Showing results for 
Search instead for 
Did you mean: 

Dynamic Endpoint Security 6 - Configure Advanced Threat Defense

Dynamic Endpoint Security 6 - Configure Advanced Threat Defense



Before continuing with this section, please ensure you have met the following prerequisites:


Configuring Advance Threat Defense for TIE and DXL

Our final step in installing and configuring the Dynamic Endpoint will be integration of the McAfee Advanced Threat Defense (ATD) sandboxing solution.  This module assumes you have already performed initial installation of an ATD appliance on your network.If you need additional guidance on initial installation and configuration of McAfee ATD, please visit in the Intel Security Expert Center.


Once initial depoyment of ATD is complete:


  1. Start by logging into the ATD UI as an Administrator
    ATD Login.png
  2. Navigate to “Manage” and then sub menu on the left “ePO Login/DXL”
  3. Check the “Enable ePO Login” and enter the credentials for your ePO Server. Click “Test ePO Login” and once the test has completed successfully click “Submit
    ATD EPO MANAGE 2.png
  4. Now log into the ePO server. Navigate to the “System Tree”. The Agent check in will take a few minutes and ATD will typically be found under “Lost/Found”. 
    Note: System names for ATD will show up as ATD-1000 ATD-1500, ATD-3000, or ATD-6000
  5. Now Navigate back to the ATD UI. Navigate to “Manage” and then sub-menu on the left “ePO Login/DXL”. Click the check box to Enable DXL communication. Click “Test” and once the test has completed successfully click “Apply”. The DXL Client initialization and policy synchronization will take a few minutes. Once this has completed the “DXL Status” will change from red/Down to green/Up.
  6. As an optional step you can configure the “Publish Threat Events to ePO”. Select the drop down for all or Malicious (Medium to Very High). Click the check box to “Enable Threat Event Publisher” and click “Apply”. The status icon for Publisher. Threat Events will now show up on the ePO “Threat Events” dashboard.
  7. Navigate to Policy\Analyzer Profile and select Create new.
    ATD Analyzer Profile Edit 1.png
  8. Create a new Analyzer Profile based on the settings below.
    NEW PROFILE 2.png
  9. Assign the Analyzer Profile to the TIE User. Navigate to Manage\ATD Users. Select the "Threat Intelligence Exchange" user and click edit at the bottom.
    3-21-2016 4-21-29 PM.png

  10. Change the Password. (Ensure you follow the password policy). Update the "Default Analyzer Profile" to the Analyzer Profile you just created and click "Save"
    TIE Users.png


Configuring the TIE Server policies

  1. Log into ePO.
  2. In the ePO Console, go to Menu > Policy Catalog and click the drop down next to product to select “McAfee Threat Intelligence Exchange Server Management 1.2.1.” and select the policy “My Default”. Note this policy is being used for the purposes of documentation simplification.
    epo tie server.png
  3. Click the Advanced Threat Defense Tab. Enter the User Name and Password you configured earlier and click “Save”
    Tie Server Policy.png

Configuring the TIE Client’s policies for VSE 8.8

In your deployment, you will use either VirusScan 8.8 or ENS 10.x as the base.  If you are using VirusScan 8.8:


  1. Go to the Policy Catalog and click the drop down next to the product to select “Threat Intelligence Exchange module for VSE 1.2.1” and select “My Default”.
    TIE Endpoint Policy.png
  2. Set the following as seen in the screen shot below. Red arrows are required and the Blue arrows are optional. Click "Save" when completed.
    TIE Endpoint Policy Configuration edits.png
  3. Typically policy updates happen within a few minutes but, to speed up the testing. Got to System Tree and select all the endpoints in your test/POC including the TIE Server, and AT. Click Wake Up. Ensure you check the "Force complete policy and task update".
  4. Your configuration is complete. You can now start your testing.


Configuring the TIE Client policies for ENS 10.x

In your deployment, you will use either VirusScan 8.8 or ENS 10.x as the base.  If you are using ENS 10.x:

  1. In the ePO System Tree, open "Assigned Policies" and select "Endpoint Security Threat Intelligence".
    ENS 10 Policy.png
  2. Update the Policy as seen below and click Save.
    ENS Endpoint Policy edits.png
  3. Wake up agents and ensure you check "force complete policy and task update". This will push the policy changes you just made out and allow you to start testing.
    ens10 wakeup agent.png
  4. Your configuration is complete you can now start testing.


Validation and Trouble Shooting

Once ATD integration is complete, check for ATD in Managed System in EPO. Please note that this may take a few minutes to complete.


If ATD does not register with ePO:

  • Check the ePO credentials used in ATD, and ensure that ATD can properly authenticate.
  • Verify Network connectivity with a pings from ATD CLI to TIE Server and ePO, as well as the other directions.
  • Check ATD ePO/DXL login status

         Screen Shot 2016-03-30 at 11.29.21 AM.png

  • Verify TIE credentials are correct by logging into ATD using the TIE User credentials.




I don't have edit

Version history
Revision #:
2 of 2
Last update:
Updated by: