McAfee Agent Option:
<Installation Path>\Common Framework\CmdAgent.exe
or
McAfee Agent 5.x C:\Program Files\McAfee\Agent>cmdagent.exe McAfee Agent 5.x
Category: McAfee Endpoint
How to Update McAfee VSE8.8 Extra.dat
EXTRA.DAT files is release when there is new and could be critical to your environment, When new malware is discovered and extra detection is required to detect and prevent against the threat.
EXTRA.DAT files contain information that is used by VirusScan and other McAfee products to detect new malware.
How to recovery McAfee drive Encryption with Mobile phone
How to recovery McAfee drive Encryption with Mobile phone
We wrote Article about How to set policy McAfee Drive Encryption recover with Mobile phone. Now We have policy for Mobile Recovery ;
Policy link: http://www.securcan.com/blog/2016/11/23/mcafee-drive-encryption-user-recover-with-mobile-phone-policy/
We need to McAfee Endpoint Assistant app for Rocever via Mobile Phone.
For Ios; https://itunes.apple.com/us/app/mcafee-endpoint-assistant/id797510089?mt=8
For Andorid;https://play.google.com/store/apps/details?id=com.mcafee.endpointassist
McAfee Drive Encryption User Recover with Mobile Phone Policy
McAfee Drive Encryption 7.1.x Support recovery with Mobile Phones
Mobile Phone application name: McAfee Assist About Mcafee Assist Link https://kc.mcafee.com/corporate/index?page=content&id=KB80070
There are two policy option for enable to Mobile Device Recovery on Drive Encryption
Continue reading
Recommended Exculusions for McAfee VSE
How to Purge Old McAfee DLP Events
The best way to purge McAfee DLP/HDLP events, For McAfee DLP and HDLP Version 9.3,9.4
On ePO console go to Menu-> Data Protection -> DLP Incident Manager
How to write custom Rules McAfee hips RDP etc.
On Epolicy orchestrator create custom rule McAfee hips
Scenario; RDP connect, Internet allow Facebookviever, yadro web site block and another All Application Block
Menu>Policy Catalog>Host Intrusion Prevention 8.0:Firewall > Firewall Rules (Windows, Mac, Linux) > Test policy>
Application Control the process name is “sychost.exe.” block bath file
Problem: added these batch file to the binary list but the solidcore process blocks it, the process name is “sychost.exe.”
Senario; When the user logs onto their machine cbs scripts are automatically activated over the DC server. We added these batch file to the binary. but the solidcore process blocks it.
the process name is “sychost.exe.”
How to write custome rule on McAfee hips
To create custom rule to prevent FILE operations (Create, Write, Execute, Read, etc.):
Name: <insert name>
Rule type: Files
Operations: Create, Execute, Read, Write
Parameters: path/file name
Note: The file name must include a path. If you wish to wildcard the path, begin the filename with **\ or ?:\ if you wish to wildcard the drive letter (for example: **\filename.exe or ?:\filename.exe).
You cannot use MD5 hashes with the “Files” parameter: path/filename only.
Drive type can also be used to limit the path to a specific drive type (for example., hard drive, CD-ROM, USB, network, floppy).
Executables: Can be left blank, unless you want to limit the signature to specific processes that performs the file operation (for example, explorer.exe, cmd.exe, etc.).
VSE On Access And Access Protection are always disable
Problem:
Always On Access and Access Protection modules are disable and also McAfee McShield and McAfee Validation Trust Protection services are stopped and can’t be started.