last posts

McAfee Endpoint Security 10.7.0 Build 1390.13

McAfee Endpoint Protection gives hostile to malware assurance. It likewise safeguards against unapproved gadgets. This imperative insurance supports endpoint and information security by consolidating gadget control and basic email and web security.

This basic security suite coordinates this multitude of fundamental capabilities into a solitary and reasonable climate. Because of the complete gadget control included, it is feasible to keep basic information from leaving your organization through evacuation media, for example, USB drives, Bluetooth gadgets, and so on.

McAfee Endpoint Security 10 assists you with controlling the danger guard lifecycle with advancements that impart and gain from one another continuously to battle progressed dangers and convey bits of knowledge with noteworthy danger legal sciences - all in the language you can undoubtedly comprehend.

McAfee Endpoint Security 10 offers occasions against possibly hazardous applications, downloads, sites, and documents to safeguard your efficiency and get perceivability into cutting-edge dangers.

This climate is great for defending customary work areas and different frameworks that have confined openness to Internet dangers. In addition, high-level email and spam security capture spam and unsafe infections by filtering inbound and outbound messages.

McAfee Endpoint Security Features:

Stops viruses, Trojans, worms, adware, spyware, and other potentially unwanted programs that aim to reach your devices and confidential data. McAffe’s technology automatically detects and blocks malware, even unknown threats, in real-time, before it spots your desktop and servers.


Neutralizes spyware before it spreads. Blocks detect and remove malicious software that takes your information or displays unwanted advertisements.

Desktop Firewall

Stops hackers and identity thieves from gaining access to your computers and data by instantly alerting users to any attempted intrusions.


Ensures that you and your company have safe access to email and web applications. McAfee cuts off more than 99% of spam, viruses, and phishing attacks before it reaches inboxes.

Safe Searching

McAfee SiteAdvisor provides colour-coded website ratings to notify users of potentially malicious sites. Security administrators can also block access to specific or entire categories of websites.

Device Control

Prevent the loss of sensitive data by restricting the use of removable media. (USB drives, DVDs and other removable storage devices). Monitors and restricts data copied to these devices to keep it always under the company‘s control.

Centralized Management

Manage policies, compliance and reporting from a single, centralized console (the McAfee ePolicy Orchestrator). Instantly see and take action to adjust security coverage as things happen.

What’s new in McAfee Endpoint Security 10.7.0:

This release of McAfee Endpoint Security contains improvements and fixes, including:

  • Enhanced remediation capabilities
  • The increased context for fileless threat detections
  • Enhanced protection against fileless attack methods
  • Support for an on-demand scan from the command line and improved scanning performance

Caution: Upgrading from the beta version of Endpoint Security 10.7 is not supported. To install the production release of the software, you must first uninstall the beta version.

New features

Installation and upgrade

  • Advanced Detection and Remediation extension — View Story Graph and remediation data reported by the Advanced Detection and Remediation extension that’s now included in the Endpoint Security installation package. The Story Graph is a visual representation of events leading up to a detected threat.
  • Endpoint Security Package Designer enhancements — Create separate installation packages for 32-bit and 64-bit versions of the product, and create installation packages that include McAfee® Endpoint Security Adaptive Threat Protection (ATP).
  • Adaptive Threat Protection requires McAfee® Endpoint Security Threat Prevention.
  • Support added in Endpoint Security Package Designer to trim future updates of Endpoint Security 10.7.0.
  • Support for case sensitivity — Allow Microsoft Windows to correctly manage mix-case file and folder names. You can check and change this attribute setting in Windows. It’s disabled by default.
  • On systems running Windows 10 October 2018 Update or later, you must make sure that the case sensitivity attribute is disabled for folders where you want to install the product software. Once Endpoint Security is installed or upgraded, Endpoint Security folders are protected against being set as case sensitive to make sure that this setting does not prevent product updates and upgrades.
  • All product features in each module protect and exclude files and folders in a case-insensitive manner, but use the correct case for reporting events.

Endpoint Security Platform

  • On-demand scan logging — During on-demand scans, all scanned files can now be logged when this feature is enabled. This feature is disabled by default.
  • Endpoint Security logging — Format improvements were made to standardize the Endpoint Security logs.

Threat Prevention

  • On-demand scan command line interface — Start, stop pause, resume, and get status for all types of on-demand scans (quick, full, and custom) from the command line or as part of a batch file.
  • Custom on-demand scan command line interface — Run a previously defined custom on-demand scan with new settings, without changing the original custom scan setting.
  • Update command line interface— Update the scan engine, AMCore content, and Exploit Prevention from the command line or as part of a batch file.
  • On-demand scan CPU throttling — Configure the maximum percentage of CPU (25% – 100%, default is 80%) that all types of on-demand scans (quick, full, and custom) consume when scanning files.
This feature is disabled by default and available only when Scan anytime is selected. It’s an alternative to using the System utilization setting. CPU throttling always uses THREAD_PRIORITY_IDLE threads for the least possible impact on other programs.
  • Choosing when to scan — Configure the on-access scanner to bypass trust logic and examine all files when writing to disk, reading from disk, or both with the new Let me decide option.
For the best performance, enable the Let McAfee Decide option.
  • Expert Rules enhancements
    • REGVAL_DATA — You can use this MATCH_type value to control or filter the data being written or changed in a registry value.
    • Next_Process_Behavior — You can use this command to create behavioural rules to block a specific sequence of actions.
    • AggregateMatch — You can use this command to create a list of values to match in a rule, so you can use the same data without having to rewrite the values.

Web ControlBrowser support — Microsoft Edge is now a supported browser on systems running Windows 10 Creators Update (15063) and later. Adaptive Threat Protection

  • Enhanced Real Protect script scanning — Support for the Anti-Malware Scanning Interface (AMSI) enables ATP technologies, including Real Protect to detect threats on supported events such as PowerShell. For more information about the file types that AMSI supports, see How AMSI helps you to defend against malware. This feature is enabled by default.
  • Enhanced remediation capabilities — Monitor the behaviour of processes with a reputation of Unknown and below, and their children, tracking all changes that the processes make to the system.
As it runs, the ATP scanner and Real Protect scanner inspect the process. After a limited period, if the scanners don’t detect malicious behaviour, enhanced remediation stops monitoring the process. If a monitored process exhibits malicious behaviour, enhanced remediation stops the process, its children, and ancestors, and rolls back the changes that it made, restoring the system as close as possible to its original state before the process ran. Files created in the convicted process are deleted, but to roll back the changes and restore the files, you must enable Monitor and remediate deleted and changed files.

This feature is enabled by default and only available when Clean when the reputation threshold reaches is enabled.

  • Enhanced protection against fileless attack methods — Detect and protect against fileless, dual-use, and live-off-the-land attacks using ATP rules, the Real Protect scanner, and Real Protect script scanning integration with AMSI.
  • The increased context for ATP detections — View ATP detection details in the Story Graph. The Story Graph provides context for the events leading up to a detected threat, allowing you to see why ATP thinks the activity is malicious and what actions led to the conviction.
Drill down from an event in the McAfee® ePolicy Orchestrator® (McAfee® ePO™) Threat Event Log to review the event’s Story Graph.
  • The name of the option for using McAfee GTI for file reputation information if the TIE server isn’t reachable has changed and now three options are available in the new Reputation Source drop-down list in the Adaptive Threat Protection Options policy:
    • Use McAfee GTI if the TIE server is not reachable
    • Use Only the TIE server
    • Use Only McAfee GTIReputation source configuration — Configure the source for file reputation information. For example, you can use only McAfee® Global Threat Intelligence (McAfee GTI) even if the McAfee® Threat Intelligence Exchange (TIE) server is reachable.

Your selected option is retained across upgrades and compatible with pre-10.7 extensions and client systems.

  • Updated Real Protect architecture — McAfee now delivers Real Protect and other scanner updates in AMCore Content updates.

Font Size
lines height