MES 10.2 beta

欧阳宣

http://www.mcafee.com/us/beta/public-betas/endpoint-security/end-point-security.aspx


更新日志


Enhanced Protection with Threat Prevention & Threat Intelligence
对威胁预防和威胁侦测的增强

Dynamic Application Containment – Contain greyware based on reputation triggers
动态程序容器（？）——依据信誉触发，将未知软件放入容器中

这个概念和最近大热的容器安全有点关系，可以参看
https://blogs.mcafee.com/mcafee- ... tacks-new-approach/

Exploit Prevention now has enhanced exclusions as well as support for General Privilege Escalation Protection (GPEP)
漏洞防护加强了排除功能，同时支持GPEP（通用降权防护？）

Custom Access Protection Rules (File / Registry / Process), including user-based inclusions/exclusions
自定义的访问保护规则（文件/注册表/进程），包含基于用户自定义的添加与排除

Secure sample submission to Advanced Threat Detection (ATD) using HTTPS protocol
通过HTTPS加密链接向ATD上报样本




Firewall
防火墙

Block untrusted executables
阻挡不受信任的可执行文件

Enable/Disable firewall and timed groups from the system tray
从托盘图标启用或禁用防火墙或timed groups（？）

Client UI now includes defined networks and trusted executables configuration
客户端界面现在包含对已定义网络和已信任的可执行文件的配置

Enhanced support for Proxies
增强对代{过}{滤}理的支持




Web Control
网页控制

Private URL blocking
私密URL拦截

Support for latest Firefox browsers
支持最新版FF

Support for latest Chrome browsers (including reputation check for downloaded files)
支持最新版chrome（包含对下载文件的信誉检查）

Option to block Edge browser in Browser Control policy
添加对edge浏览器进行过滤的选项

Customized Install Package with ENS Package Designer
使用ENS Package Designer生成可自定义的安装包
Create a customizable install packages and deploy via ePolicy Orchestrator or as a standalone install.
生成的安装包可以通过EPO部署，或者直接单独安装。



Migration
迁移

IPS rules to Access Protection (AP) Custom Rules
从IPS规则到访问保护自定义规则的迁移

IPS exclusions to AP and ExpP Exclusions
从IPS排除项到访问保护以及漏洞保护排除项的迁移

Manual migration of HIPS catalog
对HIPS分类的手动迁移




beta进行到6月9日。

jone_jys

哇哦！。。。

1007

又要升级了？

jone_jys

1007 发表于 2016-6-1 12:04
又要升级了？

嗯，Beta可以下载测试了。。。

Win10 Redstone发布后希望能用上10.2的RC版。。。

驭龙

这功能不错啊，以后有机会玩玩

T.Yoshiyuki

刚对MES死心没几天就来吊胃口……所以哪里能弄到呢？

=======================================
顺手一找就找到了 注册beta测试用户后可以下载
http://www.mcafee.com/us/beta/public-betas/endpoint-security?snspd-0815#vt=vtab-4



=======================================
等待中

T.Yoshiyuki

Dynamic Application Containment – Contain greyware based on reputation triggers
动态程序容器（？）——依据信誉触发，将未知软件放入容器中

这个概念和最近大热的容器安全有点关系，可以参看
https://blogs.mcafee.com/mcafee- ... tacks-new-approach/

瞟了一眼：
Whitelisting and application containment
This approach allows only known applications to execute. Backed by policy-based gray-list management, this method relies on whitelisting known apps and programs. The immense number of applications makes this impractical. One smart solution to this problem is using policy-based containment in which the unknown app is quarantined until it is determined to be clean through an external classification system or crowdsourced labeling process. Both approaches impose delays and usability challenges.

这不就跟非黑即白差不多嘛……

，就一个.

T.Yoshiyuki 发表于 2016-6-2 09:50
刚对MES死心没几天就来吊胃口……所以哪里能弄到呢？

=======================================

分享一下安装包

蓝核

Dynamic Application Containment – Contain greyware based on reputation triggers
动态程序容器（？）——依据信誉触发，将未知软件放入容器中

和诺顿的那个不是一个技术么看起来

Custom Access Protection Rules (File / Registry / Process), including user-based inclusions/exclusions
自定义的访问保护规则（文件/注册表/进程），包含基于用户自定义的添加与排除
更VSE就好了

Support for latest Firefox browsers
支持最新版FF

Support for latest Chrome browsers (including reputation check for downloaded files)
支持最新版chrome（包含对下载文件的信誉检查）

c和f说 我飙起来版本号我都怕

IPS rules to Access Protection (AP) Custom Rules
从IPS规则到访问保护自定义规则的迁移

IPS exclusions to AP and ExpP Exclusions
从IPS排除项到访问保护以及漏洞保护排除项的迁移

Manual migration of HIPS catalog
对HIPS分类的手动迁移

非常好

jone_jys

蓝核 发表于 2016-6-5 15:25
和诺顿的那个不是一个技术么看起来

Custom Access Protection Rules (File / Registry / Process), in ...

访问保护规则比VSE要好太多。
正式发布后新功能还是比较有搞头。。。
目前的测试版没法折腾，中文有很多乱码哎。