Site of promotion
https://www.comss.ru/page.php?id=6131
Event
  • Other type of event
  • Instructions
    Get it from McAfee Endpoint Security
    Extract the components you want to install , run setup, install,done .

    Nagisa

    Level 4
    Verified
    yep

    View attachment 241009

    PD: I used an installer from another source, that's why it's licensed
    PD2: This is my malware testing VM, it has 4GB of RAM and McAfee doesn't uses too much ram in this system

    View attachment 241010
    Where did you get the installer file? The one that vitali sent?


    Btw, I have some doubts about the results of your bonus tests of McAfee. Afaik, GTI works like cloud signatures, so even when you disable file scanning, it may has more than behavioural detection. I haven't read the documentation yet, so I, too don't know how it works exactly.
     

    Vitali Ortzi

    Level 20
    Verified
    Where did you get the installer file? The one that vitali sent?


    Btw, I have some doubts about the results of your bonus tests of McAfee. Afaik, GTI works like cloud signatures, so even when you disable file scanning, it may has more than behavioural detection. I haven't read the documentation yet, so I, too don't know how it works exactly.
    Yep exactly.
    It includes a license workaround in case of an issue in that regard.
     

    Chri.Mi

    Level 7
    Good to know 👍.
    Got no idea why it was so slow .
    SEP always gets updates a lot faster
    In cmoss.ru
    Cause more ppls use it and report them when new version exists. I think mcafee is a bit ignored. Honestly i didnt know about this mcafee trial for ever, but i knew about symantec from around 5 years. Later is common thing symantec is superior vs mcafee, but i have some doubt comparing the 2 solutions (specially unmanaged vs unmanaged)
     

    Vitali Ortzi

    Level 20
    Verified
    Cause more ppls use it and report them when new version exists. I think mcafee is a bit ignored. Honestly i didnt know about this mcafee trial for ever, but i knew about symantec from around 5 years. Later is common thing symantec is superior vs mcafee, but i have some doubt comparing the 2 solutions (specially unmanaged vs unmanaged)
    Yeah not a fair comparison because unlike MacAfee SEP GUI lacks the options that makes the real difference between Norton and endpoint products .
     

    geminis3

    Level 13
    Verified
    Malware Tester
    Where did you get the installer file? The one that vitali sent?


    Btw, I have some doubts about the results of your bonus tests of McAfee. Afaik, GTI works like cloud signatures, so even when you disable file scanning, it may has more than behavioural detection. I haven't read the documentation yet, so I, too don't know how it works exactly.
    Reading the logs it says known malicious reputation, so it's like Kaspersky's System Watcher using UDS cloud signatures
    EDIT: a more fair test would be disabling internet access for bonus tests and see how ATP reacts without the Cloud
     

    Nagisa

    Level 4
    Verified
    @Vitali Ortzi

    Apparently, there is no official McAfee Endpoint Security download without the time limit. Doesn't it count as piracy to use it with workarounds? I also wonder how that workaround works by, and where did you get that installation file from.

    There is a topic for SEP too. They're saying that unmanaged client needs licencing as well. What do you think?

     

    Vitali Ortzi

    Level 20
    Verified
    @Vitali Ortzi

    Apparently, there is no official McAfee Endpoint Security download without the time limit. Doesn't it count as piracy to use it with workarounds? I also wonder how that workaround works by, and where did you get that installation file from.

    There is a topic for SEP too. They're saying that unmanaged client needs licencing as well. What do you think?

    They don't allow submissions without SEP license
    "SEP 12.1 unmanaged client requires the licenses.To enable the submission of reputation data from an unmanaged client, you must install a paid license on the client"
     

    Chri.Mi

    Level 7
    @Vitali Ortzi

    Apparently, there is no official McAfee Endpoint Security download without the time limit. Doesn't it count as piracy to use it with workarounds? I also wonder how that workaround works by, and where did you get that installation file from.

    There is a topic for SEP too. They're saying that unmanaged client needs licencing as well. What do you think?

    For what i understand u can use trials free without limit time... Is what is write in comss.ru for sep and mcafee.
     

    geminis3

    Level 13
    Verified
    Malware Tester
    I don't think this is the panacea of "free" AVs, it needs a lot of tweaking with exploit prevention rules to get optimal protection against fileless attacks.

    I've conducted a personal test with ENS using my custom settings and Avast Free with HM vs a Netwalker fileless ransomware sample with very low detection (4/59).

    ENS at default exploit prevention rules failed against Netwalker

    McAfee Enterprise-2020-05-23-09-27-20.png

    McAfee Enterprise-2020-05-23-09-44-46.png



    Avast already detected the file by signatures, so I rolled back the test VM to an old snapshot and cut the internet access to prevent it from calling the cloud.

    Avast VM-2020-05-24-08-33-19.png

    Avast VM-2020-05-24-08-36-07.png

    Avast VM-2020-05-24-08-36-26.png

    Avast VM-2020-05-24-08-40-42.png


    Behavior shield managed to block it and protected our files from fileless Netwalker.

    PD: With this post I'm not saying "hey go and install Avast right now", instead I'm clarifying about the default settings of McAfee ENS.
     

    Chri.Mi

    Level 7
    I don't think this is the panacea of "free" AVs, it needs a lot of tweaking with exploit prevention rules to get optimal protection against fileless attacks.

    I've conducted a personal test with ENS using my custom settings and Avast Free with HM vs a Netwalker fileless ransomware sample with very low detection (4/59).

    ENS at default exploit prevention rules failed against Netwalker

    View attachment 241051
    View attachment 241055


    Avast already detected the file by signatures, so I rolled back the test VM to an old snapshot and cut the internet access to prevent it from calling the cloud.

    View attachment 241052
    View attachment 241049
    View attachment 241053
    View attachment 241054

    Behavior shield managed to block it and protected our files from fileless Netwalker.

    PD: With this post I'm not saying "hey go and install Avast right now", instead I'm clarifying about the default settings of McAfee ENS.
    Is there any option for make mcafee effective vs this? If yes can u share?
     

    Chri.Mi

    Level 7
    set all the exploit prevention rules to block and enjoy the FP fest in your machine.
    Just for clarify... are u refering the ones in threat prevention where is write for example about block doppelganger, mimikatz, etc or rules down? or the rules under advanced threat protection?
     
    Top