McAfee Endpoint Protection provides anti-malware protection. It also protects against unauthorized devices. This indispensable protection reinforces endpoint and data security by combining device control and critical email and web security.
This simple security suite integrates all these essential functions into a single and manageable environment. Due to the comprehensive device control included, it is possible to prevent critical data from leaving your company via removal media, such as USB drives, Bluetooth devices, etc.
McAfee Endpoint Security 10 helps you control the threat defense lifecycle with technologies that communicate and learn from each other in real time to combat advanced threats and deliver insights with actionable threat forensics – all in language you can easily understand.
McAfee Endpoint Security 10 shares events against potentially dangerous applications, downloads, websites, and files in order to protect your productivity and get visibility into advanced threats.
This environment is ideal for safeguarding traditional desktops and other systems that have restricted exposure to Internet threats. Moreover, the advanced email and spam protection intercepts spam and harmful viruses by scanning inbound and outbound emails.
McAfee Endpoint Security Features:
Stops viruses, Trojans, worms, adware, spyware, and other potentially unwanted programs that aim to reach your devices and confidential data. McAffe’s technology automatically detects and blocks malware, even unknown threats, in real time, before it spots your desktop and servers.
Neutralizes spyware before it spreads. Blocks, detects and removes malicious software that takes your information or displays unwanted advertisements.
Stops hackers and identity thieves from gaining access to your computers and data by instantly alerting users to any attempted intrusions.
Ensures that you and your company have safe access to email and web applications. McAfee cuts off more than 99% of spam, viruses, and phishing attacks before it reaches inboxes.
McAfee SiteAdvisor provides color-coded website ratings in order to notify users of potentially malicious sites. Security administrators can also block access to specific or entire categories of websites.
Prevent loss of sensitive data by restricting use of removable media. (USB drives, DVDs and other removable storage devices). Monitors and restricts data copied to these devices to keep it always under company‘s control.
Mangepolicies, compliance and reporting from a single, centralized console (the McAfee ePolicy Orchestrator). Instantly see and take action to adjust security coverage as things happen.
What’s new in McAfee Endpoint Security 10.7.0:
This release of McAfee Endpoint Security contains improvements and fixes, including:
- Enhanced remediation capabilities
- Increased context for fileless threat detections
- Enhanced protection against fileless attack methods
- Support for on-demand scan from the command line and improved scanning performance
Caution: Upgrading from the beta version of Endpoint Security 10.7 is not supported. To install the production release of the software, you must first uninstall the beta version.
Installation and upgrade
- Advanced Detection and Remediation extension — View Story Graph and remediation data reported by the Advanced Detection and Remediation extension that’s now included in the Endpoint Security installation package. The Story Graph is a visual representation of events leading up to a detected threat.
- Endpoint Security Package Designer enhancements — Create separate installation packages for 32-bit and 64-bit versions of the product, and create installation packages that include McAfee® Endpoint Security Adaptive Threat Protection (ATP).
- Adaptive Threat Protection requires McAfee® Endpoint Security Threat Prevention.
- Support added in Endpoint Security Package Designer to trim future updates of Endpoint Security 10.7.0.
- Support for case sensitivity — Allow Microsoft Windows to correctly manage mix-case file and folder names. You can check and change this attribute setting in Windows. It’s disabled by default.
- On systems running Windows 10 October 2018 Update or later, you must make sure that the case-sensitivity attribute is disabled for folders where you want to install the product software. Once Endpoint Security is installed or upgraded, Endpoint Security folders are protected against being set as case sensitive to make sure that this setting does not prevent product updates and upgrades.
- All product features in each module protect and exclude files and folders in a case-insensitive manner, but use the correct case for reporting events.
Endpoint Security Platform
- On-demand scan logging — During on-demand scans, all scanned files can now be logged when this feature is enabled. This feature is disabled by default.
- Endpoint Security logging — Format improvements were made to standardize the Endpoint Security logs.
- On-demand scan command line interface — Start, stop, pause, resume, and get status for all types of on-demand scans (quick, full, and custom) from the command line or as part of a batch file.
- Custom on-demand scan command line interface — Run a previously defined custom on-demand scan with new settings, without changing the original custom scan setting.
- Update command line interface— Update the scan engine, AMCore content, and Exploit Prevention from the command line or as part of a batch file.
- On-demand scan CPU throttling — Configure the maximum percentage of CPU (25% – 100%, default is 80%) that all types of on-demand scans (quick, full, and custom) consume when scanning files.
This feature is disabled by default and available only when Scan anytime is selected. It’s an alternative to using the System utilization setting. CPU throttling always uses THREAD_PRIORITY_IDLE threads for the least possible impact to other programs.
- Choosing when to scan — Configure the on-access scanner to bypass trust logic and examine all files when writing to disk, reading from disk, or both with the new Let me decide option.
For the best performance, enable the Let McAfee Decide option.
- Expert Rules enhancements
- REGVAL_DATA — You can use this MATCH_type value to control or filter the data being written or changed in a registry value.
- Next_Process_Behavior — You can use this command to create behavioral rules to block a specific sequence of actions.
- AggregateMatch — You can use this command to create a list of values to match in a rule, so you can use the same data without having to rewrite the values.
Web ControlBrowser support — Microsoft Edge is now a supported browser on systems running Windows 10 Creators Update (15063) and later.Adaptive Threat Protection
- Enhanced Real Protect script scanning — Support for the Anti-Malware Scanning Interface (AMSI) enables ATP technologies, including Real Protect to detect threats on supported events such as PowerShell. For more information about the file types that AMSI supports, see How AMSI helps you to defend against malware. This feature is enabled by default.
- Enhanced remediation capabilities — Monitor the behavior of processes with a reputation of Unknown and below, and their children, tracking all changes that the processes make to the system.
As it runs, the ATP scanner and Real Protect scanner inspect the process. After a limited period, if the scanners don’t detect malicious behavior, enhanced remediation stops monitoring the process.If a monitored process exhibits malicious behavior, enhanced remediation stops the process, its children, and ancestors, and rolls back the changes that it made, restoring the system as close as possible to its original state before the process ran. Files created in the convicted process are deleted, but to roll back the changes and restore the files, you must enable Monitor and remediate deleted and changed files.
This feature is enabled by default and only available when Clean when reputation threshold reaches is enabled.
- Enhanced protection against fileless attack methods — Detect and protect against fileless, dual-use, and live-off-the-land attacks using ATP rules, the Real Protect scanner, and Real Protect script scanning integration with AMSI.
- Increased context for ATP detections — View ATP detection details in the Story Graph. The Story Graph provides context for the events leading up to a detected threat, allowing you to see why ATP thinks the activity is malicious and what actions led to the conviction.
Drill down from an event in the McAfee® ePolicy Orchestrator® (McAfee® ePO™) Threat Event Log to review the event’s Story Graph.
- The name of the option for using McAfee GTI for file reputation information if the TIE server isn’t reachable has changed and now three options are available in the new Reputation Source drop-down list in the Adaptive Threat Protection Options policy:
- Use McAfee GTI if the TIE server is not reachable
- Use Only the TIE server
- Use Only McAfee GTIReputation source configuration — Configure the source for file reputation information. For example, you can use only McAfee® Global Threat Intelligence (McAfee GTI) even if the McAfee® Threat Intelligence Exchange (TIE) server is reachable.
Your selected option is retained across upgrades and compatible with pre-10.7 extensions and client systems.
- Updated Real Protect architecture — McAfee now delivers Real Protect and other scanner updates in AMCore Content updates.
Updated platform, environment, or operating system support
- The minimum McAfee ePO version for this release is 5.9.0.
Size: 297 MB