McAfee MOVE Antivirus is an anti-virus solution for virtual environments that removes the need to install an anti-virus application on every virtual machine (VM).
\r\nA traditional security solution for virtual environments uses an anti-virus application running on every VM on a hypervisor. This requirement reduces VM density per hypervisor and causes high disk, CPU, and memory usage. McAfee MOVE Antivirus solves this issue by offloading all on-access scanning to a dedicated VM that runs an offload scan server to improve performance related to anti-virus scanning. This results in increased VM density per hypervisor.
\r\nThe management capabilities for MOVE are provided by ePO through the MOVE ePO Extension and McAfee Agent ePO manages McAfee Agents and MOVE Software that reside on client systems. By using ePO you can manage a large enterprise network from a centralized system. ePO through the McAfee Agent provides capabilities to distribute updated MOVE Security policies, DAT files to the Offload Scan Server. ePO also centrally manages Event and Log records.
\r\nCommunication between the distributed components of the TOE is protected from disclosure and modification by cryptographic functionality provided by the FIPS approved components of the McAfee ePO and the McAfee Agent. It is assumed that the IT environment will provide a secure line of communications between the TOE and remote administrators.
\r\nThe TOE includes these components:
\r\nThe evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that Security Target McAfee MOVE 2.5 and ePolicy Orchestrator 4.6, Document Version 1.4, August 14, 2012 meets the security requirements contained in the Security Target.
\r\nThe criteria against which Security Target McAfee MOVE 2.5 and ePolicy Orchestrator 4.6, Document Version 1.4, August 14, 2012 was judged is described in the Common Criteria for Information Technology Security Evaluation, Version 3.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for Security Target McAfee MOVE 2.5 and ePolicy Orchestrator 4.6, Document Version 1.4, August 14, 2012 is EAL 2 + ALC_FLR.2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.
\r\nA Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in August 2012. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.
","environmental_strengths":"Virus Scanning and Alerts
\r\nThe TOE provides for scanning and detection of file-based viruses. Users are alerted of actions on both the managed systems (via pop-up dialog) and the management system (via log). This functionality is supported in the VSE component of the Offload Scan Server.
\r\nAudit
\r\nEvent information is concurrently generated for transmission to the ePO management databases. Event records for all clients can be reviewed from the ePO console.
\r\nManagement
\r\nePO enables the Global Administrator to centrally manage virus scan settings on workstations, configure and manage the actions the virus scan component takes when detection of an infection occurs, and manage the Event and Log records.
\r\nCryptographic Operation
\r\nAnti-virus packages are distributed to the workstation with a SHA-1 hash value used to verify the integrity of the package. Communications between ePO and the McAfee Agent are encrypted using AES implemented by FIPS 140-2 validated modules.
","features":[]}