Manualshelf

Product guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED
12345678910
When network traffic is generated, the reputation of the executable file is critical for the network
device to configure response actions to prevent malicious files on the network. McAfee EIA monitors
the executable files which send traffic from endpoints to the network device, and analyzes them and
their associated libraries to calculate the file reputation.
The network devices receive the executable file reputation as part of the metadata, enabling them to
determine the confidence level of the executable and configure response actions (such as raising alerts
or blocking the files) when malicious and unknown executables are detected on the network. Thus
facilitating clean traffic on the network and preventing malware intrusions.
The network devices also receive executable reputation by importing the baseline computer profile
generated by the Endpoint Baseline Generator. For more details, see section Endpoint Baseline
Generator.
The Endpoint Intelligence Agent leverages the McAfee
®
Global Threat Intelligence
McAfee Global
Threat Intelligence capability to provide file reputation information. The Endpoint Intelligence Agent
does not talk to the GTI server directly. It uses the firewall/NTBA as a GTI proxy. It forwards the GTI
queries to the network device. The network device talks to the GTI server and caches the response. It
also forwards the response to the Endpoint Intelligence Agent, if it has requested for it.
Endpoint Intelligence Agent currently provides metadata for TCP and UDP connections over IPv4.
Endpoint Intelligence Agent is managed by McAfee
®
ePolicy Orchestrator
®
(ePolicy Orchestrator) and
can be deployed to multiple systems.
The Endpoint Intelligence Manager configures certificates and policies for authentication of host. The
Endpoint Intelligence Manager provides Host certificates to client computers to establish DTLS
connection and can also manage the Network Integrity Agent version 1.0.0. For more information see
section, Configure certificates.
Figure 1-1 Integrating Endpoint Intelligence Agent with Firewall Enterprise
Introduction
How Endpoint Intelligence Agent works
1
Endpoint Intelligence Agent 2.1.0 Product Guide
9