cancel
Showing results for 
Search instead for 
Did you mean: 

ATD vs ATP

Hi All,

As I'm understanding ATP, it is the same as ATD because it also using DAC to store unknown malware to analyze with TIE and GTI. Do I still need ATD?

One more thing, does ENS will sent file to Mcafee Cloud [not hash file] to analyze?

4 Replies
Reliable Contributor jacek
Reliable Contributor
Report Inappropriate Content
Message 2 of 5

Re: ATD vs ATP

Please look on below threads:
https://community.mcafee.com/t5/Global-Threat-Intelligence/Difference-between-McAfee-ATP-and-ATD/td-...
https://community.mcafee.com/t5/Endpoint-Security-ENS/McAfee-ATD-and-ATP-Real-Protect-duplicate-func...

ENS is not able to send a file to a cloud by itself.  It could be integrated in the past with CTD (instead of ATD). But AFAIK CTD is end of life: https://kc.mcafee.com/corporate/index?page=content&id=KB90296

 

McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 3 of 5

Re: ATD vs ATP

Hi @SIMON168,

Thank you for your post.

ATD and ATP definitely have their own advantages and uses. I am  no expert with ATD, but with my basic understanding of ATD and knowledge of how ATP works, I can try and differentiate the 2 for you.

ATP works at the endpoint, it is a component of Endpoint Security. Hence, any DAC activities it does, is going to use up your endpoint PC's processing power. ATD however, is a solution that requires separate hardware and hence better performance and it can communicate with TIE providing reputation information much faster and at a more global scope when compared to endpoint level processing.

Most importantly, ATD can integrate with existing McAfee solutions (like TIE via ATP), third-party email gateways and other products supporting open standards. ATP on the other hand is only a host based solution.

I am not aware of any implementation of DAC rules in ATD though. In ATP, DAC is a rule based analysis that gets triggered based on the reputation of a file. Here is a quick look at DAC rules for you:

https://kc.mcafee.com/corporate/index?page=content&id=KB87843

Here is the workflow involving ATP in ENS:

https://docs.mcafee.com/bundle/endpoint-security-10.6.0-adaptive-threat-protection-client-product-gu...

I am sure ATD enhances the protection on top of ATP in a huge way owing to the actual sandboxing solution offered by ATD.

You can learn more about ATD on it's product guide below:

https://docs.mcafee.com/bundle/advanced-threat-defense-4.6.x-product-guide/page/GUID-21B474DF-8D65-4...

You can learn more about ENS ATP on it's product guide below:

https://docs.mcafee.com/bundle/endpoint-security-10.6.0-adaptive-threat-protection-client-product-gu...

I sincerely hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: ATD vs ATP

Hi @SIMON168,

To answer your second part of the question, I am afraid ENS does not send an entire file to our GTI (Global Threat Intelligence) for analysis as that would mean huge amount of traffic in your environment.

We send the file information in an obfuscated fashion as GTI queries weighing less that few hundred KBs that looks up for reputation related information.

With respect to Real protect Cloud-based Scanning (a part of ATP component), Cloud-based Real Protect collects and sends file attributes and behavioral information to the machine-learning system in the cloud for malware analysis.

Source: https://docs.mcafee.com/bundle/endpoint-security-10.6.0-adaptive-threat-protection-client-product-gu...

I sincerely hope this information is helpful.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
McAfee Employee AdithyanT
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: ATD vs ATP

Hi @SIMON168,

If you have any further question specific to ATP, you can always post in ENS (Endpoint Security Forum) here:

https://community.mcafee.com/t5/Endpoint-Security-ENS/bd-p/endpoint-security

This helps ENS ATP experts to look into your queries and assist you better with the same.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Want to Ask a Question?
Many members like to perform a search first in case other customers have already asked and answered a similar question. However, to ask a question, first select a forum then click on Post a Topic. You must sign in or log in with your existing credentials.

McAfee Service Portal customers please use your existing username and password to log into the community.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community