I am sure I am missing something here, but how would I go about downloading ENS Exploit Prevention Content manually and checking it in to ePO? I have done this for Host IPS before, but cant seem to find the steps for ENS?
Solved! Go to Solution.
In the way I do it you will need addtional ePO server (ePO-2) connected to Internet.
1. Download the package with regular update task.
2. Repliacate the Master Repository to local folder distributed repository
On isolated ePO server (ePO-1)
1. Define local folder as update source and import repository keys from ePO-2
2. Copy repository content from local folder of ePO-2 to local folder of eP0-1
3. Run Repository update task on ePO-2
Be advised, what WAS Exploit Prevention is NOW included in ENS Threat Prevention
So the content is in the AMCore file.
ePO provides an easy way to manually update the AMCore dats. I think I save you BOTH some trouble.
You get your Type 3 (ENS Dats) Here; Make sure it's the ePO one, not the exe.
Download it to your desktop
Launch the ePO web console
Go to Menu Software Master Repository.
Select the Check In Package button, choose Product or Update.
Browse for the type 3 dat zip file you just downloaded.
Then, It's just like installing anything else in the Master Repository, you don't even have to RDP.
Just to confirm, as I am having issues with my lab at present, there are two entries in the Master Repository for content when using ENS:
Exploit Prevention Content
Are you saying that the latter is now included in the AMCore update? It is not what I have seen in the past, but will certainly look to lab it when I get my systems back up and running.
Yes, Since the Exploit Prevention policy, is no longer separate from the AntiMalware blade. We find Exploit prevention directly under The Endpoint Security Threat Prevention blade of ENS.
ENS has 3 included blades,
1) Threat Prevention, Which includes , Exploit Prevention, Access Protection, and Scanning parameters
2) ENS Firewall
3) WebControl, which use to be Site Adviser.
These three are all included in an ENS license , Additional "blades" can be purchased like Advanced Thread Defense (ATD)
I have just tested this on lab hosts, and it does appear that the exploit prevention content is indeed not contained in the V3 DAT updates (test result details below). This returns me to my original question, is it not possible to manually download exploit prevention content update for use with ePO servers with no Internet connection (as it was with the HIPS product), and is the only path for this to have *another* ePO server connected to the Internet?
Initial Master Repository States:
Server 01: AMCore Content Package - 3486.0, DAT - 9035.0000, Endpoint Security Exploit Prevention Content - 10.6.0.8623
Server 02: AMCore Content Package - 3486.0, DAT - 9035.0000, Endpoint Security Exploit Prevention Content - 10.6.0.8623
Server 01 connected to Internet, and source site pull completed (Update Master Repository server task)
V3 DAT security update downloaded from https://www.mcafee.com/enterprise/en-us/downloads/security-updates.html (V3 virus definition DAT, DAT package for use with McAfee ePO, version 3500.0 @ 225MB), and package checked in to Server 02:
Final Master Repository States:
Server 01: AMCore Content Package - 3500.0, DAT - 9049.0000, Endpoint Security Exploit Prevention Content - 10.6.0.8701
Server 02: AMCore Content Package - 3500.0, DAT - 9035.0000, Endpoint Security Exploit Prevention Content - 10.6.0.8623
DAT was not updated with manual package (expected, as DATs are V2, which are separate package). Exploit Prevention Content was not updated with manual package, highlighting that this content is not contained in the security updates from the link noted in the post above.
Hi tzemva, that is fantastic, thank you!
Has this only recently been arranged, or has it been the case for a while? I can remember searching last year, and did not come across this article.