McAfee Endpoint Security 10.

1
Common
Delta
Copyright
Copyright © 2015 Intel Corporation. All rights reserved

The training information in this document is provided in connection with Intel Security products. No
license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this
document. Except as provided in Intel's terms and conditions of sale for such products, Intel assumes no
liability whatsoever and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel
products including liability or warranties relating to fitness for a particular purpose, merchantability, or
infringement of any patent, copyright or other intellectual property right.

Intel may make changes to specifications and product descriptions at any time, without notice. Intel
reserves these for future definition and shall have no responsibility whatsoever for conflicts or
incompatibilities arising from future changes to them. The information here is subject to change without
notice. The products described in this document may contain design defects or errors known as errata
which may cause the product to deviate from published specifications. Effort has been made to ensure the
accuracy of information presented as factual; However, errors may exist.

The statements, comments or opinions expressed by users through the use of Intel Security technology
resources are those of their respective authors, who are solely responsible for them, and do not necessarily
represent the views of Intel and/or its affiliates.
About This Learning Material
Intended Audience for this material: Employees, Channel Partners, McAfee Support
Agent, Support Partners

Intent of this material

• The goal of this Delta Course is to provide you with training on the differences
introduced by Common module as part of McAfee Endpoint Security 10.1.
• The course design assumes you already know the product and have experience with it.

Estimated time to complete this module: 0.5 hour

Prerequisite or Resource Material: For the information in this Delta to make sense to you,
you will need to know the basics of this product either by course or by experience.

You also need to know: McAfee Endpoint Security 10.0 Installation and Common Module
Essentials ILT (Technical)

3
Purpose

This Delta is important to you because:

• Several new features have been introduced in Endpoint Security 10.1.
• DLL Injection Management
• Task Management
• Custom Tasks
• SiteList Import/Export
• Display Managed Tasks

In this Delta, you will learn to …

• Identify what are the new, modified, and removed features.

4
In the Delta

• About This Learning Material

• Purpose

• ENS 10.0 vs. 10.1

• Supported Platforms

• Acronyms • New Features

• Modified Features
• Removed Features
• Localization
• Known Issues
• Support Tools
• Summary

5
Delta of McAfee Endpoint Security 10.1 (in a Glance)

Feature Quick Description ENS 10.0 ENS 10.1

DLL Injection Management Grant or deny trust based upon a products

digital certificate.

Task Management Grid Task creation, configuration, and monitoring

are accomplished via the "Task" grid located
in the Client UI under the advanced settings
page for Common.
Custom Tasks The Client UI provides the capacity for an end
user to quickly create, schedule, run, and
monitor custom tasks. Supported custom
tasks include Threat Prevention Scan, Update,
and Mirror.
SiteList Import/Export Allow import of MA sitelists from previous
versions and export of current sitelist

Display Managed Tasks Allow administrator to control display of

managed tasks on the endpoint.

6
Supported Platforms for Product
Client operating systems

One of these supported operating systems must be running on workstations

where you install the client software.

• Windows 10
• Windows 8.1 Update 1
• Windows 8 (not including Windows RT edition)
• Windows 7
• Windows Vista
• Windows Embedded 8: Pro, Standard, Industry
• Windows Embedded Standard 7
• Windows Embedded for Point of Service (WEPOS)

7
Supported Platforms for Product
Server operating systems

One of these supported operating systems must be running on servers where

you install the client software.

• Windows Server 2012, 2012 R2, and 2012 R2 Update 1: Essentials,

Standard, Datacenter (including Server Core mode)
• Windows Server 2008 and 2008 R2: Standard, Datacenter, Enterprise, Web
(including Server Core mode)
• Windows Storage Server 2008 and 2008 R2
• Windows Small Business Server 2011
• Windows Small Business Server 2008
• Windows Embedded Standard 2009
• Windows Point of Service Ready 2009
• Windows Point of Service 1.1

8
Acronyms
Acronym Description
ENS McAfee Endpoint Security
ePO ePolicy Orchestrator
MA McAfee Agent
UI User Interface
DLL Dynamic Link Library
MPT McAfee Platform Technologies

9
Feature Changes

New – Modified - Removed

DLL Injection Management

DLL Injection Management provides administrators with a means to

allow or deny third party software to inject into ENS processes based
on the product’s digital certificate.
• Events are generated when an injection is attempted

• In a managed environment, the ePO administrator manages the certificates

via the Endpoint Security Common Policy.

11
DLL Injection Management
• Certificates are visible via the client UI. If the agent is managed, then the
certificates are read only.

• The MPT Canary process (mfecanary.exe) detects DLL injections from

untrusted sources and notifies ENS. If third party injections are not being
detected, check Windows Task Manager for mfecanary.exe.

12
Task Management Grid

• Allows users to monitor default and custom tasks

• Allows users to manage tasks

13
Custom Task

• Allows the end user to create, schedule, run, and monitor custom tasks.
• Custom tasks which are created in a managed configuration are not
reported to ePO.
• Custom tasks are user-defined and reside local to the host system.

14
Display Managed Tasks

• Allows administrator to control whether managed custom tasks are

displayed at the client

15
Import/Export Sitelist

• Allows MA sitelists from previous versions of MA to be imported into the

current environment
• Provides the ability to export the current sitelist so it can be imported into
a different Endpoint client.

16
Support Knowledge

Localization – Known Issues – Support

Tools

17
Localization

The product is available in these languages:

• English
• Spanish
• Hebrew
• French
• German
• Chinese (Simplified)
• Chinese (Traditional)
• Japanese
• Russian
• Korean
• Italian
• Brazilian-Portuguese
• Dutch
• Polish
• Swedish

18
Known Issues
This slide lists issues identified by engineers that may impact customers. For more
detailed information about this product and issues visit https://kb.mcafee.com.

DLL Injection Management requires mfecanary.exe to be running

in order to capture DLL injection attempts. The service is not
protected so it may be shut down via task manager. Endpoint
Security Platform (ESP) is not notified of the termination and has
no way of knowing that the service has terminated. Mfecanary
may be restarted by either restarting mfeesp or by rebooting the
machine.

19
Support Tools

Not available

20
Summary
Your top takeaways from this Delta are:
• Several new features have been introduced in Endpoint Security 10.1.
• DLL Injection Management
• Task Management
• Custom Tasks
• SiteList Import/Export
• Display Managed Tasks

21