How it works

MVISION Endpoint uses cloud and local content to analyze data, and presents the information in the Protection Workspace dashboard in McAfee ePO.

Each protected endpoint needs to have the MVISION Endpoint client component installed. The MVISION Endpoint client has no interface of its own; it is not configurable by the user. The MVISION Endpoint client accepts policy from, and reports to, the McAfee ePO server.

1 Windows 10 endpoints or Windows Server systems with Windows Defender Antivirus, Windows Defender Firewall, and MVISION Endpoint client software installed.
2 McAfee ePO server (on-premise, in a hosted service, or McAfee® MVISION ePO).
3 MVISION Endpoint sends file metadata to the McAfee cloud infrastructure for analysis.
4 When files are quarantined (by Windows Defender Antivirus or MVISION Endpoint), they are stored in the Quarantine database on the relevant endpoint. McAfee ePO Quarantine then reads from these endpoint quarantine locations to enable centralized quarantine management across all your protected endpoints and servers.
5 When enabled, firewall rules are pushed to Windows Defender Firewall on the managed endpoints and servers.
6 Summaries of Windows Defender Firewall blocked events and firewall compliance data is sent to McAfee ePO.
How MVISION Endpoint works
How MVISION Endpoint interacts with Windows Defender Antivirus

MVISION Endpoint provides another layer of protection, building on the detection capabilities of Windows Defender Antivirus.

As the basic anti-virus/anti-malware product, Windows Defender Antivirus protects your endpoints and servers from the viruses and malware that are known.

Windows Defender Antivirus passes an executable to MVISION Endpoint for further analysis only if it deems the executable to be safe. MVISION Endpoint then uses the McAfee local and cloud-based detection infrastructure for this more detailed analysis.

Threat detections from Windows Defender Antivirus and MVISION Endpoint are displayed in the Protection Workspace in McAfee ePO. From there, resolve the threats and change your policies to refine your protection levels. Manage any files quarantined by Windows Defender Antivirus or MVISION Endpoint from the Quarantine Management area in McAfee ePO.

Managing Windows Defender Firewall rules

MVISION Endpoint lets you manage the Windows Defender Firewall rules used across your protected endpoints and servers.

How MVISION Endpoint interacts with Windows Defender Firewall

With a default set of firewall rules available out-of-the-box, MVISION Endpoint enables you to quickly implement the rules and push them to all your protected endpoints and servers. You can create rules, or change the existing ones, to build rules that meet your corporate requirements, and to push them to all your protected endpoints and servers.

Tip: Think about re-creating any previous firewall rules to make sure your levels of protection are maintained.

As administrator, you can allow local firewall rules to be run on the endpoints and servers.

Note: When using MVISION Endpoint to manage Windows Defender Antivirus or Windows Defender Firewall, it is important that you do not also use Domain Controller Group Policy or Microsoft System Center Configuration Manager (SCCM) Policy. Domain Controller and SCCM policies have higher precedence than MVISION Endpoint policies and result in the MVISION Endpoint policies being overwritten. Where conflicts arise, the Domain Controller or SCCM policies take precedence, and this results in undesirable behavior.