Getting started with the Protection Workspace

The Protection Workspace is where you can see all potential threats on managed devices and respond to them.

The Protection Workspace is divided into several categories, allowing you to view compliance information and manage key threats in one place. When interacting with the Protection Workspace, start on the left side and progress to the right.

Name Category Description
Protection Workspace bar Devices Total number of devices tracked by the McAfee ePO server.
Escalations Total number of devices that are tagged as escalated. Select a device to view Escalated Devices. System is escalated if it detects 5 threats or more in 24 hours.
Update Updates automatically occur every 5 minutes. Click the refresh icon to manually redisplay the Protection Workspace.
Settings Use the Protection Workspace settings to:
  • Change the interface to High Contrast Mode.
  • Adjust the Security Content Color Thresholds and Check-In Failure Color Thresholds to customize the security levels for your environment.
Threat Overview Escalated Devices Total number of devices that received a threat over the past 7 days. System is escalated if it detects 5 threats or more in 24 hours.
Resolved Threats Total number of threats that were resolved in the past 7 days.

Basic — Detected by products like McAfee VirusScan Enterprise, McAfee® Endpoint Security Threat Prevention, and Microsoft Windows Defender.

Advanced — Detected by advanced detection techniques like McAfee® MVISION Endpoint, Real Protect, and McAfee® Endpoint Security Adaptive Threat Protection (ATP).

Unresolved Threats Total number and count per day of detected threats that are unresolved. Arrow indicates the trend over the past 7 days.
Data Protection Reports only the total number of McAfee® Data Loss Prevention (McAfee DLP) and McAfee® Management of Native Encryption (MNE) events over the past 7 days.
Compliance Overview Security Content
Note: You must have the product extensions installed to see the categories.
Percentage of systems that are within a specific number of days using a current DAT. For example, If the DAT is within 3 days of release it's considered compliant, if it's older than 3 days it's noncompliant.
Software Status Status of the security content and the individual products deployed in the environment. For example, McAfee Agent, McAfee MVISION Endpoint, and Microsoft Windows Defender.

The devices are color-coded to indicate the health of the security status (health) of the device:

Green — Latest (most recent) version.

Orange — One or more versions behind.

Light gray — No data available. The extension is checked in to McAfee ePO, but the product hasn't been deployed.

Dark gray — Indicates that the extension is checked in, but the product isn't installed on the endpoint.

Device Management Status

Check-in Failure indicates the number of devices that haven't checked in to the McAfee ePO server for more than 15 days.

Managed Devices without Protection indicates the number of devices that don't have these anti-malware products installed: Threat Prevention, MVISION Endpoint, or VirusScan Enterprise.

Managed Devices indicates the total number of managed devices over the past 7 days.


View your devices by tags (default), in the System Tree, or as a list.

Use the search feature to quickly find a device.

The information that appears in the Devices pane changes depending on the category you select:


Escalated Devices

Drill down to view the device details and the top 5 threats. Select a threat to open the Threat Details pane, and view specific details about a specific threat.