cancel
Showing results for 
Search instead for 
Did you mean: 

Manual download of Endpoint Security Exploit Prevention Content

Jump to solution

Hi,

I am sure I am missing something here, but how would I go about downloading ENS Exploit Prevention Content manually and checking it in to ePO?  I have done this for Host IPS before, but cant seem to find the steps for ENS?

Cheers,

1 Solution

Accepted Solutions
McAfee Employee tzemva
McAfee Employee
Report Inappropriate Content
Message 7 of 9

Re: Manual download of Endpoint Security Exploit Prevention Content

Jump to solution

Hi @dmease27

This KB Article will help you:

How to manually update the Endpoint Security Exploit Prevention content from the McAfee CommonUpdater site
Technical Articles ID: KB89050

8 Replies

Re: Manual download of Endpoint Security Exploit Prevention Content

Jump to solution

In the way I do it you will need addtional ePO server (ePO-2) connected to Internet.

On ePO-2

1. Download the package with regular update task.

2. Repliacate the Master Repository to local folder distributed repository

On isolated ePO server (ePO-1)

1. Define local folder as update source and import repository keys from ePO-2

2. Copy repository content from local folder of ePO-2 to local folder of eP0-1

3. Run Repository update task on ePO-2

Re: Manual download of Endpoint Security Exploit Prevention Content

Jump to solution

Be advised, what WAS Exploit Prevention is NOW included in ENS Threat Prevention

So the content is in the AMCore file.

ePO provides an easy way to manually update the AMCore dats. I think I save you BOTH some trouble.

You get your Type 3 (ENS Dats) Here; Make sure it's the ePO one, not the exe.

https://www.mcafee.com/enterprise/en-us/downloads/security-updates.html

Download it to your desktop

Launch the ePO web console

Go to Menu Software  Master Repository.

Select the Check In Package button, choose Product or Update.

Browse for the type 3 dat zip file you just downloaded.

Then, It's just like installing anything else in the Master Repository, you don't even have to RDP.

Re: Manual download of Endpoint Security Exploit Prevention Content

Jump to solution

Hi,

Just to confirm, as I am having issues with my lab at present, there are two entries in the Master Repository for content when using ENS:

AMCore

Exploit Prevention Content

 

Are you saying that the latter is now included in the AMCore update?  It is not what I have seen in the past, but will certainly look to lab it when I get my systems back up and running.

Cheers,

Re: Manual download of Endpoint Security Exploit Prevention Content

Jump to solution

Yes, Since the Exploit Prevention policy, is no longer separate from the AntiMalware blade. We find Exploit prevention directly under The Endpoint Security Threat Prevention blade of ENS.

ENS has 3  included blades,

1) Threat Prevention, Which includes , Exploit Prevention, Access Protection, and Scanning parameters

2) ENS Firewall

3) WebControl, which use to be Site Adviser.

These three are all included in an ENS license , Additional "blades" can be purchased like Advanced Thread Defense (ATD)

Re: Manual download of Endpoint Security Exploit Prevention Content

Jump to solution

Hi,

I have just tested this on lab hosts, and it does appear that the exploit prevention content is indeed not contained in the V3 DAT updates (test result details below).  This returns me to my original question, is it not possible to manually download exploit prevention content update for use with ePO servers with no Internet connection (as it was with the HIPS product), and is the only path for this to have *another* ePO server connected to the Internet?

many thanks,

 

Test details:

 

Initial Master Repository States:

Server 01: AMCore Content Package - 3486.0, DAT - 9035.0000, Endpoint Security Exploit Prevention Content - 10.6.0.8623

Server 02: AMCore Content Package - 3486.0, DAT - 9035.0000, Endpoint Security Exploit Prevention Content - 10.6.0.8623

 

Test steps:

Server 01 connected to Internet, and source site pull completed (Update Master Repository server task)

V3 DAT security update downloaded from https://www.mcafee.com/enterprise/en-us/downloads/security-updates.html (V3 virus definition DAT, DAT package for use with McAfee ePO, version 3500.0 @ 225MB), and package checked in to Server 02:

 

Final Master Repository States:

Server 01: AMCore Content Package - 3500.0, DAT - 9049.0000, Endpoint Security Exploit Prevention Content - 10.6.0.8701

Server 02: AMCore Content Package - 3500.0, DAT - 9035.0000, Endpoint Security Exploit Prevention Content - 10.6.0.8623

 

Summary:

DAT was not updated with manual package (expected, as DATs are V2, which are separate package).  Exploit Prevention Content was not updated with manual package, highlighting that this content is not contained in the security updates from the link noted in the post above.

 

McAfee Employee tzemva
McAfee Employee
Report Inappropriate Content
Message 7 of 9

Re: Manual download of Endpoint Security Exploit Prevention Content

Jump to solution

Hi @dmease27

This KB Article will help you:

How to manually update the Endpoint Security Exploit Prevention content from the McAfee CommonUpdater site
Technical Articles ID: KB89050

Highlighted

Re: Manual download of Endpoint Security Exploit Prevention Content

Jump to solution

Hi tzemva, that is fantastic, thank you!

Has this only recently been arranged, or has it been the case for a while?  I can remember searching last year, and did not come across this article.

McAfee Employee tzemva
McAfee Employee
Report Inappropriate Content
Message 9 of 9

Re: Manual download of Endpoint Security Exploit Prevention Content

Jump to solution

Hi @dmease27

Article was published in July this year 🙂

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community