Unlimited Giveaway McAfee Endpoint Unmanaged client - no term limits

Disclaimer: We cannot guarantee that all promo codes will remain active. Some offers have a short validation period and expire.

Promo page
https://www.comss.ru/page.php?id=6131
How to get a license
Get it from [URL='https://www.comss.ru/page.php?id=6131']McAfee Endpoint Security[/URL]
Extract the components you want to install , run setup, install,done .
Vitali Ortzi

Vitali Ortzi

Level 26
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,580
geminis3 said:
changing rule assignment to security isolates all unknown files, changing the dynamic application containment rules to "block" blocks console programs because they call conhost.exe.

View attachment 240841

ATP on default settings also blocks ransominator since it calls certutil
Click to expand...
I remembered SEP on default failed by ransominator.
MacAfee Is definitely stronger on default settings.
 
  • Like
Reactions: Gandalf_The_Grey, Pat MacKnife and bayasdev
bayasdev

bayasdev

Level 19
Verified
Top Poster
Well-known
Sep 10, 2015
901
unblocking the excute child processes rules allow C programs to run contained, seems that Mcafee only applies the other rules to the parent process (ransominator) and not to the child ones which are trusted (7zip in this case)

1590185287129.png
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, SeriousHoax and Vitali Ortzi
N

Nagisa

Level 7
Verified
Jul 19, 2018
342
geminis3 said:
Send me screenshots of which settings you want and I'll test it
Click to expand...

1.PNG
2.PNG
3.PNG
4.PNG
5.PNG

@Vitali Ortzi Btw, Both the comss.ru version and the one that I downloaded from the direct link shows the same about screen. Client is self-managed but TP, ATP, Web filter, Firewall is trial - active on both versions.

@geminis3 It would be god's work to test both SEP and MEP at the malwarehub, to see which one is better than other. I would like to test it myself with SEP but I lack experience in malware testing.
 
Last edited by a moderator:
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, SeriousHoax, Vitali Ortzi and 1 other person
bayasdev

bayasdev

Level 19
Verified
Top Poster
Well-known
Sep 10, 2015
901
Nagisa said:
@Vitali Ortzi Btw, Both the comss.ru version and the one that I downloaded from the direct link shows the same about screen. Client is self-managed but TP, ATP, Web filter, Firewall is trial - active on both versions.

@geminis3 It would be god's work to test both SEP and MEP at the malwarehub, to see which one is better than other. I would like to test it myself with SEP but I lack experience in malware testing.
Click to expand...
if you know how to work with VMs and things like that without infecting yourself, you can apply to the hub
 
Last edited:
  • Like
Reactions: Gandalf_The_Grey, stefanos, Vitali Ortzi and 1 other person
Chri.Mi

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
geminis3 said:
changing rule assignment to security isolates all unknown files, changing the dynamic application containment rules to "block" blocks console programs because they call conhost.exe.

View attachment 240841

ATP on default settings also blocks ransominator since it calls certutil

EDIT: that config contains the original ransominator (calls local 7z copy) but doesn't stops it, will do further tests
Click to expand...
in the picture u dont have select to block with dynamic application containment, is set to report only. There are more under threat prevention and ATP that u can set to block. Also u can increase many voice to high lvl or very high lvl heuristics. If u test sites for physing etc, under web control u can set to block red yellow and unrecognized sites, so only trusted will be allow. Remember to block observe mode from various settings like AMSI otherwise it will no block nothing. If u copy my settings u can set the program at decent lvl (i made that for security + report). Later i switched for just block option, without reports. Dont know mcafee use so bad default settings.

Ehm when i post screenshots many settings was on low... but u can increase to high or very high heuristics for max settings.

Nagisa said:
View attachment 240846
View attachment 240847
View attachment 240848
View attachment 240849
View attachment 240850
Click to expand...
Why network intrusion block after 900 sec instead of 1 sec and i would use trigger application containment when reputation is unknown. The rest seems k

@geminis3
Hey just for understand... my english is not well. Your ransominator was blocked if set to block? Or it did escape cause 7zip was trusted?
 
Last edited:
  • Like
Reactions: Gandalf_The_Grey, Vitali Ortzi, bayasdev and 1 other person
bayasdev

bayasdev

Level 19
Verified
Top Poster
Well-known
Sep 10, 2015
901
Chri.Mi said:
@geminis3
Hey just for understand... my english is not well. Your ransominator was blocked if set to block? Or it did escape cause 7zip was trusted?
Click to expand...
All C console applications call CMD (conhost.exe) so setting all those rules to block prevent any console application with unknown reputation from running.

Disabling the "execute child processes" rule allows console applications to run but seems that 7z is whitelisted so all the other rules are ignored, interestingly it blocked ransominator from creating the ransom note (readme.txt) since it triggered some of the rules.

PD: English is not my main language but I try to do my best
 
  • Like
Reactions: Gandalf_The_Grey, Pat MacKnife, Vitali Ortzi and 1 other person
Pat MacKnife

Pat MacKnife

Level 16
Verified
Top Poster
Well-known
Jul 14, 2015
781
I will follow this thread, i also installed McAfee ENS because i have a license from school where my daughter goes to school.
I don't test with malware, but like to tweak it a little :)
Installed an older version ( 10.6 ) about 2 months ago, but didn't update properly, now i asked the software academy to set latest version on the download page and give it another try.
 
Last edited:
  • Like
Reactions: bayasdev and Vitali Ortzi
Vitali Ortzi

Vitali Ortzi

Level 26
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,580
geminis3 said:
It's a shame that ENS didn't submitted their extension to Mozilla Addons like other vendors did.
Click to expand...
That's partly the issue with extension based web security approach.
They have to upload it to every vender from Safari to firefox.
 
Pat MacKnife

Pat MacKnife

Level 16
Verified
Top Poster
Well-known
Jul 14, 2015
781
Can someone tell me what version McAfee Agent you have installed ? Here is 5.6.3.157 (you find it on the icon info
I think i am behind from what i seen on McAfee website...
Its important to be up-to-date because in a few days big Windows 10 2004 May update, you can read this document :

Windows 10 May 2020 Update adoption with VSE 8.8.0 Patch 9 upgrade to ENS 10.7.0 Hotfix 199847

View the Reference Configuration for Windows 10 May 2020 Update adoption with VSE 8.8.0 Patch 9 upgrade to ENS 10.7.0 Hotfix 199847.
kc.mcafee.com kc.mcafee.com
 
Last edited:
Chri.Mi

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
Pat MacKnife said:
Can someone tell me what version McAfee Agent you have installed ? Here is 5.6.3.157 (you find it on the icon info
I think i am behind from what i seen on McAfee website...
Its important to be up-to-date because in a few days big Windows 10 2004 May update, you can read this document :

Windows 10 May 2020 Update adoption with VSE 8.8.0 Patch 9 upgrade to ENS 10.7.0 Hotfix 199847

View the Reference Configuration for Windows 10 May 2020 Update adoption with VSE 8.8.0 Patch 9 upgrade to ENS 10.7.0 Hotfix 199847.
kc.mcafee.com kc.mcafee.com
Click to expand...
the same
 
  • Thanks
Reactions: Pat MacKnife
Pat MacKnife

Pat MacKnife

Level 16
Verified
Top Poster
Well-known
Jul 14, 2015
781
So it seems that ENS need an update for McAfee agent (recommended) for Windows 10 2004 May update, if i don't have latest version i think i will uninstall ENS before updating my Machine to Windows 10 2004 (not sure i will continue to use ENS , because that organisation lacks updating the clients)
 
bayasdev

bayasdev

Level 19
Verified
Top Poster
Well-known
Sep 10, 2015
901
Pat MacKnife said:
Can someone tell me what version McAfee Agent you have installed ? Here is 5.6.3.157 (you find it on the icon info
I think i am behind from what i seen on McAfee website...
Its important to be up-to-date because in a few days big Windows 10 2004 May update, you can read this document :

Windows 10 May 2020 Update adoption with VSE 8.8.0 Patch 9 upgrade to ENS 10.7.0 Hotfix 199847

View the Reference Configuration for Windows 10 May 2020 Update adoption with VSE 8.8.0 Patch 9 upgrade to ENS 10.7.0 Hotfix 199847.
kc.mcafee.com kc.mcafee.com
Click to expand...
yep

1590335322021.png


PD: I used an installer from another source, that's why it's licensed
PD2: This is my malware testing VM, it has 4GB of RAM and McAfee doesn't uses too much ram in this system

1590335411448.png
 
  • Like
Reactions: Pat MacKnife

Similar threads

F
    • Like
    • +Reputation
    • Applause
Advice Request Short Guide on How to Install McAfee Endpoint Security
Replies
10
Views
2,716
McAfee
HarborFront
H
R
    • Like
  • Locked
Norton Security Review 2017
Replies
0
Views
4,061
Norton
ras74
R
BoraMurdar
    • Like
Guide | How To Modern Anti-Virus Software : Features and Functions
Replies
36
Views
37,376
Guides - Privacy & Security Tips
Syspact
S

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top