Supported platforms for MVISION Endpoint Detection and Response
Technical Articles ID:
KB91345
Last Modified: 5/10/2022
Environment
MVISION Endpoint Detection and Response (EDR)
Summary
Recent updates to this article
Date
Update
May 10, 2022
Minor formatting and table corrections. Updated McAfee Agent (MA) / MV-EDR on-premises, Compatible Endpoint Security (ENS) versions and Client operating systems.
March 17, 2022
MVISION EDR 4.0.0 added.
March 3, 2022
Added support for Windows Server 2022.
February 28, 2022
Added Long-Term Servicing Channel (LTSC) support.
February 23, 2022
Updated the "Supported operating systems" section for EDR 3.5.2 release for Mac and Windows.
Corrected Windows 10 2021 (21H2) support (supported added with EDR 3.5.2).
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
Contents
Click to expand the section you want to view:
MA 5.6.1 or later, for MVISION ePolicy Orchestrator (ePO) systems.
MA 5.0.5 or later, for ePO systems.
Windows and Linux:
MA 5.6.1 or later for MVISION ePO systems.
MA 5.6.0 or later for ePO systems.
General Products
Software
Requirements
ePO server systems
5.9.1 or later
Data Exchange Layer Client (DXL Client)
4.1 or later
Extensions and packages
MVISION-EDR extension:
After you check in the MVISION EDR extension, all dependent extensions and packages are installed:
MVISION Cloud Bridge 2.0.0
MVISION-EDR-Client
MVISION EDR Endpoint Snapshot Tool
MVISION-EDR-Client-Package
MVISION-EDR
DXL extensions
Security Information
and Event
Management (SIEM)
MVISION EDR supports the following SIEM integrations:
Enterprise Security Manager (ESM) 10.0.0 or later.
NOTE: See the ArcSight statement below for 11.3.1 and earlier limitations.
11.3.2 and later natively support EDR without the ArcSight limitation detailed below. For integration steps, see the ESM Data Sources Configuration Reference Guide.
IMPORTANT: For 11.3.1 and earlier, ArcSight ESM and ESM integration is supported only for automating the creation of guided investigations. One of the following can be used:
An external FQDN
An external IP address
The host name or IP address of an endpoint that uses the MVISION EDR client
Splunk ESM 7.1.0 using the Common Information Model.
NOTE: You can feed detections from MVISION EDR into your SIEM tool by configuring your ESM to consume standard Syslogs.
You can download the code from the GitHub page.
You can also contribute to this project and share the code for integrations with other products.
IMPORTANT: We don't support custom scripts from any other cloned or forked sites with changes.
Advanced Threat Defense (ATD)
MVISION EDR supports ATD 4.8 or later.
IMPORTANT: ATD reputation information and reports are available only with MVISION EDR on-premises extension 3.2.0.1 or later. This feature isn't supported on MVISION ePO.
Only a single appliance of ATD in a single ePO is supported. MVISION EDR doesn't support a Multi-cluster ATD setup.
Threat Intelligence Exchange (TIE)
MVISION EDR supports TIE 2.3 or later.
IMPORTANT: TIE reputation information is available only with MVISION EDR on-premises extension 3.2.0.1 or later. This feature isn't supported on MVISION ePO.
Only bridged scenarios are supported; only one TIE is displayed in the Data Source list.
Endpoint Protection Platforms (EPP)
MVISION EDR supports the following endpoint protection platforms only on Windows 10, 64-bit:
System Integrity Protection (SIP) must be enabled.
3
Ubuntu operating systems 18.04, 20.04, and 20.10 are End of Support and only provide LTSS support for security issues.
Virtual infrastructure software versions for EDR client
EDR client supports any virtualization solution, assuming that the following criteria are met:
EDR client and needed dependencies (DXL and MA) support the operating system being virtualized.
The virtualization solution is a supported solution from the virtualization solution vendor. The solution isn't EOL, beta, or an otherwise unsupported virtualization solution.
The virtualization solution supports the operating system being virtualized. To confirm operating system support, see the virtualization solution documentation.
The virtualization solution runs under full virtualization or paravirt mode, if supported.
Compatible ENS versions
Although ENS isn't a requirement, EDR and ENS share the Core Components (SysCore). So, there are certain versions with which it isn't compatible.
Mouse — Microsoft mouse or compatible pointing device
Monitor — 256-color or higher VGA monitor
CPU/RAM — The CPU requirement is a minimum of a Single Core. We recommend aDual Core Intel Pentium processor or compatible architecture. The following specifications are subject to change.The processor specifications are a recommended guideline, but aren't a hard requirement. Only x86 and AMD64 (x64) CPU architectures are supported. EDR doesn't support ARM processors.