Home  >  Results  >  McAfee  >  Configuration
MVISION
McAfee
Tags:    


McAfee Configuration

The following product description and configuration information was provided by the vendor and has been included in its unedited form. Any MITRE comments are included in italics.


Product Versions

Management:
  • ePolicy Orchestrator 5.10.0 (Build 2428)
  • MVISION EDR Extension 3.0.0.758
  • MVISION EDR Client Extension 3.0.0.365
  • MVISION EDR Endpoint Snapshot Tool 6.4.0.49
  • McAfee Agent Extension 5.6.1.150
  • DXL Extension 5.0.1.198
  • DXL Broker 5.0.1.223

Endpoints:
  • McAfee Agent 5.6.1.157
  • MVISION EDR 3.0.0.365

Description

McAfee® MVISION EDR is a cloud-delivered service that enables customers to detect advanced device threats, fully investigate, and quickly respond. With MVISION EDR’s continuous data collection, advanced analytics detect suspicious behavior, and alert ranking with data visualization, you can quickly understand threats and prioritize actions.

AI-Guided Investigations automatically gather, summarize, and visualize evidence from multiple sources and iterate as the investigation evolves. With in-depth understanding of the threat and single-click response capabilities, MVISION EDR enables you to quickly and confidently act.

MVISION EDR reduces the expertise and effort needed to perform investigations and increases the speed with which analysts can determine the risk of the incident and root cause. At an organizational level, the benefits multiply. Security Analysts can be more efficient, more cases can be settled quickly, and time can be spent on the highest value activities.

MVISION EDR also reduces mean time to detect and respond to threats by enabling all analysts to understand alerts, fully investigate, and quickly respond. Advanced analytics broaden detection and make sense of alerts. AI-Guided Investigations and automation equip even novice analysts on how to analyze at a higher level and free your more senior analysts to apply their skills to the hunt and accelerate response time.

MVISION EDR is a key component of an integrated security ecosystem. It extends endpoint protection capabilities and expands visibility while supporting the workflows and processes of the security team to help reduce mean time to detect and respond and increase operational efficiency.


Configuration

Defaults plus enable triggers, enable process history, enable network sniffing and enable file hashing plugin.