My understanding is that to a bare minmum, we need VSE, DLP and Whitelisting.
Those products do different things. Your "need" depends on what you want to do.
- VSE (VirusScan Enterprise) is the antivirus/antimalware engine.
- DLP (Data Loss Prevention) helps to protect sensitive information in documents from being transmitted to and/or stored in places it shouldn't be.
- HIPS (Host Intrusion Prevention System) is a endpoint firewall and network traffic blocking product.
- The others perform other functions
If you go to the downloads section of the McAfee support site and enter your grant number, you'll get access to all the downloads for what you're entitled to, including documentation. The product guides, installation guides, and deployment guides answer a lot of questions.
Personally, I'm currently deploying the full Endpoint Security suite, which is pretty much the new version of VSE and HIPS and then some. I'm just starting testing of DLP (Endpoint and Network), and will be looking at possibly HIPS and/or Endpoint Encryption after that. No reason that they shouldn't play nicely together that I know of or can see so far.
I need specific guidelines from McAfee experts, on Application Change Control, Integrity Control, HIPS assuming I am already using VSE, Solidcore whitelisting and the systems are not connectd to the Internet.
What are the decision making facotors in deploying/selectiong Application Change Control, Integrity Control & HIPS?
Designing Policies and creating schedule tasks is always depends on Org standards / requirements.
Coming to your question: all these products can be on same system. are your referring client system? Yes, you can install all products on one endpoint. Recently deployed all these products on desktops which are not connected to internet.