What's new

The current release of the product includes these enhancements and changes.

Microsoft product support

  • Microsoft Windows 10 version 1803
  • Microsoft Windows Server 2016 version 1803

Installation, upgrade, and migration enhancements

Support for Endpoint Upgrade Assistant 2.0McAfee® Endpoint Upgrade Assistant adds the ability to upgrade legacy products to Endpoint Security 10.5.4. It also adds the ability to install Adaptive Threat Protection and install or upgrade McAfee® Data Exchange Layer (DXL).

Threat Prevention enhancements

Access Protection rules — This release includes the following new rules:

McAfee-defined rule Description Default setting Benefits
Doppelganging attacks on processes Prevents "Process Doppelgänging" attacks from changing processes.



Prevents malware from loading and executing arbitrary code in the context of legitimate or trusted processes.
Executing Windows Subsystem for Linux Prevents an Administrator user from running the Windows Subsystem for Linux (WSL).
Note: This rule was introduced in Endpoint Security 10.5.3, but was missing from the documentation.



Prevents malware designed for Linux systems from attacking Windows computers.

Network IPS exclusions — Adds the ability to exclude IP addresses from Network IPS.

On-Access Scan process settings — Extends the ability to identify high-risk and low-risk processes. You can now enter full file paths, file paths with wildcard for files (*) and file paths with wildcard for multi-level directories (**), in addition to the existing support for file names.

Firewall enhancements

Adds the option to specify whether to block or allow traffic by default if the McAfee® Global Threat Intelligence™ (McAfee GTI) ratings server is not available.

Adaptive Threat Protection enhancements

The Real Protect scanner and Dynamic Application Containment now protect systems against trusted processes that load untrusted DLLs after processes are created.

McAfee product support

This release adds support for McAfee® Endpoint Security for Servers, which monitors and controls the load of hypervisors for Virtual Desktop Infrastructure (VDI) and virtual servers. It works with Threat Prevention to minimize the performance impact of resource-intensive tasks like on-demand scan.

Updates to documentation

New features and enhancements in Endpoint Security 10.5.4 are documented in the Endpoint Security 10.6 product guides.

Updated components

  • SysCore
  • AMCore

    AMCore Content 3195 or greater (required)

  • McAfee Agent 5.5.0
  • McAfee Anti-Malware Engine 5900