McAfee Agent Option:
<Installation Path>\Common Framework\CmdAgent.exe
McAfee Agent 5.x C:\Program Files\McAfee\Agent>cmdagent.exe McAfee Agent 5.x
EXTRA.DAT files is release when there is new and could be critical to your environment, When new malware is discovered and extra detection is required to detect and prevent against the threat.
EXTRA.DAT files contain information that is used by VirusScan and other McAfee products to detect new malware.
How to recovery McAfee drive Encryption with Mobile phone
We wrote Article about How to set policy McAfee Drive Encryption recover with Mobile phone. Now We have policy for Mobile Recovery ;
Policy link: http://www.securcan.com/blog/2016/11/23/mcafee-drive-encryption-user-recover-with-mobile-phone-policy/
We need to McAfee Endpoint Assistant app for Rocever via Mobile Phone.
For Ios; https://itunes.apple.com/us/app/mcafee-endpoint-assistant/id797510089?mt=8
McAfee Drive Encryption 7.1.x Support recovery with Mobile Phones
Mobile Phone application name: McAfee Assist About Mcafee Assist Link https://kc.mcafee.com/corporate/index?page=content&id=KB80070
There are two policy option for enable to Mobile Device Recovery on Drive Encryption
The best way to purge McAfee DLP/HDLP events, For McAfee DLP and HDLP Version 9.3,9.4
On ePO console go to Menu-> Data Protection -> DLP Incident Manager
On Epolicy orchestrator create custom rule McAfee hips
Scenario; RDP connect, Internet allow Facebookviever, yadro web site block and another All Application Block
Menu>Policy Catalog>Host Intrusion Prevention 8.0:Firewall > Firewall Rules (Windows, Mac, Linux) > Test policy>
Problem: added these batch file to the binary list but the solidcore process blocks it, the process name is “sychost.exe.”
Senario; When the user logs onto their machine cbs scripts are automatically activated over the DC server. We added these batch file to the binary. but the solidcore process blocks it.
the process name is “sychost.exe.”
To create custom rule to prevent FILE operations (Create, Write, Execute, Read, etc.):
Name: <insert name>
Rule type: Files
Operations: Create, Execute, Read, Write
Parameters: path/file name
Note: The file name must include a path. If you wish to wildcard the path, begin the filename with **\ or ?:\ if you wish to wildcard the drive letter (for example: **\filename.exe or ?:\filename.exe).
You cannot use MD5 hashes with the “Files” parameter: path/filename only.
Drive type can also be used to limit the path to a specific drive type (for example., hard drive, CD-ROM, USB, network, floppy).
Executables: Can be left blank, unless you want to limit the signature to specific processes that performs the file operation (for example, explorer.exe, cmd.exe, etc.).
Always On Access and Access Protection modules are disable and also McAfee McShield and McAfee Validation Trust Protection services are stopped and can’t be started.