cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 8

Question about ATP bundle with ENS 10.7 April Update

Jump to solution

Just downloaded the ENS 10.7 April Update and noticed that it know comes bundled with ATP. When we distribute the standalone version, we package it with a command line script for it to only install the Threat Prevention component.

In ePO, I noticed that there is a bundle in the software manager. If we install the bundle will it then also install ATP, which we are not wanting. I understand that ATP is not free and also requires a TIE server. Since we don't need ATP is better for us to just manually install the packages & extensions minus the ATP components?

Why is McAfee bundle this ATP product to customers like us who are not licensed for it?

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 8

Re: Question about ATP bundle with ENS 10.7 April Update

Jump to solution

Yes of course. Testing it is a very wise decision as it can require some tuning. In ePO it is listed as a separate module as all others i.e. TP, FW, WC

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

7 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

Re: Question about ATP bundle with ENS 10.7 April Update

Jump to solution

You don't need a TIE server for ATP, and I believe the point is that ATP is now included with your license (could be wrong, but I think this is correct).  I would definitely recommend you utilize ATP, as  you're going to get added machine learning and behavioral detections you otherwise wouldn't have.  It is a massive security lift over just using Threat Prevention.

Dave

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 8

Re: Question about ATP bundle with ENS 10.7 April Update

Jump to solution

Hi @twenden 

@Daveb3d is indeed correct. See https://kc.mcafee.com/corporate/index?page=content&id=KB92270

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 8

Re: Question about ATP bundle with ENS 10.7 April Update

Jump to solution

Thanks for your responses. I do have another question. Is it better to utilize a TIE server and if so does that need a separate license and cost?

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 8

Re: Question about ATP bundle with ENS 10.7 April Update

Jump to solution

Hi @twenden 

As far as I am aware, yes a TIE server would require a separate license. However yes, our advice would be to use a TIE server as it gives you visibility over all executable files in your environment and this means you can control the reputation of these files which ultimately allows you to react quicker to potential threats. 

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 8

Re: Question about ATP bundle with ENS 10.7 April Update

Jump to solution

ATP will take some serious testing which will take time in our environment and especially considering that we are all currently working from home. With ePO, can we deploy the April Update for ENS without ATP?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 8

Re: Question about ATP bundle with ENS 10.7 April Update

Jump to solution

Yes of course. Testing it is a very wise decision as it can require some tuning. In ePO it is listed as a separate module as all others i.e. TP, FW, WC

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 8 of 8

Re: Question about ATP bundle with ENS 10.7 April Update

Jump to solution

Fortunately, ATP works differently than TP, so it only deals with PE files and behaviors, thus the need for things like exclusions is reduced, but also, it already respects OAS exclusions (though I wish it didn't, frankly).  That makes testing and tuning very light.  

As far as a TIE server, yes, it is helpful, mustly if you are dealing with false positive detections, or if you need to squash malware quickly in your environment, but unless you using Dynamic Application Containment with containment set at Unknown, or are integrating with ATD and might have false positives, I wouldn't argue it is required by any stretch.  You can definitely move forward without it and I would suggest it.

Dave

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community