McAfee, Inc. , is an American global computer security software company headquartered in Santa Clara, California, and the world's largest dedicated security technology company. The company has been a wholly owned subsidiary of Intel since February 2011, and now forms part of its Intel Security division. Intel confirmed in 2014 that it planned to drop the McAfee brand. Wikipedia.
McAfee | Date: 2017-01-27
A method is described to maintain (including generate) an inventory of a system of a plurality of containers accessible by a computer system. At least one container is considered to determine whether the container is executable in at least one of a plurality of execution environments characterizing the computer system. Each execution environment is in the group comprising a native binary execution environment configured to execute native machine language instructions and a non-native execution environment configured to execute at least one program to process non-native machine language instructions to yield native machine language instructions. The inventory is maintained based on a result of the considering step. The inventory may be used to exercise control over what executables are allowed to execute on the computer system.
McAfee | Date: 2017-02-06
In an example, there is described a server apparatus, comprising: a network connection; and one or more logic elements, including at least a processor and a memory, comprising a mobile device management (MDM) engine to: instruct an MDM agent to register a mobile security posture event; receive from the MDM agent an instance of the mobile security posture event; construct a policy decision responsive at least in part to the mobile security posture event; and enforce the policy decision.
McAfee | Date: 2017-05-24
A non-transitory computer readable medium comprising computer executable instructions stored thereon that when executed cause one or more processing units to initialize a firewall cluster comprising a plurality of nodes, each node operable to selectively permit or block traffic flowing between the firewall cluster and an external network, receive a report from a first node of the firewall cluster that the first node is ineligible to be a primary node, receive a report from a second node of the firewall cluster that the second node is eligible to be a primary node, responsive to a predetermined period of time expiring after startup of the second node without the second node receiving notice that another node has been designated as the primary node, designate the second node as the primary node, and notify the remaining nodes of the firewall cluster that the second node is the primary node for the firewall cluster.
McAfee | Date: 2017-01-20
A technique allows associating host applications and user agents in network traffic and detecting possible malware without relying on signatures of the user agents. A database of host applications and user agents is maintained, allowing automatic update of the database when a new application or new application to user agent mapping is discovered. Partial matches may be made when a change is made to the application, allowing learning the new mapping automatically. If an application is associated with more than a threshold number of user agents, an indication may be generated that the application is suspicious and possibly malware.
McAfee | Date: 2017-01-23
A method in one example implementation includes selecting at least one criterion for controlling data transmission from within a virtual machine. At least one application is included within the virtual machine, which includes a policy module. The selected criterion corresponds to at least one policy associated with the policy module. The method also includes evaluating the selected criterion of the policy to permit an attempt to transmit the data from within the virtual machine. In more specific embodiments, the policy may include a plurality of criteria with a first selected criterion permitting transmission of the data to a first application and a second selected criterion prohibiting transmission of the data to a second application. In another specific embodiment, the method may include updating the policy module through an administration module to modify the selected criterion.
McAfee | Date: 2017-01-06
A method is provided in one example embodiment and includes receiving a traffic flow at a tamper resistant environment from an application, where the tamper resistant environment is separated from a host operating system. The method also includes applying a security token to the traffic flow and sending the traffic flow to a server. In specific embodiments, a security module may add information about the application to traffic flow. A trapping module may monitor for a memory condition and identify the memory condition. The trapping module may also, responsive to identifying the memory condition, initiate a virtual environment for the application, and check the integrity of the traffic flow.
McAfee | Date: 2017-02-01
In one example, a data security system may determine prevalence of a file based query data for an object (e.g., a file or a hash or a file). An example algorithm may provide using a statistically justifiable estimate of the prevalence while storing few data records, and therefore may provide prevalence information in O(1) time complexity (i.e., constant time). Such an algorithm may be applied in near real-time to provide, e.g., an immediate response to a query for the prevalence of a file.
McAfee | Date: 2017-01-05
Embodiments are configured to receive metadata of a process intercepted on an end host when attempting to access a network. The metadata includes a hash of an application associated with the process and an endpoint reputation score of the application. Embodiments are configured to request a threat intelligence reputation score based on the hash of the application, to determine an action to be taken by the end host based, at least in part, on one or more policies and at least one of the threat intelligence reputation score and the endpoint reputation score, and to send a response indicating the action to be taken by the end host. Further embodiments request another threat intelligence reputation score based on another hash of a dynamic link library module loaded by the process on the end host, and the action is determined based, at least in part, on the other threat intelligence score.
McAfee | Date: 2017-05-03
In an example, an audio stream such as a voice call or live-streaming service may have mixed therein a user identification, which may identify the user as an authorized participant in the audio stream. For example, a user may identify himself to a smart phone, and then initiate a call with his bank. The smart phone may mix a user identification into the voice stream. A receiving device at the bank may demix the identification, and determine that the user is authorized to call about this account. In another example, identification may be used for DRM purposes, to identify a user as a legitimate participant in an audio stream. When a user is not authorized, an appropriate action may be taken, such as dropping the user, degrading the quality of the audio stream, or providing a notification that the user is not authorized.
McAfee | Date: 2017-03-01
A system is disclosed that includes a processor including watermark logic to output a first watermark to an output device that outputs a first watermark signal, based on the first watermark, to an acoustic transmission medium. The processor also includes recording logic to capture, at a first time period, an authentication submission comprising the first watermark signal convolved, via the acoustic transmission medium, with a first passphrase signal. The system also includes a dynamic random access memory (DRAM). Other embodiments are disclosed and claimed.