Showing results for 
Search instead for 
Did you mean: 

Adaptive Threat Protection and Observe Mode?

Going through the documentation trying to confirm or deny the following.

When using the Adaptive Threat Protection in Observe mode so that it can learn and build product prevelance, is the system still protected by the standard On-Access Scanner using DAT files?  If it is, where is the informaiton located.  I have gone through the Help from the ePO console, reviewed the ENS documentation (Help, Prod Guide and Install Guide) but have not found this answer. 

Thank you.

2 Replies
McAfee Employee rcandiog
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Adaptive Threat Protection and Observe Mode?

The Threat Prevention On-Access Scan behavior is independent of Adaptive Threat Protection Observe mode.  If Adaptive Threat Protection is operating in Observe mode, the system remains protected when On-Access Scan is enabled.

Rob Candioglos
ENS Engineering

Re: Adaptive Threat Protection and Observe Mode?

Although not expressly stated I believe the answer to this question is as follows. 1. Threat protection (aka VSE and on-Access protection) is still valid and running. Hence the system(s) running the Adaptive threat Protection is protected. In the documentation ATP is referred to as an ** Optional component ** which in my mind means that it does not need to be enabled. 2. When Adaptive Threat Protection is in Observe mode, that portion of the ENS is not blocking. Much like in SolidCore products. However as the On-Access Scanner is running and using the DAT files the system(s) in question are protected in the same manner as if VSE would be. 3. When in Observe Mode Heuristic scanning is not protecting the target devices. If I am missing something, or not fully under standing the product please feel free to reach out and let me know.
McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.