Validated Product - McAfee VirusScan Enterprise v8.5i and McAfee ePolicy Orchestrator v3.6

PRODUCT DESCRIPTION

McAfee VirusScan Enterprise v8.5i (VSE) is an anti-virus end-point solution that detects and cleans virus-infected files before they enter the corporate network. McAfee ePolicy Orchestrator v3.6.1 (ePO) provides management capabilities to VSE, although a VSE client agent also runs on the ePO server to help it protect itself. VSE and ePO provide a high degree of user configurability to customize the management of viruses and virus-infected files. Together, VSE and ePO comprise the TOE. The database used for storing audit events and virus events and the underlying software and hardware are not part of the evaluation.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the McAfee VirusScan 8.5i and ePolicy Orchestrator 3.6.1 TOE meets the security requirements contained in the Security Target.

The criteria against which the McAfee VirusScan 8.5i and ePolicy Orchestrator 3.6.1 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the McAfee VirusScan 8.5i and ePolicy Orchestrator 3.6.1 TOE is EAL 2 augmented with ALC_FLR.2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.

A Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in May 2007. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.

ENVIRONMENTAL STRENGTHS

The TOE’s Security Functions are:

• Audit – The OnAccess Scan Log provides auditing of scan operations and event logs for virus events that can be reviewed from the workstation. The events are also transmitted and logged on the ePO server and are kept in separate log files.
• Management – Enables the Central Administrator to centrally manage virus scan settings on workstations, configure and manage the actions the virus scan component takes when detection of an infection occurs, and manage the audit logs.
• Cryptographic Operations – VirusScan anti-virus packages are encrypted using a key pair that uses the Digital Signature Algorithm (DSA) and is then encrypted using 168 bit key 3DES and pushed to the workstation.
• Protection of the TOE – The TOE provides for self protection and ensures that of functions within the TOE's scope of control (TSC). The TOE protects itself from tampering and interference from untrusted subjects at the TSFI's of the TOE.