McAfee – ATD 4.6 is now available
by Secutec
McAfee Advanced Threat Defense 4.6.0 is now available. This release enhances capabilities for enterprise customers using email connector with multiple domains, improves troubleshooting, it includes new CLI commands, and the report includes a dedicated section to highlight MITRE ATT&CK.
Release details
Enhancements to Email Connector
- Support for multiple domains — You can now add multiple relay hosts. This allows you to assign individual domains to each relay host.
- Improved troubleshooting — In Email Reports, you can now view the conversation log for each email report.
Enhanced CLI Commands and Hardware logs
- CLI Commands This release includes these new CLI Commands:
archive-submission-status
show hardware ldtlog - run ldt tool
show hardware
service status/stop/start/restart (All|amas|dxl|MA|lbservice|nginx|mysql|network)
tcpdump (cOeDn_OLstfiOes_sDve_stDrt_stDtus_stop_vLew)
uploadSupportBundle
For more information these commands, see McAfee Advanced Threat Defense 4.6.0 CLI Reference Guide.
These commands are deprecated in this release:
- amas restart
- restart network
- restart dxlservice
- set tcpdump
Hardware logs
This release includes the option to download Hardware LDT logs from the Troubleshooting section of the McAfee Advanced Threat Defense web UI.
Other enhancements
Pre-filter enhancements
Improved pre-filtering now enhances McAfee Advanced Threat Defense performance for filetypes such as .pdf and .docx. This reduces the overall load on the sandboxing engine.
Script detection improvements
With better hooking capabilities in the sandbox, McAfee Advanced Threat Defense is now more effective against script-based filetypes such as Visual Basic Script (.vbs) and Javascript (.js). This also improves detection for samples with embedded script-based content.
URL shortcut enhancements
McAfee advanced threat defense now supports URL shortcut (.url) filetype for dynamic analysis.
Report enhancements
The McAfee Advanced Threat Defense HTML report now includes a dedicated section to highlight MITRE ATT&CK tactics and techniques used by the sample. Samples also have an independent report for a detailed view of the ATT&CK Matrix to aid analysis of its behavior.
McAfee Advanced Threat Defense Report now also includes an ‘X-Mode’ flag to highlight the configuration of sample submission.
Machine learning remodeling
Enhancements to Machine Learning Predictions which displays the verdict and probability factor of the analysis through machine learning.