Options page

Configure the settings that apply to the Threat Prevention feature, including quarantine, potentially unwanted programs, and exclusions.

See the settings in the Common module for logging configuration.

Table 1: Option definitions
Section Option Definition
Quarantine Manager Quarantine folder (Windows & Linux only) Specifies the location for the quarantine folder or accepts the default location:

Windows — <SYSTEM_DRIVE>\Quarantine

Linux — /quarantine

  • System Drive
  • System Root
  • System Folder
  • Temp Folder
  • Program Files Folder
  • Program Files Common Folder
  • Software Installed Folder

The quarantine folder is limited to 190 characters.

Specify the maximum number of days to keep quarantine data (Windows only) Specifies the number of days (1–999) to keep the quarantined items before automatically deleting. The default is 30 days.
Exclusion by Detection Name (Windows only) Detection Name Specifies detection exclusions by detection name.

For example, to specify that the on-access scanner and on-demand scanner not detect Installation Check threats, enter Installation Check.

+ — Adds a detection name to the exclusion list. Click +, then enter the detection name.

- — Removes a detection name from the exclusion list. Click - to the right of the name to delete it.

Overwrite exclusions configured on the client (Windows & Linux only) Excludes only items specified in this scan policy.

Deselect this option to enable the client computer to use both the exclusions specified here and the exclusions that are specified locally on the client.

Potentially Unwanted Program Detections (Windows only) Exclude custom unwanted programs Specifies individual files or programs to treat as potentially unwanted programs.
Note: The scanners detect the programs you specify as well as programs specified in the AMCore content files.

The scanner doesn't detect a zero-byte sized user-defined unwanted program.

  • Add — Defines a custom unwanted program.

    Click Add, enter the file name and description in the dialog, and click OK.

    • File name — Specifies the file name of the potentially unwanted program.
    • Description — Specifies the information to display as the detection name when a detection occurs.
  • Edit — Edits the File name or Description of a selected potentially unwanted program in the list.
  • Delete — Removes a potentially unwanted program from the list.

    Select the program in the table, then click Delete.

  • Clear All — Removes all potentially unwanted programs from the list.
Table 2: Advanced options
Section Option Definition
Proactive Data Analysis (Windows only) Sends anonymous diagnostic and usage data to McAfee.
McAfee GTI feedback Enables McAfee GTI-based telemetry feedback to collect anonymized data on files and processes executing on the client system.
Safety Pulse Performs a health check on the client system before and after AMCore content file updates, and at regular intervals, and sends results to McAfee.

The results are encrypted and sent to McAfee using SSL. McAfee then aggregates and analyzes the data from these reports to identify anomalies that might indicate potential content-related issues. Prompt identification of such issues is critical to providing timely containment and remediation.

Note: This setting has no effect if McAfee GTI feedback is disabled.

Safety pulse collects the following types of data:

  • Operating system version and locale
  • McAfee product version
  • AMCore content and engine version
  • McAfee and Microsoft running process information
AMCore Content Reputation Performs a McAfee GTI lookup to request the reputation of an AMCore content file before updating the client system.

If the AMCore content file is classified as "block", Endpoint Security doesn't update AMCore content on the client system.