1 2 Previous Next 13 Replies Latest reply on Mar 16, 2017 8:10 AM by ericb

    Endpoint 10.5

    AllanMellor

      Hello all,

       

      We have Endpoint Security 10.5 and I cant find the Adaptive Threat prevention option for installation. Currently we have the Firewall, web control and Threat Prevention installed, but I cant find the option to install the Adaptive Threat prevention package.

       

      Also do we need to install the DXL client, even though we don't have the TIE server.

       

      Many thanks

        • 1. Re: Endpoint 10.5
          PhilR
          1 of 1 people found this helpful
          • 2. Re: Endpoint 10.5
            bretzeli

            Hello,

             

            The FAQ you mentioned did NOT clarify hs question concerning the DLX Agent and Framework.

            • 3. Re: Endpoint 10.5
              sjdelvecchio

              The DXL client is an optional component. As for the Adaptive Threat Prevention module, you will only see it in your support portal for download if you have one of two Licenses CEE and the other escapes me. Contact your account manager and they should be able to tell you which ones.

              • 4. Re: Endpoint 10.5
                Troja

                Hello AllanMellor,

                Adaptive Threat Prevention is an optional Module für ENS. Therefore you need the following Downloads.

                 

                • McAfee Endpoint Security 10.5 -> includes the Software packages you wrote above
                • McAfee Endpoint Security Adaptive Threat Protection 10.5 -> optional Download section when you Login with your Grant Number
                • McAfee Data Exchange Layer 3.0 -> Includes the Downloads e.g. DXL Client and DXL Broker appliances.
                • McAfee Threat Intelligence Exchange 2.0 -> TIE Server

                 

                Adaptive Threatprevention includes the new Features Real Protect and Dynamic Application Containment. The only really complicated thing at the Moment ist how this Features are licensed.

                ENS10_with_Adaptive_Threat_Prevention.jpg

                 

                DXL is not schown in the ENS UI, it is shown in the McAfee Agent Tray Icon.

                 

                Are you using Threat Intelligence or do you want to use the Features without TIE??

                 

                Hope this helps,

                Cheers

                • 5. Re: Endpoint 10.5
                  wyrm

                  I am currently rolling out ENS 10.5 without TIE/DXL.  We needed to create ACL's in our firewalls to allow computers to connect to the GTI servers (wasn't playing well with our proxies).  If you're licensed for it, you will find it in the McAfee download site, after you enter your grant #:

                   

                  After ATP is installed, you can verify its connectivity via the About screen within ENS:

                  If it's not connecting you should allow the /25 addresses from KB84374.  Also, there are some FQDN addresses that need to be allowed as well, which Support can provide.

                  • 6. Re: Endpoint 10.5
                    bretzeli

                    Hello Thorsten,

                     

                    We did see the release Notes and manuals but one thing kept unlcear.

                     

                    On an eixsting TIE enviroment:

                     

                    OLD 10.2 > As Third Part we did deploy "Endpoint Security Threat Intellgence" > The TIE Modul

                    NEW 10.5 > As Third Part we HAVE to new deploy the "Endpoint Security Adaptive Threat Protection Module" > The ATP Modul

                     

                    The ATP Modul replaces the 10.2 TIE Modul?

                     

                    Thank you for any help.

                    Mike

                     

                    Client Task 10.2

                    Client Task 10.5

                     

                    1 of 1 people found this helpful
                    • 7. Re: Endpoint 10.5
                      wyrm

                      Correct: the ENS 10.5 ATP module replaces the ENS 10.2 TIE module.  It has been renamed.

                      • 8. Re: Endpoint 10.5
                        bretzeli

                        Thank you, ;-)

                         

                        Now with the NEW constellation:

                         

                        a) ENS 10.5

                        b) TIE Server running and most of the files aproved

                        c) DXL 3.X on clients

                        d) ATD Sandbox in place and working

                         

                        Does anybody know BEST PRACTICE on how to set the Policy for the ATP Options?

                         

                        > With the current setup and linked up things it should be possible to run it fully automated.

                        > If the ATD Sandbox rated a file as "TRUSTED" he should APROVE IT

                        > If the overall reputation stays at 50 thus unknown he should TRIGGER DYNAMIC Application containment (The bubble).

                         

                        Do i miss something. Mcafee missed to update Blogs, Whitepaper or posts a little bit in putting it all together for customer who has all things in place (Or we don't know the URL's)

                         

                        • 9. Re: Endpoint 10.5
                          Troja

                          Hello,

                          i´m not shure if there is only one option how to configure this. I think it depends on the level of security which is need.

                           

                          • In a high security level i may want to inspect any file one time with ATD. So every file with is might be trusted is inspected with ATD at least one time. I tested this and it results in a high load of ATD, because many files are inspected. On the other side, if have much more ATD information in TIE to classify files.
                          • In a "normal" environment i just want to inspect not any file, but only files they are might be malicious.

                           

                          This all changes if e.g. SIEM is in place where STIX/TAXII information is used.

                           

                          Cheers

                          1 2 Previous Next