How it protects

Once installed, McAfee Endpoint Security for Linux Threat Prevention starts protecting your Linux systems from threats.

Threat Prevention protects your Linux systems from malware proactively with the predefined actions upon detecting malware and suspicious items.

When enabled, Threat Prevention checks for viruses, trojans, unwanted programs, and other threats by scanning items. The software scans files and folders on local, network-mounted volumes, and removable media whenever you create or access them. You can also run scans on demand.

The software uses the latest anti-malware engine that:

  • Performs complex analysis using the malware definition files (DAT) and McAfee GTI
  • Decodes the contents of the item you access
  • Compares the contents with the known signatures stored in the DAT McAfee GTI to identify malware.

Use Threat Prevention options to configure actions for on-access scan, on-demand scan, exclude files or paths from scanning, and other settings.

The high level work flow of Threat Prevention explained in the following diagram is:

  1. Linux endpoints that are protected by Threat Prevention in your network with McAfee GTI enabled.
  2. McAfee GTI validates the file and provides file rating.
  3. Threat Prevention analyzes the file rating and the action configured in the policy.
  4. Threat Prevention takes action on the file according to the configuration.

Figure 1. Threat Prevention process flow