What's new in Advanced Threat Defense 4.10.0

Releases can introduce new features and enhancements or update platform support.

New features

This release introduces new features or improves existing features:

  • Enhancements to SNMP monitoring and trap settings — Now monitor Malware DNS status in Advanced Threat Defense through SNMP monitoring and traps configurations. Post upgrade, download the latest MiB file from the Advanced Threat Defense UI.
  • Receive external reputation from TIE — If TIE Enterprise Reputation is configured on McAfee ePO, Threat Analysis Report shows the TIE Enterprise Reputation severity score. Currently we support external reputation from MWG & ATD. If the file hashes were previously unseen in TIE Server and known Malicious from ATD/MWG, TIE adds it to its database and displays it as TIE File Reputation (ATD) / TIE File Reputation (MWG) in Threat Analysis Report.
  • Enhancements to Advanced Threat Defense Reporting Advanced Threat Defense now reports the following additional information:
    • File types of all dropped files extracted during sample execution.
    • Characteristics of Portable Executable (PE) sample:
      • Packer / Compiler Signature Detection
      • Overlay Detection, Show offset if present
      • Raw vs Virtual Size Comparison
  • Enhanced recovery or re-imaging process of Advanced Threat Defense appliance — Now recover or re-image the Advanced Threat Defense appliance using only the Advanced Threat Defense installer ISO (ATD_installer.4.10.0.xxxxxx.x86_64.iso).

Updated platform, environment, or operating system support

This release extends support to additional platforms, environments, or operating systems:

Note: For McAfee Active Response Workspace to work with Advanced Threat Defense 4.10.x install mar-workspace-standalone_2.4.3_Build_106.zip extension on McAfee ePO.

  • Support for Microsoft Windows 10 version 1909 — With Advanced Threat Defense 4.10.x, create VMs of Window 10 Professional version 1909 and Window 10 Enterprise version 1909.
  • Upgraded McAfee Agent and DXL versions — With this release of Advanced Threat Defense, the package include these software in the following versions:
    • McAfee Agent—v5.6.4
    • DXL—v6.0.0

Discontinued features

This release removes support for these features:

  • With Advanced Threat Defense 4.10.x, during ATD-NSP communication, the use of NULL and weak cipher are deprecated. By default, the SOFA protocol uses SSL encryption.
    Caution: Ensure that in Advanced Threat Defense, Use SSL for NSP is enabled in Advanced Security Setting before you upgrade. Similarly, enable SSL communication in McAfee NSP. Upgrading to 4.10.x without enabling this option could break ATD-NSP integration.

Note: As weak ciphers are deprecated, TLS1.0 support has been removed. This will affect ATD-MEG integration, we recommend to use TLS1.2 to successfully integrate ATD with MEG.