What's new

McAfee® MVISION Endpoint Detection and Response (MVISION EDR) is security software that allows you to detect, investigate, and contain threats. You can access MVISION EDR from McAfee® MVISION ePO (MVISION ePO) or McAfee® ePolicy Orchestrator® (McAfee® ePO™) .

Simplified deployment

When you log on to MVISION EDR for the first time, detailed instructions are provided to help you install and deploy the software quickly. You can configure the software using your local McAfee ePO or use MVISION ePO to have a faster deployment experience.

Continuous real-time monitoring

The Monitoring dashboard displays potential threats and their severity level. When a potential threat is selected, details such as affected devices, process activity, device trace information, process attributes, and threat behavior are displayed. The data from devices is displayed as alerts.

  • You can view the alerts that are assessed and categorized as High (red), Medium (orange), and Low (yellow).
  • You can view the suspicious indicators for any suspicious activities and use the Mitre ATT&CK™ matrix framework to view the different techniques involved.
  • You can analyze specific threat behaviors using the sequential, summary, or timeline view.
  • You can dismiss a threat and exclude a hash from being detected in the future, or create an investigation for further analysis.

Artificial intelligence guided investigation

The Investigating dashboard displays the number of investigations that are currently being analyzed, the number of closed investigations, and the number of high priority investigations.

  • View the summary of an investigation to determine how a threat might have affected devices.
  • View the notes and status of an investigation.
  • Use the investigation guides to view questions and hypotheses on malware alert triage, outbound network alert triage, threat intelligence alert triage,​ and phishing alert triage.
  • Use the graph view to understand the critical details that are identified as part of security findings or to enrich the investigation with more data obtained through manual actions.
  • Link and compare similar investigations for effective and efficient investigative methods.

Threat containment

The Devices and Process Details panels on the Monitoring dashboard allow you to contain threats on devices. You can select one or more devices and apply an action, such as quarantine the affected device, or dismiss the threat.

Real-time search

You can use the Real-time Search page to search for information about a specific threat or alert in real time . You can obtain information about processes currently running on devices using real-time search queries. Real-time searches run queries directly on devices to obtain current data.

Historical search

You can use the Historical Search page to do a historical search in the cloud to get visibility of the information that was collected from the devices over the selected period including process execution, files creation, file archives creation, scripts written, admin/hacking tools executed, services changed, auto-run entries created or modified, scheduled task modified, DNS requests, user logon activities, and loaded DLLs.

Performance metrics

You can use the Performance Metrics dashboard to quickly get an overall status of all ongoing investigations. The trend graphs can help in assessing the allocation of resources and effort required in a Security Operations Center (SOC) to investigate and analyze potential threats.

Track action history

You can use the Action History page to view the details of all containment actions taken on a threat or device from the Monitoring and Investigating dashboards.