Release Notes for McAfee Risk Advisor 2.

5
About this document

New features

System Requirements

Supported Upgrades

Installing and verifying the extension

Known issues

Post installation actions

Finding product documentation

License attributions

About this document

Thank you for using McAfee ® Risk AdvisorTM 2.5. This document contains important information about this
release. We strongly recommend that you read the entire document.

CAUTION: McAfee strongly recommends that you use any pre-release software (Beta or Evaluation build) in a test
environment only. Pre-release software should not be installed in a production environment. We do not support
automatic upgrading of an earlier version to a pre-release version of the software.

New features
New and updated features in the current release of the software are described below:

Feature Description

Risk Score provides quantitative data to analyze potential risk of assets in the
Risk Score organization. This feature calculates security risk metrics and consistently monitors
change in risk.

Asset Criticality helps to prioritize assets. Asset criticality comes with pre-defined labels
Asset which are editable as per the customer requirements.
Criticality

Prioritize the patching efforts based on criticality of assets. The spectrum of patch
Patch prioritization efforts are captured in MRA: Threat Action Advisory Dashboard that’s been
Prioritization added in this release. Based on the state of patch availability and asset criticality, six
different actions are recommended.

Supports the upload of threats in an offline environment. This implementation is

Air Gap effective where there is no access to the internet to download the threat feed from the
Network McAfee site.

Enhanced reporting with:

Reporting
Risk Metrics page, to display asset-centric, threat-centric, and enterprise-centric risk
metrics analysis.

Threats page, to display list of threats from McAfee Threat Intelligence Service with
Risk Scores.

New monitors in MRA: Threat Dashboard, including —

 Top 10 Threats by Risk Score monitor.

Top 10 Assets by Risk Score monitor.

Overall Asset Coverage Summary monitor.

New dashboard MRA: Threat Action Advisory Dashboard, to display monitors that
provide recommended actions to be taken against the threats that affect your
environment.

Additional Queries for Risk analysis.

Integrated with ePolicy Orchestrator automatic responses, to configure actions that will
Automated be taken when specific events occur in the environment.
Responses

Changes from McAfee Risk Advisor 2.0 to 2.5

The Unknown coverage state is now renamed as Insufficient Data.

The Risk Summary is categorized as shown below:

Risk Summary Asset States

At Risk Not Protected or Vulnerable

Not At Risk Protected or Not Vulnerable

Potentially At Risk Insufficient Data

System Requirements
Supported ePolicy Orchestrator versions:

ePolicy Orchestrator 4.0 Patch 5 or later

ePolicy Orchestrator 4.5 or later

Supported Database:

Microsoft SQL 2005 and above

CAUTION: McAfee Risk Advisor may not function properly if Microsoft SQL 2005 is running in SQL
2000 Compatibility Mode. Any customization to the Microsoft SQL Server installation should follow
the best practice guidelines provided by the database vendor. McAfee Risk Advisor does not support
the use of SQL Express.

Supported Upgrades
You can upgrade to Risk Advisor 2.5 from these licensed versions:

Risk Advisor 2.0

Risk Advisor 2.0 Patch 1

Risk Advisor 2.0 Patch 2

NOTE: Run the MRA Threat Download and Analysis server task immediately after an upgrade otherwise you may get
incorrect results.

Installing and verifying the extension

1. Close the ePolicy Orchestrator console.

2. Run the installation program for Risk Advisor 2.5, Setup.exe.

 3. In the Setup Requirements screen, verify that the message All required applications were found appears, then
click Next. If this message does not appear, cancel the installation and install the applications specified,
then run the Risk Advisor installation program again.

4. On the Welcome screen, click Next to display the license agreement.

5. From the drop-down lists, select a license type and the location where the product will be used.

6. Select I accept the terms in the license agreement, then click OK .

7. If this is an upgrade, skip to the next step. Otherwise, the Choose Destination Folder screen appears.
Accept the default location or browse to another location, then click Next.
NOTE: Make sure that no MRA task is running while doing an upgrade.

8. In the Set Administrator Information screen, provide the ePolicy Orchestrator global administrator user
name and password, then click Next.

9. From the product list that appears in the Set Optional Information screen, select the point-products from
which you want McAfee Risk Advisor to import data you want , then click Next. McAfee Risk Advisor will
install the data import extensions for these point-products.
NOTE: Only data import extensions for point-products that are both installed in ePolicy
Orchestrator and supported by Risk Advisor are displayed. If you do not have any supported
products installed, this option is unavailable.

10. In the Start Copying Files screen, review your installation settings, then click Next to begin installation.

11. When the installation is complete, click Finish .

12. Review the message that appears, then click OK .

13. To verify that Risk Advisor was installed, do one of the following:
In ePolicy Orchestrator 4.0, go to Configurations | Extensions , select Risk Advisor from the
Extensions list.

In ePolicy Orchestrator 4.5, click Menu | Software | Extensions , select Risk Advisor from the
Extensions list.

14. Verify the version number for Risk Advisor and any data import extensions you installed.

Known issues
Here is a list of known issues in this release of the software.
1. Issue — MRA: Threat Download and Analysis task fails on a system that has a pre-release version of
McAfee Firewall Enterprise 5.0 ePO extension installed.

Workaround — Upgrade the McAfee Firewall Enterprise 5.0 ePO extension to RTW
extension of 5.0, which is McAfeeFirewallEnterprise_V5000_29.

2. Issue — McAfee Solidcore blocks the Risk Advisor installation.

Workaround — Add Risk Advisor to McAfee Solidcore whitelist manually.

3. Issue — During installation, SQL exception error similar to this might appear in the orion log.

java.sql.SQLException: The file "%File Path%\%File Name%.NDF" is

compressed but does not reside in a read-only database or filegroup. The
file must be decompressed.

Workaround —
a. Right click on the folder containing the NDF file, and select Properties .

b. Click Advanced .

c. Deselect Compress contents to save disk space under Compress and Encrypt attributes .

4. Issue — When a user deselects previously installed point-products extensions while doing an upgrade
or reinstallation of Risk Advisor, the deselected extensions are uninstalled without any warning.
 Workaround — Make sure that to select all the point-products you want regardless of
whether you selected them during your previous installation. Data import extensions for
point-products that are not selected are uninstalled.

5. Issue — In ePO 4.5, 'Filter Data' option is missing from the drill-down pages of some of the Threat
Dashboard monitors.

6. Issue — When a user uninstalls the Risk advisor 2.5, custom filters, canned server tasks, and canned
queries do not get removed completely.

7. Issue — When MRA is freshly installed on an ePO system, the pre-existing users who have a general
view/edit permission on the public dashboards see unrecoverable error message on MRA specific
monitors.

Post installation actions

When the Risk Advisor is upgraded to 2.5 from a supported version, the SQL Server administrator can perform
these tasks to increase disk space.

Shrinking the threat index

1. Locate the data file MTIS_ThreatIndexFG02_01, here <drive>:\Program Files\Microsoft Sql
Server\MSSQL.1\MSSQL\Data\<epo db name>_MTIS_ThreatIndexFG02_01.ndf

2. Shrink the file. For example, run this command using the sqlcmd utility:

DBCC SHRINKFILE([ePO4_MRA-SQL_MTIS_ThreatIndexFG02_01],1)

(where 'ePO4_MRA-SQL' is the ePO database name and 'ePO4_MRA-

SQL_MTIS_ThreatIndexFG02_01.ndf' is the file to be shrunk)

Shrinking the transaction log

1. Locate the data file ePO4_MRA-SQL_log, here <drive>:\Program Files\Microsoft Sql
Server\MSSQL.1\MSSQL\Data\<epo db name>_log.ldf

2. Shrink the file. For example, run this command using the sqlcmd utility:

BACKUP LOG [ePO4_MRA-SQL] WITH TRUNCATE_ONLY

DBCC SHRINKFILE([ePO4_MRA-SQL_log],1)

(where 'ePO4_MRA-SQL' is the ePO database name and 'ePO4_MRA-SQL_log.ldf' is the file to be
shrunk)

Finding product documentation

Finding product documentation

McAfee provides the information you need during each phase of product implementation, from installing to
using and troubleshooting. After a product is released, information about the product is entered into the
McAfee online KnowledgeBase.

1. Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.

2. Under Self Service , access the type of information you need:

To access user documentation To access the KnowledgeBase

a. Click Product Click Search the KnowledgeBase for answers

Documentation . to your product questions.

b. Select a Product , Click Browse the KnowledgeBase for articles

then select a listed by product and version.
Version .

c. Select a product
 document.

License attributions
COPYRIGHT

Copyright © 2010 McAfee, Inc. All Rights Reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or
translated into any language in any form or by any means without the written permission of McAfee, Inc., or
its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONS

AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX

(MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS,
SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks
or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection
with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein
are the sole property of their respective owners.

LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE
LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF
THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE
CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT
ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE
PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM
WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE
PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.