McAfee Data Loss Prevention Monitor 11.4.00 Release Notes

The McAfee DLP Monitor 11.4.00 release can update platform support.

Every update release is cumulative and includes all features and fixes from the previous release. We recommend that you always upgrade to the most current update.

Caution: We do not support the upgrade of a pre-release software version. To upgrade to a production release of the software, you must perform a new installation with the production version.

Release details

Release date — November 12, 2019

Release build:

  • McAfee® Data Loss Prevention Monitor (McAfee DLP Monitor) appliance installation images:
    • For VMware vSphere virtual appliance —
    • For hardware appliance — McAfee-MS-11.4.0-3569.100.iso
  • DLP Appliance Management extension — build
  • Data Loss Prevention extension — build

This release updates components that depend on these McAfee ePO extensions:

  • McAfee® Agent — version 5.6.2
    Note: McAfee Agent is built into the appliance software and can't be updated through McAfee ePO.
  • Appliance Management extension — build or later
  • Common UI extension — build or later

Updated platform, environment, or operating system support

You can get the latest information about supported platforms, environments, and operating systems from KB87112.

New features and enhancements

This release introduces new features or improves existing features:

  • Exact data matching (EDM)

    McAfee DLP Monitor appliances now support exact data matching that enables you to protect sensitive database records by only matching the actual values from the original records. Employee records, customer records, patient medical records are typical examples of sensitive information that you can protect using EDM.

    Matching individual fields of a sensitive record (such as, name, social security number, date of birth, telephone number) might not be useful and can easily result in a false-match. But matching two or more fields of the same sensitive record (for example, both name and social security number) within the same text (such as, an email or a document) indicates that meaningful related information is present.

    EDM enables associative matching of multiple fields from the same record and allows rules based on:

    • Number of field matches that constitute a record match
    • Required proximity of field matches
    • Number of record matches that constitute an EDM classification criteria match
    EDM can scan traffic in all languages except languages that do not use whitespace characters or punctuation marks for breaking words. For example, Chinese and Japanese.

  • Scanning image files with Optical Character Recognition (OCR)

    McAfee DLP Monitor appliances now support OCR for classifications. This feature allows you to scan images attached to emails, images uploaded in web posts, and images found in other network traffic. When the text extractor comes across an image file, a second pass is made with OCR to extract text and classify the file according to the relevant rules. The feature also works with images saved as PDF. If a PDF contains both text and images, it is scanned with the text extractor in the usual way.

    OCR scanning works with all McAfee DLP-supported languages, and most Western and Asian languages. Text recognition is poor with European languages, such as Russian and Greek, which do not use the Latin alphabets. The recognition is also poor with languages written in right-to-left scripts, notably Arabic and Hebrew.

    Unscannable images with McAfee DLP appliances — OCR scanning might fail on certain images because of:

    • Image size greater than 8400 pixels

    • OCR scanning time exceeding the timeout period of 5 minutes for an individual image

    • File corruption that renders the file unreadable

  • Product Improvement Program (PIP) capability in McAfee DLP appliances

    The PIP capability or the secure product telemetry framework, when enabled allows McAfee Agent to collect data from McAfee DLP appliances. You can choose to participate in the McAfee DLP appliance product improvement program and allow McAfee to collect data. The data collected is:

    • Analyzed by McAfee to improve product features and user experience with the product.
    • Used by Technical Support for troubleshooting.
    Privacy protection — The data collected by McAfee Agent will be used only for product improvement and Technical Support. The system-specific data will be filtered or used in aggregate form, unless it is required for Technical Support. For details about McAfee Privacy Notice, see:

  • Support for HTTP/1.1 multipart POST request in standalone appliances

    McAfee DLP Monitor appliance now supports multipart HTTP/1.1 POST request using the Content-Range header, as detailed in the RFC7233 standard, in standalone appliances only.

    File storage or secure content management cloud services, such as Box® might choose to divide data uploads into several parts for performance reasons. Previously, the McAfee DLP appliance scanned each of these data parts individually resulting in undefined behavior. With this enhancement, the McAfee DLP appliance reconstitutes the entire data upload and analyzes the resultant file to produce a definitive result and acts on the final data.

  • Support for more Advanced Patterns and Validation Algorithms

    McAfee DLP Monitor appliances now support these additional Advanced Patterns and Validation Algorithms built-in definitions. To access these built-in definitions, in McAfee ePO, go to ClassificationsDefinitionsData and select the Show built-in definitions checkbox.

    Advanced Patterns

    Brazil Election Identification Number Mexico Unique Population Registration Code (CURP)
    Brazil National Register of Legal Entities Mexico Voter Card Number
    Brazil Bank Account Numbers Mexico Business Tax Identification Number (RFC)
    Colombia Unique Taxpayer Number (NIT) Mexico Individual Tax Identification Number (RFC)
    France Value Added Tax (VAT) Number Mexico Social Security Number
    France Driver's License Number * Colombia Citizenship Card (Cedula de Ciudadania) *
    France Passport Number * US Individual Taxpayer Identification Number (ITIN) *
    Note: * These advanced pattern definitions have no corresponding validation algorithm.

    Validation Algorithms

    Brazilian Election Identification Number Mexican CURP
    Brazilian National Register of Legal Entities Mexican Voter Card
    Brazil Bank Account Numbers Mexican Business RFC
    Brazil Santander Bank Account Mexican Individual RFC
    Colombia Unique Taxpayer Number (NIT) Mexican Social Security Number
    France Value Added Tax (VAT) Number

Known issues

For a list of current known issues, see McAfee Data Loss Prevention 11.x.x Known Issues (KB89301).

Resolved issues

Important: This release is cumulative and contains fixes from all previous releases.


Reference Resolution

This release fixes the McAfee DLP Monitor appliance for these Microarchitectural Data Sampling CPU vulnerabilities, also known as ZombieLoad, Fallout and RIDL:

  • CVE-2018-12126 — Microarchitectural Store Buffer Data Sampling (MSBDS)

    Store buffers on some microprocessors utilizing speculative execution can allow an authenticated user to potentially enable information disclosure via a side channel with local access.

  • CVE-2018-12127 — Microarchitectural Load Port Data Sampling (MLPDS)

    Load ports on some microprocessors utilizing speculative execution can allow an authenticated user to potentially enable information disclosure via a side channel with local access.

  • CVE-2018-12130 — Microarchitectural Fill Buffer Data Sampling (MFBDS)

    Fill buffers on some microprocessors utilizing speculative execution can allow an authenticated user to potentially enable information disclosure via a side channel with local access.

  • CVE-2019-11091 — Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

    Uncacheable memory on some microprocessors utilizing speculative execution can allow an authenticated user to potentially enable information disclosure via a side channel with local access.

For more information about these CVEs, see McAfee Security Bulletin SB10292.

DLPN-6044 This release fixes an issue where the Capture partition was incorrectly named as "/2" in the Appliance Management page.