Create a custom policy to import

Export preconfigured settings to a file that you can import when you install the software. Use ESConfigTool to do this.

Before you begin

Make sure that Endpoint Security is deployed to at least one managed system.

This tool exports all policy settings for the selected product modules to a location that you specify.

ESConfigTool is located in the Endpoint Security Platform folder (C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform, by default).

Tip: Best practice: To create custom packages that include custom policies and client software for deployment with McAfee ePO, use the Endpoint Security Package Designer.

For option definitions, run ESConfigTool with no options: ESConfigTool.exe


  1. Create a policy and configure the required settings, then save it.
  2. Using the ESConfigTool command line, export the settings to create <file_name> and save this file to a folder that is not protected by McAfee.

    ESConfigTool.exe /export <file_name> [/module <TP|FW|WC|ESP> ]

    The folder containing ESConfigTool is protected, so the export location should be a different, writable location.


    ESConfigTool.exe /export C:\ENS\firewall.policy /module FW

    This example exports the Firewall settings to C:\ENS\firewall.policy.

  3. Using the SetupEP utility, install Endpoint Security and import <file_name>.

    setupEP.exe <options> /import <file_name> /module <FW|TP|WC|ESP>


    setupEP.exe ADDLOCAL="fw,tp,wc" /import C:\ENS\firewall.policy /module FW

    This example installs Endpoint Security Firewall, Threat Prevention, Web Control product modules, and the Endpoint Security Common module, which installs automatically. It also imports settings from the firewall.policy file and applies them to the Firewall module.