Who is McAfee / HackerSafe / ScanAlert?
McAfee acts as security advisor for over 80,000 Web sites. Web sites compliant with the
McAfee Secure security standard may display the McAfee McAfee Secure certification mark. In addition to
McAfee Secure, McAfee is also the world's largest provider of PCI compliance auditing services.
For more information about McAfee and McAfee Secure certification, please visit our Corporate Overview.
 Contact us for more.
Why am I being audited (scanned)?
McAfee only performs security audits as requested by McAfee customers. A McAfee
security audit includes testing the Web pages associated with a customer's domain, and port scans of the
host machine on which the domain resides.
McAfee employees do not add domains or IP addresses to our security auditing service.
This action must be performed by a McAfee customer. If your intrusion detection system or server logs
reveal activity by McAfee, then a McAfee customer has requested a security audit for that
device.
Customers use McAfee's Web-based management portal to add the domain(s) they want
audited. Before the management portal accepts a domain, the customer must first confirm that they have
the explicit authority to perform security audits on their domain and any associated IP address.
Prior to auditing, McAfee performs a lookup on the domain to determine its IP address,
then associates the domain with the IP address. McAfee then audits both the domain and the host
machine at that IP address.
McAfee never performs unsolicited audits. It is a violation of McAfee terms and
services for a customer to request security audits on a domain and/or a devices IP address for which that
customer is not expressly authorized to do so.
If you have questions about McAfee security audits not answered by this FAQ, please contact us. Note
that
McAfee may only discuss sensitive customer information with persons registered with a customers account.
Contact us for more.
How often does McAfee perform security audits?
To certify a customers domain as McAfee Secure, McAfee must perform security audits on a
random, daily basis. Failing to do so revokes McAfee Secure certification and prevents the McAfee Secure
certification mark from displaying on their site.
Customers using only McAfee PCI compliance auditing services receive security audits once
per quarter, according to PCI compliance requirements. McAfee performs PCI audits for these customers at
a random date and time every quarter.
Whether auditing for McAfee Secure certification or PCI compliance, McAfee administers the same
security audit. For more information on security audits, see
What is included in a McAfee security audit ?
NOTE: Customers using either McAfee Secure or PCI services are also free to perform
on-demand security audits at any time.
Contact us for more.
How often does McAfee perform security audits?
McAfee conducts security audits in three phases:
- Phase 1: Port Discovery Scan
- Phase 2: Network Services Scan
- Phase 3: Web Application Scan
Phase 1: Port Discovery Scan
McAfee performs a lookup of the customers domain and resolves it to an IP address.
McAfee then conducts a full port scan of the IP address, and reports all responding ports.
If no ports respond, McAfee terminates the audit and reports an incomplete port scan. Unless
the device being audited is a hardware firewall, or other device designed specifically to refuse port scans,
the device cannot be certified as McAfee Secure or PCI compliant.
Phase 2: Network Services Scan
Using data from Phase 1, McAfee probes the services running on the ports for application
information.
Based on information collected during Phases 1 and 2, McAfee cross-references its extensive
vulnerability knowledge base, and reports any services with known vulnerabilities.
NOTE: Most vulnerabilities detected at this phase can be resolved by patching or
removing affected services, or blocking their port numbers.
Phase 3: Web Application Scan
During Phase 3, McAfee audits every publicly available part of the domains Web application.
his includes all HTTP services, configuration files, and any scripts (CGI, PHP, etc.). McAfee submits all
database query parameters for vulnerabilities such as SQL injections and cross-site scripting. Since attacks
along these vectors vary, McAfee must test each query parameter multiple times.
Depending on the complexity and efficiency of the Web application, Phase 3 may temporarily
increase server load. If the Web application has a significant portion available only to registered users,
the customer may provide McAfee a login to audit this as well.
During the Web application scan, McAfee utilizes up to five testing threads, simulating the
effect of no more than five users visiting the site. When auditing, McAfee remains within the domain
itself (www.domain.com). Among other site features, McAfee may audit any site control panel login pages
accessible under the domain.
Once the security audit completes, McAfee may send alert e-mail to users on the account,
depending on their e-mail settings.
Contact us for more.
What is included in a McAfee security audit?
McAfee only sends security alert e-mail to persons registered as users on a McAfee
account. If you receive e-mail from alerts@scanalert.com, the account owner, or a user on the account with
administrative access, has added you as a user to their account.
Contact us for more.
Why do I receive e-mail from alerts@scanalert.com?
You can view a list of originating IP addresses for McAfee security audits here:
http://www.mcafeesecure.com/help/ScanIps.sa
NOTE: You should not block our security audits outright, as this will prevent us from
certifying our customers as McAfee Secure. Please contact us first to resolve any issues.
Contact us for more.
Contact McAfee
Support1-707-252-9624 or support@hackersafe.com
Sales 1-877-302-9965 or sales@hackersafe.com
More contact
information
| 
Contact us for more.