CUSTOMER FAQ

McAfee Endpoint Security

Frequently Asked Questions

Overview
McAfee® Endpoint Security is our integrated, centrally managed endpoint protection
platform. It replaces legacy technologies like McAfee VirusScan® Enterprise with a single
agent for multiple technologies, including our most advanced defenses like machine
learning-based analysis and behavioral monitoring.

Q: What is it? ■ On-demand scanning: More control over

A: McAfee Endpoint Security is our modern, integrated on- demand scanning (ODS) using Command
endpoint security platform. It replaces several Line Scanner and a new CPU limiting
legacy McAfee products that were deployed as capability.
point products (VirusScan Enterprise, McAfee ■ Story Graph: Visualizes threat event details in an
SiteAdvisor®, McAfee® Host Intrusion Prevention easy-to-read format.
[McAfee Host IPS], and others) with a single-agent ■ Edge Browser support: All web control
architecture and integrated advanced defenses functionality available in the Microsoft Edge
like machine learning analysis, containment, and browser.
endpoint detection and response (EDR). ■ Machine learning: Pre-execution and post-
Q: What are some of the new technologies in execution analysis detects zero-day threats by
McAfee Endpoint Security? what they look like and how they behave.
A: Our latest release offers: ■ Application containment: Contains malicious
applications and processes on endpoints even
■ Rollback remediation: Automatically reverses
when they are offline.
changes made by malware and returns systems to
a healthy state. ■ Behavior monitoring: Records process-level Connect With Us
behavior while analyzing for attack techniques
and procedures (TTPs). Alerts are prioritized
with attack “playback” of events.
1 McAfee Endpoint Security
 CUSTOMER FAQ

■ Integration with MVISION EDR: McAfee Endpoint Web Security: Prevents users from browsing to
Security works with our Endpoint Detection and malicious or unauthorized websites and serves as a
Response (EDR) tool by surfacing details about replacement for SiteAdvisor Enterprise.
threats and threat events for incident responders. Firewall: Stops malicious inbound and outbound
■ Migration assistant: A tool for existing customers network traffic and replaces the host intrusion
to make migration easy. Performs automatic tasks prevention firewall feature of McAfee Host IPS.
and moves your existing policies into McAfee
Q: How does rollback remediation work?
Endpoint Security.
A: When malware attempts to compromise and
Q: How is it different from VirusScan Enterprise? endpoint, malicious actions like calling on
A: McAfee Endpoint Security outperforms VirusScan executables that grant system access or filenames
Enterprise, giving you a 25% higher protection rate. It are altered to deliver a payload. With McAfee
also simplifies your environment by providing a single Endpoint Security rollback remediation enabled, a
agent to deploy and manage in your environment. system snapshot is established and changes that
The number of policies you’ll manage are also are made are recorded. When McAfee Endpoint
reduced, saving you time while simplifying workflows. Security detects threats, rollback remediation will
Customers have saved as much as 40 hours per automatically reverse the system changes made
week by moving to McAfee Endpoint Security. and return a system to its previously healthy state.
This keeps the user and system productive while
Q: What capabilities of McAfee Endpoint Security
also saving a support call and a potential lengthy
replace VirusScan Enterprise, SiteAdvisor, and
remediation period if a system re-image would have
McAfee Host IPS?
been required.
A: Threat Prevention: Includes several new, advanced
malware scanning features to defend against Q: What is the Story Graph?
emerging and targeted attacks. It is a replacement A: The Story Graph is a data visualization tool
for VirusScan Enterprise. However, unlike VirusScan introduced with McAfee Endpoint Security version
Enterprise, it includes exploit prevention capabilities 10.7 that can be viewed with the management
similar to those found in McAfee Host IPS to mitigate console Threat Event area. It is designed to present
a broader set of endpoint threats, such as fileless threat events in an at-a-glance format with a tree
attacks, ransomware, and zero-day attacks. of events to allow administrators to easily see the

2 McAfee Endpoint Security

 CUSTOMER FAQ

lifecycle, connected actions, and severity of a threat. Q: Do the machine learning or Application
Using the Story Graph, event and process details can Containment technologies require an internet
be examined more rapidly and speed the time for connection?
an administrator to understand how a threat arrived A: Because McAfee® Global Threat Intelligence is
and make policy changes to prevent future threats leveraged to get the latest information on threat
faster. behaviors and the cloud aids in the decision process
when determining the intent of behaviors, an
Q: What does Application Containment do?
internet connection is recommended to help avoid
A: It protects endpoints from encounters with zero-
any false positive convictions and to combat the
day threats that were not otherwise prevented or
newest emerging threats as they appear in real time
detected. By monitoring the behavior of applications
globally.
and stopping any malicious action during run-time,
damage is avoided. It is lightweight and doesn’t Q: How long does it take to migrate from VirusScan
require a cloud connection, so users are protected, Enterprise?
whether they are on or off the network. A: Customers have been able to migrate as many as
14,000 endpoints within a week by just spending
Q: How does the McAfee machine learning
a few hours a day on migration. Migration time
capability work?
will vary, depending on the total number of
A: We use machine learning behavior classification to endpoints and on your environment. If you have
detect zero-day threats in near real time. Threats are up-to-date versions of the McAfee agent, McAfee®
analyzed through comparison with and analysis of ePolicy Orchestrator® (McAfee ePO™) software,
established malware attributes. Analysis is further and VirusScan Enterprise, you’re ready to migrate
expanded through behavioral and memory analysis immediately. If out-of-date versions are in use,
techniques. Executables are unpacked to detect updates may be required first. We also have
sophisticated threats with obfuscated code variants migration software tools, best practice guides,
that can generally remain undetected by static training, and professional services available to help
detection methods alone. guide and simplify migrations as well.

3 McAfee Endpoint Security

 CUSTOMER FAQ

Q: You refer to McAfee Endpoint Security as a ■ Exploit prevention with enhanced exclusions, as
platform—what does that mean? well as support for general privilege escalation
A: Unlike legacy McAfee technologies, which were protection (GPE)
managed and deployed as point products, McAfee ■ Data execution protection (DEP)
Endpoint Security unites its capabilities on a common ■ Supervisor mode execution protection (SMEP)
architecture that uses a single agent. This provides
Customers will be able to operate McAfee Endpoint
higher performance and better protection, in
Security and McAfee Host IPS on the same machine,
addition to allowing components to work together
as co-existence is supported.
for stronger threat analysis and insights. Because
an integrated approach is used, McAfee Endpoint Q: Are Apple Macintosh and Linux systems
Security provides a platform to add integrated supported?
defenses now and in the future instead of introducing
A: Yes, both Mac OS and Linux are supported. Also,
more point products and management consoles.
both Microsoft Windows and Macintosh systems
Q: Does McAfee Endpoint Security offer full McAfee can be managed by the same policy configurations
Host Intrusion Prevention for Server (McAfee in McAfee ePO software and cross-OS Threat
Host IPS for Server) functionality? Prevention extensions exist to simplify management.

A: Yes, customers that use McAfee Host IPS currently Q: Is there an additional charge or cost?
with McAfee content or those that manage
A: Current McAfee Endpoint Suites customers are
signatures provided through McAfee updates will
entitled to McAfee Endpoint Security at no additional
find that McAfee Endpoint Security, version 10.7 will
cost. However, some features may require an
meet their needs. Version 10.7 offers most of the
additional purchase, depending on your current
McAfee Host IPS functionality customers require,
entitlement. Contact your sales representative
including:
or partner for more information and for help
■ Custom access protection rules (file/registry/ determining what best fits the requirements of your
process), including user-based inclusions/ environment.
exclusions

4 McAfee Endpoint Security

 CUSTOMER FAQ

Q: How do we migrate to McAfee Endpoint Q: How do we get access to McAfee Endpoint

Security? Security?
A: The Endpoint Upgrade Assistant (EUA) is the A: You simply log into McAfee ePO software, and
recommended path for migrating to McAfee McAfee Endpoint Security will be available within
Endpoint Security. It is a McAfee ePO software Software Manager. You can also use your grant
package specifically designed to remove VirusScan number to download the software package and
Enterprise and legacy products from managed install it via McAfee ePO software.
endpoints. The EUA will download the McAfee®
Agent and McAfee Endpoint Security from your Q: Where can I go to learn more about migrating to
McAfee ePO server and then automatically perform McAfee Endpoint Security?
an upgrade and install McAfee Endpoint Security. A: Additional materials can be found on this page, in
Your local VirusScan Enterprise and McAfee Host our expert center, and in our upgrade deployment
IPS product policies will also be migrated to McAfee guide.
Endpoint Security.
Alternatively, you can choose to perform your
migration manually. In a manual migration,
customers select the settings to migrate and,
optionally, edit them. Manual migration does not
retain assignments.
Help is also available from the McAfee® Professional
Services team for customers needing help with
deployments, including upgrade assessment, design,
pilot planning, and optimization.

6220 America Center Drive McAfee, the McAfee logo, VirusScan, SiteAdvisor, ePolicy Orchestrator, and McAfee ePO are trademarks or registered trademarks of McAfee, LLC
San Jose, CA 95002 888.847 or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. Copyright © 2020 McAfee,
8766 LLC. 4473_0920
SEPTEMBER 2020
www.mcafee.com

5 McAfee Endpoint Security