McAfee Complete Endpoint Protection Review

The Complete Endpoint Suite has certainly simplified the build procedure.


Valuable Features:

I personally really like what the folks at Intel did when creating the Endpoint Protection Suites. Running the EASI.exe installer from the .zip file simplifies the build process for newer administrators and engineers by installing a base-system tree, basic policies, and streamlining the installation process. 

What most don't seem to grasp is that Endpoint Protection is a Suite Install Package. There are 6 different versions of Endpoint Protection, each coming with different applications installed. Primarily, I usually install the Endpoint Protection Advanced Suite (EPA) & Complete Endpoint Protection Suite (CEE). I recommend installing SQL either on the same box as ePO if you're managing under 5000 endpoints, or on a separate SQL server if higher, overusing the SQL Express that comes with the Installer. The primary reason is that if you use SQL Express, you do not have access to SQL Management Studio. Having access to the data tables and being able to clean up the space on the SQL server over time will be a must. The Complete Endpoint Suite has certainly simplified the build procedure.

Improvements to My Organization:

I have been installing ePO and the separate modules for years. I am a bit biased on Intel Security products as it is how I make my living as a Subject Matter Expert .

Room for Improvement:

There are a few things I wish the folks at Intel would fix. 

The primary for me is with the ePO Query creation. Queries in ePO are powerful tools as they can be used to create dashboards, server tasks, and be exported or rolled up to Senior Management. In older versions of ePO (4.0 & 4.5) the Queries, gave a wide range of data. With ePO 4.6, 5.0, 5.1 & 5.3 the data could be pulled from various installed products to get the data that you were looking for, with the current versions of ePO you can only pull the fields listed in the "Result Type/Feature Group" and it is very limited.

A good example...If i wanted to try and create one report that shows all Common Configuration Enumeration (CCE) data (this data comes from Policy Auditor) while also showing what software is installed from each system  (this data comes from Application Control) and adding in fields such as IPv4, FQDN, OS version, Domain...Simplified, if I could pull Hardware Asset, Software Asset, CCE Data, and Policy Auditor Scoring all on one report, it would make my life so much easier. 

Alas, this cannot be done with the current Query Building setup. The fields that are available are limited to each application installed and are only for that application.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest

Sign Up with Email