Automatic Response setting are normally added to ePO when you check in the Extensions.
I notice from the Grant Download page there are at least four extensions that need to be installed for Endpoint Security 10.1.
COuld you provide a list of the extensions you have checked in for ENS and we could check you have them all.
Menu -> Software -> Extensions
Certified McAfee Product Specialist - ePO
McAfee Volunteer Moderator
Thanks for getting back with me. For ENS 10.1, we have the following extensions installed.
- Endpoint Migration Assistant
- Endpoint Security Firewall
- Endpoint Security for Mac License
- Endpoint Security Platform
- Endpoint Security Threat Prevention
- Endpoint Security Web Control
Which versions are you running, we should confirm you are running the lastest version before requesting information from the Product Team,
Hi Rich, below are the version we are running
- Endpoint Migration Assistant = 10.1.0.395
- Endpoint Security Firewall = 10.1.0.565
- Endpoint Security for Mac License = 10.1.0.101
- Endpoint Security Platform = 10.1.0.385
- Endpoint Security Threat Prevention = 10.1.0.563
- Endpoint Security Web Control = 10.1.0.375
Sorry for the delay in responding, I ended up on a week long training course with limited connectivity.
I have taken a look at the download page for ENS 10.1, and you are running all the current versions of the extensions.
I'll try and track down one of our contacts for feedback.
wwarren would you be able to comment?
The short answer will be that the capability doesn't exist for ENS' automatic responses.
But, it could.
For whatever reason those fields were not exposed.
I would suggest raising an escalation with our Support team, because the attention there could lead to a code change in a future patch (or update to the extensions if we decide to release them separately).
It's almost a coin toss between calling this a Product Enhancement or a Bug, but I'm in favor of the code change to make auto responses more useful.
I had this same issue as well. There are automatic responses that are sent to our SOC when there is a detection. Since there is no PER site available yet I called Intel Security and opened an SR and they were able to add it to their internal PER database.
This is fixed in ENS 10.2.
Check out the known issues.
This is the kb article that describes the bug.