How Endpoint Security works

Endpoint Security intercepts threats, monitors overall system health, and reports detection and status information. Client software is installed on each system to perform these tasks.

Typically, you install one or more Endpoint Security modules on client systems, manage detections, and configure settings that determine how product features work.

McAfee ePO

You use McAfee® ePolicy Orchestrator® (McAfee® ePO™) to deploy and manage Endpoint Security modules on client systems. Each module includes an extension and a software package that are installed on the McAfee ePO server. McAfee ePO then deploys the software to client systems.

Using McAfee® Agent, the client software communicates with McAfee ePO for policy configuration and enforcement, product updates, and reporting.

Client modules

The client software protects systems with regular updates, continuous monitoring, and detailed reporting.

It sends data about detections on your computers to the McAfee ePO server. This data is used to generate reports about detections and security issues on your computers.

TIE server and Data Exchange Layer

The Endpoint Security framework integrates with McAfee® Threat Intelligence Exchange (TIE) and McAfee® Data Exchange Layer (DXL) when using Adaptive Threat Protection. These optional products enable you to control file reputation locally and share the information immediately throughout your environment.

If the TIE server is not available, Adaptive Threat Protection queries McAfee® Global Threat Intelligence™ (McAfee GTI) for reputation information.

McAfee GTI

Threat Prevention, Firewall, Web Control, and Adaptive Threat Protection query McAfee GTI for reputation information to determine how to handle files on the client system.

McAfee Labs

The client software communicates with McAfee Labs for content file and engine updates. McAfee Labs regularly releases updated content packages.

How it works

How your protection stays up to date

Regular updates of Endpoint Security protect your computers from the latest threats.

To perform updates, the client software connects to a local or remote McAfee ePO server or directly to a site on the Internet. Endpoint Security checks for:

  • Updates to the content files that detect threats. Content files contain definitions for threats such as viruses and spyware, and these definitions are updated as new threats are discovered.
  • Upgrades to software components, such as patches and hotfixes.