Home  >  APT29  >  Results  >  McAfee  >  Configuration

McAfee Configuration

Product Versions

Day 1-2

  • MVision EDR Client:
  • McAfee Agent
  • McAfee DXL Client
  • McAfee ePO 5.10.0

Day 3 (all the same as day 1 & 2 plus the following)

  • MVision Endpoint:
  • MVE ePO extensions:

Description: MVision EDR:

McAfee® MVISION EDR is a cloud-delivered service that enables customers to detect advanced device threats, fully investigate, and quickly respond. With MVISION EDR’s continuous data collection, advanced analytics detect suspicious behavior, and alert ranking with data visualization, you can quickly understand threats and prioritize actions.

Automated AI-Guided Investigations gather, summarize, and visualize evidence from multiple sources and iterate as the investigation evolves. With in-depth understanding of the threat and single-click response capabilities, MVISION EDR enables you to quickly and confidently act.

MVISION EDR reduces the expertise and effort needed to perform investigations and increases the speed with which analysts can determine the risk of the incident and root cause. At an organizational level, the benefits multiply. Security Analysts can be more efficient, more cases can be settled quickly, and time can be spent on the highest value activities.

MVISION EDR also reduces mean time to detect and respond to threats by enabling all analysts to understand alerts, fully investigate, and quickly respond. Advanced analytics broaden detection and make sense of alerts. Automated AI-Guided Investigations equip even novice analysts on how to analyze at a higher level and free your more senior analysts to apply their skills to the hunt and accelerate response time.

MVISION EDR is a key component of an integrated security ecosystem. It extends endpoint protection capabilities and expands visibility while supporting the workflows and processes of the security team to help reduce mean time to detect and respond and increase operational efficiency.

MVISION Endpoint works with Microsoft Defender environments by adding behavioral analysis and zero-day threat prevention to the native protection provided with the Operating System. Microsoft Defender Antivirus, Exploit Guard, Windows Firewall and McAfee technologies are managed in a central location with unified policies to simplify management and elevate threat event data for quick investigation or remediation

Product Configuration:

Day 1-2

  • Enable local cache on device for Files and Network activity for Real Time Search
  • Enable collection Powershell Windows events
  • Custom collectors to search for powershell script block events.
  • Enable full visibility on network connections to ports 80 and 443

Day 3 (all the same as day 1 & 2 plus the following)

  • MVision Endpoint configured to allow execution