Specifications/Technical Information
Specifications/Technical Information
- McAfee Network Security Platform Technical Information - High Performance Intrusion Prevention IPS
- McAfee Network Security Platform Specifications - High Performance Intrusion Prevention IPS
- McAfee Advanced Threat Defense Technical Information - Malware Detection
- McAfee Advanced Threat Defense Specification - Malware Detection
- McAfee SIEM Knowledge Base - Threat Visibility with Log Analysis
McAfee
McAfee
McAfee Endpoint Security
McAfee Endpoint Securityの概要
There are two options for endpoint security for Windows.
ウィルス対策
- Efficient protection against known malware
- Rule base block also implemented
- Advanced script scanning (AMSI integration)
- In Windows 10, a new mechanism has been implemented to allow another program to call the scanning function of the antivirus software installed on the computer. Using an interface called the Antimalware Scan Interface (AMSI), you can pass content from within the program to antivirus software to check for malware.
- Even with multiple layers of obfuscation, the malicious script will eventually be rendered readable and the plain code will be handed over to the script processing engine. At that stage, the scripting engine can call a new Windows AMSI API to request scanning of the rendered content.
- Powershell, VB Script, Java Script code can be handed over by AMSI to NES for scanning.
Vulnerability countermeasures
Endpoint Security Threat Prevention
- Exploit prevention
- Exploit prevention
-
- Blocks against buffer overflow exploit attacks
- Windows DEP execution prevention can be enabled
- Buffer overflow protection can be customized according to the protection level (at the maximum protection level, false positives may occur)
firewall
Endpoint Security Firewall
- Flexible and Robust Firewall Functionality
- Network isolation is also realized
Web management
Endpoint Security Web Control
- Websites with many infection routes are inspected before malware strikes
次世代ウィルス対策
Endpoint Security Adaptive Threat Protection
- machine learning
- Dynamic Application Containment (DAC)
- Rollback function
Dynamic Application Containment (DAC)
- Monitors processes that could not be identified as threats and blocks (contains) only malicious behavior
- Targets processes that could not be judged as "trusted" or "threat" by file reputation
- Although the process is running on the system, it is almost impossible to affect the system because it cannot perform dangerous actions prohibited by the rules.
- Example of limitation of operation by DAC
- Characteristic Behavior of Ransomware
- Diffusion using NW and external media
- Unauthorized access to other processes (injection)
- Creating files in different executable formats (downloaders, droppers work)
Rollback function
- Rolls back the changes made by the threat, restoring as much of the original state as possible before the threat ran.
- Monitors the behavior of processes with a reputation of Unknown or lower and their child processes.
- If a monitored process behaves illegitimately, it terminates the process and restores it to its pre-execution state.
次世代ウィルス対策(MVISION Endpoint)
MVISION Endpoint
- Windows Defender と連携する次世代ウイルス対策
- Windows Defender との連携イメージ
- 機械学習機能
- MVISION Endpoint のその他機能
MVISION Endpointには、機械学習の他に、+αの機能として以下の新しい機能が含まれます。
- ロールバック機能:ランサムウェア等に万が一感染した場合、感染前の状態に戻すことが出来る機能
- パスワード盗難対策:認証情報(ログイン パスワード)の盗難を防御する機能(Credential Theft Protection)
- ファイルレス脅威対策:Windowsの「PowerShell」や「WMI」を悪用したファイルレスマルウェアによる攻撃を防御
評価版申込み
- 無償で30日間ご評価いただけます。
- 以下のフォームよりお申し込みください。
ENS テクニカルチェックのススメ
- VSEからENSへの円滑なバージョンアップのために、現環境の利用バージョン、ポリシーの状況把握を実施させていただきます。
- バージョンアップ作業についてお気軽にご相談ください。
