Thanks for your question. VirusScan as a product has been in the McAfee portfolio for many years. What has been missing is the compliment of products that create a more solidified and protected approach. With that said comes the new edition and will probably replace VirusScan as we know it, at some point. Endpoint Protection 10.1 for the enterprise combines the potential of AV, Host Intrusion Prevention and SiteAdvisor. Of course that would be virus protection, day zero protection and web protection. These important vectors when combined make for, admittedly, a nice solution.
Perhaps others would like to add anything that I didn't mention.
Hope that helps,
as ja2013 explained Endpoint 10 is a mix of VSE, HIPS (Firewall Only) and Siteadvisor. They also implemented some new detection techniques with are actually not implemented in VSE/HIPS. The web control part uses some IPS Features from the actual HIPS product, but the whole IPS part is missing at the Moment.
We tested many things with endpoint 10 and we noticed some Troubles. Therefore we are testing with customers, but we have not started a bigger rollout at a customer. WE notices some Troubles with Access protection, self protection and more.....
BUT, Endpoint 10 is the Long term strategy from McAfee. The Goal is to build one endpoint where other products (e.g. Application Control, Threat Intelligence Exhchange) are plugins for Endpoint 10 and not an additional extra product to be installed. :-)
Threat Intelligence Exchange is such a Plugin at the Moment.
Endpoint 10.2 (Upcoming Version) will have Real Protect directly included in the product. This is a new behavior based detection technique.
Real Protect Details and actual Standalone Version, see Details here: Real Protect (BETA) | McAfee Free Tools.
So, from my Point of Information or experience: Try Endpoint 10, if it is fine for you, just use it. If you are planning a rollout for thousands of endpoints please test in detail.
I will do the technical lessions in the McAfee Partner Portal next time, hope there will be more interesting Infos regarding the difference between VSE/HIPS and Endpoint 10.
Hope this helps,
Thanks for the info Ja2013 and Troja. Thats what I had suspected but wasn't entirely clear.
So there really is no reason to have both VSE and Endpoint installed on the same host. It's really one or the other with endpoint enabling the ability to provide a suite of products (should we choose to use them) where as VSE is standalone virus scanning.
ENS 10 should not be installed at the same time with HIPS and VSE. You have to choose your product strategy.
I would also add that ENS 10 comes with some changes to the policies and rules for ePO. You will need to be on the latest Agent I believe 4.6 as well. You should watch the videos of ENS 10 on YouTube as it will require some effort for the conversion to ENS 10. We are currently at the preparation stage and will be meeting to go through our rules and policies on ePO to see what we need to remove. There is no end date for VirsuScan at this time but be prepared because converting at the last minute is not a good option.
There are also nice features to ENS 10 such as the scanning has changed. The file that is installed on the devices has been decreased in size so it not as labor intensive. I like the scanning feature of not scanning while the device is in use. that will please many in our organization as they come to near halt in performace. Not all of us, mostly management who are the worst ones to have it happen too.
Here is some info: http://www.mcafee.com/us/resources/misc/ms-endpoint-security-10-works.pdf