What's new The current release of the product includes these enhancements and changes. McAfee ePO rollup reporting support The McAfee ePO rollup reporting feature includes the ability to run queries that report summary data from multiple databases. Endpoint Security Profiler Tool support The Endpoint Security Profiler Tool works with this release of Endpoint Security. Analyzes on-access scanner activity Gathers statistics on processes and files accessed by the on-access scanner Uses the Default, Low, and High scanning profiles to present data based on different configurations Analyzes activity from Threat Prevention and Adaptive Threat Protection modules Using the collected data, decide if you want to exclude a file, exclude a folder, or change how scanning is applied to a process' activity by placing it into a different scan profile. McAfee Cloud Threat Detection support McAfee® Cloud Threat Detection (McAfee® CTD) adds cloud-based sandboxing capability to your existing security infrastructure through McAfee® ePolicy Orchestrator® (McAfee® ePO™) software. For information about configuring McAfee CTD to work with Endpoint Security, see the McAfee Cloud Threat Detection documentation. Common enhancements Log file updates — Changes the activity, error, and debug log files for all Endpoint Security modules so they are now written in English only, regardless of system locale. This behavior is not configurable. Installation improvements — Adds a secondary validation check when a validation failure occurs through the Validation and Trust Protection service. The secondary check succeeds if the calling process is signed by McAfee, and all loaded modules are chained to a trusted certificate authority. This allows Endpoint Security processes to operate normally in the presence of legitimate third-party software applications that inject processes, and digitally sign the software. Threat Prevention enhancements Adds the option for disabling Endpoint Security scanners to the Quick Settings menu, accessed from the McAfee system tray icon. Adds support for Early Load Anti-Malware (Windows 8 and later). This feature collects the list of device drivers loaded during the system boot process, then scans them when the scanning services run. Firewall enhancements The Endpoint Security Firewall: Events from McAfee GTI query is now called Endpoint Security Firewall: Events from McAfee GTI in the last 6 months. Previously, this query had no date limit; now it only queries results from the last 6 months. Adaptive Threat Protection enhancements Adds the option for disabling Endpoint Security scanners to the Quick Settings menu, accessed from the McAfee system tray icon. Adds Extra.DAT support for Real Protect. You can install an Extra.DAT file to suppress false positive detections until the next scheduled ATP content update is released. The behavior of the Allow action for ATP threat notifications changed between 10.2 and 10.5. In 10.2, if a user selected Allow, the application was contained. In 10.5, the Allow action lets the application run uncontained. Adds the ability to view the Adaptive Threat Protection content version. Integrates several Real Protect performance improvements, including the resolution of a Google Chrome false positive issue. Migration Assistant enhancements This release adds a notification for unsupported characters in migrated Access Protection exclusions. VirusScan Enterprise uses the semicolon ( ; ) characters to separate include and exclude processes, but the Migration Assistant recognizes only the comma ( , ) characters. When you migrate exclusions that use semicolons to separate multiple include and exclude processes, the processes are migrated to Access Protection as a single process. The result is that migrated policies do not contain all the inclusions and exclusions that were in the original policy. Tip: Best practice: Review source VirusScan Enterprise policies before migration. Locate all semicolons and change them to commas. If you migrate policies with unrecognized semicolons, the Migration Assistant notifies you before completing manual migration that policies have unsupported characters. You can cancel the migration, revise the source policies, then begin manual migration again. You can also edit your migrated policies later. Updated components VSCore 220.127.116.1170 SysCore 18.104.22.16830 AMCore 22.214.171.12442 McAfee Agent 5.0.6 McAfee Anti-Malware Engine 5900 Endpoint Security rollup result types Use these Endpoint Security result types in the Query Builder wizard for querying consolidated data. Roll up system or event data for Endpoint Security Compile data from multiple servers at the same time using McAfee ePO Roll Up Data server tasks.