How Endpoint Security works

Endpoint Security intercepts threats, monitors overall system health, and reports detection and status information. Client software is installed on each system to perform these tasks.

You or your administrator install one or more Endpoint Security modules, customize the features, and manage detections. Usually, the client software operates in the background without any interaction on your part.

Client modules

The client software protects systems with regular updates, continuous monitoring, and detailed reporting.

TIE server and Data Exchange Layer

The Endpoint Security framework integrates with McAfee® Threat Intelligence Exchange (TIE) and McAfee® Data Exchange Layer (DXL) when using Adaptive Threat Protection. These optional products enable you to control file reputation locally and share the information immediately throughout your environment.

If the TIE server is not available, Adaptive Threat Protection queries McAfee® Global Threat Intelligence™ (McAfee GTI) for reputation information.

McAfee GTI

Threat Prevention, Firewall, Web Control, and Adaptive Threat Protection query McAfee GTI for reputation information to determine how to handle files on the client system.

McAfee Labs

The client software communicates with McAfee Labs for content file and engine updates. McAfee Labs regularly releases updated content packages.

How it works


How your protection stays up to date

Regular updates of Endpoint Security protect your computers from the latest threats.

To perform updates, the client software connects to a site on the Internet. Endpoint Security checks for:

  • Updates to the content files that detect threats. Content files contain definitions for threats such as viruses and spyware, and these definitions are updated as new threats are discovered.
  • Upgrades to software components, such as patches and hotfixes.