- Integrated firewall and IPS
technology - Addition of firewall and intrusion prevention
technology delivers maximum proactive protection in a single,
integrated package
- Enhanced coverage for emerging
threats - VirusScan 8.0i provides protection from
the newest potentially unwanted program security threats
(e.g., spyware), application-specific buffer overflow attacks,
and blended attacks
- Lowered TCO during outbreak
response - Advanced outbreak functionality closes
the window of vulnerability before DAT files are available,
limiting damage by tracing and blocking the entrance and
spread of the outbreak
- McAfee scanning technology
- Award-winning McAfee scan engine performs in-memory scanning
to block threats such as Netsky and CodeRed, which don't
write their code to disk
- Centralized management and
reporting - Integration with McAfee ePolicy Orchestrator
and ProtectionPilot provides a complete security management
solution, including detailed graphical reporting, from a
single console
Product Features
Comprehensive McAfee anti-virus
protection
The McAfee anti-virus scan engine stops every type of virus
and malicious code threat, including macro viruses, Trojans,
Internet worms, advanced 32-bit viruses, and even hostile
ActiveX and Java objects. Using technology that drills down
into compressed data, VirusScan is also able to find hidden
threats buried in .zip and other compressed file types. Proactive
protection is delivered through advanced heuristics and generic
detection, which allow VirusScan to protect-in advance-against
new, unseen viruses and other threats.
Potentially unwanted program security
Automatic detection of potentially unwanted programs helps
keep businesses and users safe from hidden programs that track
Internet usage, access personal data such as passwords and
account information, or open security holes. Users or administrators
can select one of several responses (Alert, Clean, Remove,
and Quarantine) for VirusScan to take when it detects a potentially
unwanted program. Administrators can even define a custom
list of company-specific unwanted programs such as adware,
dialers, or joke programs to help keep company end-point systems
COE compliant.
Buffer overflow prevention (IPS
feature)
VirusScan 8.0i protects against buffer overflows for approximately
20 of the most commonly used and exploited software applications
and Microsoft® Windows® OS services, including Microsoft
Word, Excel, Internet Explorer, Outlook, and SQL Server. Administrators
have the ability to create exceptions by process when necessary.
Complete outbreak response
The built-in outbreak response features in VirusScan 8.0i
provide protection from new viruses before DAT files are available,
enabling administrators to take action in the crucial vulnerability
window that exists after a virus is identified but before
a DAT has been released. Outbreak response functionality includes:
Port blocking/lockdown (firewall
feature)
Allows the administrator or user to "turn off" (block)
specified ports from either outbound or inbound network traffic
(for example, for MyDoom port #3196 should have been blocked;
Bagel.n was port #2556)
Application monitoring: email
engines (firewall feature)
Allows administrators to block outbound ports, but set rules
that allow certain processes to communicate through a closed
port. For example, administrators could block port 25 to outbound
traffic but allow outlook.exe to communicate outbound through
the port. NetSky and MyDoom would not have gotten out of the
system with this feature turned on.
File blocking, directory lockdown,
folder/share blocking (IPS feature)
Creation of a policy (or policies) that controls the permitted
actions that can occur to a specified file, directory, or
folder/share (or group of files, folders, etc., with matching
name pattern composed of text and wildcard symbols) by system
or incoming network processes. For example, the policy for
the Sasser worm would have blocked avserve*.exe, skynetave.exe,
lsasss.exe, napatch.exe, *_up.exe, cmd.ftp, ftplog.txt, winlog2.*,
and win*.log.
Infection trace and block
VirusScan can discover and trace the IP address of the end-point
system (infection source) that sent malicious code to a system
running VirusScan Enterprise 8.0i, reporting the infection
source information back to the management console. Optionally,
it can block further communications from the infection source
end-point system for a specified time period (configurable)
or indefinitely (until reset).
Powerful memory scanning
VirusScan 8.0i has enhanced scanning functionality to include
on-demand and scheduled in-memory scanning for viruses, worms,
and Trojans. This protects your systems from threats such
as CodeRed and SQLSlammer, which don't write their code to
disk, by removing the process from memory.
Centralized management and reporting
VirusScan 8.0i integrates with McAfee ePolicy Orchestrator-one
of the only truly scalable security policy management tools-for
policy management, detailed graphical reporting, and software
deployment. ePolicy Orchestrator is a centralized authority
to enforce protection compliance, providing a single console
to manage your McAfee deployments. Optionally, small and medium-sized
businesses can take advantage of the user-friendly McAfee
ProtectionPilot management console for streamlined administration
and monitoring.
Enhanced email scanning
VirusScan 8.0i can scan all Lotus Notes client email coming
to the desktop-both HTML text and attachments-in addition
to Microsoft Outlook. Support is extended to systems with
both Outlook and Lotus clients installed.
Protection from threats that use
scripts
VirusScan 8.0i prevents infection from occurring by detecting
and preventing the execution of malicious code that leverages
JavaScript and/or Visual Basic (VB) scripts (for example,
Nimda or LoveLetter).
Optimized for mobile users
Geographical server routing allows field updates to be optimized
based on physical location and connection speed, while file
sizes are small enough to be easily downloaded across slow
network connections such as dial-up. Resumable updating enables
remote users to resume updates at a later date, even if their
connection is broken.
|
