Site of promotion
https://www.comss.ru/page.php?id=6131
Event
  1. Other type of event
Instructions
Get it from McAfee Endpoint Security
Extract the components you want to install , run setup, install,done .

Nagisa

Level 5
Verified
yep

View attachment 241009

PD: I used an installer from another source, that's why it's licensed
PD2: This is my malware testing VM, it has 4GB of RAM and McAfee doesn't uses too much ram in this system

View attachment 241010

Where did you get the installer file? The one that vitali sent?


Btw, I have some doubts about the results of your bonus tests of McAfee. Afaik, GTI works like cloud signatures, so even when you disable file scanning, it may has more than behavioural detection. I haven't read the documentation yet, so I, too don't know how it works exactly.
 

Vitali Ortzi

Level 20
Verified
Where did you get the installer file? The one that vitali sent?


Btw, I have some doubts about the results of your bonus tests of McAfee. Afaik, GTI works like cloud signatures, so even when you disable file scanning, it may has more than behavioural detection. I haven't read the documentation yet, so I, too don't know how it works exactly.
Yep exactly.
It includes a license workaround in case of an issue in that regard.
 

Chri.Mi

Level 7
Good to know 👍.
Got no idea why it was so slow .
SEP always gets updates a lot faster
In cmoss.ru
Cause more ppls use it and report them when new version exists. I think mcafee is a bit ignored. Honestly i didnt know about this mcafee trial for ever, but i knew about symantec from around 5 years. Later is common thing symantec is superior vs mcafee, but i have some doubt comparing the 2 solutions (specially unmanaged vs unmanaged)
 

Vitali Ortzi

Level 20
Verified
Cause more ppls use it and report them when new version exists. I think mcafee is a bit ignored. Honestly i didnt know about this mcafee trial for ever, but i knew about symantec from around 5 years. Later is common thing symantec is superior vs mcafee, but i have some doubt comparing the 2 solutions (specially unmanaged vs unmanaged)
Yeah not a fair comparison because unlike MacAfee SEP GUI lacks the options that makes the real difference between Norton and endpoint products .
 

geminis3

Level 16
Verified
Malware Tester
Where did you get the installer file? The one that vitali sent?


Btw, I have some doubts about the results of your bonus tests of McAfee. Afaik, GTI works like cloud signatures, so even when you disable file scanning, it may has more than behavioural detection. I haven't read the documentation yet, so I, too don't know how it works exactly.
Reading the logs it says known malicious reputation, so it's like Kaspersky's System Watcher using UDS cloud signatures
EDIT: a more fair test would be disabling internet access for bonus tests and see how ATP reacts without the Cloud
 

geminis3

Level 16
Verified
Malware Tester
Offline BONUS Test

I used 22/05/2020 signatures

McAfee Enterprise-2020-05-24-12-10-43.png


McAfee Enterprise-2020-05-24-12-08-50.png

McAfee Enterprise-2020-05-24-12-08-58.png


(HIT) ATP Rule

McAfee Enterprise-2020-05-24-12-09-22.png


(HIT) ATP Rule

McAfee Enterprise-2020-05-24-12-10-19.png


PD: This config without internet access is an FP making machine, it even blocked me from running 7zip to extract the samples so I had to temporarly disable it.
 

Nagisa

Level 5
Verified
@Vitali Ortzi

Apparently, there is no official McAfee Endpoint Security download without the time limit. Doesn't it count as piracy to use it with workarounds? I also wonder how that workaround works by, and where did you get that installation file from.

There is a topic for SEP too. They're saying that unmanaged client needs licencing as well. What do you think?

 

Vitali Ortzi

Level 20
Verified
@Vitali Ortzi

Apparently, there is no official McAfee Endpoint Security download without the time limit. Doesn't it count as piracy to use it with workarounds? I also wonder how that workaround works by, and where did you get that installation file from.

There is a topic for SEP too. They're saying that unmanaged client needs licencing as well. What do you think?

They don't allow submissions without SEP license
"SEP 12.1 unmanaged client requires the licenses.To enable the submission of reputation data from an unmanaged client, you must install a paid license on the client"
 

Chri.Mi

Level 7
@Vitali Ortzi

Apparently, there is no official McAfee Endpoint Security download without the time limit. Doesn't it count as piracy to use it with workarounds? I also wonder how that workaround works by, and where did you get that installation file from.

There is a topic for SEP too. They're saying that unmanaged client needs licencing as well. What do you think?

For what i understand u can use trials free without limit time... Is what is write in comss.ru for sep and mcafee.
 

geminis3

Level 16
Verified
Malware Tester
I don't think this is the panacea of "free" AVs, it needs a lot of tweaking with exploit prevention rules to get optimal protection against fileless attacks.

I've conducted a personal test with ENS using my custom settings and Avast Free with HM vs a Netwalker fileless ransomware sample with very low detection (4/59).

ENS at default exploit prevention rules failed against Netwalker

McAfee Enterprise-2020-05-23-09-27-20.png

McAfee Enterprise-2020-05-23-09-44-46.png



Avast already detected the file by signatures, so I rolled back the test VM to an old snapshot and cut the internet access to prevent it from calling the cloud.

Avast VM-2020-05-24-08-33-19.png

Avast VM-2020-05-24-08-36-07.png

Avast VM-2020-05-24-08-36-26.png

Avast VM-2020-05-24-08-40-42.png


Behavior shield managed to block it and protected our files from fileless Netwalker.

PD: With this post I'm not saying "hey go and install Avast right now", instead I'm clarifying about the default settings of McAfee ENS.
 

Chri.Mi

Level 7
I don't think this is the panacea of "free" AVs, it needs a lot of tweaking with exploit prevention rules to get optimal protection against fileless attacks.

I've conducted a personal test with ENS using my custom settings and Avast Free with HM vs a Netwalker fileless ransomware sample with very low detection (4/59).

ENS at default exploit prevention rules failed against Netwalker

View attachment 241051
View attachment 241055


Avast already detected the file by signatures, so I rolled back the test VM to an old snapshot and cut the internet access to prevent it from calling the cloud.

View attachment 241052
View attachment 241049
View attachment 241053
View attachment 241054

Behavior shield managed to block it and protected our files from fileless Netwalker.

PD: With this post I'm not saying "hey go and install Avast right now", instead I'm clarifying about the default settings of McAfee ENS.
Is there any option for make mcafee effective vs this? If yes can u share?
 

Chri.Mi

Level 7
set all the exploit prevention rules to block and enjoy the FP fest in your machine.
Just for clarify... are u refering the ones in threat prevention where is write for example about block doppelganger, mimikatz, etc or rules down? or the rules under advanced threat protection?