The FAQ you mentioned did NOT clarify hs question concerning the DLX Agent and Framework.
The DXL client is an optional component. As for the Adaptive Threat Prevention module, you will only see it in your support portal for download if you have one of two Licenses CEE and the other escapes me. Contact your account manager and they should be able to tell you which ones.
Adaptive Threat Prevention is an optional Module für ENS. Therefore you need the following Downloads.
- McAfee Endpoint Security 10.5 -> includes the Software packages you wrote above
- McAfee Endpoint Security Adaptive Threat Protection 10.5 -> optional Download section when you Login with your Grant Number
- McAfee Data Exchange Layer 3.0 -> Includes the Downloads e.g. DXL Client and DXL Broker appliances.
- McAfee Threat Intelligence Exchange 2.0 -> TIE Server
Adaptive Threatprevention includes the new Features Real Protect and Dynamic Application Containment. The only really complicated thing at the Moment ist how this Features are licensed.
DXL is not schown in the ENS UI, it is shown in the McAfee Agent Tray Icon.
Are you using Threat Intelligence or do you want to use the Features without TIE??
Hope this helps,
I am currently rolling out ENS 10.5 without TIE/DXL. We needed to create ACL's in our firewalls to allow computers to connect to the GTI servers (wasn't playing well with our proxies). If you're licensed for it, you will find it in the McAfee download site, after you enter your grant #:
After ATP is installed, you can verify its connectivity via the About screen within ENS:
If it's not connecting you should allow the /25 addresses from KB84374. Also, there are some FQDN addresses that need to be allowed as well, which Support can provide.
1 of 1 people found this helpful
We did see the release Notes and manuals but one thing kept unlcear.
On an eixsting TIE enviroment:
OLD 10.2 > As Third Part we did deploy "Endpoint Security Threat Intellgence" > The TIE Modul
NEW 10.5 > As Third Part we HAVE to new deploy the "Endpoint Security Adaptive Threat Protection Module" > The ATP Modul
The ATP Modul replaces the 10.2 TIE Modul?
Thank you for any help.
Client Task 10.2
Client Task 10.5
Correct: the ENS 10.5 ATP module replaces the ENS 10.2 TIE module. It has been renamed.
Thank you, ;-)
Now with the NEW constellation:
a) ENS 10.5
b) TIE Server running and most of the files aproved
c) DXL 3.X on clients
d) ATD Sandbox in place and working
Does anybody know BEST PRACTICE on how to set the Policy for the ATP Options?
> With the current setup and linked up things it should be possible to run it fully automated.
> If the ATD Sandbox rated a file as "TRUSTED" he should APROVE IT
> If the overall reputation stays at 50 thus unknown he should TRIGGER DYNAMIC Application containment (The bubble).
Do i miss something. Mcafee missed to update Blogs, Whitepaper or posts a little bit in putting it all together for customer who has all things in place (Or we don't know the URL's)
i´m not shure if there is only one option how to configure this. I think it depends on the level of security which is need.
- In a high security level i may want to inspect any file one time with ATD. So every file with is might be trusted is inspected with ATD at least one time. I tested this and it results in a high load of ATD, because many files are inspected. On the other side, if have much more ATD information in TIE to classify files.
- In a "normal" environment i just want to inspect not any file, but only files they are might be malicious.
This all changes if e.g. SIEM is in place where STIX/TAXII information is used.