Navigating the Protection Workspace

The Protection Workspace is where you can see all potential threats on managed devices and respond to them.

The Protection Workspace provides a visual representation of threat incidents in your environment and device compliance data, all from a single dashboard. You can quickly identify threats detected in the environment and seamlessly navigate to any impacted device to remediate the threat.

The Protection Workspace helps you answer these questions:

  • What was discovered by advanced threat protection technologies from products like McAfee® MVISION Endpoint, Real Protect, and McAfee® Endpoint Security Adaptive Threat Protection (ATP)?
  • Why is a device escalated?
  • Where did the threat come from?
  • When was the threat discovered?

Identifying threats

Colors in the Protection Workspace represent the type of threat discovered:

Red — A threat was discovered, or your software or devices are running outdated versions and must be updated to be compliant.

Orange — There are threats to investigate or some devices are not up to date.

Green — The current state of your environment is healthy, threats have been mitigated, and devices are compliant.

Gray — No data available.

Investigating threats

The Protection Workspace is divided into several categories, allowing you to view compliance information and manage key threats in one place. When interacting with the Protection Workspace, start on the left side and progress to the right.



  1. View the total number of devices tracked by the McAfee ePO server, and the total number of devices that are tagged as escalated.
  2. View threat information across multiple categories. View the number of escalated devices to track devices that have encountered multiple threats and might require attention. Devices are escalated automatically based on the severity of the threats impacting the system. Select any value to see a more detailed view of the categories.
  3. View the status of security content and the individual products deployed in the environment. Devices are color-coded to indicate the security status (health) of the device. You can easily identify the systems that are up to date, or require an update or product deployment.
  4. View your devices by tags (default), as System Tree, or as a list. Use the search feature to quickly find a device. The Devices view changes depending on the device summary you select. If you selected Escalations, the pane displays all escalated devices.
  5. Drill down to view the device details and the top 5 threats.
  6. Drill down to filter and view your threat activity. For example, you can filter by device, threat, or originating process.

Managing threats

Protection Workspace bar

Item Description
Devices Total number of devices tracked by the McAfee ePO server.
Escalations Total number of devices that are tagged as escalated. Select a device to view Escalated Devices. System is escalated if it detects 5 threats or more in 24 hours.
Update Updates automatically occur every 5 minutes. Click the refresh icon to manually redisplay the Protection Workspace.
Settings Use the Protection Workspace settings to:
  • Change the interface to High Contrast Mode.
  • Adjust the Security Content Color Thresholds and Check-In Failure Color Thresholds to customize the security levels for your environment.

Threat Overview section

Item Description
Escalated Devices Total number of devices that received a threat over the past 7 days. System is escalated if it detects 5 threats or more in 24 hours.
Resolved Threats Total number of threats that were resolved in the past 7 days.

Basic — Detected by products like McAfee VirusScan Enterprise, McAfee® Endpoint Security Threat Prevention, and Microsoft Windows Defender.

Advanced — Detected by advanced detection techniques like McAfee® MVISION Endpoint, Real Protect, and McAfee® Endpoint Security Adaptive Threat Protection (ATP).

Report Only Detections Total and daily counts of MVISION Endpoint report-only detections over the last 7 days. Arrow indicates the trend. Select the value to open the details for total or daily threat events.
Unresolved Threats Total number and count per day of detected threats that are unresolved. Arrow indicates the trend over the past 7 days.

Compliance Overview section

Item Description
Deployment Status Status of the security content and the individual products deployed in the environment. For example, McAfee Agent, McAfee MVISION Endpoint, and Microsoft Windows Defender.

The devices are color-coded to indicate the health of the security status (health) of the device:

Green — Latest (most recent) version.

Orange — One or more versions behind.

Light gray — No data available. The extension is checked in to McAfee ePO, but the product hasn't been deployed.

Dark gray — Indicates that the extension is checked in, but the product isn't installed on the endpoint.

Device Management Status

Check-in Failure indicates the number of devices that haven't checked in to the McAfee ePO server for more than 15 days.

Managed Devices without Protection indicates the number of devices that don't have these anti-malware products installed: Threat Prevention, MVISION Endpoint, or VirusScan Enterprise.

Managed Devices indicates the total number of managed devices over the past 7 days.

Devices section

Description

View your devices by tags (default), in the System Tree, or as a list.

Use the search feature to quickly find a device.

The information that appears in the Devices pane changes depending on the category you select:

  • Devices
  • Escalated Devices

Device Details section

Description

From the Devices panel, you can drill down to view the device details and the top 5 threats. Select a threat to open the Threat Details pane, and view specific details about a specific threat.

Activity Filters section

Description

From the Devices panel, you can drill down to view the device details and the top 5 threats. Select a threat to open the Threat Details pane, and view specific details about a specific threat.