New features

The current release of the product includes these enhancements and changes.

Threat Prevention enhancements

This release adds Exploit Prevention support for Microsoft Edge.

This release adds a new page under Reporting called Exploit Prevention Events, where you can aggregate events and create exclusions.

When Exploit Prevention detects security violations, as defined by signatures, it triggers events and sends them to the McAfee ePO server. McAfee ePO displays these events on the Exploit Prevention Events page under Reporting.

On the Exploit Prevention Events page:

  • Use filters to reduce the list to only those events that meet the filter criteria.
  • Aggregate events to generate a list of events grouped by a specified criteria.
  • Create exclusions for events.

The Endpoint Security Threat Prevention Query permission set is now called Endpoint Security Threat Prevention Client, and includes the option View Exploit Prevention events.

This release adds the Execute Mimikatz malware Access Protection rule. Access Protection and Exploit Prevention rules work together to prevent Mimikatz malware.

Tip: Best practice: If you recognize false positives, create an exclusion.

This current release adds these enhancements to on-access scanning and on-demand scanning:

  • Scan email attachments — Windows only, on-access scan only. Disabled by default.

    This option scans files saved to disk by email client applications. It scans all email attachments, including archives and their contents. Nested archives are scanned one level deep. This option also prevents executables downloaded from email clients from running. If an email client update downloads an executable, the update might not work. Downloads from browser-based emails are scanned using on-access scan, but do not receive scan consideration from the Scan email attachments option.

    Note: All On-Access Scan settings listed on the Standard tab are applied when scanning email attachments, except for Compressed archive files, which is always enabled.

  • Support for root-level exclusions — On-access scan and on-demand scan exclusions only.
    • Wildcard characters are now allowed in root-level exclusions. For example, you can use ?:\test, *:\test, *\test, or \test to exclude C:\test, D:\test, E:\test.
    • The Migration Assistant now successfully migrates root-level exclusions that contain a leading wildcard character.

Endpoint Security Package Designer enhancements

Adds the ability to customize packages. Select the modules you want to include in a custom package.

Support for third-party products

  • Microsoft Windows 10 Creators Update
  • XenDesktop 7.0, 7.11, 7.13
  • Firefox 51 (Web Control only)
  • EMC Common AntiVirus Agent (CAVA)

    For information about how to install Endpoint Security with support for CAVA, see KB88973.

Updated components

  • VSCore
  • SysCore
  • AMCore
  • McAfee Agent 5.0.5
  • McAfee Anti-Malware Engine 5900