Loading...

Knowledge Center


Documentation Correction: Endpoint Security 10.2 and 10.5 Product Guides
Technical Articles ID:   KB86631
Last Modified:  6/1/2018
Rated:


Environment

McAfee Endpoint Security (ENS) 10.x

Summary

This article provides corrections to the following posted product guides:
  • Endpoint Security 10.5 Product Guide (PD26799)
  • Endpoint Security 10.2 Product Guide (PD26619)
Documentation issues included in this article will be corrected in a future version of the product guide.
 
Topic Documentation Incorrect information Updated information
Using Real Protect scanning Endpoint Security 10.5 Product Guide and Adaptive Threat Protection Help If the client system is using TIE for reputations, it doesn't require Internet connectivity to mitigate false positives.
 
 
Real Protect client-based scanning requires either McAfee GTI or TIE server connectivity.
Real Protect cloud-based scanning requires connectivity to realprotect1.mcafee.com (see KB79640).
When is the cache flushed? Endpoint Security 10.2/10.5 Product Guide and Adaptive Threat Protection Help An individual file or certificate cache is flushed when:
  • The cache is over 30 days old.
  • The file has changed on the disk.
  • The TIE server publishes a reputation change event.
The item "The cache is over 30 days old" in the list is incorrect.
Scan only when the system is idle Endpoint Security 10.5 Product Guide and Common Help Threat Prevention resumes the scan when the user hasn't accessed the system for three minutes. Threat Prevention resumes the scan when the user hasn't accessed the system for five minutes.
Exploit Prevention content package Endpoint Security 10.5 Product Guide and Common Help Exploit Prevention content is similar to the McAfee Host IPS content files. See KB51504.

In addition, the following displays in the "Notes" column in ePolicy Orchestrator under Policy Catalog, Endpoint Security Threat Prevention, Exploit Prevention, Show Advanced, Signatures list:

Refer to KB article 51504 for details about supported platforms.
A note will be added that access to article KB51504 requires that you log on to the Service Portal. To view this article:
  1. Log on to the ServicePortal at http://support.mcafee.com.
  2. Type KB51504 in the Search the Knowledge Center field on the Home page.
  3. Click Search or press ENTER.
Exploit Prevention content Endpoint Security 10.2/10.5 Product  and Common Help McAfee releases new Exploit Prevention content files once a month. McAfee releases new Exploit Prevention content files as needed. If no content has been added, the content will not be updated.
FAQ - McAfee GTI and Firewall Endpoint Security 10.2/10.5 Product Guide and Firewall Help How does McAfee GTI work with Firewall?
When the McAfee GTI options are selected, two firewall rules are created: McAfee GTI - Allow Endpoint Security Firewall Service and McAfee GTI - Get Rating. The first rule allows a connection to McAfee GTI and the second blocks or allows traffic based on the connection's reputation and the block threshold set.
How does McAfee GTI work with Firewall?
Firewall uses the value of the Incoming network-reputation threshold and Outgoing network-reputation threshold options to create internal rules on the client system. If incoming or outgoing traffic matches these rules, Firewall queries McAfee GTI for the reputation of the source or destination IP address. Firewall uses this information to determine whether to block incoming or outgoing traffic.
  • If the Log matching traffic option is enabled, block events are logged and sent to McAfee ePO.
  • If the Treat McAfee GTI match as intrusion option is enabled, block events are also treated as intrusion events and appear as alerts on the client system.
Severity levels
 
 

 
Endpoint Security 10.5 Product Guide and Threat Prevention Help Disabled - Lists signatures that are disabled in the Exploit Prevention content file.

NOTE: You can't enable signatures with a severity of Disabled.
The note is incorrect. You can configure signatures with a severity of Disabled using the same options available for all other signatures:
  • Block - Prevents the operation.
  • Report - Allows the operation and reports the event.
If neither option is selected, the signature is disabled (Exploit Prevention allows the operation and does not report the event).

Root-level exclusions
 
Endpoint Security 10.2/10.5 Product Guide and Threat Prevention Help Threat Prevention requires an absolute path for root-level exclusions. This means that you can't use leading \ or ?:\ wildcard characters to match drive names at the root level. This topic does not apply to Endpoint Security 10.2.1 (and later) or 10.5.1 (or later). Starting in ENS 10.2.1/10.5.1 you can use ?:\ wildcard characters to match drive names at the root level. For example, ?:\test\ would exclude both C:\test\ and F:\test\. 
Root-level exclusions Endpoint Security 10.2 Product Guide and Threat Prevention Help Threat Prevention requires an absolute path for root-level exclusions. This means that you can't use leading \ or ?:\ wildcard characters to match drive names at the root level.

This behavior differs from VirusScan Enterprise. See Knowledge Base article KB85746 and the McAfee Endpoint Security Migration Guide.
Knowledge Base article KB85746 was initially reserved; however, it was later determined that the information included in the McAfee Endpoint Security Migration Guide was sufficient and KB85746 was not needed. KB85746 will not be published and the reference to KB85746 has been removed in the Endpoint Security 10.5 Product Guide.
Enable the Web Control plug-in from the browser
 
Endpoint Security 10.2 Product Guide and Web Control Help
The Web Control plug-in is enabled by default on Firefox. In Firefox, a prompt displays asking the end user to enable the ENS Web Control extension upon opening Firefox after the ENS Web Control installation. The ENS Web Control service will enable the ENS Web Control browser extension automatically in Firefox five minutes after installation if the end user has not already opened Firefox. Every 30 minutes, the ENS Web Control service checks the status of the ENS Web Control extension in Firefox and enables the extension if it has been disabled by the end user.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.