Configuring Threat Prevention Configure Threat Prevention settings to prevent threat access, keep your protection up to date, and scan for threats on client systems. Using policies in McAfee ePO Policies enable you to configure managed products and apply the configuration to systems in your network, all from the McAfee ePO console. Configuring exclusionsThreat Prevention enables you to fine-tune your protection by specifying items to exclude. Protecting your system access points The first line of defense against malware is to protect client system access points from threat access. Access Protection prevents unwanted changes to managed computers by restricting access to specified files, shares, and registry keys, registry values, processes, and services. Blocking buffer overflow exploits Exploit Prevention stops exploited buffer overflows from executing arbitrary code. This feature monitors user-mode API calls and recognizes when they are called as a result of a buffer overflow. Detecting potentially unwanted programsTo protect the managed computer from potentially unwanted programs, specify files and programs to detect in your environment, then enable detection. Scanning for threats on client computers Scanning files for threats when the user accesses them provides protection against intrusions when they occur. Periodically scanning areas of your system most susceptible to infection ensures complete protection.