ens

Question 1

What is XDR?

Answer 1

Platform that integrates, correlates, and contextualizes data and alerts from multiple security prevention, detection and response components.

Question 2

What is ENS?

Answer 2

Flexible, unified solution that protects devices and endpoints at the network edge, empowering your organization to address complex,, distributed security issues thoroughly, efficiently and quickly.

Question 3

What components make up ENS?

Answer 3

Firewall, Threat Prevention, Adaptive Threat Protection, Web Control

Question 4

what is Threat Prevention?

Answer 4

prevents threats from accessing systems, scnas files automatically when they are accessed and runs targeted scans for malware on vlient systems.

Question 5

What is Firewall?

Answer 5

Monitors network and internet traffic

Question 6

What is web control?

Answer 6

web filtering and browser protection

Question 7

What is ATP?

Answer 7

Trace and alert on suspicious activity.
Hunt on all endpoints and take actions immediately .

Question 8

What are the 4 main platforms ENS supports?

Answer 8

ePO on-prem, MVISION ePO, ePO Cloud, ENS Client UI.

Question 9

what is TIE (threat Intelligence Exchange)?

Answer 9

oiptional component that optimizes threat prevention by narrowing the gap from malware encounters to containment down to milliseconds.

Question 10

What is the information TIE provides?

Answer 10

Local and global file reputation
Local and contextual info
Certificate reputation
External Reputation Sources

Question 11

What is quarantine?

Answer 11

Quarantines affected items, attempt to clean or repair them, or automatically delete them.

Question 12

What are Firewall rule groups?

Answer 12

Organize Firewall rules for easy management enabling you to apply rules manually or on a schedule, and to only process traffic based on connection type.

Question 13

T/F
The DXL is required for communication to the TIE server.

Answer 13

True

Question 14

What is the DXL?

Answer 14

Framework that allows for bidirectional communicastion between endpoints and on a network.

Question 15

What is the block and allow list?

Answer 15

prevent users from visiting specific URLS or domains oe alway sallow access to sites important to business.

Question 16

What is rating actions and web category blocking?

Answer 16

Use safety ratings ta nd web categories defined by Trellix to control user access to sites, pages and downloads

Question 17

What is secire seatch?

Answer 17

automaticaly block risky sites rfom appearing in search results based on safvety rating.

Question 18

What are site reports?

Answer 18

details show how the safety rating was calc. based on types of threats detected, test results, and other data.

Question 19

What are some of the threats that ENS can provide protection from?

Answer 19

Malware, suspicious files, suspicious communications, unsafe websites, etc.

Question 20

What is the workflow for a first time installation?

Answer 20

1. Install software server side by checking in the desired product package file to the ePO server
2. Update ePO server with the latest content files required for Endpoint Security: AMCore, Exploit Prevention, and ATP content Files
3. Deploy the client software with default or custom settings to managed systems either:
   a. Remotely with deployment tasks
   b. Locally on managed systems with an installation URL
4. Verify that the client software is installed and up to date on all managed systems
5. Configure settings as needed

Question 21

What is the workflow for an upgrade?

Answer 21

1. Confirm that your upgrade path is supported
2. Check in the product package files and the McAfee Agent package files (if required) to the ePO server
3. Upgrade McAfee Agent, if required
4. Manually update your ePO server with the latest content files required for Endpoint Security: Amcore, Exploit Prevention, and ATP content files
5. Deploy the client software with default or custom settings to managed systems in one of these ways:
   a. Remotely with deployment tasks
   b. Locally on managed systems with an installation URL
6. Verify that the client software is installed and up to date on all managed systems
7. Configure settings as needed

Question 22

What additional steps need to be taken whe upgrading legacy software w/ migrated settings

Answer 22

-Review and prepare legacy settings
-Migrate settings with Endpoint Migration Assistant
-Verify that your settings migrated correctly

Question 23

What does the Endpoint Upgrade Assistant do?

Answer 23

Upgrade all the systems that meet requirements with a single deployment task, and to plan deployments that ensure compatibility between Endpoint Security and other McAfee products running on managed systems

Question 24

Before you deploy ENS to a production environment, what should be done first?

Answer 24

You need to deploy the software you plan to install in a test environment or to a test group, then verify the results before deploying it to the larger environment. Testing lets you verify that endpoints upgrade as expected, and make changes as needed, before deploying upgrades to all endpoints

Question 25

What consideration needs to be made prior to deploying ATP?

Answer 25

If you plan to install Endpoint Security ATP, decide whether to integrate it with the optional TIE server

Question 26

What are some general considerations to be made prior to the deployment of ENS?

Answer 26

-How it will be deployed (platform software, third-party tools, or an installation URL)

-Management Strategy

-Update Strategy

-Whether or not you will use Migration Assistant and Upgrade Assistant

Question 27

T/F: You need to uninstall existing legacy Virus Detection and Firewall products prior to the deployment of ENS.

Answer 27

False, You don’t need to uninstall existing virus-detection and firewall products on systems before installing Endpoint Security. The installation wizard detects these products and resolves most conflicts automatically

If incompatible virus detection or firewall software is installed - The wizard tries to uninstall the software. If it can’t, it prompts the user to cancel the installation, uninstall the incompatible software manually from the Windows Control Panel, then resume the installation where it left off

Question 28

T/F: The ENS Install wizard will disable the Windows firewall automatically to prevent conflicts.

Answer 28

F

Question 29

If Common Event Enabler (CEE)/Common AntiVirus Agent (CAVA) is running, what does this mean for ENS.

Answer 29

You can install ENS with CAVA support by using a command line option.

This disables the blocking cache in the OAS, increases the number of OAS scanning threads to 200, and enables network scanning.

These setting changes are needed for OAS to scan all files from CAVA

Question 30

What happens if HIPS is installed when you attempt to deploy ENS?

Answer 30

ENS firewall replaces HIPS firewall, and you can optionally migrate your Firewall settings to the new firewall.

HIPS (without its firewall module) can run side by side with ENS

Note: you are not required to upgrade to ENS firewall or migrate your settings. You can continue to run the HIPS firewall after installing ENS firewall. Whenever HIPS Firewall is installed and enabled, ENS firewall is disabled even if enabled in the policy settings

Question 31

What is the compatibility like with McAfee Client Proxy and ENS

Answer 31

If McAfee Client Proxy is installed - Web Control disables itself automatically if it detects a web gateway appliance or if McAfee Client Proxy is installed and in redirection mode

Question 32

What is the compatibility like with McAfee Application Control and McAfee Change Control

Answer 32

If McAfee Application Control and McAfee Change Control are running - The system stops responding (hangs) when memory protection features in McAfee Application Control, McAfee Change Control 8.x or 7.x and Endpoint Security or Host Intrusion Prevent are running at the same time.

Question 33

What should you do if you need to run ENS on a system with Application Control and Change Control

Answer 33

• Installation order - Install ENS first, then Application Control and Change Control.
• If already installed - Disable the Memory protection and Script as Updater features in Application Control and Change Control. See KB81465 for more information.

Question 34

What are the tasks that should be done before installing ENS?

Answer 34

-Make sure that systems meet requirements
-Make sure that other products are compatible with Endpoint Security
-Make sure that the software you want to upgrade is supported
-Review settings you want to save
-Run McAfee GetClean
-Run McAfee SysPrep

Question 35

What does the ENS Package Designer do?

Answer 35

Endpoint Security Package Designer steps through the process of creating a custom installation file, which you can deploy to managed systems using ePO or third party software

Question 36

What does the ENSConfigTool do?

Answer 36

ENS config tool allows you export all policy settings from select product modules to a location that you specify

It is located in the ENS platform folder

Question 37

What does the Migration Assistant Tool do?

Answer 37

Use this tool to save (or migrate) settings and assignments for legacy products when upgrading to ENS

Question 38

What does the Upgrade Assistant Tool do?

Answer 38

Simplifies and automates many of the tasks required to upgrade managed systems to ENS in complex environments

-Analyze managed systems
-Identify the systems that are ready to upgrade
-Plan, implement, and track product upgrades throughout your environment
-Maintain compatibility on systems running multiple McAfee products and versions
-Deploy using ePO or third party tools