Compatibility Questionnaire: McAfee (Hercules Remediation Manager) — Archive

Important: The OVAL Compatibility Program was moved to "archive" status in December 2009, and replaced with the "OVAL Adoption Program." Under the OVAL Adoption Program product validation is performed by an external organization, allowing the OVAL Team to focus on educating vendors on best practices regarding the use and implementation OVAL and on how OVAL can continue to evolve as needed by the community.

Refer to the OVAL Adoption Program section for addition information and to review all products and services listed.

Organizational Information

Name of Your Organization:


Web Site:

Product Information

Product/Service Name:

Hercules Remediation Manager 4.5

Compatible Categories:

OVAL Results Consumer

Product/Service Home Page:

General Capability Questions

Product Accessibility

Provide a short description of how and where your capability is made available to your customers and the public:

The McAfee Hercules Remediation Manager product is available via channel partners and directly from McAfee, Inc.

McAfee Hercules Remediation Manager customers can find OVAL information in the Hercules Vulnerability Remedy data, in the context and on-line help as well as in the product documentation.

Accuracy Questions

Language Version Indication

Describe how and where the capability indicates the version of the OVAL Language used to validate, create, or update its content:

Within the Help functionality of the Remediation Manager Console and the product documentation, it states McAfee Hercules Remediation Manager provides support for OVAL 4.0 or later schema. The image below shows a section of the Hercules User's Guide indicating the OVAL Schema version supported.

Additionally, the McAfee V-Flash service is an automated delivery mechanism connecting Hercules customers to the V-Flash server. The V-Flash Server houses the library of vulnerability remedies and policies. Hercules customer sites are updated with new remediations and policy data electronically through this service.

Notifications are included in the V-Flash notification messages indicating the date the OVAL content was last updated. The snippet below is a sample of what is depicted at the end of each V-Flash notification message.


This V-Flash uses CVE information from CVE Reference Version 20061101.
The CVE Candidate information was last updated 12/5/2006.
For additional information on the CVE process, see

This V-Flash uses OVAL content which was last updated 12/5/2006.
For additional information on OVAL, see

Approach for Correction of Errors

Indicate how a user who discovers an error in the capability's use of OVAL can report the error:

If you are a product vendor and you are trying to initially integrate with Hercules from an OVAL perspective, contact the Technical Contact listed above for assistance.

If you are a customer and you feel errors have been discovered in our importer or our data, contact customer support via

McAfee Corporate Technical Support:
Phone: 1-800-937-2237

Describe the approach to responding to the above error reports and how applicable fixes will be applied:

If the problem is an OVAL content issue, the correction will be made within the next business day and made available to customers via the McAfee V-Flash service. If the problem is with the importer software itself we will work with the submitter to understand why they think they have discovered a problem with the software. If an error is encountered we will work to provide an expedient resolution to the issue.

Documentation Questions

Compatibility Documentation

Provide a copy, or directions to the location, of where the documentation describes OVAL and OVAL Compatibility for any customers:

The Hercules User Guide and Hercules Vulnerability Assessment and Remediation Overview both reference the OVAL capabilities of the product. These documents are provided as a part of the response to this questionnaire. They are included with the product for customer usage. It is also included in the context sensitive Help as is shown below.

Language Support

Indicate the component schemas and/or individual OVAL Tests that the capability does not support for each category of OVAL Compatibility being applied for:

Currently, Hercules has been tested with the Core, Red Hat Linux, Sun Solaris and Microsoft Windows Definition Schemas. Supporting additional platforms is a data issue at this point. The current importer should be able to support the other specified platform schemas. We will be able to support additional Definition Schemas as they are published and data to test with becomes available.

Capability Specific Questions

Finding Elements Using OVAL

Provide details regarding how users can identify and find individual OVAL content (through OVAL-IDs) that is being consumed by the capability. For example, how can a user determine which definitions have been consumed and what the result of each definition is:

The Hercules User Guide and Hercules Vulnerability Assessment and Remediation Overview both reference the OVAL capabilities of the product. These documents are provided as a part of the response to this questionnaire. They are included with the Hercules product for customer use.

Customers can also use the Third Party ID Search capabilities of the product to locate a remediation associated with a specific or set of OVAL IDs.

If a specific OVAL ID is entered, the remediation associated with the OVAL ID is selected. The user can then browse the remedy or use it in some other way.

Users can also use other search capabilities to locate sets of remedies corresponding to the search criteria entered. In the example below, simple wildcarding was used.

OVAL Content Importation Process Explanation

If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability:

Keeping OVAL content current is a daily on-going process. The McAfee Avert Labs has dedicated staff members focused on assuring the accuracy and integrity of the data used within the Hercules product line. We have implemented an automated process that pulls down the OVAL content files each day for all platforms available from the MITRE site. The new information is merged into our database each time the process runs. Since we are Certified CVE Compatible, we auto-associate new OVAL checks to the appropriate remediation using the CVE ID as the key. New and updated OVAL content not auto-associated are manually reviewed to assure coverage and accuracy from a Hercules product perspective.

As new officially recognized OVAL repositories are established, McAfee will add automated support for those sites in the same manner as is done for the MITRE OVAL Repository today.

When new OVAL Schemas are released, McAfee will be matching the OVAL release schedule for minor releases so new schemas are supported immediately. For major releases we will have newly supported OVAL importers available in the next release. This is due to testing and integrating with existing product release schedules. We are and plan to continue to be an active part of the OVAL Schema development so we can minimize the time and plan releases to better fit OVAL major release schedules.


Statement of Compatibility

Have an authorized individual sign and date the following Compatibility Statement (required):

"As an authorized representative of my organization I agree that we will abide by all of the mandatory compatibility requirements as well as all of the additional mandatory compatibility requirements that are appropriate for our specific type of capability."

Name:   Carl Banzhof
Title:   VP/CTE, McAfee, Inc.

Statement of Accuracy

Have an authorized individual sign and date the following accuracy Statement (recommended):

"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability's use of the OVAL Language and the interpretation of the logic."

Name:   Carl Banzhof
Title:   VP/CTE, McAfee, Inc.

Statement on Follow-on Correctness Testing Support

Have an authorized individual sign and date the following statement about your organizations willingness to support correctness testing of other capabilities, which will be managed by the Reviewing Authority and kept to reasonable levels of effort for all involved. (required):

"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."

Name:   Carl Banzhof
Title:   VP/CTE, McAfee, Inc.

Page Last Updated: December 17, 2009