,研究通过我们的专业恶意软件研究小组完成的。内容发布与微软黑色星期二漏洞公告一致。
此内容不仅提供了防范零日攻击,而且还为您提供了应用的微软补丁一定的灵活性。
溢出防止包括以下技术:
GBOP通用缓冲区溢出保护(GBOP)提供的API对来自Internet的攻击最臭名昭著的形式之一的特定列表内容驱动的保护。缓冲区溢出攻击依赖于一个简单的事实是,当内存空间的变量处理程序员可能会犯错误。
DEP数据执行保护(DEP)是一个旨在防止病毒和其他安全威胁的伤害监视您的程序,以确保他们所使用的系统内存安全地在Windows操作系统的安全功能。因为它是由操作系统执行的,这种保护提供增加的性能和API覆盖。利用DEP时被触发预防报告。
芳纶芳纶是使用ActiveX控件的Web浏览器和其他应用程序的一个kill bit安全功能。取消位指定标识为安全漏洞威胁的ActiveX控件的对象类标识符(CLSID)。这种保护也是驱动的内容。
可疑来电可疑来电保护增强GBOP通过检测,是由在内存中运行攻击者注入的代码。这些漏洞试图绕过传统的安全保护机制,如GBOP和DEP。这种保护也防止返回​​导向编程的攻击。
配置漏洞防护在在McAfee ePO,导航到策略目录|端点安全威胁防御|漏洞防范。该功能提供了两种保护级别:标准和最大。标准是推荐的默认选项。增加保护级别为最高要求的政策调整和测试。

访问保护的变化:
Enhanced Access Protection  
Key Benefits: Flexible configuration and ease of use  
Access Protection (AP) capabilities in the Threat Prevention 10.1 module have been enhanced to provide more flexibility to security administrators. These enhancements include the ability to:  
 Specify more file and registry operations (such as read, write, create, delete) compared to VirusScan Enterprise 8.8.   
 Create a single AP rule that protects files and registry entries, whereas VirusScan Enterprise 8.8 only protects one per rule.  
 Include or exclude processes at the rule level, based on file path, MD5, and digital signer. VirusScan Enterprise 8.8 only allows exclusions based on file path.  
 Create global exclusions that apply to all AP rules.  
In addition, AP now proactively excludes all McAfee-signed processes from being subject to access controls. VirusScan Enterprise 8.8 doesn’t support this capability.
谷歌机器翻译
增强的访问保护
主要优点:
灵活的配置和易用性在威胁阻止访问保护(AP)功能的10.1模块已得到增强,以提供更多的灵活性,安全管理员。这些增强功能包括以下能力:
相比的VirusScan Enterprise8.8指定多个文件和注册表操作(如读取,写入,创建,删除)。
创建一个单独的AP规则来保护文件和注册表项,而VirusScan企业8.8只保护每个规则之一。
包含或排除过程中在规则级别的基础上,文件路径,MD5和数字签名。 VirusScan企业8.8只允许基于文件的路径排除。
创建适用于所有的AP规则的全局排除。此外,AP现在主动排除这方面有访问控制所有McAfee签名的过程。 VirusScan企业8.8不支持此功能。

评分

参与人数 3分享 +1 人气 +2 收起 理由
ctrlz2z + 1 赞一个!
ericdj + 1
a330391 + 1 感谢提供分享

查看全部评分

卡布达
发表于 2015-8-20 19:18:35 | 显示全部楼层
先回复再看
驭龙
 楼主| 发表于 2015-8-20 19:36:46 | 显示全部楼层

看上去很霸气,就是不知道会不会很流畅,如果真的流畅,我都动心了
sjneng
发表于 2015-8-20 20:20:13 | 显示全部楼层
龙大,这个你怎么看?McAfee Free Antivirus Beta  
驭龙
 楼主| 发表于 2015-8-20 20:21:20 | 显示全部楼层
sjneng 发表于 2015-8-20 20:20
龙大,这个你怎么看?McAfee Free Antivirus Beta

我有回复的,没啥太大意思,现在不稳定
开开心心卖手机
发表于 2015-8-20 20:31:45 | 显示全部楼层
很期待新的mes,之前用过一段时间,各方面都挺喜欢的
白露为霜
发表于 2015-8-20 23:28:44 | 显示全部楼层
驭龙 发表于 2015-8-20 19:36
看上去很霸气,就是不知道会不会很流畅,如果真的流畅,我都动心了

已经启用迈克菲is版

很流畅

不换了吧
wudiwusuowei
头像被屏蔽
发表于 2015-8-20 23:43:38 | 显示全部楼层
驭龙 发表于 2015-8-20 19:36
看上去很霸气,就是不知道会不会很流畅,如果真的流畅,我都动心了

龙大,说实话,看到MES 一二十个进程,顿时心里一塞啊,为什么mcafee就不能优化下,像赛门铁克一样只弄出两个进程呢?
TasteFeel
发表于 2015-8-20 23:52:14 | 显示全部楼层
我也是对他的进程有点意见,干嘛不弄成两三个进程呢。
请叫我德玛西亚
发表于 2015-8-21 07:14:01 来自手机 | 显示全部楼层
这货 卸载有点麻烦  功能还好!等大神发包尝鲜?O(∩_∩)O哈哈~
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 17:36 , Processed in 0.135645 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表