CVE-2016-3984

Name of the Vulnerable Software and Affected Versions McAfee Active Response (MAR) versions prior to 1.1.0.161 McAfee Agent (MA) 5.x versions prior to 5.0.2 Hotfix 1110392 (5.0.2.333) McAfee Data Exchange Layer 2.x (DXL) versions prior to 2.0.1.140.1 McAfee Data Loss Prevention Endpoint (DLPe) 9.3 versions prior to Patch 6 McAfee Data Loss Prevention Endpoint (DLPe) 9.4 versions prior to Patch 1 HF3 McAfee Device Control (MDC) 9.3 versions prior to Patch 6 McAfee Device Control (MDC) 9.4 versions prior to Patch 1 HF3 McAfee Endpoint Security (ENS) 10.x versions prior to 10.1 McAfee Host Intrusion Prevention Service (IPS) 8.0 versions prior to 8.0.0.3624 McAfee VirusScan Enterprise (VSE) 8.8 versions prior to P7 (8.8.0.1528)

Description The issue allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.

Recommendations For McAfee Active Response (MAR) versions prior to 1.1.0.161, update to version 1.1.0.161 or later. For McAfee Agent (MA) 5.x versions prior to 5.0.2 Hotfix 1110392 (5.0.2.333), update to version 5.0.2 Hotfix 1110392 (5.0.2.333) or later. For McAfee Data Exchange Layer 2.x (DXL) versions prior to 2.0.1.140.1, update to version 2.0.1.140.1 or later. For McAfee Data Loss Prevention Endpoint (DLPe) 9.3 versions prior to Patch 6, apply Patch 6 or later. For McAfee Data Loss Prevention Endpoint (DLPe) 9.4 versions prior to Patch 1 HF3, apply Patch 1 HF3 or later. For McAfee Device Control (MDC) 9.3 versions prior to Patch 6, apply Patch 6 or later. For McAfee Device Control (MDC) 9.4 versions prior to Patch 1 HF3, apply Patch 1 HF3 or later. For McAfee Endpoint Security (ENS) 10.x versions prior to 10.1, update to version 10.1 or later. For McAfee Host Intrusion Prevention Service (IPS) 8.0 versions prior to 8.0.0.3624, update to version 8.0.0.3624 or later. For McAfee VirusScan Enterprise (VSE) 8.8 versions prior to P7 (8.8.0.1528), update to version P7 (8.8.0.1528) or later.