McAfee, Inc. , is an American global computer security software company headquartered in Santa Clara, California, and the world's largest dedicated security technology company. The company has been a wholly owned subsidiary of Intel since February 2011, and now forms part of its Intel Security division. Intel confirmed in 2014 that it planned to drop the McAfee brand. Wikipedia.
McAfee | Date: 2017-01-20
A technique allows associating host applications and user agents in network traffic and detecting possible malware without relying on signatures of the user agents. A database of host applications and user agents is maintained, allowing automatic update of the database when a new application or new application to user agent mapping is discovered. Partial matches may be made when a change is made to the application, allowing learning the new mapping automatically. If an application is associated with more than a threshold number of user agents, an indication may be generated that the application is suspicious and possibly malware.
McAfee | Date: 2017-01-23
A method in one example implementation includes selecting at least one criterion for controlling data transmission from within a virtual machine. At least one application is included within the virtual machine, which includes a policy module. The selected criterion corresponds to at least one policy associated with the policy module. The method also includes evaluating the selected criterion of the policy to permit an attempt to transmit the data from within the virtual machine. In more specific embodiments, the policy may include a plurality of criteria with a first selected criterion permitting transmission of the data to a first application and a second selected criterion prohibiting transmission of the data to a second application. In another specific embodiment, the method may include updating the policy module through an administration module to modify the selected criterion.
McAfee | Date: 2017-01-06
A method is provided in one example embodiment and includes receiving a traffic flow at a tamper resistant environment from an application, where the tamper resistant environment is separated from a host operating system. The method also includes applying a security token to the traffic flow and sending the traffic flow to a server. In specific embodiments, a security module may add information about the application to traffic flow. A trapping module may monitor for a memory condition and identify the memory condition. The trapping module may also, responsive to identifying the memory condition, initiate a virtual environment for the application, and check the integrity of the traffic flow.
McAfee | Date: 2017-01-05
Embodiments are configured to receive metadata of a process intercepted on an end host when attempting to access a network. The metadata includes a hash of an application associated with the process and an endpoint reputation score of the application. Embodiments are configured to request a threat intelligence reputation score based on the hash of the application, to determine an action to be taken by the end host based, at least in part, on one or more policies and at least one of the threat intelligence reputation score and the endpoint reputation score, and to send a response indicating the action to be taken by the end host. Further embodiments request another threat intelligence reputation score based on another hash of a dynamic link library module loaded by the process on the end host, and the action is determined based, at least in part, on the other threat intelligence score.
McAfee | Date: 2017-01-27
A method is described to maintain (including generate) an inventory of a system of a plurality of containers accessible by a computer system. At least one container is considered to determine whether the container is executable in at least one of a plurality of execution environments characterizing the computer system. Each execution environment is in the group comprising a native binary execution environment configured to execute native machine language instructions and a non-native execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions. The inventory is maintained based on a result of the considering step. The inventory may be used to exercise control over what executables are allowed to execute on the computer system.
McAfee | Date: 2017-02-06
In an example, there is described a server apparatus, comprising: a network connection; and one or more logic elements, including at least a processor and a memory, comprising a mobile device management (MDM) engine to: instruct an MDM agent to register a mobile security posture event; receive from the MDM agent an instance of the mobile security posture event; construct a policy decision responsive at least in part to the mobile security posture event; and enforce the policy decision.
McAfee | Date: 2017-05-24
A non-transitory computer readable medium comprising computer executable instructions stored thereon that when executed cause one or more processing units to initialize a firewall cluster comprising a plurality of nodes, each node operable to selectively permit or block traffic flowing between the firewall cluster and an external network, receive a report from a first node of the firewall cluster that the first node is ineligible to be a primary node, receive a report from a second node of the firewall cluster that the second node is eligible to be a primary node, responsive to a predetermined period of time expiring after startup of the second node without the second node receiving notice that another node has been designated as the primary node, designate the second node as the primary node, and notify the remaining nodes of the firewall cluster that the second node is the primary node for the firewall cluster.
McAfee | Date: 2017-05-03
Systems and methods are provided in example embodiments for mitigating malicious calls. The system can be configured to determine a series of checksums for a file, compare the series of checksums to a checksum tree, where the checksum tree includes a plurality of nodes that each include a fuzzy checksum of known malware, and assign one or more classifications to the file, where each of the one or more classifications is based on each node of the checksum tree that matches a checksum in the series of checksums and includes whether the file includes malware or benign checksums.
McAfee | Date: 2017-02-08
A geo-location provider station signs geo-location data and a previous signature provided by a mobile device, returning a new signature to the mobile device. The mobile device uses the new signature when requesting a signature from another geo-location provider station. The mobile device stores the geo-location data and the signatures provided by geo-location provider stations. The stored geo-location data may be verified upon request by using the stored signature data.
McAfee | Date: 2017-02-01
Technologies for detecting unauthorized memory accesses include a computing device having transactional memory support. The computing device executes a transactional memory execution envelope within a security thread. Within the transactional envelope, the security thread reads one or more memory locations. The computing device detects a transactional abort originating from the transactional envelope, and determines whether a security event has occurred. A security event may include an unauthorized write to the monitored memory locations from outside the transactional envelope, including from non-transactional code. The computing device reports any security events that are detected. The computing device may execute several security threads that each monitor a different, non-overlapping memory location. The computing device may spawn a new security thread to monitor a memory location while a previous security thread is handling a transactional abort. Other embodiments are described and claimed.