Options page Configure settings for Endpoint Security Client interface, Self Protection, activity and debug logging, and proxy server. Table 1: Option definitions Section Option Definition Client Interface Mode Full access Allows access to all features. (Default) Standard access (Windows & Mac only) Displays protection status and allows access to most features, such as running updates and scans. Standard access mode requires a password to view and change settings on the Endpoint Security Client Settings page. Lock client interface (Windows & Mac only) Requires a password to access the Endpoint Security Client. Set Administrator password (Windows & Mac only) For Standard access and Lock client interface, specifies the Administrator password for accessing all features of the Endpoint Security Client interface. Password — Specifies the password. Confirm password — Confirms the password. Changing the Administrator password invalidates the time-based password. If you change the Administrator password, save the policy, then generate a new time-based password. Tip: Best practice: Change Administrator passwords regularly. Uninstallation (Windows & Mac only) Require password to uninstall the client Requires a password to uninstall Endpoint Security Client and specifies the password. The default password is mcafee. (Disabled by default) Password — Specifies the password. Confirm password — Confirms the password. Table 2: Advanced options Section Option Definition Time-Based Administrator Password (Windows only) Enable time-based password in client interface Enables the Endpoint Security Client to accept a time-based password, sets the expiration date and time, and generates a password. Entering the time-based password enables Full access to Endpoint Security Client. The interface remains unlocked until it is closed. Enable the time-based password for a limited set of systems to troubleshoot problems. Tip: Best practice: During a security incident, disable the time-based password. After a security incident, change the Administrator password and regenerate the time-based password. This option is available only when the Client Interface Mode is set to Standard access or Lock client interface. Changing the Administrator password invalidates the time-based password. If you change the Administrator password, save the policy, then generate a new time-based password. Tip: Best practice: Change Administrator passwords regularly. Expiration date Specifies the expiration date for the time-based password. Expiration time Specifies the expiration time for the time-based password. The default expiration time for the password is 11:59 p.m. on the specified date. The expiration time is relative to the McAfee ePO server. For example, if you set the expiration time to 1:00 p.m. PST, the password expires at 4:00 p.m. on client systems in the EST time zone. Generate New Password Generates a new time-based Administrator password, if one is not currently in effect, and displays the expiration date. If a time-based password is in effect, this button toggles to View Password. View Password If a time-based password is in effect on the client system, click View Password to display the password. If a time-based password is not in effect (not set or expired), this button toggles to Generate New Password. Client Interface Language (Windows only) Automatic Automatically selects the language to use for Endpoint Security Client interface text based on the language on the client system. Language Specifies the language to use for Endpoint Security Client interface text. When you change the language from McAfee ePO, the language change is applied to the Endpoint Security Client on the first policy enforcement. For managed systems, language changes made from the Endpoint Security Client override policy changes from the management server. The language change is applied after the Endpoint Security Client restarts. The client language doesn't affect the log files. Log files always appear in the language specified by the default system locale. Self Protection Enable Self Protection (Windows & Mac only) Protects Endpoint Security system resources from malicious activity. Action (Windows & Mac only) Specifies the action to take when malicious activity occurs: Block and report — Blocks activity and reports to McAfee ePO. (Default) Block only — Blocks activity but doesn't report to McAfee ePO. Report only — Reports to McAfee ePO but doesn't block activity. Files and folders (Windows & Mac only) Prevents changing or deleting McAfee system files and folders. Registry (Windows only) Prevents changing or deleting McAfee registry keys and values. Processes (Windows only) Prevents stopping McAfee processes. Exclude these processes (Windows only) Allows access for the specified processes. Wildcards are supported. + Adds a process to the exclusion list. Click +, then enter the exact resource name, such as avtask.exe. - Deletes the selected item. Select the resource, then click -. Certificates (Windows only) Specifies certificate options. Allow Allows a vendor to run code in McAfee processes. CAUTION: This setting might result in compatibility issues and reduced security. Vendor Specifies the Common Name (CN) of the authority that signed and issued the certificate. Subject Specifies the Signer Distinguished Name (SDN) that defines the entity associated with the certificate. This information can include: CN — Common Name OU — Organization Unit O — Organization L — Locality ST — State or province C — Country Code Hash Specifies the hash of the associated public key. Client Logging (Windows only) Log files location Specifies the location for the log files. The default location is: <SYSTEM_DRIVE>:\ProgramData\McAfee\Endpoint\Logs This location depends on the operating system. Enter or select a location from the drop-down list: System Drive System Root System Directory Temp Directory Program Files Directory Program Files Common Directory Software Installed Directory Activity Logging (Windows & Linux only) Enable activity logging Enables logging of all Endpoint Security activity. Limit size (MB) of each of the activity log files Limits each activity log file to the specified maximum size (between 1 MB and 999 MB). The default is 10 MB. Windows — If the log file exceeds this size, new data replaces the oldest 25 percent of the entries in the file. Linux — If the log file exceeds this size, the current file is backed up and a new file is created. The last five versions of the log files are available. To allow log files to grow to any size, disable this option. Debug Logging Enabling debug logging for any module also enables debug logging for the Common module features, such as Self Protection. Tip: Best practice: Enable debug logging for at least the first 24 hours during testing and pilot phases. If no issues occur during this time, disable debug logging to avoid performance impact on client systems. Enable for Threat Prevention (Windows & Mac only) Enables verbose logging of activity for Threat Prevention and individual technologies: Enable for Access Protection — Logs to AccessProtection_Debug.log. (Windows only) Enable for Exploit Prevention — Logs to ExploitPrevention_Debug.log. (Windows only) Enable for On-Access Scan — Logs to OnAccessScan_Debug.log. (Windows only) Enable for On-Demand Scan — Logs to OnDemandScan_Debug.log. (Windows only) Enabling debug logging for any Threat Prevention technology also enables debug logging for the Endpoint Security Client. Enable for Firewall (Windows & Mac only) Enables verbose logging of activity for Firewall. Enable for Web Control (Windows & Mac only) Enables verbose logging of activity for Web Control. Enable for Adaptive Threat Protection (Windows only) Enables verbose logging of activity for Adaptive Threat Protection. Limit size (MB) of each of the debug log files (Windows only) Limits each debug log file to the specified maximum size (between 1 MB and 999 MB). The default is 50 MB. If the log file exceeds this size, new data replaces the oldest 25 percent of the entries in the file. To allow log files to grow to any size, disable this option. Event Logging Send events to McAfee ePO (Windows & Linux only) Sends all events logged to the Event Log on the Endpoint Security Client to McAfee ePO. Log events to Windows Application log or Linux syslog (Windows & Linux only) Sends all events logged to the Event Log on the Endpoint Security Client to the Windows Application log (on Windows clients) or syslog (on Linux clients). The Windows Application log is accessible from the Windows Event Viewer → Windows Logs → Application. The location of syslog is configurable on Linux systems. Severity levels (Windows only) Specifies the severity level of events to log to the Event Log on the Endpoint Security Client: None — Sends no alerts Alert only — Sends alert level 1 only. Critical and Alert — Sends alert levels 1 and 2. Warning, Critical, and Alert — Sends alert levels 1–3. All except Informational — Sends alert levels 1–4. All — Sends alert levels 1–5. 1 — Alert 2 — Critical 3 — Warning 4 — Notice 5 — Informational Threat Prevention events to log (Windows only) Specifies the severity level of events for each Threat Prevention feature to log: Access Protection — Logs to AccessProtection_Activity.log. (Windows only) Enabling event logging for Access Protection also enables event logging for Self Protection. Exploit Prevention — Logs to ExploitPrevention_Activity.log. (Windows only) On-Access Scan — Logs to OnAccessScan_Activity.log. (Windows only) On-Demand Scan — Logs to OnDemandScan_Activity.log. (Windows only) Firewall events to log (Windows only) Specifies the severity level of Firewall events to log. Web Control events to log (Windows only) Specifies the severity level of Web Control events to log. Adaptive Threat Protection events to log (Windows only) Specifies the severity level of Adaptive Threat Protection events to log. Proxy Server for McAfee GTI (Windows only) No proxy server Specifies that the managed systems retrieve McAfee GTI reputation information directly over the Internet, not through a proxy server. (Default) Use system proxy settings Specifies the use of the proxy settings from the client system, and optionally enables HTTP proxy authentication. Configure proxy server Customizes proxy settings. Address — Specifies the IP address or fully qualified domain name of the HTTP proxy server. Port — Limits access through the specified port. Exclude these addresses — Don't use the HTTP proxy server for websites or IP addresses that begin with the specified entries. Enter the comma-separated addresses. Tip: Best practice: Exclude the McAfee GTI addresses from the proxy server. For information, see KB79640 and KB84374. Enable HTTP proxy authentication Specifies that the HTTP proxy server requires authentication. (This option is available only when you select an HTTP proxy server.) Enter HTTP proxy credentials: User name — Specifies the user account with permissions to access the HTTP proxy server. Password — Specifies the password for User name. Confirm password — Confirms the specified password. Default Client Update Enable the Update Now button in the client (Windows only) Displays or hides the Update Now button on the main page of the Endpoint Security Client. Click this button to manually check for and download updates to content files and software components on the client system. Enable Default Client Update task schedule (Windows & Mac only) Enables the schedule for the Default Client Update task on the Endpoint Security Client. (Enabled by default) By default, the Default Client Update task runs every day at 1:00 a.m. and repeats every four hours until 11:59 p.m. On Macintosh, the Default Client Update task runs every day at 4:45 PM. What to update (Windows only) Specifies what to update when the Update Now button is clicked. Security content, hotfixes, and patches — Updates all security content (including engine and AMCore and Exploit Prevention content), as well as any hotfixes and patches, to the latest versions. Security content — Updates security content only. (Default) Hotfixes and patches — Updates hotfixes and patches only. Managed Tasks (Windows & Linux only) Display managed custom tasks Specifies that custom client tasks defined in the McAfee ePO Client Task Catalog appear in the Endpoint Security Client as Admin-defined tasks in the table under Settings → Common → Tasks.
Options page Configure settings for Endpoint Security Client interface, Self Protection, activity and debug logging, and proxy server. Table 1: Option definitions Section Option Definition Client Interface Mode Full access Allows access to all features. (Default) Standard access (Windows & Mac only) Displays protection status and allows access to most features, such as running updates and scans. Standard access mode requires a password to view and change settings on the Endpoint Security Client Settings page. Lock client interface (Windows & Mac only) Requires a password to access the Endpoint Security Client. Set Administrator password (Windows & Mac only) For Standard access and Lock client interface, specifies the Administrator password for accessing all features of the Endpoint Security Client interface. Password — Specifies the password. Confirm password — Confirms the password. Changing the Administrator password invalidates the time-based password. If you change the Administrator password, save the policy, then generate a new time-based password. Tip: Best practice: Change Administrator passwords regularly. Uninstallation (Windows & Mac only) Require password to uninstall the client Requires a password to uninstall Endpoint Security Client and specifies the password. The default password is mcafee. (Disabled by default) Password — Specifies the password. Confirm password — Confirms the password. Table 2: Advanced options Section Option Definition Time-Based Administrator Password (Windows only) Enable time-based password in client interface Enables the Endpoint Security Client to accept a time-based password, sets the expiration date and time, and generates a password. Entering the time-based password enables Full access to Endpoint Security Client. The interface remains unlocked until it is closed. Enable the time-based password for a limited set of systems to troubleshoot problems. Tip: Best practice: During a security incident, disable the time-based password. After a security incident, change the Administrator password and regenerate the time-based password. This option is available only when the Client Interface Mode is set to Standard access or Lock client interface. Changing the Administrator password invalidates the time-based password. If you change the Administrator password, save the policy, then generate a new time-based password. Tip: Best practice: Change Administrator passwords regularly. Expiration date Specifies the expiration date for the time-based password. Expiration time Specifies the expiration time for the time-based password. The default expiration time for the password is 11:59 p.m. on the specified date. The expiration time is relative to the McAfee ePO server. For example, if you set the expiration time to 1:00 p.m. PST, the password expires at 4:00 p.m. on client systems in the EST time zone. Generate New Password Generates a new time-based Administrator password, if one is not currently in effect, and displays the expiration date. If a time-based password is in effect, this button toggles to View Password. View Password If a time-based password is in effect on the client system, click View Password to display the password. If a time-based password is not in effect (not set or expired), this button toggles to Generate New Password. Client Interface Language (Windows only) Automatic Automatically selects the language to use for Endpoint Security Client interface text based on the language on the client system. Language Specifies the language to use for Endpoint Security Client interface text. When you change the language from McAfee ePO, the language change is applied to the Endpoint Security Client on the first policy enforcement. For managed systems, language changes made from the Endpoint Security Client override policy changes from the management server. The language change is applied after the Endpoint Security Client restarts. The client language doesn't affect the log files. Log files always appear in the language specified by the default system locale. Self Protection Enable Self Protection (Windows & Mac only) Protects Endpoint Security system resources from malicious activity. Action (Windows & Mac only) Specifies the action to take when malicious activity occurs: Block and report — Blocks activity and reports to McAfee ePO. (Default) Block only — Blocks activity but doesn't report to McAfee ePO. Report only — Reports to McAfee ePO but doesn't block activity. Files and folders (Windows & Mac only) Prevents changing or deleting McAfee system files and folders. Registry (Windows only) Prevents changing or deleting McAfee registry keys and values. Processes (Windows only) Prevents stopping McAfee processes. Exclude these processes (Windows only) Allows access for the specified processes. Wildcards are supported. + Adds a process to the exclusion list. Click +, then enter the exact resource name, such as avtask.exe. - Deletes the selected item. Select the resource, then click -. Certificates (Windows only) Specifies certificate options. Allow Allows a vendor to run code in McAfee processes. CAUTION: This setting might result in compatibility issues and reduced security. Vendor Specifies the Common Name (CN) of the authority that signed and issued the certificate. Subject Specifies the Signer Distinguished Name (SDN) that defines the entity associated with the certificate. This information can include: CN — Common Name OU — Organization Unit O — Organization L — Locality ST — State or province C — Country Code Hash Specifies the hash of the associated public key. Client Logging (Windows only) Log files location Specifies the location for the log files. The default location is: <SYSTEM_DRIVE>:\ProgramData\McAfee\Endpoint\Logs This location depends on the operating system. Enter or select a location from the drop-down list: System Drive System Root System Directory Temp Directory Program Files Directory Program Files Common Directory Software Installed Directory Activity Logging (Windows & Linux only) Enable activity logging Enables logging of all Endpoint Security activity. Limit size (MB) of each of the activity log files Limits each activity log file to the specified maximum size (between 1 MB and 999 MB). The default is 10 MB. Windows — If the log file exceeds this size, new data replaces the oldest 25 percent of the entries in the file. Linux — If the log file exceeds this size, the current file is backed up and a new file is created. The last five versions of the log files are available. To allow log files to grow to any size, disable this option. Debug Logging Enabling debug logging for any module also enables debug logging for the Common module features, such as Self Protection. Tip: Best practice: Enable debug logging for at least the first 24 hours during testing and pilot phases. If no issues occur during this time, disable debug logging to avoid performance impact on client systems. Enable for Threat Prevention (Windows & Mac only) Enables verbose logging of activity for Threat Prevention and individual technologies: Enable for Access Protection — Logs to AccessProtection_Debug.log. (Windows only) Enable for Exploit Prevention — Logs to ExploitPrevention_Debug.log. (Windows only) Enable for On-Access Scan — Logs to OnAccessScan_Debug.log. (Windows only) Enable for On-Demand Scan — Logs to OnDemandScan_Debug.log. (Windows only) Enabling debug logging for any Threat Prevention technology also enables debug logging for the Endpoint Security Client. Enable for Firewall (Windows & Mac only) Enables verbose logging of activity for Firewall. Enable for Web Control (Windows & Mac only) Enables verbose logging of activity for Web Control. Enable for Adaptive Threat Protection (Windows only) Enables verbose logging of activity for Adaptive Threat Protection. Limit size (MB) of each of the debug log files (Windows only) Limits each debug log file to the specified maximum size (between 1 MB and 999 MB). The default is 50 MB. If the log file exceeds this size, new data replaces the oldest 25 percent of the entries in the file. To allow log files to grow to any size, disable this option. Event Logging Send events to McAfee ePO (Windows & Linux only) Sends all events logged to the Event Log on the Endpoint Security Client to McAfee ePO. Log events to Windows Application log or Linux syslog (Windows & Linux only) Sends all events logged to the Event Log on the Endpoint Security Client to the Windows Application log (on Windows clients) or syslog (on Linux clients). The Windows Application log is accessible from the Windows Event Viewer → Windows Logs → Application. The location of syslog is configurable on Linux systems. Severity levels (Windows only) Specifies the severity level of events to log to the Event Log on the Endpoint Security Client: None — Sends no alerts Alert only — Sends alert level 1 only. Critical and Alert — Sends alert levels 1 and 2. Warning, Critical, and Alert — Sends alert levels 1–3. All except Informational — Sends alert levels 1–4. All — Sends alert levels 1–5. 1 — Alert 2 — Critical 3 — Warning 4 — Notice 5 — Informational Threat Prevention events to log (Windows only) Specifies the severity level of events for each Threat Prevention feature to log: Access Protection — Logs to AccessProtection_Activity.log. (Windows only) Enabling event logging for Access Protection also enables event logging for Self Protection. Exploit Prevention — Logs to ExploitPrevention_Activity.log. (Windows only) On-Access Scan — Logs to OnAccessScan_Activity.log. (Windows only) On-Demand Scan — Logs to OnDemandScan_Activity.log. (Windows only) Firewall events to log (Windows only) Specifies the severity level of Firewall events to log. Web Control events to log (Windows only) Specifies the severity level of Web Control events to log. Adaptive Threat Protection events to log (Windows only) Specifies the severity level of Adaptive Threat Protection events to log. Proxy Server for McAfee GTI (Windows only) No proxy server Specifies that the managed systems retrieve McAfee GTI reputation information directly over the Internet, not through a proxy server. (Default) Use system proxy settings Specifies the use of the proxy settings from the client system, and optionally enables HTTP proxy authentication. Configure proxy server Customizes proxy settings. Address — Specifies the IP address or fully qualified domain name of the HTTP proxy server. Port — Limits access through the specified port. Exclude these addresses — Don't use the HTTP proxy server for websites or IP addresses that begin with the specified entries. Enter the comma-separated addresses. Tip: Best practice: Exclude the McAfee GTI addresses from the proxy server. For information, see KB79640 and KB84374. Enable HTTP proxy authentication Specifies that the HTTP proxy server requires authentication. (This option is available only when you select an HTTP proxy server.) Enter HTTP proxy credentials: User name — Specifies the user account with permissions to access the HTTP proxy server. Password — Specifies the password for User name. Confirm password — Confirms the specified password. Default Client Update Enable the Update Now button in the client (Windows only) Displays or hides the Update Now button on the main page of the Endpoint Security Client. Click this button to manually check for and download updates to content files and software components on the client system. Enable Default Client Update task schedule (Windows & Mac only) Enables the schedule for the Default Client Update task on the Endpoint Security Client. (Enabled by default) By default, the Default Client Update task runs every day at 1:00 a.m. and repeats every four hours until 11:59 p.m. On Macintosh, the Default Client Update task runs every day at 4:45 PM. What to update (Windows only) Specifies what to update when the Update Now button is clicked. Security content, hotfixes, and patches — Updates all security content (including engine and AMCore and Exploit Prevention content), as well as any hotfixes and patches, to the latest versions. Security content — Updates security content only. (Default) Hotfixes and patches — Updates hotfixes and patches only. Managed Tasks (Windows & Linux only) Display managed custom tasks Specifies that custom client tasks defined in the McAfee ePO Client Task Catalog appear in the Endpoint Security Client as Admin-defined tasks in the table under Settings → Common → Tasks.