Recommendations for configuring clients You can use McAfee ePO policies to configure MVISION EDR clients. Based on how the policies are configured, all device event data is sent to MVISION EDR for effective threat detection. Using policies, you can: Set the maximum number of results returned by search expressions. Enable Network Flow and File Hashing collectors. Set database limits and maximum number of results returned by the Network Flow collector. For Network Flow in Windows, traffic can be excluded for specific processes. This is done using the complete process path. Set database limits, maximum number of results returned, and files excluded by the File Hashing collector. You can also exclude entire paths and extensions by policy. File Hashing "Hash Strategy" determines how many device resources are dedicated for hashing. For example, setting the default to Low reduces performance impact (resource consumption), but makes the hashing period longer. Set database and data limits for the Trace plug-in. Enable system logging on managed devices. Enable data folder protection. Even after the data folder protection is enabled, you can still read the files in C:\ProgramData\McAfee\MAR\data. Preset McAfee ePO policies After installing MVISION EDR, the following McAfee ePO policies are available in the Policy Catalog: McAfee Default — This is the policy enforced by default after installation. When this policy is enforced, Network Flow and Trace feature are enabled. Full Visibility — When this policy is enforced, NetworkFlow, File Hashing, and Trace feature are enabled. Full Monitoring — When this policy is enforced, all collectors are enabled. Create a custom policy You can add custom MVISION EDR policies to the Policy Catalog. Custom policies can be created for your environment and assigned to monitored systems to enable collectors to send specific device data to MVISION EDR. Configure a policy You can change the policy settings such as enabling a specific plug-in, specifying the network or file hash database size, the list of files or extensions that can be ignored and so on. Configuration examples and benefitsYou can improve the performance of MVISION EDR running on Windows servers. These configuration methods can improve performance, but MVISION EDR can lose visibility into all devices. As a result, all threats may not be detected.