Key features

These features help you prevent, detect, fine tune, and manage the protection configuration for your Linux systems.

Prevention — Avoiding threats

Configure Threat Prevention features to stop intrusions before they gain access to your environment.

  • Viewing managed tasks — You can view the managed custom tasks from your McAfee ePO server.
  • 5900 Engine support — Pre-packaged with the latest 5900 engine that provides enhanced detection capabilities.
  • Extra.DAT files — Download and install Extra.DAT files to provide protection from a major virus outbreak.

Detection — Finding threats

  • On-Access Scan — Scans files and directories for threats whenever users access them.
  • On-Demand Scan — Schedules a scan on files and directories at specific times. Each on-demand scan contains its own policy settings. You can also run Full Scan or Quick Scan on a Linux system.
  • Policy-Based On-Demand Scan client tasks — Run a Quick Scan or Full Scan on the Endpoint Security Client from McAfee ePO. Configure the behavior of these scans in the policy settings for an on-demand scan.
  • Profile based scanning — Allows you to add processes to high risk or low risk profile and configure protection settings accordingly for scanning.
  • Support for McAfee® Global Threat Intelligence™ (McAfee GTI) — Supports McAfee GTI, a heuristic network lookup for suspicious files when running on-access scanning and on-demand scanning.

Response — Handling threats

Use product log files, automatic actions, and other notification features to determine the best way to handle detections.

  • Actions — Configure actions to take when detections occur.
  • Alerts — Specify how Threat Prevention notifies you when detections occur, including alerting options and filtering alerts by severity to limit alert traffic.

Tuning — Monitoring, analyzing, and fine-tuning your protection

Monitor and analyze your configuration to improve system and network performance, and enhance virus protection, if needed. Use these tools and features:

  • Queries, dashboards, and server tasks (McAfee ePO) — Monitor scanning activity and detections.
  • Log files (McAfee Endpoint Security for Linux Client) — View a history of detected items. Analyzing this information might reveal that you must enhance your protection or change the configuration to improve system performance.
  • Scheduled tasks — Modify client tasks (such as Product Update) and scan times to improve performance by running them during nonpeak times.
  • Content repositories — Reduce network traffic over the enterprise Internet or intranet by moving the content file repository closer to the clients.
  • Scan policies — Analyze log files or queries and modify policies to increase performance or virus protection, if necessary. For example, you can improve performance by configuring exclusions.
  • Exclusion of files and directories from scanning — Excludes specific files and directories from on-access scanning and on-demand scanning using criteria such as file type, extension, file age, or wildcards.
  • Option to scan network volumes and compressed files — Exclude or include mounted network volumes and compressed files from scanning.
  • Option to retain client-side exclusions — Overwrites or retains the client exclusion list for on-access scanning in a managed environment.
  • Common extensions to manage Windows, Macintosh and Linux systems — Use McAfee® Endpoint Security extensions as common extensions to manage policies for your Windows, Macintosh, and Linux systems.
  • Common McAfee ePO dashboard and queries — Use the McAfee ePO dashboard to view the status of managed Windows, Linux, and Mac systems.
  • Support for McAfee ePO Cloud — Support for McAfee ePO Cloud to manage policies for your Linux systems.
  • Enable debug logging from client interface — Enable debug logging for Threat Prevention using the client interface.
  • Viewing managed tasks — You can view the managed custom tasks from your McAfee ePO server.
  • Extra.DAT files — Download and install Extra.DAT files to provide protection from a major virus outbreak.
  • Access Protection — Allows you to protect files and processes from threats.
  • Migration of Host Intrusion Prevention Linux custom policies — You can migrate Linux custom policies from Host Intrusion Prevention to Endpoint Security for Linux Threat Prevention.