What's new

The current release of the product includes these enhancements and changes.

Microsoft product support

  • Microsoft Windows 10 version 1803
  • Microsoft Windows Server 2016 version 1803

Threat Prevention enhancements

Access Protection rules — This release includes the following new rules:

McAfee-defined rule Description Default setting Benefits
Doppelganging attacks on processes Prevents "Process Doppelgänging" attacks from changing processes.



Prevents malware from loading and executing arbitrary code in the context of legitimate or trusted processes.
Executing Windows Subsystem for Linux Prevents an Administrator user from running the Windows Subsystem for Linux (WSL).
Note: This rule was introduced in Endpoint Security 10.5.3, but was missing from the documentation.



Prevents malware designed for Linux systems from attacking Windows computers.

Network IPS exclusions — Adds the ability to exclude IP addresses from Network IPS.

On-Access Scan process settings — Extends the ability to identify high-risk and low-risk processes. You can now enter full file paths, file paths with wildcard for files (*) and file paths with wildcard for multi-level directories (**), in addition to the existing support for file names.

Firewall enhancements

Adds the option to specify whether to block or allow traffic by default if the McAfee® Global Threat Intelligence™ (McAfee GTI) ratings server is not available.

McAfee product support

This release adds support for McAfee® Endpoint Security for Servers, which monitors and controls the load of hypervisors for Virtual Desktop Infrastructure (VDI) and virtual servers. It works with Threat Prevention to minimize the performance impact of resource-intensive tasks like on-demand scan.

Updates to documentation

New features and enhancements in Endpoint Security 10.5.4 are documented in the Endpoint Security 10.6 product guides.

Updated components

  • SysCore
  • AMCore

    AMCore Content 3195 or greater (required)

  • McAfee Agent 5.5.0
  • McAfee Anti-Malware Engine 5900