-
8/9/2019 Risk Advisor 2 5 Release Notes
1/5
Release Notes for McAfee Risk Advisor 2.
About this document
New features
System Requirements
Supported Upgrades
Installing and verifying the extension
Known issues
Post installation actions
Finding product documentation
License attributions
About this documentThank you for using McAfee Risk AdvisorTM
2.5. This document contains important information about this
release. We strongly recommend that you read the entire
document.
CAUTION: McAfee strongly recommends that you use any pre-release
software (Beta or Evaluation build) in a testenvironment only.
Pre-release software should not be installed in a production
environment. We do not supportautomatic upgrading of an earlier
version to a pre-release version of the software.
New featuresNew and updated features in the current release of
the software are described below:
Feature Description
Risk Score
Risk Score provides quantitative data to analyze potential risk
of assets in theorganization. This feature calculates security risk
metrics and consistently monitorschange in risk.
AssetCriticality
Asset Criticality helps to prioritize assets. Asset criticality
comes with pre-defined labelwhich are editable as per the customer
requirements.
PatchPrioritization
Prioritize the patching efforts based on criticality of assets.
The spectrum of patchprioritization efforts are captured in MRA:
Threat Action Advisory Dashboard thats beenadded in this release.
Based on the state of patch availability and asset criticality,
sixdifferent actions are recommended.
Air GapNetwork
Supports the upload of threats in an offline environment. This
implementation iseffective where there is no access to the internet
to download the threat feed from theMcAfee site.
Reporting
Enhanced reporting with:
Risk Metrics page, to display asset-centric, threat-centric, and
enterprise-centric ris
metrics analysis.
Threats page, to display list of threats from McAfee Threat
Intelligence Service with
Risk Scores.
New monitors in MRA: Threat Dashboard, including
-
8/9/2019 Risk Advisor 2 5 Release Notes
2/5
Top 10 Threats by Risk Score monitor.
Top 10 Assets by Risk Score monitor.
Overall Asset Coverage Summary monitor.
New dashboard MRA: Threat Action Advisory Dashboard, to display
monitors that
provide recommended actions to be taken against the threats that
affect your
environment.
Additional Queries for Risk analysis.
AutomatedResponses
Integrated with ePolicy Orchestrator automatic responses, to
configure actions that wilbe taken when specific events occur in
the environment.
Changes from McAfee Risk Advisor 2.0 to 2.5
The Unknown coverage state is now renamed as Insufficient
Data.
The Risk Summary is categorized as shown below:
Risk Summary Asset States
At Risk Not Protected or Vulnerable
Not At Risk Protected or Not Vulnerable
Potentially At Risk Insufficient Data
System RequirementsSupported ePolicy Orchestrator versions:
ePolicy Orchestrator 4.0 Patch 5 or later
ePolicy Orchestrator 4.5 or later
Supported Database:
Microsoft SQL 2005 and aboveCAUTION: McAfee Risk Advisor may not
function properly if Microsoft SQL 2005 is running in S2000
Compatibility Mode. Any customization to the Microsoft SQL Server
installation should follthe best practice guidelines provided by
the database vendor. McAfee Risk Advisor does not suthe use of SQL
Express.
Supported UpgradesYou can upgrade to Risk Advisor 2.5 from these
licensed versions:
Risk Advisor 2.0
Risk Advisor 2.0 Patch 1
Risk Advisor 2.0 Patch 2
NOTE: Run the MRA Threat Download and Analysis server task
immediately after an upgrade otherwise you may gincorrect
results.
Installing and verifying the extension
1. Close the ePolicy Orchestrator console.
2. Run the installation program for Risk Advisor 2.5,
Setup.exe.
-
8/9/2019 Risk Advisor 2 5 Release Notes
3/5
3. In the Setup Requirements screen, verify that the message All
required applications were found appears, t
click Next. If this message does not appear, cancel the
installation and install the applications specified,
then run the Risk Advisor installation program again.
4. On the Welcome screen, click Next to display the license
agreement.
5. From the drop-down lists, select a license type and the
location where the product will be used.
6. Select I accept the terms in the license agreement, then
click OK.
7. If this is an upgrade, skip to the next step. Otherwise, the
Choose Destination Folder screen appears.
Accept the default location or browse to another location, then
click Next.NOTE: Make sure that no MRA task is running while doing
an upgrade.
8. In the Set Administrator Information screen, provide the
ePolicy Orchestrator global administrator user
name and password, then click Next.
9. From the product list that appears in the Set Optional
Information screen, select the point-products fro
which you want McAfee Risk Advisor to import data you want ,
then click Next. McAfee Risk Advisor will
install the data import extensions for these
point-products.NOTE: Only data import extensions for point-products
that are both installed in ePolicyOrchestrator and supported by
Risk Advisor are displayed. If you do not have any
supportedproducts installed, this option is unavailable.
10. In the Start Copying Files screen, review your installation
settings, then click Next to begin installation.
11. When the installation is complete, click Finish.
12. Review the message that appears, then click OK.
13. To verify that Risk Advisor was installed, do one of the
following:
In ePolicy Orchestrator 4.0, go to Configurations | Extensions ,
select Risk Advisor from t
Extensions list.
In ePolicy Orchestrator 4.5, click Menu | Software | Extensions
, select Risk Advisor from t
Extensions list.
14. Verify the version number for Risk Advisor and any data
import extensions you installed.
Known issuesHere is a list of known issues in this release of
the software.1. Issue MRA: Threat Download and Analysis task fails
on a system that has a pre-release version
McAfee Firewall Enterprise 5.0 ePO extension installed.
Workaround Upgrade the McAfee Firewall Enterprise 5.0 ePO
extension to RTW
extension of 5.0, which is
McAfeeFirewallEnterprise_V5000_29.
2. Issue McAfee Solidcore blocks the Risk Advisor
installation.
Workaround Add Risk Advisor to McAfee Solidcore whitelist
manually.
3. Issue During installation, SQL exception error similar to
this might appear in the orion log.
java.sql.SQLException: The file "%File Path%\%File Name%.NDF"
is
compressed but does not reside in a read-only database or
filegroup. Th
file must be decompressed.
Workaround
a. Right click on the folder containing the NDF file, and select
Properties.
b. Click Advanced.
c. Deselect Compress contents to save disk space under Compress
and Encrypt attribute
4. Issue When a user deselects previously installed
point-products extensions while doing an upgra
or reinstallation of Risk Advisor, the deselected extensions are
uninstalled without any warning.
-
8/9/2019 Risk Advisor 2 5 Release Notes
4/5
Workaround Make sure that to select all the point-products you
want regardless
whether you selected them during your previous installation.
Data import extension
point-products that are not selected are uninstalled.
5. Issue In ePO 4.5, 'Filter Data' option is missing from the
drill-down pages of some of the Threat
Dashboard monitors.
6. Issue When a user uninstalls the Risk advisor 2.5, custom
filters, canned server tasks, and cann
queries do not get removed completely.
7. Issue When MRA is freshly installed on an ePO system, the
pre-existing users who have a gener
view/edit permission on the public dashboards see unrecoverable
error message on MRA specific
monitors.
Post installation actionsWhen the Risk Advisor is upgraded to
2.5 from a supported version, the SQL Server administrator can
per
these tasks to increase disk space.
Shrinking the threat index
1. Locate the data file MTIS_ThreatIndexFG02_01, here :\Program
Files\Microsoft Sql
Server\MSSQL.1\MSSQL\Data\_MTIS_ThreatIndexFG02_01.ndf
2. Shrink the file. For example, run this command using the
sqlcmd utility:
DBCC SHRINKFILE([ePO4_MRA-SQL_MTIS_ThreatIndexFG02_01],1)
(where 'ePO4_MRA-SQL' is the ePO database name and
'ePO4_MRA-
SQL_MTIS_ThreatIndexFG02_01.ndf' is the file to be shrunk)
Shrinking the transaction log
1. Locate the data file ePO4_MRA-SQL_log, here :\Program
Files\Microsoft Sql
Server\MSSQL.1\MSSQL\Data\_log.ldf
2. Shrink the file. For example, run this command using the
sqlcmd utility:
BACKUP LOG [ePO4_MRA-SQL] WITH TRUNCATE_ONLY
DBCC SHRINKFILE([ePO4_MRA-SQL_log],1)
(where 'ePO4_MRA-SQL' is the ePO database name and
'ePO4_MRA-SQL_log.ldf' is the file to be
shrunk)
Finding product documentation
Finding product documentation
McAfee provides the information you need during each phase of
product implementation, from installing to
using and troubleshooting. After a product is released,
information about the product is entered into the
McAfee online KnowledgeBase.
1. Go to the McAfee Technical Support ServicePortal at
http://mysupport.mcafee.com.
2. Under Self Service, access the type of information you
need:
To access user documentation To access the Know ledgeBase
a. Click Product
Documentation.
b. Select a Product,
then select a
Version.
c. Select a product
Click Search the KnowledgeBase for answe
to your product questions.
Click Browse the KnowledgeBase for article
listed by product and version.
http://mysupport.mcafee.com/http://mysupport.mcafee.com/
-
8/9/2019 Risk Advisor 2 5 Release Notes
5/5
document.
License attributions
COPYRIGHT
Copyright 2010 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted,
transcribed, stored in a retrieval system, ortranslated into any
language in any form or by any means without the written permission
of McAfee, Inc., o
its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD,
INTRUSHIELD, LINUXSHIELD, MAX
(MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD,
PORTALSHIELD, PREVENTSYS,
SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN,
WEBSHIELD are registered tradem
or trademarks of McAfee, Inc. and/or its affiliates in the US
and/or other countries. McAfee Red in connect
with security is distinctive of McAfee brand products. All other
registered and unregistered trademarks here
are the sole property of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL
AGREEMENT CORRESPONDING TO TH
LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND
CONDITIONS FOR THE USE O
THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE
YOU HAVE ACQUIRED, PLEAS
CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE
ORDER DOCUMENTS THAT
ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED
SEPARATELY AS PART OF THE
PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE
AVAILABLE ON THE WEBSITE FROM
WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE
TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF
APPLICABLE, YOU MAY RETURN THE
PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL
REFUND.
