Apr
04

McAfee Move 2.5 is GA – Support for vShield EndPoint

It seems like this had been a long time coming but McAfee has released Move 2.5 on April 3rd, 2012 with support for vShield EndPoint.

Below are some slides from McAfee that were used to give an overview of the product.




GTI (Global Threat Intelligence) — Classifies suspicious files that are found on the file system.
When the real-time malware defense detects a suspicious program, it sends a DNS request for
analysis to a central database server hosted by McAfee Lab

While Move 2.5 has the ability to do Multi-Platform I am really interested in the agentless/vShield Integration. The chart below has an X for File Quarantine for agentless deployment meaning a scanned file will get blocked or sent thru. Those are the only options.

Some Intresting Notes:

* 2.0 & 2.5 are Compatible
* No dvFilter is used like with the Trend Micro Installation, not sure if this good or bad yet
* The Security Virtual Appliance is directly managed by ePolicy Orchestrator via a Linux agent
* Support for Windows 8
* MOVE AV Agentless path exclusions only support folders, not individual files, unlike MOVE AV multi-platform and VSE which both do support path exclusions for individual files.

Comments

  1. Dvfilter has nothing to do with AV scanning with vShield Endpoint. The dvFilter is a concept for network inspection from the VMSafe APIs. Trend Micro has access because they were an original VMSafe partner and they use it for FW and IPS functionality.

Speak Your Mind

*