Supported platforms for MVISION EDR

Environment

McAfee MVISION EDR

Summary

Recent updates to this article

Date	Update
April 12, 2021	Added Hardware Requirements and updated Software requirements.
January 25, 2021	Updated 2008 R2 to support SP2 not SP1.
December 17, 2020	Updated CentOS version information.
December 1, 2020	Added 3.3.0x to Operating Systems and ENS support. Added ESM 11.3.2 and later information to SIEM section of Software requirements.
October 28, 2020	Updated Software requirements.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

Contents
Click to expand the section you want to view:

Software requirements

Software	Requirements
ePO server systems	5.9.1 or later
McAfee Agent	Windows and Linux 5.0.3 or later for McAfee ePO systems Windows and Linux 5.6.1 or later for MVISION ePO systems Mac OSX 5.0.5 or later for McAfee ePO systems Mac OSX 5.6.1 or later for MVISION ePO systems If you use MVISION ePO, the minimum version is 5.6. NOTE: This McAfee Agent version came with DXL Client.
McAfee Data Exchange Layer Client	4.1 or later
Extensions and packages	MVISION-EDR extension: After you check in the MVISION EDR extension, all dependent extensions and packages are installed: MVISION Cloud Bridge 2.0.0 MVISION-EDR-Client MVISION EDR Endpoint Snapshot Tool MVISION-EDR-Client-Package MVISION-EDR McAfee Data Exchange Layer extensions
Security Information and Event Management (SIEM)	MVISION EDR supports the following SIEM integrations: McAfee Enterprise Security Manager (McAfee ESM) 10.0.0 or later. NOTE: See the ArcSight statement below for 11.3.1 and earlier limitations. 11.3.2 and later natively supports EDR, without the ArcSight limitation detailed below. For integration steps, see the ESM Data sources configuration reference-guide. Micro Focus ArcSight Enterprise Security Manager (ArcSight® ESM) 6.9.1 IMPORTANT: For 11.3.1 and earlier, ArcSight ESM and McAfee ESM integration is supported only for automating the creation of guided investigations. One of the following is used: An external FQDN An external IP address The host name or IP address of an endpoint that is using the MVISION EDR client. Splunk Enterprise Security Manager (Splunk ESM) 7.1.0 using the Common Information Model (CIM). NOTE: You can feed detections from MVISION EDR into your SIEM tool by configuring your McAfee ESM to consume standard Syslogs. You can download the code from The McAfee GitHub Page You can also contribute to this project and share the code for integrations with other products. IMPORTANT: McAfee does not support custom scripts from any other cloned or forked sites with changes.
McAfee® Advanced Threat Defense (ATD)	MVISION EDR supports ATD 4.8 or later. IMPORTANT: ATD reputation information and reports are available only with MVISION EDR On-premises extension 3.2.0.1 or later. This feature is not supported on MVISION ePO. Only a single appliance of ATD in a single ePO is supported. MVISION EDR does not support Multi-cluster ATD setup.
McAfee® Threat Intelligence Exchange (TIE)	MVISION EDR supports TIE 2.3 or later. IMPORTANT: TIE reputation information is available only with MVISION EDR On-premises extension 3.2.0.1 or later. This feature is not supported on MVISION ePO. Only bridged scenarios are supported: only one TIE is displayed in the Data Source list.
Endpoint Protection Platforms (EPP)	MVISION EDR supports the following endpoint protection platforms only on Windows 10 64 bits: McAfee Endpoint Security 10.7 or later McAfee MVISION Endpoint

Supported operating systems and McAfee software

ePO server system:

See the Installation guide for your version of ePO. For the latest updates and other relevant information, see KB51569 - Supported platforms for ePolicy Orchestrator.

EDR Client operating system

Operating System	Version	EDR Client 3.0.0.355	EDR Client 3.0.0.404	EDR Client 3.0.0.432	EDR Client 3.1.0.x	EDR Client 3.2.0x	EDR Client 3.3.0x
Windows Server 2019 (64-bit only)	Base	Yes	Yes	Yes	Yes	Yes	Yes
Windows Server 2016 (64-bit only)	Base	Yes	Yes	Yes	Yes	Yes	Yes
Windows Server 2012 (64-bit only)	Base, R2, U1	Yes	Yes	Yes	Yes	Yes	Yes
Windows Server 2008 R2 Enterprise (64-bit only)	SP2¹	Yes	Yes	Yes	Yes	Yes	Yes
Windows Server 2008 R2 Standard (64-bit only)	SP2¹	Yes	Yes	Yes	Yes	Yes	Yes
Windows 10 Enterprise (32-bit and 64-bit)	2020 (20H2)	No	No	No	Yes	Yes	Yes
	2020 (20H1)	No	No	No	Yes	Yes	Yes
	1909 (November 2019 Update)	Yes	Yes	Yes	Yes	Yes	Yes
	1903 (May 2019 Update)	Yes	Yes	Yes	Yes	Yes	Yes
	1809 (October 2018 Update)	Yes	Yes	Yes	Yes	Yes	Yes
	1803 (April 2018 Update)	Yes	Yes	Yes	Yes	Yes	Yes
	1709 (Fall Creators Update)	Yes	Yes	Yes	Yes	Yes	Yes
	1703 (Creators Update)	Yes	Yes	Yes	Yes	Yes	Yes
	1607 (Anniversary Update)	Yes	Yes	Yes	Yes	Yes	Yes
	1511 (Threshold 2)	Yes	Yes	Yes	Yes	Yes	Yes
	1507 (Threshold 1)	Yes	Yes	Yes	Yes	Yes	Yes
Windows 8.1 Enterprise (32-bit and 64-bit)	Base, U1	Yes	Yes	Yes	Yes	Yes	Yes
Windows 8.0 (32-bit and 64-bit)	Base	Yes	Yes	Yes	Yes	Yes	Yes
Windows 7 Enterprise (32-bit and 64-bit)	Up to SP1¹	Yes	Yes	Yes	Yes	Yes	Yes
Windows 7 Professional (32-bit and 64-bit)	Up to SP1¹	Yes	Yes	Yes	Yes	Yes	Yes
CentOS (64-bit)	6.6 to 7.5	Yes	Yes	Yes	Yes	Yes	Yes
	7.6 to 7.8	No	No	No	No	Yes	Yes
	8.0, 8.1 and 8.2	No	No	No	No	No	Yes
Red Hat (64-bit)	6.6 to 7.5	Yes	Yes	Yes	Yes	Yes	Yes
	7.6 to 7.9	No	No	No	No	Yes	Yes
	8	No	No	No	No	No	Yes
SUSE (64-bit)	11 SP4 and 12 SP3	Yes	Yes	Yes	Yes	Yes	Yes
SUSE (64-bit)	15	No	No	No	No	No	Yes
Oracle Linux Server (64-bit)	7.7	No	No	No	No	Yes	Yes
macOS²	Big Sur (11.0)	No	No	No	No	No	No
	Catalina (10.15)	No	No	Yes	Yes	Yes	Yes
	Mojave (10.14)	Yes	Yes	Yes	Yes	Yes	Yes
	High Sierra (10.13)	Yes	Yes	Yes	No	No	No

¹ You must install the following Windows updates to support EDR Client 3.0:

Windows 7 x64: https://www.microsoft.com/en-us/download/details.aspx?id=35936
Windows 7 x86: https://www.microsoft.com/en-gb/download/details.aspx?id=35903
Windows Server 2008 R2 x64: https://www.microsoft.com/en-us/download/details.aspx?id=35857

² System Integrity Protection (SIP) must be enabled

Virtual infrastructure software versions for EDR client
EDR client supports any virtualization solution, assuming that the following criteria are met:

EDR client and required dependencies (Data Exchange Layer and McAfee Agent) support the operating system being virtualized.
The virtualization solution is a supported solution from the virtualization solution vendor. The solution is not End of Life, beta, or an otherwise unsupported virtualization solution.
Virtual Desktop Infrastructure (VDI) systems support the EDR client if the McAfee Agent installed on the client is installed in VDI mode. For more information, see KB87654 - Agent provisioning and deployment on VDI systems.
The virtualization solution supports the operating system being virtualized. To confirm operating system support, see the virtualization solution documentation.
The virtualization solution runs under full virtualization or paravirt mode, if supported.

Supported Endpoint Security (ENS) versions
Although ENS is not a requirement, EDR and ENS share the Core Components (SysCore). So, there are certain versions with which it is not compatible.

ENS Version	EDR Client 3.0.0.355	EDR Client 3.0.0.404	EDR Client 3.0.0.432	EDR Client 3.1.0.x	EDR Client 3.2.x	EDR Client 3.3.x
ENS 10.5.1	Yes	Yes	Yes	Yes	Yes	Yes
ENS 10.5.2	Yes	Yes	Yes	Yes	Yes	Yes
ENS 10.5.3 for RS3	Yes	Yes	Yes	Yes	Yes	Yes
ENS 10.5.4	Yes	Yes	Yes	Yes	Yes	Yes
ENS 10.5.5	Yes	Yes	Yes	Yes	Yes	Yes
ENS 10.6	Yes	Yes	Yes	Yes	Yes	Yes
ENS 10.6.1¹	Yes	Yes	Yes	Yes	Yes	Yes
ENS 10.7	Yes	Yes	Yes	Yes	Yes	Yes
ENS-TP for MAC 10.2.3	Yes	Yes	Yes	Yes	No	No
ENS-TP for MAC 10.5.0	Yes	Yes	Yes	Yes	Yes	No
ENS-TP for MAC 10.6	Yes	Yes	Yes	Yes	Yes	Yes
ENS-TP for MAC 10.6.1	Yes	Yes	Yes	Yes	Yes	Yes
ENS-TP for MAC 10.6.2	No	Yes	Yes	Yes	Yes	Yes
ENS-TP for MAC 10.6.3	No	Yes	Yes	Yes	Yes	Yes
ENS-TP for MAC 10.6.4	No	Yes	Yes	Yes	Yes	Yes
ENS-TP for MAC 10.6.5.x	No	No	Yes	Yes	Yes	Yes
ENS-TP for MAC 10.6.6	No	No	Yes	Yes	Yes	Yes
ENS-TP for MAC 10.6.7	No	No	Yes	Yes	Yes	Yes
ENS-TP for MAC 10.6.8	No	No	Yes	Yes	Yes	Yes
ENS-TP for MAC 10.6.9	No	No	No	Yes	Yes	Yes
ENS-TP for MAC 10.6.10	No	No	No	No	Yes	Yes
ENS-TP for MAC 10.7	No	No	Yes	Yes	Yes	Yes
ENS-TP for MAC 10.7.1	No	No	Yes	Yes	Yes	Yes
ENS-TP for MAC 10.7.5	No	No	No	No	No	No
ENS-Linux 10.2.2	Yes	Yes	Yes	Yes	Yes	Yes
ENS-Linux 10.5.0	Yes	Yes	Yes	Yes	Yes	Yes
ENS-Linux 10.6.0	Yes	Yes	Yes	No	No	No
ENS-Linux 10.6.1	Yes	Yes	Yes	No	No	No
ENS-Linux 10.6.2	No	No	No	No	No	No
ENS-Linux 10.6.3	No	No	No	No	No	No
ENS-Linux 10.6.4	Yes	Yes	Yes	Yes	Yes	Yes
ENS-Linux 10.6.5	Yes	Yes	Yes	Yes	Yes	Yes
ENS-Linux 10.6.6	Yes	Yes	Yes	Yes	Yes	Yes
ENS-Linux 10.6.7	Yes	Yes	Yes	Yes	Yes	Yes
ENS-Linux 10.6.12	Yes	Yes	Yes	Yes	Yes	Yes
ENS-Linux 10.7	No	No	No	Yes	Yes	Yes

¹ There is a known compatibility issue between ENS 10.6.1 July 2019 Update (or earlier) and EDR. The issue symptom is general higher CPU use on systems. This issue is resolved in ENS 10.6.1 October 2019 Update. For more information about this issue, see, KB92058 - High memory consumption in mfetp.exe, or high general CPU when MVISION EDR is present.

Back to top

Hardware requirements

System hardware requirements are subject to change, and are influenced by updates and hotfixes that are applied.

Support for Intel Control-flow Enforcement Technology (Intel CET) - Intel CET requires certain versions of Intel chipsets. For more information, see https://newsroom.intel.com/editorials/intel-cet-answers-call-protect-common-malware-threats/.

CPU/RAM - The CPU requirement is a minimum of a Single Core. McAfee recommends a Dual Core Intel Pentium processor or compatible architecture. The following specifications are subject to change. The processor specifications are a recommended guideline, but are not a hard requirement. Only x86 and AMD64 (x64) CPU architectures are supported. ENS does not support ARM processors.

Operating System	Service Pack	32-bit	64-bit	Processor	RAM	Minimum Free Hard Disk Space
Windows 10		X	X	2 GHz or higher	3 GB	1 GB
Windows 8.1 Update 1		X	X	2 GHz or higher	3 GB	1 GB
Windows 8 - except Runtime		X	X	2 GHz or higher	3 GB	1 GB
Windows 7	SP1	X	X	1.4 GHz or higher	2 GB	1 GB
Windows 7 Embedded		X	X	1 GHz or higher	1 GB	1 GB
Windows Embedded 8		X	X	1 GHz or higher	1 GB	1 GB
Windows Server 2019			X	2 GHz or higher	3 GB	1 GB
Windows Server 2016			X	2 GHz or higher	3 GB	1 GB
Windows Server 2012 R2			X	2 GHz or higher	3 GB	1 GB
Windows Server 2012			X	2 GHz or higher	3 GB	1 GB
Windows Storage Server 2012 and 2012 R2			X	2 GHz or higher	3 GB	1 GB
Windows Server 2008 R2		X	X	1.4 GHz or greater	2 GB	1 GB
Windows Storage Server 2008 R2		X	X	1.4 GHz or higher	2 GB	1 GB
Windows Small Business Server 2011		X		1.4 GHz or higher	2 GB	1 GB
Windows Point of Service 1.1		X		1 GHz or higher	1 GB	1 GB

Mouse - Microsoft mouse or compatible pointing device
Monitor - 256-color or higher VGA monitor

Back to top

Related Information

To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR:

If you are a registered user, type your User Id and Password, and then click Log In.
If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you.

For McAfee product documents, go to the Enterprise Product Documentation portal at https://docs.mcafee.com.

Knowledge Center

Supported platforms for MVISION EDR

Environment

Summary

Related Information

Affected Products

Languages:

Glossary of Technical Terms

Title

Title

Knowledge Center

Supported platforms for MVISION EDR

Environment

Summary

Related Information

Affected Products

Languages:

Glossary of Technical Terms

Choose your region

Title

Title