Reasons to Migrate to Endpoint Security

Showing results for 
Show  only  | Search instead for 
Did you mean: 


McAfee Endpoint Security 10 is an integrated solution that replaces several legacy endpoint products, including McAfee VirusScan Enterprise, McAfee Host IPS, and McAfee SiteAdvisor web filtering. If you're an existing customer with one of our Endpoint Security suites, McAfee Endpoint Security 10 is a free security upgrade. Simply log in to McAfee ePolicy Orchestrator (McAfee ePO) and access McAfee Endpoint Security in the Software Manager, or use your grant number to download the software package via the McAfee Downloads Page.

Table of Contents

Top Reasons to upgrade to McAfee Endpoint Security
Migration Paths
Endpoint Upgrade Assistant
Technical Resources
Why Migrate to McAfee Endpoint Security
Why Migrate

Easy Migration Paths

An excellent resource to help you get started with the migration is the Upgrade Planning Guide.

Here are some recommendations for when you're performing your upgrade.

Upgrade to the latest McAfee Agent (Currently 5.5)

Enable Peer to Peer file sharing to reduce bandwidth when deploying McAfee packages

Disable any Client Tasks that automatically reinstalls VSE, HIPS, or SAE

Required patch levels when using the Endpoint Upgrade Assistant

  • VirusScan: Patch 1-9
  • Host IPS: Patch 1-9
  • Site Advisor Enterprise: Patch 4 or Later

In many scenarios, it is recommended to start with a clean slate in terms of ENS policies. Legacy policies often gain unnecessary configurations that may impact performance.
By starting with clean policies, it can improve the performance of the endpoints.

  • Review the High Risk and Low Risk processes.

Microsoft Exclusions generally don't need to be migrated

  • McAfee Endpoint Security provides a new trust model
  • Microsoft and McAfee applications are automatically trusted out of the box and do not need exclusions
  • Check your permissions for your newly created policies

Even if you are planning to start with clean policies, you can still perform an Automatic Migration and have all of your existing policies available to you. If you do experience an issue, you can reapply the legacy policy or just review it and add the configuration to the new clean policy.

automatic-migration.jpg Automatic Migration

Automatic migration is a hands-off process and the Migration Assistant makes all decisions behind the scenes. Customers create new policies and client tasks automatically, based on current product settings, and assign them to groups and managed systems based on current assignments.


Recommended for:

  • Networks with fewer than 250 managed systems.
  • Customers who use default policy settings or a minimum number of custom policies.
  • Customers migrating the Host IPS Catalog.



  • Requires minimal user input.
  • Migrates all settings, including policies and client tasks, for each supported product at the same time.
  • Retains policy and client task assignments.
  • Migrates the Host IPS Catalog.


Automatic Migration Guide

manual migration   Manual Migration

Manual migration is a hands-on process that does not retain assignments. You make most of the migration decisions by selecting the objects to migrate and editing their settings, if needed.


Recommended for:

  • Networks with more than 250 managed systems.
  • Customers who use multiple custom policies.
  • Customers who want to fine-tune existing policy settings.
  • Customers who want to fine-tune assignments.
  • Customers who want personally supervise and approve each step of the migration process.



  • Allows you to select each policy and client task to migrate.
  • Allows you to edit the settings for each policy or client task to migrate.


Manual Migration Guide

  • Download and install McAfee Endpoint Security
    • Go to Menu > Software Manager
    • Search for Endpoint Security
    • Check in the McAfee Endpoint Security Bundle or individual components
  • Download and install McAfee Endpoint Upgrade Assistant
    • Go to Menu > Software Manager
    • Search for Endpoint Upgrade Assistant
    • Check in the Endpoint Upgrade Assistant Extension
Endpoint Upgrade Assistant


Using the McAfee Endpoint Upgrade Assistant is the easiest way to get your systems running Endpoint Security today. McAfee® Endpoint Upgrade Assistant is a McAfee® ePolicy Orchestrator® (McAfee® ePO) extension which simplifies and automates the tasks required to upgrade the McAfee products on your managed endpoint. EUA analyzes the endpoints in your McAfee ePO environment, detects the supported McAfee products that are installed, and determines the minimum requirements for upgrading to current versions of the products. For more information, please refer to Knowledge Base article KB88141 - Introduction to Endpoint Upgrade Assistant.





You can install the Endpoint Upgrade Assistant with the Software Manager or via the McAfee Download Site



Analyze the environment to identify which systems are ready for an update



The Endpoint Upgrade Assistant will show which systems are ready for an update



The Endpoint Upgrade Assistant can automatically safely upgrade systems within the environment ready for an update. It will perform the following procedure:

  1. Remove McAfee VirusScan Enterprise and McAfee Host Intrusion Prevention
  2. Upgrade McAfee Agent to a compatible version if necessary
  3. Upgrade McAfee Data Loss Prevention Endpoint if necessary
  4. Install McAfee Endpoint Security
  5. Report status of deployment to ePO


You can also create a automation client package that allows you to deploy McAfee Endpoint Security via another software deployment solution.


This table describes what happens when McAfee Endpoint Security is installed.



Legacy Product McAfee Endpoint Security Module Action
McAfee VirusScan Enterprise Threat Prevention VirusScan Enterprise will always be removed. If the Threat Prevention module is selected as part of the deployment task, it will be installed.
McAfee Host Intrusion Prevention Firewall Module Firewall If the Host IPS Firewall module is enabled, Endpoint Security Firewall will be inactive even if it is installed. Once the Host IPS Firewall module is disabled (e.g., via policy change), Endpoint Security Firewall will become active.
McAfee Host Intrusion Prevention IPS Module Threat Prevention If the Host Intrusion Prevention IPS module is enabled, the Threat Prevention Exploit Prevention functionality will be inactive, even if it is installed. Once the Host Intrusion Prevention IPS module is disabled (e.g., via policy change), the Threat Prevention Exploit Prevention functionality will become active.
McAfee SiteAdvisor Web Control SiteAdvisor will always be removed. The Web Control module will be installed if it is selected as part of the deployment task.
Technical Resources
Guides KnowledgeBase Communities


Additional Services

Our Professional Services team can provide the guidance and expertise to ensure a successful migration within more complex upgrade scenarios. Contact Professional Services to learn how to optimize your policies, start a pilot upgrade, assess your complete McAfee ePO environment and/or manage a full McAfee Endpoint Security 10 deployment.


Contact Professional Services

Stay Informed
Stay connected with McAfee for the latest content and updates. Sign up to receive communications

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community