What's new in the 11.4.0 release

Releases can introduce new features and enhancements or update platform support.

Caution: We do not support the upgrade of a pre-release software version. To upgrade to a production release of the software, you must perform a new installation with the production version.

Release details

Release date — November 12, 2019

Release build:

  • McAfee® Data Loss Prevention Prevent (McAfee DLP Prevent) appliance installation images:
    • For VMware vSphere virtual appliance — McAfee-PS-11.4.0-3569.100.ps.hw10.hdd.ova
    • For Windows Hyper-V — McAfee-PS-11.4.0-3569.100.HyperV_ps.zip
    • For hardware appliance — McAfee-PS-11.4.0-3569.100.iso
  • DLP Appliance Management extension — build 11.4.0.117
  • Data Loss Prevention extension — build 11.4.0.17

This release updates components that depend on these McAfee ePO extensions:

  • McAfee® Agent — version 5.6.2
    Note: McAfee Agent is built into the appliance software and can't be updated through McAfee ePO.
  • Appliance Management extension — build 1.1.0.163 or later
  • Common UI extension — build 1.3.0.258 or later

Note: McAfee® Data Loss Prevention Prevent for Mobile Email (McAfee DLP Prevent for Mobile Email) is not part of this release. The previous release of this product is supported by the current McAfee DLP extension.

Updated platform, environment, or operating system support

You can get the latest information about supported platforms, environments, and operating systems from KB87112.

New features and enhancements

This release introduces new features or improves existing features:

  • Exact data matching (EDM)

    McAfee DLP Prevent appliances now support exact data matching that enables you to protect sensitive database records by only matching the actual values from the original records. Employee records, customer records, patient medical records are typical examples of sensitive information that you can protect using EDM.

    Matching individual fields of a sensitive record (such as, name, social security number, date of birth, telephone number) might not be useful and can easily result in a false-match. But matching two or more fields of the same sensitive record (for example, both name and social security number) within the same text (such as, an email or a document) indicates that meaningful related information is present.

    EDM enables associative matching of multiple fields from the same record and allows rules based on:

    • Number of field matches that constitute a record match
    • Required proximity of field matches
    • Number of record matches that constitute an EDM classification criteria match
    EDM can scan traffic in all languages except languages that do not use whitespace characters or punctuation marks for breaking words. For example, Chinese and Japanese.

  • Scanning image files with Optical Character Recognition (OCR)

    McAfee DLP Prevent appliances now support OCR for classifications. This feature allows you to scan images attached to emails, images uploaded in web posts, and images found in other network traffic. When the text extractor comes across an image file, a second pass is made with OCR to extract text and classify the file according to the relevant rules. The feature also works with images saved as PDF. If a PDF contains both text and images, it is scanned with the text extractor in the usual way.

    OCR scanning works with all McAfee DLP-supported languages, and most Western and Asian languages. Text recognition is poor with European languages, such as Russian and Greek, which do not use the Latin alphabets. The recognition is also poor with languages written in right-to-left scripts, notably Arabic and Hebrew.

    Unscannable images with McAfee DLP appliances — OCR scanning might fail on certain images because of:

    • Image size greater than 8400 pixels

    • OCR scanning time exceeding the timeout period of 5 minutes for an individual image

    • File corruption that renders the file unreadable

  • Bypass scanning of emails

    McAfee DLP Prevent appliances can now bypass scanning of emails sent from the specified email addresses. The X-RCIS-Action header can indicate a BYPASS action in the message sent to the configured Smart Host.

    Note: The bypassed emails are not reported in incidents. The appliances also don't generate evidence or capture data from the bypassed emails.

  • Product Improvement Program (PIP) capability in McAfee DLP appliances

    The PIP capability or the secure product telemetry framework, when enabled allows McAfee Agent to collect data from McAfee DLP appliances. You can choose to participate in the McAfee DLP appliance product improvement program and allow McAfee to collect data. The data collected is:

    • Analyzed by McAfee to improve product features and user experience with the product.
    • Used by Technical Support for troubleshooting.
    Privacy protection — The data collected by McAfee Agent will be used only for product improvement and Technical Support. The system-specific data will be filtered or used in aggregate form, unless it is required for Technical Support. For details about McAfee Privacy Notice, see: https://www.mcafee.com/enterprise/en-us/about/legal/privacy.html.

  • Authenticated email submission

    McAfee DLP Prevent appliances now allow you to enable authenticated email submission in scenarios where network policies do not allow email communication on port 25. You can also use this configuration when it is mandatory to use authenticated mail submission. When this feature is enabled, the McAfee DLP Prevent appliances listen on port 587 to accept emails using LOGIN mechanism for SMTP AUTH.

  • Support for HTTP/1.1 multipart POST request in standalone appliances

    McAfee DLP Prevent appliance now supports multipart HTTP/1.1 POST request using the Content-Range header, as detailed in the RFC7233 standard, in standalone appliances only.

    File storage or secure content management cloud services, such as Box® might choose to divide data uploads into several parts for performance reasons. Previously, the McAfee DLP appliance scanned each of these data parts individually resulting in undefined behavior. With this enhancement, the McAfee DLP appliance reconstitutes the entire data upload and analyzes the resultant file to produce a definitive result and acts on the final data.

  • Support for more Advanced Patterns and Validation Algorithms

    McAfee DLP Prevent appliances now support these additional Advanced Patterns and Validation Algorithms built-in definitions. To access these built-in definitions, in McAfee ePO, go to ClassificationsDefinitionsData and select the Show built-in definitions checkbox.

    Advanced Patterns

    Brazil Election Identification Number Mexico Unique Population Registration Code (CURP)
    Brazil National Register of Legal Entities Mexico Voter Card Number
    Brazil Bank Account Numbers Mexico Business Tax Identification Number (RFC)
    Colombia Unique Taxpayer Number (NIT) Mexico Individual Tax Identification Number (RFC)
    France Value Added Tax (VAT) Number Mexico Social Security Number
    France Driver's License Number * Colombia Citizenship Card (Cedula de Ciudadania) *
    France Passport Number * US Individual Taxpayer Identification Number (ITIN) *
    Note: * These advanced pattern definitions have no corresponding validation algorithm.

    Validation Algorithms

    Brazilian Election Identification Number Mexican CURP
    Brazilian National Register of Legal Entities Mexican Voter Card
    Brazil Bank Account Numbers Mexican Business RFC
    Brazil Santander Bank Account Mexican Individual RFC
    Colombia Unique Taxpayer Number (NIT) Mexican Social Security Number
    France Value Added Tax (VAT) Number