Compliant Product - McAfee VirusScan Enterprise v8.8 and ePolicy Orchestrator v4.5
Certificate Date: 17 October 2011
Validation Report Number: CCEVS-VR-VID10421-2011
Product Type: AntiVirus
Conformance Claim: EAL2 Augmented with ALC_FLR.2
CC Testing Lab: COACT Inc. CAFE Laboratory
McAfee VirusScan Enterprise 8.8 (VSE) and ePolicy Orchestrator 4.5 (ePO) is a software package designed to protect Microsoft Windows-based desktop and server computers from viruses, worms, Trojans, as well as unwanted code and programs. VSE can be configured to scan local and network drives, as well as Microsoft Outlook and Lotus Notes email messages and attachments. It is possible to configure VSE to respond to infections and malicious code that it finds by identifying the intrusive entities, removing them, and reporting on them.
The management capabilities for VSE are provided by ePO. ePO manages McAfee Agents and VSE software that reside on client systems. By using ePO you can manage a large enterprise network from a centralized system. ePO also provides scheduling capabilities to distribute updated VSE security policies and maintains audit files.
Communication between the distributed components of the TOE is protected from disclosure and modification by cryptographic functionality provided by the operational environment.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the McAfee VirusScan Enterprise 8.8 and ePolicy Orchestrator 4.5 meets the security requirements contained in the Security Target.
The criteria against which the McAfee VirusScan Enterprise 8.8 and ePolicy Orchestrator 4.5 Common Criteria Security Target, Version 1.3 was judged is described in the Common Criteria for Information Technology Security Evaluation, Version 3.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the McAfee VirusScan Enterprise 8.8 and ePolicy Orchestrator 4.5 Common Criteria Security Target, Version 1.3 is EAL 2 + ALC_FLR.2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.
A Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in August 2011. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.
The TOE’s Security Functions are:
A) Audit – The OnAccess Scan Log provides audit viewing capabilities on the client for that system. Audit information is concurrently generated for transmission to the ePO management databases. Audit logs for all clients can be reviewed from the ePO console.
B) Cryptographic Operation – VirusScan anti-virus packages are distributed to the workstation with a SHA-1 hash value used to verify the integrity of the package.
C) Management – ePO enables the Central Administrator to centrally manage virus scan settings on workstations, configure and manage the actions the virus scan component takes when detection of an infection occurs, and manage the audit logs.
D) Virus Scanning and Alerts – VSE provides the following functionality related to virus scanning and alerts:
- Access Protection - This function protects ports, files, the registry and processes resident in memory from intrusions by restricting access to them. You can create rules to block either inbound or outbound ports, and by doing so, restrict access to files and residual data allocated in memory. If an outbreak occurs, the administrator can restrict access to the infected areas to prevent further infection until new signature files are released.
- Email Scanning - This function provides scanning of messages and databases in order to identify viruses, worms, and Trojans for the purpose of removing them and reporting on them.
- Automatic Updates – Allows signature (DAT) files to be updated automatically per the configured schedule.