How the product works

Endpoint Security detects, resolves, and logs information about detected threats. Client software is installed on each managed system to perform these tasks.

  • For self-managed systems — A local system user installs the client software, customizes the features, and manages detections.
  • For managed systems — Typically, an administrator installs the client software, manages detections, and sets up security rules, called policies, that determine how product features work. Depending on the policies configured by the administrator, users might be able to customize some product features.

The role of the client software

The client software protects systems with regular upgrades, continuous monitoring, and detailed reporting.

  1. It silently monitors all file input and output, downloads, program executions, inbound and outbound communications, visits to websites, and other system‑related activities on managed systems, then:

    • Deletes or quarantines detected viruses.
    • Removes potentially unwanted programs, such as spyware or adware.
    • Blocks or warns of suspicious activity, depending on product settings.
    • Indicates unsafe websites with a color‑coded button or icon in the browser window or search results page. These indicators provide access to safety reports that detail site-specific threats.
    • Blocks or warns of unsafe websites, depending on product settings.
  2. It regularly connects to a local or remote McAfee ePO server or directly to a site on the Internet to check for:
    • Updates to content files, which contain information that Endpoint Security uses to detect threats. These files are updated as new threats are discovered to ensure that systems are always protected against the latest threats.
    • Upgrades to software components.

    If new versions are available, the client software downloads them.

  3. It logs security information for each managed system, including protection status and details about detections. Users can view this information in the client console on self-managed systems and on managed systems where policy settings are configured to allow it.
  4. (Managed systems only) It regularly communicates with a security management server to:
    • Send logged security information.
    • Receive new policy assignments.