Professional Documents
Culture Documents
Contents
About this release
What's new
Resolved issues
Installation information
Known issues
Product documentation
Release date
August 28, 2017
Release build
Endpoint Security 10.5.2.2041
Endpoint Security Threat Prevention 10.5.2.2108 extension 10.5.2.2015
Endpoint Security Common 10.5.2.2072 extension 10.5.2.2013
Endpoint Security Firewall 10.5.2.2030 extension 10.5.2.2017
Endpoint Security Web Control 10.5.2.2028 extension 10.5.2.2014
Endpoint Security Adaptive Threat Protection 10.5.2.2078 extension 10.5.2.2037
Endpoint Security Migration Assistant extension 10.5.2.2006
1
This release was developed for use with:
Endpoint Security 10.5.2 lists these products and versions in the About dialog box of McAfee Agent and Endpoint
Security, and McAfee ePO product properties.
Product Version
Endpoint Security Common 10.5.2.2072
Endpoint Security Threat Prevention 10.5.2.2108
Endpoint Security Firewall 10.5.2.2030
Endpoint Security Web Control 10.5.2.2028
Endpoint Security Adaptive Threat Protection 10.5.2.2078
Purpose
This release of McAfee Endpoint Security contains improvements and fixes. This release also includes the ability
to disable scanners from the McAfee system tray, adds support for the Endpoint Security Profiler Tool, and
provides Extra.DAT support for Adaptive Threat Protection.
We recommend that you verify this update in test and pilot groups before mass deployment.
Rating Critical
2
What's new
The current release of the product includes these enhancements and changes.
Uses the Default, Low, and High scanning profiles to present data based on different configurations
Analyzes activity from Threat Prevention and Adaptive Threat Protection modules
Using the collected data, decide if you want to exclude a file, exclude a folder, or change how scanning is
applied to a process' activity by placing it into a different scan profile.
For information about configuring McAfee CTD to work with Endpoint Security, see the McAfee Cloud Threat
Detection documentation.
Common enhancements
Log file updates Changes the activity, error, and debug log files for all Endpoint Security modules so they are
now written in English only, regardless of system locale. This behavior is not configurable.
Installation improvements Adds a secondary validation check when a validation failure occurs through the
Validation and Trust Protection service. The secondary check succeeds if the calling process is signed by McAfee,
and all loaded modules are chained to a trusted certificate authority. This allows Endpoint Security processes to
operate normally in the presence of legitimate third-party software applications that inject processes, and
digitally sign the software.
Adds support for Early Load Anti-Malware (Windows 8 and later). This feature collects the list of device
drivers loaded during the system boot process, then scans them when the scanning services run.
Firewall enhancements
The Endpoint Security Firewall: Events from McAfee GTI query is now called Endpoint Security Firewall: Events from McAfee
GTI in the last 6 months. Previously, this query had no date limit; now it only queries results from the last 6
months.
3
Adaptive Threat Protection enhancements
Adds the option for disabling Endpoint Security scanners to the Quick Settings menu, accessed from the
McAfee system tray icon.
Adds Extra.DAT support for Real Protect. You can install an Extra.DAT file to suppress false positive
detections until the next scheduled ATP content update is released.
The behavior of the Allow action for ATP threat notifications changed between 10.2 and 10.5. In 10.2, if a user
selected Allow, the application was contained. In 10.5, the Allow action lets the application run uncontained.
Adds the ability to view the Adaptive Threat Protection content version.
Integrates several Real Protect performance improvements, including the resolution of a Google Chrome
false positive issue.
VirusScan Enterprise uses the semicolon ( ; ) characters to separate include and exclude processes, but the
Migration Assistant recognizes only the comma ( , ) characters. When you migrate exclusions that use
semicolons to separate multiple include and exclude processes, the processes are migrated to Access
Protection as a single process. The result is that migrated policies do not contain all the inclusions and
exclusions that were in the original policy.
Best practice: Review source VirusScan Enterprise policies before migration. Locate all semicolons and change
them to commas.
If you migrate policies with unrecognized semicolons, the Migration Assistant notifies you before completing
manual migration that policies have unsupported characters. You can cancel the migration, revise the source
policies, then begin manual migration again. You can also edit your migrated policies later.
Updated components
VSCore 15.6.0.2770 McAfee Agent 5.0.6
AMCore 1.5.0.3142
4
Roll up system or event data for Endpoint Security
Compile data from multiple servers at the same time using McAfee ePO Roll Up Data server tasks.
Task
1 From the McAfee ePO console, open the Server Task Builder.
a Select Menu | Automation | Server Tasks.
2 On the Description page, type a name and description for the task, and select whether to enable it, then
click Next.
Selected registered servers Select the servers you want, then click OK.
b Select the Additional Types: Configure link, and select the Endpoint Security types you want to include.
b Click Additional Types: Configure, and select the Endpoint Security types you want to include.
Resolved issues
The current release of the product resolved these issues. For a list of issues fixed in earlier releases, see the
Release Notes for the specific release.
Installation
Reference Resolution
1185007 An error no longer occurs, in rare cases, when migrating VirusScan Enterprise 8.8 to Endpoint
Security.
1187221 This release resolves a compatibility issue with HEAT Desktop & Server Management (DSM),
allowing a successful installation.
Common
Reference Resolution
1180277 Explorer now successfully accesses UPnP devices when Application Protection rules are enabled.
1189307 McAfee GTI connectivity status is now properly displayed immediately after a configuration
change.
5
Threat Prevention
Reference Resolution
1167578 On-access scan no longer blocks access to Hyper-V configuration files that reside on a Cluster
Shared Volume (CSV).
1175984 You can now configure the ability to disable scanning from the McAfee system tray icon under
Quick Settings.
1178903 ScriptScan is now compatible with Internet Explorer 11.
1190143 On-demand scans now display the correct number of files when a file was cached during a
previous scan.
1195284 On-access scan and on-demand scan exclusions are no longer duplicated when systems restart.
Firewall
Reference Resolution
1189926 After upgrading the Endpoint Security extension in McAfee ePO, the Firewall Rules policy and Firewall
Catalog now display Local Network and Remote Network columns correctly.
1195643 mfefw.exe no longer crashes due to a rarely seen unhandled exception.
Reference Resolution
1175984 You can now configure the ability to disable scanning from the McAfee system tray icon under
Quick Settings.
1199945 The Adaptive Threat Protection client no longer submits erroneous application and DLL telemetry
to the TIE server when that telemetry was already sent.
Installation information
Use this information while installing Endpoint Security.
For more information, see the McAfee Endpoint Security Installation Guide.
Best practice: Restart the client system after installing this release of the product.
Requirements
This release installs Endpoint Security on Windows systems that are self-managed and managed with McAfee
ePO or McAfee ePO Cloud.
6
Management software
McAfee ePO 5.1.1
On systems managed by McAfee ePO Cloud, no action is required. The new agent is installed
automatically on managed systems from the McAfee ePO Cloud installation URL sent to users.
On self-managed systems, no action is required to upgrade version 4.0 and later. For earlier versions,
upgrade McAfee Agent manually.
For more information, see the McAfee Endpoint Security Installation Guide.
McAfee Endpoint Protection for Mac 2.3 or McAfee VirusScan for Mac 9.8
Known issues
For a list of known issues in this product release, see KB82450.
7
Updates to documentation
Some updates to Endpoint Security 10.5.2 are not reflected in the product guide or Help.
McAfee Endpoint Server Settings Server Settings Adaptive Threat Protection page
Security 10.5.0 Product Adaptive Threat If you manage clients running Adaptive Threat Protection and
Guide and Adaptive Protection page either the Threat Intelligence Exchange module for McAfee
Threat Protection Help Missing Endpoint Security or Threat Prevention from the same McAfee
information about ePO server, the rule displayed in the Server Settings page depends
Adaptive Threat on the content checked in to the Master Repository. If the AMCore
Protection content. Content Package is checked in, Adaptive Threat Protection displays
rules from that content package. Otherwise, Adaptive Threat
Protection displays rules from the Threat Intelligence Exchange
module Content. If neither are present in the Master Repository, the
Server Settings page for Adaptive Threat Protection is blank.
Adaptive Threat Protection displays rules from only one content
source.
Product documentation
McAfee Endpoint Security includes the following documentation.
McAfee Endpoint Security Release Notes (this document)
8
Getting product information by email
The Support Notification Service (SNS) delivers valuable product news, alerts, and best practices to help you
increase the functionality and protection capabilities of your McAfee products.
To receive SNS email notices, go to the SNS Subscription Center at https://sns.secure.mcafee.com/signup_login
to register and select your product information options.
0-00