Options page The Options page is where you configure Common settings, including passwords, Self Protection, exclusions, and activity and debug logging. Option definitions Section Option Definition Client Interface Mode Full access Allows access to all features. (Default) Standard access (Windows & macOS only) Displays protection status and allows access to most features, such as running updates and scans. Standard access mode requires a password to view and change settings on the Endpoint Security Client Settings page. Lock client interface (Windows & macOS only) Requires a password to access the Endpoint Security Client. Set Administrator password (Windows & macOS only) For Standard access and Lock client interface, specifies the Administrator password for accessing all features of the Endpoint Security Client interface. Password — Specifies the password. Confirm password — Confirms the password. Changing the Administrator password invalidates the time-based password. If you change the Administrator password, save the policy, then generate a new time-based password. Best practice: Change Administrator passwords regularly. Enable client interface lockout Enforces an Endpoint Security Client lockout if the number of failed password attempts exceeds the configured limit. Number of failed password attempts Specifies the number of failed password attempts allowed. The default is 3. Within time frame (minutes) Specifies the time frame for failed password attempts. The default is 5 minutes. Number of minutes to lock client interface Specifies the number of minutes to lock the client interface if a user exceeds the maximum number of failed passwords. The default is 15 minutes. Uninstallation (Windows & macOS only) Require password to uninstall the client Requires a password to uninstall Endpoint Security Client and specifies the password. The default password is mcafee. (Disabled by default) Password — Specifies the password. Confirm password — Confirms the password. Advanced options Section Option Definition Time-Based Administrator Password (Windows only) Enable time-based password in client interface Enables the Endpoint Security Client to accept a time-based password, sets the expiration date and time, and generates a password. Entering the time-based password enables Full access to Endpoint Security Client. The interface remains unlocked until it is closed. Enable the time-based password for a limited set of systems to troubleshoot problems. Best practice: During a security incident, disable the time-based password. After a security incident, change the Administrator password and regenerate the time-based password. This option is available only when the Client Interface Mode is set to Standard access or Lock client interface. Changing the Administrator password invalidates the time-based password. If you change the Administrator password, save the policy, then generate a new time-based password. Best practice: Change Administrator passwords regularly. Expiration date Specifies the expiration date for the time-based password. Expiration time Specifies the expiration time for the time-based password. The default expiration time for the password is 11:59 p.m. on the specified date. The expiration time is relative to the McAfee ePO server. For example, if you set the expiration time to 1:00 p.m. PST, the password expires at 4:00 p.m. on client systems in the EST time zone. Generate New Password Generates a new time-based Administrator password, if one is not currently in effect, and displays the expiration date. If a time-based password is in effect, this button toggles to View Password. View Password If a time-based password is in effect on the client system, click View Password to display the password. If a time-based password is not in effect (not set or expired), this button toggles to Generate New Password. Client Interface Language (Windows only) Automatic Automatically selects the language to use for Endpoint Security Client interface text based on the language on the client system. Language Specifies the language to use for Endpoint Security Client interface text. When you change the language from McAfee ePO, the language change is applied to the Endpoint Security Client at the first policy enforcement. Language changes made from the Endpoint Security Client override policy changes from the management server. The language change is applied after the Endpoint Security Client restarts. Self Protection Enable Self Protection (Windows & macOS only) Protects Endpoint Security system resources from malicious activity. Action (Windows & macOS only) Specifies the action to take when malicious activity occurs: Block and report — Blocks activity and reports to McAfee ePO. (Default) Block only — Blocks activity but doesn't report to McAfee ePO. Report only — Reports to McAfee ePO but doesn't block activity. Files and folders (Windows & macOS only) Prevents changing or deleting McAfee system files and folders. Registry (Windows only) Prevents changing or deleting McAfee registry keys and values. Processes (Windows only) Prevents stopping McAfee processes. Exclude these processes (Windows only) Allows access for the specified processes. Wildcards are supported. + Adds a process to the exclusion list. Click +, then enter the exact resource name, such as avtask.exe. - Deletes the selected item. Select the resource, then click -. Exclusions Specifies process to exclude from McAfee Arbitrary Access Control (AAC) protection. Add Adds an item to the exclusion list. Edit Changes an item in the exclusion list. Delete Removes an item from the exclusion list. Delete All Removes all items from the exclusion list. Certificates (Windows only) Specifies certificate options. Allow Allows a vendor to run code in McAfee processes. Caution: This setting might result in compatibility issues and reduced security. Vendor Specifies the Common Name (CN) of the authority that signed and issued the certificate. Subject Specifies the Signer Distinguished Name (SDN) that defines the entity associated with the certificate. This information can include: CN — Common Name OU — Organization Unit O — Organization L — Locality ST — State or province C — Country Code Hash Specifies the hash of the associated public key. Client Logging (Windows only) Log files location Specifies the location for the log files. The default location is: <SYSTEM_DRIVE>:\ProgramData\McAfee\Endpoint\Logs This location depends on the operating system. Enter or select a location from the drop-down list: System Drive System Root System Directory Temp Directory Program Files Directory Program Files Common Directory Software Installed Directory Activity Logging (Windows & Linux only) Enable activity logging Enables logging of all Endpoint Security activity. Log all scanned files during on-demand scans Enables logging of all files scanned during an on-demand scan. (Disabled by default) Best practice: If you enable this option, make sure the activity log file size is set to at least 100 MB. The on-demand scanner doesn't scan files in the clean scan cache, so the scanner doesn't log those files. Limit size (MB) of each of the activity log files Limits each activity log file to the specified maximum size (between 1 MB and 999 MB). The default is 10 MB. Windows — If the log file exceeds this size, new data replaces the oldest 25 percent of the entries in the file. Linux — If the log file exceeds this size, the current file is backed up and a new file is created. The last five versions of the log files are available. To allow log files to grow to any size, disable this option. Activity logging language Specifies the language to use for activity logging text. Automatic — Automatically selects the language to use for activity logging text based on the language on the client system. When you change the language from McAfee ePO, the language change is applied to the Endpoint Security Client at the first policy enforcement. Language changes made from the Endpoint Security Client override policy changes from the management server. The language change is applied after the Endpoint Security Client restarts. Debug Logging Enabling debug logging for any module also enables debug logging for the Common module features, such as Self Protection. Limit size (MB) of each of the debug log files (Windows only) Limits each debug log file to the specified maximum size (between 1 MB and 999 MB). The default is 50 MB. If the log file exceeds this size, new data replaces the oldest 25 percent of the entries in the file. To allow log files to grow to any size, disable this option. Event Logging Send events to McAfee ePO (Windows & Linux only) Sends all events logged to the Event Log on the Endpoint Security Client to McAfee ePO. Log events to Windows Application log or Linux syslog (Windows & Linux only) Sends all events logged to the Event Log on the Endpoint Security Client to the Windows Application log (on Windows clients) or syslog (on Linux clients). The Windows Application log is accessible from the Windows Event Viewer → Windows Logs → Application. The location of syslog is configurable on Linux systems. Severity levels (Windows only) Specifies the severity level of events to log to the Event Log on the Endpoint Security Client: None — Sends no alerts Alert only — Sends alert level 1 only. Critical and Alert — Sends alert levels 1 and 2. Warning, Critical, and Alert — Sends alert levels 1–3. All except Informational — Sends alert levels 1–4. All — Sends alert levels 1–5. 1 — Alert 2 — Critical 3 — Warning 4 — Notice 5 — Informational Limit the size (MB) of event DB Limits the size of event databases to the specified maximum size (between 50 MB and 999 MB). The default is 50 MB. Proxy Server (Windows only) No proxy server Specifies that the managed systems retrieve McAfee GTI reputation information directly over the Internet, not through a proxy server. (Default) Use system proxy settings Specifies the use of the proxy settings from the client system, and optionally enables HTTP proxy authentication. When you select Use system proxy settings, the client system uses the proxy settings configured in Internet Explorer, including support for PAC files. Configure proxy server Customizes proxy settings. Address — Specifies the IP address or fully qualified domain name of the HTTP proxy server. Port — Limits access through the specified port. Exclude these addresses — Don't use the HTTP proxy server for websites or IP addresses that begin with the specified entries. Enter the comma-separated addresses. Best practice: Exclude the McAfee GTI addresses from the proxy server. For information, see KB79640 and KB84374. Enable HTTP proxy authentication Specifies that the HTTP proxy server requires authentication. (This option is available only when you select an HTTP proxy server.) Enter HTTP proxy credentials: User name — Specifies the user account with permissions to access the HTTP proxy server. Password — Specifies the password for User name. Confirm password — Confirms the specified password. Default Client Update Enable the Update Now button in the client (Windows only) Displays or hides the Update Now button on the main page of the Endpoint Security Client. Click this button to manually check for and download updates to content files and software components on the client system. Enable Default Client Update task schedule (Windows & macOS only) Enables the schedule for the Default Client Update task on the Endpoint Security Client. (Enabled by default) By default, the Default Client Update task runs every day at 1:00 a.m. and repeats every four hours until 11:59 p.m. On Macintosh, the Default Client Update task runs every day at 4:45 p.m.. What to update (Windows only) Specifies what to update when the Update Now button is clicked. Security content, hotfixes, and patches — Updates all security content (including engine and AMCore and Exploit Prevention content), as well as any hotfixes and patches, to the latest versions. Security content — Updates security content only. (Default) Hotfixes and patches — Updates hotfixes and patches only. Managed Tasks (Windows & Linux only) Display managed custom tasks Specifies that custom client tasks defined in the McAfee ePO Client Task Catalog appear in the Endpoint Security Client as Admin-defined tasks in the table under Settings → Common → Tasks. Add Site or Edit Site You can add or edit a site in the source site list. Exclusion page The Exclusion page is where you add or edit a process to temporarily exclude it from AAC rules.