skip to content

IT Help and Support

University Information Services
 

Please note, the default policies have been transfered across to the latest version of McAfee products (ENS 10.x) and this page will be updated to reflect the final settings at a later date

Policies from VSE 8.8 are migrated to ENS 10.x as shown here:

https://docs.mcafee.com/bundle/endpoint-security-migration-guide-epolicy-orchestrator-windows/page/GUID-23DAA99E-4A92-4E9B-9BCA-CB237384D996.html

Agent:

General

General Tab

 

Default Settings

Configured (if different)

General options:

 

 

Policy enforcement interval (minutes):

5

 

Show the McAfee system tray icon (Windows only)

On

 

Allow end users to update security from the McAfee system tray menu

Off

 

Enable agent wake-up call support

On

 

Enable super agent wake-up call support (Windows only)

On

 

Accept connections only from the ePO server

On

 

Convert agents to SuperAgents (Windows only)

On

 

Use systems running SuperAgents as distributed repositories

Off

 

Run agent processes at lower CPU priority (Windows only)

On

 

Reboot options after product deployment (Windows only):

 

 

Prompt user when a reboot is required

On

 

Force automatic reboot after (seconds)

Off

 

Agent-to-server communication:

 

 

Enable agent-to-server communication

On

 

Agent-to-server communication interval

60

 

Initiate agent-to-server communication within 10 minutes after startup if policies are older than (days):

1

 

Send full product properties in addition to system properties. If unchecked only minimal product properties are sent in addition to system properties

On

 

Events tab

 

Default Settings

Configured (if different)

Priority event forwarding:

 

 

Enable priority event forwarding

On

 

Forward events with a priority equal or greater than:

Warning

 

Interval between uploads (minutes):

5

 

Maximum number of events per upload:

10

20

Logging Tab

 

Default Settings

Configured (if different)

Agent Activity Log options:

 

 

Enable Agent Activity Log

On

 

File message limit in lines (on Windows) or KB (on Unix):

200

 

Enable detailed logging

Off

 

Enable remote access to log

Off

On

Updates Tab

 

Default Settings

Configured (if different)

Product update log file:

None

 

Post-update options:

None

 

DAT file downgrades:

 

 

Enable DAT file downgrades when the version in the repository is older than local version

Off

 

Repository branch to use for each update type:

 

 

Select which branch to use for each update type No packages are available in the repository

 

 

Signatures and engines:

All set to Current

 

Patches and service packs:

All set to Current

 

Repository

Repositories tab

 

Default Settings

Configured (if different)

Repository list selection:

 

 

Use this repository list

On

 

Use other repository list

Off

 

Select repository by:

 

 

Ping time

On

 

Ping timeout (seconds):

30

 

Repository list:

 

 

Automatically allow clients to access newly-added repositories

Off

 

1

ePO_EPO

 

2

McAfeeHttp

 

Proxy Tab

 

Default Settings

Configured (if different)

Proxy settings:

 

 

Do not use a proxy

On

 

Troubleshooting

General Tab

 

Default Settings

Configured (if different)

Language options:

 

 

Select language used by agent: (Windows, Mac OSX and EWS agents only)

Off

 

 

Anti-malware for Mac 9.0.0

General Tab

 

Default Settings

Configured (if different)

General policies controlling overall functioning of Anti-malware

 

 

On-access Scan

On

 

 

On-access Scan Tab

 

Default Settings

Configured (if different)

On-access Scan policies

 

 

Scan contents of Archives and Compressed Files

Off

On

Scan Apple Mail Messages

Off

On

Scan files on Network Volumes

Off

 

Maximum scan time (seconds)

45

 

Scan files

On Write

 

When a virus is found

Clean

 

If the above action fails

Quarantine

 

When a spyware is found

Clean (Greyed out)

 

If the above action fails

Quarantine (Greyed out)

 

On-demand Scan Tab

 

Default Settings

Configured (if different)

On-demand Scan policies

 

 

Scan contents of Archives and Compressed Files

On

 

Scan Apple Mail Messages

On

 

When a virus is found

Clean

 

If the above action fails

Quarantine

 

When a spyware is found

Clean (Greyed out)

 

If the above action fails

Quarantine (Greyed out)

 

Exclusions Tab

 

Default Settings

Configured (if different)

Exclude specific disks, files and folders

None

 

On-access scan

Off

 

On-demand scan

Off

 

 

VirusScan 8.8:

On-Access General Policies

General Tab

 

Default Settings

Configured (if different)

Scan:

Scan

Scan

Boot Sectors

On

 

Floppy during shutdown

Off

 

Processes on enable

Off

On

Trusted installers

Off

 

 

 

 

Enable on-access scanning:

 

 

Enable on-access scanning at system startup

On

 

Enable on-access scanning when the policy is enforced.

On

 

Maximum scan time:

 

 

Enforce a maximum scanning time for all files

On

 

Maximum scan time (seconds)

(45)

 

 

 

 

Cookies:

 

 

Scan cookie files

On

 

 

 

 

Artemis (Heuristic network check for suspicious files:

 

 

Sensitivity level

Very Low

High

ScriptScan tab

 

Default Settings

Configured (if different)

Enable ScriptScan

On

 

ScriptScan exclusions

None

 

Blocking Tab

 

Default Settings

Configured (if different)

Message:

 

 

Send a message

Off

 

Block the connection:

 

 

Block the connection when a threatened file is detected in a shared folder.

On

 

Unblock connection after

10 minutes

 

Block the connection when a file with a potentially unwanted program is detected in a shared folder.

Off

 

Messages Tab

 

Default Settings

Configured (if different)

User message:

 

 

Show messages dialog when threat detected

On

 

Notify the user when a cookie detection occurs

Off

 

Message text

VirusScan Alert!

 

Actions available to user:

 

 

Remove messages from list

On

 

Clean files

On

 

Delete files

Off

 

Reports Tab

 

Default Settings

Configured (if different)

Log to file

On (default file)

 

Log file location

%DEFLOGDIR%\OnAccessScanLog.txt

 

Limit size of log file

On
1 MB

 

20MB

Format

Unicode (UTF8)

 

What to log in addition to virus activity:

 

 

Session settings

Off

 

Session summary

On

 

Failure to scan encrypted files

On

 

On-Access Default Process Policies

Processes Tab

 

Default Settings

Configured (if different)

Configure one scanning policy for all processes

On

 

Configure different scanning policies for high-risk, low-risk and default processes

Off

 

Scan Items tab

 

Default Settings

Configured (if different)

Scan files:

 

 

When writing to disk

On

 

When reading from disk

On

 

On network drives

Off

 

Opened for backup

On

 

File types to scan:

All files

 

Heuristics:

 

 

Find unknown unwanted programs and trojans

On

 

Find unknown macro threats

On

 

Compressed files:

 

 

Scan inside archives (eg .ZIP)

Off

On

Decode MIME encoded files

Off

 

Unwanted Program Detection :

 

 

Detect unwanted programs

On

 

Exclusions tab

 

Default Settings

Configured (if different)

What not to scan

None

 

How to handle client exclusions

On

 

Actions Tab

 

Default Settings

Configured (if different)

When a threat is found:

 

 

Perform this action first

Clean files automatically

 

If first action fails

Delete files automatically

Deny access to files

When an unwanted program is found:

 

 

Perform this action first

Clean files automatically

 

If first action fails

Delete files automatically

Deny access to files

On-Access Low-risk Process Policies

Low-Risk Processes Tab

 

Default Settings

Configured (if different)

Processes

Aexauditpls.exe
Aexnsclient.exe
Aexnsclienttransport.exe
Aexnswdusr.exe

 

Scan Items tab

 

Default Settings

Configured (if different)

Scan files:

 

 

When writing to disk

On

 

When reading from disk

On

 

On network drives

Off

 

Opened for backup

On

 

File types to scan:

All files

 

Heuristics:

 

 

Find unknown unwanted programs and trojans

Off

 

Find unknown macro threats

Off

 

Compressed files:

 

 

Scan inside archives (eg .ZIP)

Off

 

Decode MIME encoded files

Off

 

Unwanted Program Detection :

 

 

Detect unwanted programs

On

 

Exclusions tab

 

Default Settings

Configured (if different)

What not to scan

None

 

How to handle client exclusions

On

 

Actions Tab

 

Default Settings

Configured (if different)

When a threat is found:

 

 

Perform this action first

Clean files automatically

 

If first action fails

Delete files automatically

Deny access to files

When an unwanted program is found:

 

 

Perform this action first

Clean files automatically

 

If first action fails

Delete files automatically

Deny access to files

On-Access High-risk Process Policies

High-Risk Processes Tab

 

Default Settings

Configured (if different)

Processes

42 processes

 

Scan Items tab

 

Default Settings

Configured (if different)

Scan files:

 

 

When writing to disk

On

 

When reading from disk

On

 

On network drives

Off

 

Opened for backup

On

 

File types to scan:

All files

 

Heuristics:

 

 

Find unknown unwanted programs and trojans

On

 

Find unknown macro threats

On

 

Compressed files:

 

 

Scan inside archives (eg .ZIP)

Off

On

Decode MIME encoded files

Off

 

Unwanted Program Detection :

 

 

Detect unwanted programs

On

 

 

Exclusions tab

 

Default Settings

Configured (if different)

What not to scan

None

 

How to handle client exclusions

On

 

Actions Tab

 

Default Settings

Configured (if different)

When a threat is found:

 

 

Perform this action first

Clean files automatically

 

If first action fails

Delete files automatically

Deny access to files

When an unwanted program is found:

 

 

Perform this action first

Clean files automatically

 

If first action fails

Delete files automatically

Deny access to files

On Delivery Email Scan Policies

Scan Items tab

 

Default Settings

Configured (if different)

Scanning of Email

On (Enable On-Delivery E-mail Scanner)

 

Attachments to scan:

All files

 

Heuristics:

 

 

Find unknown program threats and trojans

On

 

Find unknown macro threats

On

 

Find attachments with multiple extensions

Off

 

Compressed Files:

 

 

Scan inside archives (e.g. Zip)

On

 

Decode MIME encoded files

On

 

Unwanted programs detection:

 

 

Detect unwanted programs

On

 

E-mail message body (for Microsoft Outlook only):

 

 

Scan e-mail message body

On

 

Artemis (Heuristic network check for suspicious file)s:

 

 

Security level

Very Low

High

Actions Tab

 

Default Settings

Configured (if different)

When a threat is found:

 

 

Perform this action first

Clean attachments

 

Secondary action

Move attachments to a folder

 

When an unwanted program attachment is found:

 

 

Perform this action first

Clean attachments

 

Secondary action

Move attachments to a folder

 

Move to folder

Quarantine

 

Allowed Actions in Prompt dialog box:

 

 

Clean attachment

On

 

Delete attachment

On

 

Move attachment

On

 

Delete Mail (for Outlook Scan only)

On

 

Alerts Tab

 

Default Settings

Configured (if different)

E-mail Alert:

 

 

Send alert mail to user

Off

 

Prompt for action message:

Greyed out

 

 

 

 

Notes Scanner Settings Tab

 

Default Settings

Configured (if different)

Server Scanner Settings:

 

 

Scan all server databases

Off

 

Scan server mailboxes

On

 

Mailbox root folder

!!mail\

 

Advanced Options :

None

 

Reports Tab

 

Default Settings

Configured (if different)

Log file:

 

 

Enable activity logging

On (default log file)

 

Log file location:

%DEFLOGDIR%\EmailOnDeliveryLog.txt

 

Limit size of log file

On
1 MB

 

20MB

Format

Unicode (UTF8)

 

What to log in addition to scanning activity:

 

 

Session settings

Off

 

Session summary

On

 

Failure to scan encrypted files

On

 

General Options Policies

Display Options Tab

 

Default Settings

Configured (if different)

System tray icon:

On (Show the system tray icon with all menu options)

 

Console options:

 

 

Allow this system to make remote console connections to other systems

On

 

Display managed tasks in the client console

Off

 

Disable default AutoUpdate task schedule

Off

 

Enable splash screen

On

 

Console Language settings:

Automatic

 

Password Options Tab

 

Default Settings

Configured (if different)

User interface password:

No password

 

If you enable password protection, select the objects you wish to have password protected.

 

 

Global Scan Setting Tab

 

Default Settings

Configured (if different)

Scan Cache:

 

 

Enable saving scan data across reboots

On

 

Allow On-Demand scans to utilize the scan cache

On

 

Alert Policies

Alert Manager Alerts Tab

 

Default Settings

Configured (if different)

Components that generate alerts:

 

 

On-Access Scan

On

 

On-Demand Scan and scheduled scans

On

 

Email Scan

On

 

AutoUpdate

On

 

Access Protection

On

 

Alert Manager options:

 

 

Disable alerting

Off

 

Enable centralized alerting

 

 

Enable alert manager alerting

On

 

Specify the location of the Alert Manager server that receives alerts:

 

 

Do not use Active Directory Lookup

 

 

Additional Alerting Options Tab

 

Default Settings

Configured (if different)

Severity Filter

Suppress Information alerts (severity < 1)

 

Local Alerting:

 

 

Log to local application event log

On

 

Send SNMP trap using SNMP service

Off

 

Access ProtectionPolicies

Access Protection Tab

 

Default Settings

Configured (if different)

Access Protection Rules:

 

 

Enable Access Protection

On

 

Prevent McAfee services from being stopped

On

 

Please note that the table below displays just the configured settings, NOT the default settings.

Categories

Block

Report

Rules

 

Default

Configured

Default

Configured

 

Anti-spyware Standard Protection

 

 

 

 

Protect Internet Explorer favorites and settings

Anti-spyware Maximum Protection

 

 

 

 

Prevent installation of new CLSIDs, APPIDs and TYPELIBs

 

 

 

 

 

Prevent all programs from running files from the Temp folder

 

 

 

 

Prevent execution of scripts from the Temp folder

Anti-virus Standard Protection

 

 

 

 

Prevent registry editor and Task Manager from being disabled

 

 

 

 

 

Prevent user rights policies from being altered

 

 

 

 

 

Prevent remote creation/modification of executable and configuration files

 

 

 

Prevent remote creation of autorun files

 

 

 

 

Prevent hijacking of .EXE and other executable extensions

 

 

 

 

 

Prevent Windows Process spoofing

 

 

 

Prevent mass mailing worms from sending mail

 

 

 

Prevent IRC communication

 

 

 

 

 

Prevent use of tftp.exe

 

 

 

 

 

 

Anti-virus Maximum Protection

 

 

 

 

Prevent svchost executing non-Windows executables

 

 

 

 

 

Protect phonebook files from password and email address stealers

 

 

 

 

 

Prevent alteration of all file extension registrations

 

 

 

 

 

Protect cached files from password and email address stealers

 

 

 

 

 

 

Anti-virus Outbreak Control

 

 

 

 

Make all shares read-only

 

 

 

 

 

Block read and write access to all shares

 

 

 

 

 

 

Common Standard Protection

 

 

Prevent modification of McAfee files and settings

 

 

 

Prevent modification of McAfee Common Management Agent files and settings

 

 

 

Prevent modification of McAfee Scan Engine files and settings

 

 

 

 

 

Protect Mozilla & Firefox files and settings

 

 

 

 

 

Protect Internet Explorer settings

 

 

 

 

 

Prevent installation of Browser Helper Objects and Shell Extensions

 

 

 

 

 

Protect Network Settings

 

 

 

 

Prevent common programs from running files from the Temp folder

 

 

 

 

 

Disable HCP URLs in Internet Explorer

 

 

 

Prevent termination of McAfee processes

 

 

 

 

 

 

Common Maximum Protection

 

 

 

 

Prevent programs registering to autorun

 

 

 

 

Prevent programs registering as a service

 

 

 

 

Prevent creation of new executable files in the Windows folder

 

 

 

 

 

Prevent creation of new executable files in the Program Files folder

 

 

 

 

Prevent launching of files from the Downloaded Programs Files folder

 

 

 

 

 

Prevent FTP communication

 

 

 

 

 

Prevent HTTP communication

 

 

 

 

 

 

Virtual Machine Protection

 

 

 

 

Prevent Termination of VMWare Processes

 

 

 

 

 

Prevent modification of VMWare Workstation files & settings

 

 

 

 

 

Prevent modification of VMWare Server files & settings

 

 

 

 

 

Prevent Modification of VMWare Virtual machine files

 

 

 

 

 

 

User-defined Rules

 

 

 

 

Block exe in AppData\Roaming

 

Default Settings

Configured (if different)

Prevent McAfee services from being stopped

On

 

Reports Tab

 

Default Settings

Configured (if different)

Log to file:

On (default file)

 

Log file location:

%DEFLOGDIR%\AccessProtectionLog.txt

 

Limit size of log file

On
1 MB

 

20MB

Format

Unicode (UTF8)

 

Buffer Overflow Protection Policies

Buffer Overflow Protection Tab

 

Default Settings

Configured (if different)

Buffer overflow settings:

On

 

Warning mode

Off

 

Protection mode

On

 

Client system warning:

On (Show the messages dialog box when a buffer overflow is detected)

 

Buffer overflow exclusions:

None

 

Reports Tab

 

Default Settings

Configured (if different)

Log to file:

On

 

Log file location:

%DEFLOGDIR%\BufferOverflowProtectionLog.txt

 

Limit size of log file

On
1 MB

 

20MB

Format

Unicode (UTF8)

 

Unwanted Programs Policies

Scan Items Tab

 

Default Settings

Configured (if different)

Select categories of unwanted programs to detect:

 

 

Spyware

On

 

Adware

On

 

Remote Administration Tools

On

 

Dialers

On

 

Password Crackers

On

 

Jokes

On

 

Key Loggers

On

 

Other Potential Unwanted Programs

On

 

Unwanted program exclusions

None

 

User-Defined items Tab

 

Default Settings

Configured (if different)

User-defined detections:

None

 

Quarantine Manager Policies

QuarantineTab

 

Default Settings

Configured (if different)

Quarantine Directory:

<SYSTEM_DRIVE>\Quarantine

 

Quarantined data retention:

 

 

Automatically delete quarantined data

On

 

Number of days to keep backed-up data in the quarantine folder

28