lmacri
1 Copper

Waiting for McAfee LiveSafe Critical Update 16.0.22 Refresh 1 (CVE-2019-3684)

I have a one-year trial of McAfee LiveSafe (currently 16.0.R21 / VirusScan v22.6.159) that was factory-installed on a Dell Inspiron 5584 laptop I purchased a few months ago. I am still waiting for the critical v16.0.R22 Refresh 1 patch described in McAfee Security Bulletin - McAfee Total Protection, McAfee Anti-Virus Plus, and McAfee Internet Secu... that McAfee began pushing out on 07-Nov-2019.

I posted about this delay <here> in the McAfee forum and the general consensus is that product patches for Dell-branded McAfee software (Affld = 105) will often lag behind product updates for customers who purchase directly from McAfee (Affld = 0). Is this correct, and if so is there any information on when Dell will push this critical update out to their customers?
-----------
64-bit Win 10 Pro v1903 build 18362.418 * Firefox ESR v68.2.0 * McAfee LiveSafe v16.0 (R21)
Dell Inspiron 5584, Intel i5-8265U@1.60/1.80 GHz, 8 GB RAM, Intel UHD Graphics 620

Labels (1)
Tags (2)
0 Kudos
8 Replies
7- Thorium

Re: Waiting for McAfee LiveSafe Critical Update 16.0.22 Refresh 1 (CVE-2019-3684

Do we know if/how McAfee updated the version number or changed it from 16.0 R22 to maybe something like 16.0 R22.R1? Their support page don't say anything about how the version number might have changed after the update was installed. Did you try contacting their support group?

There was a McAfee popup today (11-23-19) saying an update was available and LiveSafe, WebAdvisor, and AntiSpam all show today's date for 16.0 R22 that's running on my Dell PC.

If you find out anything from McAfee, please post the info here...

Ron

   Forum Member since 2004
   I am not a Dell employee

0 Kudos
lmacri
1 Copper

Re: Waiting for McAfee LiveSafe Critical Update 16.0.22 Refresh 1 (CVE-2019-3684

Hi RoHe:

I'm not certain, but I received the same LiveSafe updates today on my Inspiron laptop and I suspect this isn't the latest "Refresh 1" update that patches privilege escalation vulnerability CVE-2019-3648 described <here>. The VirusScan component of my Dell-branded McAfee LiveSafe (Affld = 105) was just updated today from v22.6.159 to v22.7.150 but I found at least one thread <here> in the forum where a user with a paid McAfee subscription (Affld = 0) had VirusScan v22.7.150 as far back as 09-Oct-2019. I still haven't found a support page or blog on the McAfee.com site that posts a release history for their product updates so I'm just guessing at this point, but I suspect updates for my Dell-branded McAfee LiveSafe are still lagging behind the latest updates that have already been delivered to McAfee users with a paid subscription.

Neither Dell nor McAfee will tell me which company is responsible for scheduling updates for Dell-branded McAfee products. No one from Dell has replied in this thread but I received a private message (PM) from a Dell-CARES agent who told me that "McAfee is a 3rd party application for us, I won't be able to share any details on it" and that I should contact McAfee support for assistance.

My thread Is McAfee LiveSafe Affected by Vulnerability CVE-2019-3648 (Bulletin TS102984) in the McAfee LiveSafe board includes all the information I have to date from McAfee. While most of their product updates are rolled out in batches (which is normal for most antivirus products), I was also told that partners like Dell "may release the updates on their determined schedule" until they have run their own quality assurance / compatibility tests and certified the update for their particular computer models. I was told I could uninstall my Dell-branded McAfee LiveSafe and reinstall with an installer downloaded directly from the McAfee site to ensure I have the latest LiveSafe v16.0.R22 Refresh 1, but I was also warned that I might lose the 266 days remaining of my one-year free trial version of McAfee LiveSafe if I did this.
-----------
64-bit Win 10 Pro v1903 build 18362.418 * Firefox ESR v68.2.0 * McAfee LiveSafe v16.0 (R22) / VirusScan v22.7.150
Dell Inspiron 5584, Intel i5-8265U@1.60/1.80 GHz, 8 GB RAM, Intel UHD Graphics 620

0 Kudos
Highlighted
7- Thorium

Re: Waiting for McAfee LiveSafe Critical Update 16.0.22 Refresh 1 (CVE-2019-3684

For starters, this is primarily a user-to-user forum, so not very likely you'll get an "official" response from Dell.

McAfee releases updates to their products, so I doubt Dell has any hand in testing them for compatibility. Why would they...?

I have no idea how McAfee regulates rollouts of updates and who might get priority, if anyone. IMO, if somebody claims they already got Refresh 1 for 16.0 R22, they should be able to tell you exactly how it's numbered. Until we know how McAfee indicates the Refresh was installed, perhaps with a version number change, it's all speculation about who got it and who didn't. 

You could always uninstall McAfee and revert to Windows Defender which is built into Windows and free. If your subscription is registered at McAfee's site you're allowed to download and reinstall it again with whatever time is remaining until the original expiration date. So you should only lose the number of days between the date you uninstalled and the date you reinstalled. You shouldn't lose all the remaining time after the uninstall.

Ron

   Forum Member since 2004
   I am not a Dell employee

0 Kudos
joe53
5 Rhenium

Re: Waiting for McAfee LiveSafe Critical Update 16.0.22 Refresh 1 (CVE-2019-3684

I would strongly second Ron's suggestion to uninstall McAfee and use the built-in/free Microsoft Windows Defender.

1) Independent testing of AVs (by AV-Comparatives, AV-Test and SE Labs) shows that the free/pre-installed Windows Defender for Win 10 is as good or better that McAfee for the past few years. Uninstalling McAfee should automatically activate Windows Defender.

2) It is psychologically difficult to uninstall a product you have "paid for" (Dell includes McAfee in your price, with no option to opt out at time of purchase) but I can assure you I have uninstalled these paid McAfee AVs as Job 1 with every new Dell I bought for several years now. My systems were never compromised, and I never regretted dumping McAfee in favor of Windows Defender. 

3) Quite apart from the update issue you have, all things being equal otherwise, why pay for AV protection?

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 7/sp1 (64- Bit): Malwarebytes 3.x Premium, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


Windows 10 Pro (64- Bit): Same protection plus Windows Defender AV.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos
7- Thorium

Re: Waiting for McAfee LiveSafe Critical Update 16.0.22 Refresh 1 (CVE-2019-3684

And if you decide to remove McAfee, be sure to read/follow their instructions because it isn't quite as simple as using Windows Add/Remove to uninstall it.

Ron

   Forum Member since 2004
   I am not a Dell employee

0 Kudos
lmacri
1 Copper

Re: Waiting for McAfee LiveSafe Critical Update 16.0.22 Refresh 1 (CVE-2019-3684


@RoHe wrote:

...McAfee releases updates to their products, so I doubt Dell has any hand in testing them for compatibility. Why would they...?


Hi RoHe:

From McAfee Forum Mod Sudhakar_A_K: "When a customer’s computer receives an update also depends on where they purchased their subscription, since our partners may release the updates on their determined schedule." User Peacekeeper also noted <here> that "Dell tests updates themselves or we ex volunteers were told that was the cause of the delay."

So my question is still: Who is responsible for scheduling the release of product updates for the one-year trial of McAfee LiveSafe that came bundled with my Inspiron 5584 laptop - Dell or McAfee?

I don't know for certain, but it appears that that important security updates like the "R22 Refresh 1" patch for CVE-2019-3648 described in the McAfee Security Bulletin TS102984 are being delivered to my Dell-branded (Affld = 105) McAfee LiveSafe weeks, if not months, after they were delivered to products purchased directly from McAfee (Affld = 0).

If that's true and it's a common issue on all Dell Inspiron machines then, yes, I believe it would be prudent to uninstall my trial version of McAfee LiveSafe and use another security program for my real-time protection. If the problem only occurs on my machine then I'd like to know why.  I've had a few problems with other automatic software updates on my new Dell Inspiron and I'd like to know if my lagging McAfee updates are "normal" or a symptom of a more serious problem.
-----------
64-bit Win 10 Pro v1903 build 18362.418 * Firefox ESR v68.2.0 * McAfee LiveSafe v16.0 (R22) / VirusScan v22.7.150
Dell Inspiron 5584, Intel i5-8265U@1.60/1.80 GHz, 8 GB RAM, Intel UHD Graphics 620

0 Kudos
7- Thorium

Re: Waiting for McAfee LiveSafe Critical Update 16.0.22 Refresh 1 (CVE-2019-3684

First of all, it's not a 1-year "trial subscription". It's a full 1-year subscription that you paid for and the cost was included in the price of the PC. McAfee trial subscriptions are only for 30 days.

How can Dell control the release? The updates come directly via McAfee LiveSafe, not via Dell's SupportAssist or Dell Update, as drivers and BIOS updates do. So if anyone is doing the throttling, it's more likely McAfee.

I recently got a new Dell PC and it has LiveSafe 16.0 R22 on it. Since we still don't know what number a version with Refresh 1 has, we have no way to know exactly what we have. Notice that your McAfee contact didn't mention a version number after Refresh 1...?  I've been keeping McAfee only because I wanted to make sure everything works properly before I start uninstalling any pre-installed software.

Like I said, ditch McAfee if you're unhappy and switch over to Windows Defender. I will be doing that soon...

Ron

   Forum Member since 2004
   I am not a Dell employee

0 Kudos
7- Thorium

Re: Waiting for McAfee LiveSafe Critical Update 16.0.22 Refresh 1 (CVE-2019-3684

I pinged my Dell tech contact about this, but since it's the start of the 4-day holiday weekend, there may not be any feedback before next week...

Ron

   Forum Member since 2004
   I am not a Dell employee

0 Kudos