What's new in McAfee Endpoint Security for Linux 10.7.2 release

This release includes this new feature.

Feature Description
Exploit Prevention for Linux McAfee Endpoint Security for Linux supports Exploit prevention for Linux in a managed environment. It brings in content support that can automatically define access control policies and settings for processes, files, and directories. By restricting access to specific files and directories, you can protect your systems from vulnerabilities. Content support brings in signatures that can automatically enforce the above policies and can be updated on a regular cadence. The individual signatures can then be managed from ePO and configured to block and report access.

For violations, you can either enable or disable reporting.

Pre-requisites:

  • You must have installed McAfee Endpoint Security Threat Prevention extension 10.7.0.840 or above for Exploit prevention to work in your environment.
  • You must first install McAfee Endpoint Security Threat Prevention extension and then check in Endpoint Security Exploit prevention Linux content.

Note: Exploit Prevention is not supported in standalone systems.
Note: McAfee Endpoint Security for Linux doesn't support expert rules for Exploit Prevention.

Updated platform, environment, or operating system support

This release supports additional operating systems and resolves known issues.

This release supports these additional kernels:

  • RedHat Enterprise Linux 8.3 support
    • 4.18.0-240.el8.x86_64
    • 4.18.0-240.1.1.el8_3.x86_64
  • Ubuntu 20.10 support
    • 5.8.0-20-generic
    • 5.8.0-25-generic
  • SUSE 15 SP2 kernel
    • 5.3.18-22-default
    • 5.3.18-24.9-default
  • RedHat Enterprise Linux 6.9 kernel
    • 2.6.32-696.30.1.el6.x86_64
  • RedHat Enterprise Linux 8.1 kernel
    • 4.18.0-147.27.1.el8_1.x86_64
  • RedHat Enterprise Linux 8.2 kernel
    • 4.18.0-193.19.1.el8_2.x86_64
  • Ubuntu 16.04 kernels
    • 4.4.0-187-generic
    • 4.4.0-189-generic
  • Ubuntu 18.04 kernels
    • 4.15.0-115-generic
    • 4.15.0-117-generic
  • Ubuntu 20.04 kernels
    • 5.4.0-45-generic
    • 5.4.0-47-generic
  • CentOS 8.2 kernel
    • 4.18.0-193.14.2.el8_2.x86_64
  • Oracle Linux 7 UEK kernels
    • 4.14.35-2025.400.8.el7uek.x86_64
    • 4.14.35-2025.400.9.el7uek.x86_64
    • 5.4.17-2011.6.2.el7uek.x86_64
  • Oracle Linux 8.2 kernels
    • 5.4.17-2011.1.2.el8uek.x86_64

You must have installed McAfee Agent 5.6.4 (Build Number 110) (64-bit) or later to use this software.

Note: McAfee® Endpoint Security for Linux 10.7.2 is not compatible with McAfee® Application Control and Change Control 6.4.0 or previous versions and McAfee MOVE Agentless Security Virtual Appliance (SVA) 4.8.x. Fresh Installation or upgrade of McAfee Endpoint Security for Linux 10.7.2 does not happen on machines running McAfee Application Control or Change Control 6.4.0 or previous versions and McAfee MOVE Agentless Security Virtual Appliance 4.8.x or both. For more information on the compatibility issues with McAfee Application Control or Change Control, see KB92079.

McAfee Endpoint Security for Linux 10.7.2 is shipped with DAT version 999 which will be updated automatically after successful installation in unmanaged mode by running a default update task. If you don't want the auto update of DAT after installation, you can use the installation command-line option nocontentupdate to restrict the DAT update trigger at the time of installation.

Note: The command to turn off the auto update of DAT after installation is ./install-mfetp.sh nocontentupdate

In McAfee® ePolicy Orchestrator® (McAfee® ePO™) managed environment, the automatic DAT update happens based on the auto-update option configured in the McAfee® Agent policy after successful deployment of the product.

Tip: The Update Options is available in the Updates tab of McAfee Agent General policy.