TPM interview Flashcards
What is ENS?
Trellix Endpoint Security is our modern, integrated
endpoint security platform. It replaces several
legacy McAfee products that were deployed as
point products (VirusScan Enterprise, McAfee
SiteAdvisor®, McAfee® Host Intrusion Prevention
[McAfee Host IPS], and others) with a single-agent
architecture and integrated advanced defenses
like machine learning analysis, containment, and
endpoint detection and response (EDR).
What are some of the new technologies in
McAfee Endpoint Security?
Rollback remediation
On-demand scanning
Story Graph
Edge Browser support
Machine learning
Application containment
Behavior monitoring
Integration with MVISION EDR
Migration assistant
How is ENS different from VSE?
McAfee Endpoint Security outperforms VirusScan
Enterprise, giving you a 25% higher protection rate. It
also simplifies your environment by providing a single
agent to deploy and manage in your environment.
The number of policies you’ll manage are also
reduced, saving you time while simplifying workflows.
Customers have saved as much as 40 hours per
week by moving to McAfee Endpoint Security.
What capabilities of McAfee Endpoint Security replace VirusScan Enterprise, SiteAdvisor, and McAfee Host IPS
Threat Prevention: Includes several new, advanced
malware scanning features to defend against
emerging and targeted attacks. It is a replacement
for VirusScan Enterprise. However, unlike VirusScan
Enterprise, it includes exploit prevention capabilities
similar to those found in McAfee Host IPS to mitigate
a broader set of endpoint threats, such as fileless
attacks, ransomware, and zero-day attacks.
Web Security: Prevents users from browsing to
malicious or unauthorized websites and serves as a
replacement for SiteAdvisor Enterprise.
Firewall: Stops malicious inbound and outbound
network traffic and replaces the host intrusion
prevention firewall feature of McAfee Host IPS.
What is Rollback Remediation and how does it work
When malware attempts to compromise an endpoint, malicious actions like calling on executables that grant system access or filenames
are altered to deliver a payload. With McAfee
Endpoint Security rollback remediation enabled, a
system snapshot is established and changes that
are made are recorded. When McAfee Endpoint
Security detects threats, rollback remediation will
automatically reverse the system changes made
and return a system to its previously healthy state.
This keeps the user and system productive while
also saving a support call and a potential lengthy
remediation period if a system re-image would have
been required.
What is the Story Graph?
The Story Graph is a data visualization tool
introduced with McAfee Endpoint Security version
10.7 that can be viewed with the management
console Threat Event area. It is designed to present
threat events in an at-a-glance format with a tree
of events to allow administrators to easily see the
3 McAfee Endpoint Security
lifecycle, connected actions, and severity of a threat.
Using the Story Graph, event and process details can
be examined more rapidly and speed the time for
an administrator to understand how a threat arrived
and make policy changes to prevent future threats
faster.
What is On-Demand scanning
Explain browser support for Edge
Web control functionality available in the Microsoft Edge browser.
How is machine learning integrated into ENS?
: McAfee Endpoint Security is our modern, integrated
endpoint security platform. It replaces several
legacy McAfee products that were deployed as
point products (VirusScan Enterprise, McAfee
SiteAdvisor®, McAfee® Host Intrusion Prevention
[McAfee Host IPS], and others) with a single-agent
architecture and integrated advanced defenses
like machine learning analysis, containment, and
endpoint detection and response (EDR).
What is application contatinment and what does it do?
Contains malicious
applications and processes on endpoints even
when they are offline.
Explain behavior monitoring with ENS
Records process-level
behavior while analyzing for attack techniques
and procedures (TTPs). Alerts are prioritized
with attack “playback” of events.
Explain how ENS is integrated with MVISION EDR
McAfee Endpoint
Security works with our Endpoint Detection and
Response (EDR) tool by surfacing details about
threats and threat events for incident responders.
What is the migration Assistant and what does it do?
A tool for existing customers
to make migration easy. Performs automatic tasks
and moves your existing policies into McAfee
Endpoint Security.
Do the machine learning or Application
Containment technologies require an internet
connection?
Because McAfee® Global Threat Intelligence is
leveraged to get the latest information on threat
behaviors and the cloud aids in the decision process
when determining the intent of behaviors, an
internet connection is recommended to help avoid
any false positive convictions and to combat the
newest emerging threats as they appear in real time
globally
How long does it take to migrate from VirusScan
Enterprise?
Customers have been able to migrate as many as
14,000 endpoints within a week by just spending
a few hours a day on migration. Migration time
will vary, depending on the total number of
endpoints and on your environment. If you have
up-to-date versions of the McAfee agent, McAfee®
ePolicy Orchestrator® (McAfee ePO™) software,
and VirusScan Enterprise, you’re ready to migrate
immediately. If out-of-date versions are in use,
updates may be required first. We also have
migration software tools, best practice guides,
training, and professional services available to help
guide and simplify migrations as well
