Unlimited Giveaway McAfee Endpoint Unmanaged client - no term limits

Disclaimer: We cannot guarantee that all promo codes will remain active. Some offers have a short validation period and expire.

Promo page
https://www.comss.ru/page.php?id=6131
How to get a license
Get it from [URL='https://www.comss.ru/page.php?id=6131']McAfee Endpoint Security[/URL]
Extract the components you want to install , run setup, install,done .

Vitali Ortzi

Level 22
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,147
changing rule assignment to security isolates all unknown files, changing the dynamic application containment rules to "block" blocks console programs because they call conhost.exe.

View attachment 240841

ATP on default settings also blocks ransominator since it calls certutil
I remembered SEP on default failed by ransominator.
MacAfee Is definitely stronger on default settings.
 

bayasdev

Level 19
Verified
Top Poster
Well-known
Sep 10, 2015
901
unblocking the excute child processes rules allow C programs to run contained, seems that Mcafee only applies the other rules to the parent process (ransominator) and not to the child ones which are trusted (7zip in this case)

1590185287129.png
 

Nagisa

Level 7
Verified
Jul 19, 2018
341
Send me screenshots of which settings you want and I'll test it

1.PNG
2.PNG
3.PNG
4.PNG
5.PNG

@Vitali Ortzi Btw, Both the comss.ru version and the one that I downloaded from the direct link shows the same about screen. Client is self-managed but TP, ATP, Web filter, Firewall is trial - active on both versions.

@geminis3 It would be god's work to test both SEP and MEP at the malwarehub, to see which one is better than other. I would like to test it myself with SEP but I lack experience in malware testing.
 
Last edited by a moderator:

bayasdev

Level 19
Verified
Top Poster
Well-known
Sep 10, 2015
901
@Vitali Ortzi Btw, Both the comss.ru version and the one that I downloaded from the direct link shows the same about screen. Client is self-managed but TP, ATP, Web filter, Firewall is trial - active on both versions.

@geminis3 It would be god's work to test both SEP and MEP at the malwarehub, to see which one is better than other. I would like to test it myself with SEP but I lack experience in malware testing.
if you know how to work with VMs and things like that without infecting yourself, you can apply to the hub
 
Last edited:

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
changing rule assignment to security isolates all unknown files, changing the dynamic application containment rules to "block" blocks console programs because they call conhost.exe.

View attachment 240841

ATP on default settings also blocks ransominator since it calls certutil

EDIT: that config contains the original ransominator (calls local 7z copy) but doesn't stops it, will do further tests
in the picture u dont have select to block with dynamic application containment, is set to report only. There are more under threat prevention and ATP that u can set to block. Also u can increase many voice to high lvl or very high lvl heuristics. If u test sites for physing etc, under web control u can set to block red yellow and unrecognized sites, so only trusted will be allow. Remember to block observe mode from various settings like AMSI otherwise it will no block nothing. If u copy my settings u can set the program at decent lvl (i made that for security + report). Later i switched for just block option, without reports. Dont know mcafee use so bad default settings.

Ehm when i post screenshots many settings was on low... but u can increase to high or very high heuristics for max settings.

Why network intrusion block after 900 sec instead of 1 sec and i would use trigger application containment when reputation is unknown. The rest seems k

@geminis3
Hey just for understand... my english is not well. Your ransominator was blocked if set to block? Or it did escape cause 7zip was trusted?
 
Last edited:

bayasdev

Level 19
Verified
Top Poster
Well-known
Sep 10, 2015
901
@geminis3
Hey just for understand... my english is not well. Your ransominator was blocked if set to block? Or it did escape cause 7zip was trusted?
All C console applications call CMD (conhost.exe) so setting all those rules to block prevent any console application with unknown reputation from running.

Disabling the "execute child processes" rule allows console applications to run but seems that 7z is whitelisted so all the other rules are ignored, interestingly it blocked ransominator from creating the ransom note (readme.txt) since it triggered some of the rules.

PD: English is not my main language but I try to do my best
 

Pat MacKnife

Level 15
Verified
Top Poster
Well-known
Jul 14, 2015
725
I will follow this thread, i also installed McAfee ENS because i have a license from school where my daughter goes to school.
I don't test with malware, but like to tweak it a little :)
Installed an older version ( 10.6 ) about 2 months ago, but didn't update properly, now i asked the software academy to set latest version on the download page and give it another try.
 
Last edited:

Vitali Ortzi

Level 22
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,147
It's a shame that ENS didn't submitted their extension to Mozilla Addons like other vendors did.
That's partly the issue with extension based web security approach.
They have to upload it to every vender from Safari to firefox.
 

Pat MacKnife

Level 15
Verified
Top Poster
Well-known
Jul 14, 2015
725
Can someone tell me what version McAfee Agent you have installed ? Here is 5.6.3.157 (you find it on the icon info
I think i am behind from what i seen on McAfee website...
Its important to be up-to-date because in a few days big Windows 10 2004 May update, you can read this document :
 
Last edited:

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
Can someone tell me what version McAfee Agent you have installed ? Here is 5.6.3.157 (you find it on the icon info
I think i am behind from what i seen on McAfee website...
Its important to be up-to-date because in a few days big Windows 10 2004 May update, you can read this document :
the same
 
  • Thanks
Reactions: Pat MacKnife

Pat MacKnife

Level 15
Verified
Top Poster
Well-known
Jul 14, 2015
725
So it seems that ENS need an update for McAfee agent (recommended) for Windows 10 2004 May update, if i don't have latest version i think i will uninstall ENS before updating my Machine to Windows 10 2004 (not sure i will continue to use ENS , because that organisation lacks updating the clients)
 

bayasdev

Level 19
Verified
Top Poster
Well-known
Sep 10, 2015
901
Can someone tell me what version McAfee Agent you have installed ? Here is 5.6.3.157 (you find it on the icon info
I think i am behind from what i seen on McAfee website...
Its important to be up-to-date because in a few days big Windows 10 2004 May update, you can read this document :
yep

1590335322021.png


PD: I used an installer from another source, that's why it's licensed
PD2: This is my malware testing VM, it has 4GB of RAM and McAfee doesn't uses too much ram in this system

1590335411448.png
 
  • Like
Reactions: Pat MacKnife

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top