Using Protection Workspace to identify and remediate threats

You can see all potential threats on managed devices and respond to them using Protection Workspace. You can identify threats and navigate seamlessly to any impacted device for remediation.

Protection Workspace helps you answer these questions:

  • What threats are discovered by advanced threat protection technologies from products like McAfee® MVISION Endpoint and McAfee® Endpoint Security Adaptive Threat Protection (ATP)?
  • Why is a device escalated?
  • Where did the threat come from?
  • When was the threat discovered?

Minimum permissions needed to view Protection Workspace in the McAfee ePO console

Non-admin users require some minimum permissions to view the Protection Workspace in the McAfee ePO console.

Make sure that you have these user permissions in the Permission Sets page.

Category Permission
Systems: View "Systems Tree" tab
System Tree access:

Can search the following nodes and parts of the System Tree: My Organization

Can access the following nodes and parts of the System Tree: My Organization

Threat Event log: View events

Additionally, you need product and event-specific permissions to view threat and compliance data in Protection Workspace.

Identifying threats and the security status of your devices

The security status of your device is color coded to efficiently prioritize threats and take action.

  • Red — A threat was discovered, or your software or device is running outdated versions and must be updated to be compliant.
  • Yellow — There are threats to investigate or some devices are not up to date.
  • Green — The current state of your environment is healthy, threats have been mitigated, and devices are compliant.
  • Light blue — Information only. No action needed.
  • Gray — No data available.