McAfee

McAfee

McAfee Endpoint Security

McAfee Endpoint Securityの概要

There are two options for endpoint security for Windows.

  • The threat defense lifecycle

ウィルス対策

  • Efficient protection against known malware
  • Rule base block also implemented
  • Endpoint Security Threat Prevention
  • Advanced script scanning (AMSI integration)
    • In Windows 10, a new mechanism has been implemented to allow another program to call the scanning function of the antivirus software installed on the computer. Using an interface called the Antimalware Scan Interface (AMSI), you can pass content from within the program to antivirus software to check for malware.
    • Even with multiple layers of obfuscation, the malicious script will eventually be rendered readable and the plain code will be handed over to the script processing engine. At that stage, the scripting engine can call a new Windows AMSI API to request scanning of the rendered content.
    • Powershell, VB Script, Java Script code can be handed over by AMSI to NES for scanning.

Vulnerability countermeasures

Endpoint Security Threat Prevention

  • Exploit prevention
  • Endpoint Security Threat Prevention
  • Exploit prevention
    1. Blocks against buffer overflow exploit attacks
    2. Windows DEP execution prevention can be enabled
    3. Buffer overflow protection can be customized according to the protection level (at the maximum protection level, false positives may occur)

firewall

Endpoint Security Firewall

  • Flexible and Robust Firewall Functionality
  • Network isolation is also realized
  • firewall

Web management

Endpoint Security Web Control

  • Websites with many infection routes are inspected before malware strikes
  • Endpoint Security Web Control

次世代ウィルス対策

Endpoint Security Adaptive Threat Protection

  • machine learning
  • Endpoint Security Adaptive Threat Protection
  • Dynamic Application Containment (DAC)
  • Rollback function

Dynamic Application Containment (DAC)

  • Monitors processes that could not be identified as threats and blocks (contains) only malicious behavior
    • Targets processes that could not be judged as "trusted" or "threat" by file reputation
    • Although the process is running on the system, it is almost impossible to affect the system because it cannot perform dangerous actions prohibited by the rules.
  • Example of limitation of operation by DAC
    • Characteristic Behavior of Ransomware
    • Diffusion using NW and external media
    • Unauthorized access to other processes (injection)
    • Creating files in different executable formats (downloaders, droppers work)

Rollback function

  • Rolls back the changes made by the threat, restoring as much of the original state as possible before the threat ran.
    • Monitors the behavior of processes with a reputation of Unknown or lower and their child processes.
    • If a monitored process behaves illegitimately, it terminates the process and restores it to its pre-execution state.

次世代ウィルス対策(MVISION Endpoint)

MVISION Endpoint

  • Windows Defender と連携する次世代ウイルス対策
  • MVISION Endpoint
  • Windows Defender との連携イメージ
  • MVISION Endpoint
  • 機械学習機能
  • MVISION Endpoint
  • MVISION Endpoint のその他機能

MVISION Endpointには、機械学習の他に、+αの機能として以下の新しい機能が含まれます。

  • ロールバック機能:ランサムウェア等に万が一感染した場合、感染前の状態に戻すことが出来る機能
  • パスワード盗難対策:認証情報(ログイン パスワード)の盗難を防御する機能(Credential Theft Protection)
  • ファイルレス脅威対策:Windowsの「PowerShell」や「WMI」を悪用したファイルレスマルウェアによる攻撃を防御
McAfee Dynamic Endpoint評価版申込み・ENSテクニカルチェックのご案内

評価版申込み

  • 無償で30日間ご評価いただけます。
  • 以下のフォームよりお申し込みください。

ENS テクニカルチェックのススメ

  • VSEからENSへの円滑なバージョンアップのために、現環境の利用バージョン、ポリシーの状況把握を実施させていただきます。
  • バージョンアップ作業についてお気軽にご相談ください。