New features and enhancements

The current release of the product includes these enhancements and changes.

McAfee Virtual Advanced Threat Defense on Azure

You can now deploy Virtual Advanced Threat Defense on Azure from the Azure Marketplace.

Increased Hypervisor support

Microsoft Hyper-V: McAfee Advanced Threat Defense now supports Microsoft Hyper-V for the following platforms:

  • Windows Server 2012 R2 Datacenter
  • Windows Server 2016 Datacenter

As part of your Virtual Advanced Threat Defense package, we have included two script files. These script files make it easier for you to create your Virtual Advanced Threat Defense.

VMware ESXi: McAfee Advanced Threat Defense now supports VMware ESXi 6.5.

Integrate with TAXII 1.x server

You can now integrate your McAfee Advanced Threat Defense with your TAXII 1.x server.

Integrate with Bro Network Sensor

You can integrate your Bro Network Sensor with McAfee Advanced Threat Defense.

Enhancements to Analyzer Profile

Runtime Arguments – Include command-line parameter for the submitted file on execution. This allows you to review the actual payload of malware.

Analyze archive contents individually – Allows Advanced Threat Defense to send ZIP and 7zip files directly to a sandbox for analysis. Previously, Advanced Threat Defense extracts the files from these archive files and send the files individually for analysis.

Universal migration package

Migrate from Advanced Threat Defense 3.8 or 4.0 to 4.2 or Virtual Advanced Threat Defense 3.10 or 4.0 to 4.2 using the migration package. The migration package is equipped to help you migrate to 4.2 with ease and also ensures that all your physical or virtual appliance data, configurations, and certificates are backed up and restored.

VM Builder Tool

The VM Builder Tool allows you to create analyzer VMs on ESXi version 6.0 and 6.5. You can download the tool from the download site or Advanced Threat Defense web interface.

VM Provisioner Tool

The VM Provisioner Tool prepares VMware ESXi and Microsoft Hyper-V analyzer VMs. This tool replaces the VMDK Preparation Tool.

Register multiple Syslog servers

You can now register two Syslog servers in your Advanced Threat Defense. You can also send the same syslog events to multiple syslog servers.

Increased file type support for analysis

You can now submit Ichitaro word processor files for analysis. Advanced Threat Defense can now perform static and dynamic analysis on .jtd and .jtdc files.

New documentation portal

Information for Advanced Threat Defense is now provided on the new McAfee Documentation Portal.

After clicking the Help icon on the user interface, you are directed to the portal where you can search across all documentation that is provided for Advanced Threat Defense.

Note: You must have Internet access to be able to go to the documentation portal.

Enhanced Email Connector

Advanced Threat Defense now offers Offline Mode for Email Connector. This allows you to configure your Secure Email Gateway to send copies of email to Advanced Threat Defense, which processes and deletes the copy. Advanced Threat Defense records the email envelope information, the verdict on the malware, and the analysis Report and IoCs.

Enhanced Deep Neural Network

The Deep Neural Network analysis in Advanced Threat Defense now supports non-PE files.

Enhanced Malware DNS

Configuring Malware DNS is now mandatory for public domain or Internet access during activation and sample analysis.

Ease of support

Telemetry can now collect crash dump and debug data for your Advanced Threat Defense.