What's new in update 11.1.100

Update releases can update platform support.

Caution: We do not support the upgrade of a pre-release software version. To upgrade to a production release of the software, you must perform a new installation with the production version.

Release details

Release date — January 8, 2019

Release build:

  • McAfee® Data Loss Prevention Prevent (McAfee DLP Prevent) appliance installation images:
    • For VMware vSphere virtual appliance — McAfee-PS-11.1.100-3525.100.ps.hw10.hdd.ova
    • For Windows Hyper-V — McAfee-PS-11.1.100-3525.100.HyperV_ps.zip
    • For hardware appliance — McAfee-PS-11.1.100-3525.100.iso
  • DLP Appliance Management extension — build 11.1.0.122
  • Data Loss Prevention extension — build 11.1.100.16

This release updates components that depend on these McAfee ePO extensions:

  • McAfee® Agent — version 5.5.1
    Note: McAfee Agent is built into the appliance software and cannot be updated through McAfee ePO.
  • Appliance Management extension — build 1.1.0.163 or later
  • Common UI extension — build 1.3.0.258 or later

Note: McAfee® Data Loss Prevention Prevent for Mobile Email (McAfee DLP Prevent for Mobile Email) is not part of this release. The previous release of this product is supported by the current McAfee DLP extension.

Enhancements

This release improves existing features:

  • McAfee DLP is now enhanced to support query string analysis and matching in the URL lists.
  • This release improves the performance of dataset evaluation and optimizes the search query over large amount of captured data.

What's new in the 11.1.0 release

Releases can introduce new features and enhancements or update platform support.

Caution: We do not support the upgrade of a pre-release software version. To upgrade to a production release of the software, you must perform a new installation with the production version.

Release details

Release date — October 22, 2018

Release build:

  • McAfee® Data Loss Prevention Prevent (McAfee DLP Prevent) appliance installation images:
    • For VMware vSphere virtual appliance — McAfee-PS-11.1.0-3520.110.ps.hw10.hdd.ova
    • For Windows Hyper-V — McAfee-PS-11.1.0-3520.110.HyperV_ps.zip
    • For hardware appliance — McAfee-PS-11.1.0-3520.110.iso
  • DLP Appliance Management extension — build 11.1.0.122
  • Data Loss Prevention extension — build 11.1.0.28

This release updates components that depend on these McAfee ePO extensions:

  • McAfee® Agent — version 5.5.1
    Note: McAfee Agent is built into the appliance software and cannot be updated through McAfee ePO.
  • Appliance Management extension — build 1.1.0.163 or later
  • Common UI extension — build 1.3.0.258 or later

Note: McAfee® Data Loss Prevention Prevent for Mobile Email (McAfee DLP Prevent for Mobile Email) is not part of this release. The previous release of this product is supported by the current McAfee DLP extension.

New features

This release introduces new features or improves existing features:

  • DLP Capture — DLP Capture is an optional feature that you can enable and manage from McAfee ePO. It records data from email and web traffic processed by McAfee DLP Prevent appliances that can be searched from McAfee ePO for forensic investigation, rule, and classification tuning. You can save the result as an incident and then add the incident to a case.

    Searching captured data:

    • Forensic investigation search — Search captured data for content that is recorded from certain users, or for certain keywords or file names to identify potential data loss incidents.
    • Rules tuning — Tune your classifications, and email protection and web protection rules enforced on McAfee DLP Prevent appliances to prevent false positives or negatives. The Rule tuning feature analyzes captured data rather than active data without affecting your live data analysis.
    • Datasets — Create datasets to focus your search on specified properties to get more targeted results.
    • Converting rule into search — You can save an email protection or web protection rule enforced on the McAfee DLP Prevent appliances into a search that you can use to tune the settings, then save it as a new rule or override the existing rule.

    DLP Capture setup — The captured data is stored on an encrypted disk on a physical or virtual appliance, or on an external storage device.

    Appliance type Capture storage description
    DLP 6600 appliance The captured data is stored in McAfee DLP Capture Storage Array, which is an external storage device and can hold up to 16 TB of data.
    Note: Each DLP 6600 appliance on which you want to enable DLP Capture must have a dedicated McAfee DLP Capture Storage Array connected to it to store the captured data.
    DLP 5500 appliance DLP 5500 appliance contains disks that can hold up to 10 TB of captured data.
    Virtual appliance The required capture hard disk gets created when deploying an appliance. Choose a predefined deployment option that supports creating a capture storage disk.
    For more information about setting up the DLP 6600 appliance and McAfee DLP Capture Storage Array for running the DLP Capture feature, see the McAfee Data Loss Prevention Prevent Hardware Guide.

  • Deploying virtual appliances using the predefined deployment options — Choose a predefined deployment option based on your business need to deploy a virtual appliance. The predefined deployment option allocates the CPUs, memory, and capture disk space:
    Predefined deployment options Processors RAM (GB) Capture disk capacity (TB)
    Standard VM 4 12 N/A
    Standard VM - Capture 4 12 4
    Small VM* 1 4 N/A
    Small VM - Capture* 1 4 0.5
    Large VM 16 16 N/A
    Large VM - Capture 16 16 8

    * Use the Small VM and Small VM - Capture options only for evaluation purposes.

    Note: Adding a capture disk to an existing virtual appliance is not supported. Deploy a replacement virtual appliance using a predefined deployment option that deploys a capture storage disk.
  • Copying evidence files despite no network access using DLP Server — If your McAfee DLP appliance is in a demilitarized zone (DMZ), you can now securely copy the evidence files, despite no network access to the evidence file share. McAfee DLP allows you to copy the evidence files to the evidence file share via McAfee DLP Server.
  • Define IP addresses that can connect to McAfee DLP Prevent ICAP service — You can now specify the hosts (IP access control lists (ACL)) that can send requests (ICAP) to McAfee DLP Prevent so that only a legitimate source can connect to the appliance.

    When Accept request from these hosts only is selected, you can type the details of permitted hosts that McAfee DLP Prevent can receive requests from. You can create groups of permitted hosts using subnets or wildcard domains. To add more than one subnet, you must create separate entries for each.

    When Accept request from any host is selected, McAfee DLP Prevent accepts requests from any computer.
  • Support multiple SNMP trap destinations — You can now configure McAfee DLP appliances to send SNMP traps to multiple destinations. Each trap destination can have its own SNMP protocol version and community name.

    McAfee DLP appliance allows you to enter the host name or IP address for the SNMP trap manager to which your alerts are sent. Enabling SNMP alerts allows your appliances to issue SNMP alerts that are sent to your specified SNMP trap destination. Enabling SNMP monitor allows other devices to query your appliance or cluster of appliances for various system parameters.

  • Support Kerberos authentication scheme — The McAfee DLP Prevent appliance now supports the Kerberos authentication scheme for ICAP requests to process the X-Authenticated-User header from the web gateway. The McAfee DLP Prevent appliance expects the Kerberos format for the X-Authenticated-User header to be in this format for Active Directory:

    Kerberos://<Realm-Name>/<sAMAccountName>

    Note: Kerberos authentication scheme is supported only on Windows platform. OpenLDAP is not supported with Kerberos.

  • User interface changes in McAfee ePO 5.10 that impact navigation:
    • Software Manager is now renamed as Software Catalog in McAfee ePO 5.10.

      You can use Software Catalog in McAfee ePO 5.10 (MenuSoftwareSoftware Catalog) to view, download, and install the software.

      In McAfee ePO 5.9 or earlier, select Software Manager (MenuSoftwareSoftware Manager) to view, download, and install the software.

    • Policy Catalog — Click Edit from the Actions menu to edit a policy, instead of clicking the policy name. You can also use the Edit or Duplicate option from the Policy Details pane to create or update a policy.

Updated platform, environment, or operating system support

This release extends support to additional platforms, environments, or operating systems:

  • VMware vSphere using VMware vCenter Server versions 6.5 and 6.7
  • McAfee ePO 5.10.x
  • Support for McAfee DLP Capture Storage Array for use with DLP 6600 appliance to run the DLP Capture feature

This release removes support for some platforms, environments, or operating systems:

  • DLP 4400 appliance model