Release Notes Network Security Platform v6.0 Page 1 McAfee® Network Security Platform [formerly McAfee® IntruShield®] Release Version 6.0 Revision 1 (Document was revised on 12/13/10) Software versions in this release This document applies only to the following software versions. Network Security Sensor Network Security Manager M-8000, M-6050, M-4050, M-3050, Network Security Sensor Image Signature set M-1450, M-1250 Image M-2750 Image 6.0.7.9 6.4.13.23 6.0.7.7 6.0.7.
Release Notes Network Security Platform v6.0 Page 2 Contents 1 What’s new in this release ........................................................................................................ 3 2 2.1 2.2 Issues resolved in this release .................................................................................................. 9 Resolved M-series Sensor software issues ..........................................................................................................
Release Notes Network Security Platform v6.0 Page 3 1 What’s new in this release This section details the features and/or enhancements delivered with this release of Network Security Platform 6.0. All the features listed below are described in detail in Addendum II to 6.0 Documentation. Existing 6.0 guides are also updated to include the enhancements supported in this release. The sections below indicate the guide that contains updates for each feature/enhancement.
Release Notes Network Security Platform v6.0 Page 4 Like in earlier releases, you require an add-on license to enable NAC on M-series Sensors. Earlier, you could import the add-on license under Manager > Licenses tab. In this release, you can import/assign the license using the Device List > Add-On Licenses page. With this release, the Manager will not raise any fault on Sensor license expiry.
Release Notes Network Security Platform v6.0 Page 5 Support for Concurrent Sensor Updates In the earlier 6.0 releases, when multiple Sensors were configured to the Manager, Sensor software and signature updates were applied sequentially on each Sensor. In this release, the Manager provides an option for parallel processing of Sensor software and signature set updates. Note: This option is available in the Device List > Device List > Software Upgrade page at the parent domain.
Release Notes Network Security Platform v6.0 Page 6 Earlier, on-demand scans from the Threat Analyzer Host Forensics page was not child admin domain-specific. With this release, you can also select the child admin domains for which you want to execute a scan. For details, see Integration Guide. Integration with McAfee Global Threat Intelligence McAfee Global Threat Intelligence [GTI] is a global threat correlation engine and intelligence base of global messaging and communication behavior.
Release Notes Network Security Platform v6.0 Page 7 Feature usage: When you select this option, feature usage information from your setup will be sent to McAfee Labs. If you chose to skip enabling GTI participation during your first login, then you can also configure these options from the Manager Resource Tree under Integration > Global Threat Intelligence. For details, see Integration Guide. Setting the Scanning Exceptions With this release of 6.
Release Notes Network Security Platform v6.0 Page 8 For details, see IPS Configuration Guide. Support for Import of NAC Exclusion List from a File With this release, you can add items like IP addresses, IPv4 networks, MAC addresses, OUIs, and Network Objects to the NAC Exclusion List. If you have a long list of heterogeneous items to add to the NAC Exclusions List, consider using a CSV file.
Release Notes Network Security Platform v6.0 Page 9 You can generate the Next Generation Default – Attack URL Info report to view a list of the URL information. The Threat Analyzer does not support display of URLs for attacks containing jumbo frame packets. For details, see System Status Monitoring Guide. Manual Quarantine of a Host from the Threat Analyzer Using the Threat Analyzer, you can now manually quarantine a host even before it is detected on the network.
Release Notes Network Security Platform v6.0 Page 10 High severity Sensor software issues ID # Issue processing traffic. 626386 On rare occasions, when Artemis is enabled, the Sensor could reboot due to a data path error. Medium severity Sensor software issues 2.2 ID # Issue 630071 Enabling latency monitoring is not persisted across reboots. 624154 On rare occasions, after signature download, the Sensor could report false positives.
Release Notes Network Security Platform v6.0 Page 11 Medium severity Manager software issues ID # Issue 590261 The Threat Analyzer freezes when a user tries to group alerts by source or destination IP. 590257 In the Threat Analyzer, when IPs are added to manually quarantine a host, the IPs are not listed in the Hosts page. 589633 When the automatic download of signature sets to the Sensor is disabled, the Manager continues to push signature sets to the Sensors.
Release Notes Network Security Platform v6.0 Page 12 Medium severity Sensor issues ID # Issue Workaround content matching rule. keywords in a single rule. 530949 The diffserv functionality does not work for ICMPv6. None 519881 [Snort] When the number of fields to match in non payload options is more than 5, the Sensor does not raise an alert. Create separate rules limiting non payload options to 5 in each rule. 3.
Release Notes Network Security Platform v6.0 Page 13 Medium severity Manager issues ID Summary Workaround 611493 [NTBA] When the user adds the host to quarantine from Alerts page for a host, no ‘Host already exists’ message is shown for an existing host. Instead the Threat Analyzer extends the quarantine duration. None 522320 [Custom attacks] In Show details for UDS/Snort alerts, the sub category is shown as "unassigned" and Detection mechanism as "0".
Release Notes Network Security Platform v6.0 Page 14 The Manager client should have a minimum of 1 GB memory for accessing the Manager. McAfee recommends using 2GB memory on the Manager client for optimal performance. For more details, see Installation Guide. McAfee regularly releases updated versions of the signature set. Note that automatic signature set upgrade does not happen. You need to manually import the latest signature set and apply it to your Sensors.
Release Notes Network Security Platform v6.0 Page 15 6 More Information 6.1 About 6.0 Documentation To view the complete Network Security Platform 6.0 Documentation, 1. Go to http://mysupport.mcafee.com/Eservice/ 2. Click ‘Read Product Documentation’. 3. To view sensor related information, under ‘Product’ categories, select: 4. Network Security Sensor Hardware - select the Sensor model number Network Security Sensor Software - select the version as 6.
