What's new in 10.6.0

Releases can introduce new features and enhancements or update platform support.

Important: McAfee® Endpoint Security for Linux Firewall 10.6.0 can't co-exist with McAfee® VirusScan® Enterprise for Linux 1.9.x, 2.0.x and McAfee Endpoint Security for Linux 10.2.x and 10.5.x. For more information about installation and upgrade scenarios, see McAfee Endpoint Security for Linux 10.6.0 installation guide.


McAfee Endpoint Security for Linux introduces Firewall protection to your environment against known and unknown threats. The features are:

  • Rules — Define the Firewall criteria to determine whether to block or allow incoming and outgoing traffic.
  • Common extension to manage Firewall on Windows, Macintosh, and Linux systems — You can now use McAfee® Endpoint Security Firewall extension as common extension to manage Firewall policies for your Windows, Mac, and Linux systems.
    Important: You must install McAfee Endpoint Security ePO extension update 10.6.1 or later to use Firewall features on your Linux systems. For more information about the ePO extension update build numbers, see McAfee Endpoint Security for Linux installation guide.
  • Rule groups — Organize firewall rules for easy management, enabling you to apply rules manually or on a schedule, and to only process traffic based on connection type.
  • Stateful packet filtering and inspection — Track network connection state and characteristics in a state table, allowing only packets that match a known open connection.
  • Adaptive mode — Create rules automatically on the client system to allow legitimate activity.

    Once created, analyze client rules to decide which to convert to server-mandated policies.

  • Defined networks — Define trusted networks to allow traffic from networks that your organization considers safe.
  • Firewall Catalog — Define rules and groups to add to multiple policies, or networks and applications to add to firewall rules.
  • Client options — Allow users to disable Firewall temporarily for troubleshooting.
  • Dashboards and monitors — Monitor activity and intrusion detections, then use that information to tune Firewall settings.
  • Queries and reports — Retrieve detailed information about Firewall, including client rules, errors, intrusion and block events, and save that information in reports.
  • Log traffic — Enable or disable log traffic for Allow or Block rules. You can configure Firewall Rules logging for any rule in Firewall Rules policy.

For a list of operating systems that Firewall support, see McAfee Knowledge Base article KB91326.

For a list of current known issues, see McAfee Endpoint Security for Linux Firewall 10.6.0 Known Issues (KB91327).