In which of the following locations are the installation log files stored by default on a Windows machine?
A. %TEMP%\McAfeeLogs
B. %PROGRAMDATA%\McAfee\Logs
C. %USERDATA%\McAfeeLogFiles
D. %PROGRAMFILES%\CommonFiles\McAfeeLogs
An ePO administrator wants to enable script scanning in the environment; however, the administrator wants to exclude several custom scripts from being scanned. Which of the following is the BEST practice for script scan exclusions?
A. Ensure wildcard characters are fully supported.
B. Use fully qualified domain names and NetBIOS names.
C. Include port numbers if they are part of the address.
D. Keep the URL short.
An administrator suspects that Self Protection is preventing local installation of a patch. Which of the following log levels should the administrator review?
A. Event logging
B. Debug logging
C. Activity logging
D. High severity logging
A user navigates to a website and notices a small blue square around an "M" in the upper-right corner of the Chrome browser. Which of the following does the blue color indicate within the toolbar?
A. It is an internal website.
B. Web Control is disabled.
C. No rating is available.
D. It is a phishing website.
The security team wants to schedule an on-demand scan to run at noon every day for all workstations. However, the team would like to ensure system performance is not impacted because users may be working. Which of the following is a system utilization setting that meets this criteria?
A. Below normal
B. Low
C. Scan only when the system is idle
D. Normal
An administrator wants to exclude folder ABC on various drives. In which of the following ways should the administrator list the exclusion in the policy?
A. ??\ABC
B. **\ABC
C. ***\ABC
D. ???\ABC
The ENS administrator wants to monitor remotely the modification of files, but BigFix.exe is generating many false positives. Which of the following should the ENS administrator do?
A. Exclude the file under Threat Prevention / Access Protection / Remotely creating or modifying Files or Folders.
B. Add the file as a High Risk Process under Threat Prevention / On Access Scan / Process settings.
C. Exclude the file under Common Options / Self Protection.
D. Add the file under Threat Prevention / Options/ Exclusions by detection name.
For which of the following reasons does ENS 10 store two previous versions of AMCore content?
A. To allow for content rollback if it is needed
B. To allow for comparison of detections between content versions
C. To allow for backup when an Extra.DAT is deployed
D. To allow for choice of which content to scan a file against
An ePO administrator wants to configure system utilization for on-demand scanning to conform to best-practice recommendations based on the ENS Product Guide. To do this, the administrator should:
A. set system utilization to "Normal" for systems with end-user activity and "Low" for systems with large volumes/little end-user activity.
B. set system utilization to "Low" for systems with end-user activity and "Normal" for systems with large volumes/little end-user activity.
C. set system utilization to "Low" for systems with end-user activity and "Low" for systems with large volumes/little end-user activity.
D. set system utilization to "Below Normal" for systems with end-user activity and "Normal" for systems with large volumes/little end-user activity.
If a TIE server is unavailable and the system is connected to the Internet, which of the following components can the Adaptive Threat Protection leverage for reputation decisions?
A. Event Security Manager
B. Global Threat Intelligence
C. Data Exchange Layer
D. Advanced Threat Defense
In which of the following ways does Dynamic App Containment protect against malware?
A. It checks for spyware, unwanted programs, and viruses based on known patterns.
B. It monitors communication between the computer and the network.
C. It detects malicious files and activities using machine-learning techniques.
D. It limits the actions unknown applications can take on the end system.
On Windows 8 and 10 machines, Windows places a flag in the tile of an app, causing Windows to notify the user of a problem and directing the user to the Windows Store to reinstall. This flag is placed on the tile when the Threat Prevention scanner detects a threat in the path of an installed Windows Store app, and marks the application as:
A. malicious.
B. suspicious.
C. questionable.
D. tampered.
An ePO administrator is experiencing issues installing an ENS module on a client machine and decides to investigate by analyzing the install log. In which of the following locations will the administrator find the install log, assuming it is in its default location on the endpoint?
A. %programdata%\mcafee\datreputation\logs
B. **\program files\mcafee\
C. %temp%\mcafeelogs
D. %programdata%\mcafee\Agent\logs
An ENS administrator is configuring on-access protection but finds the trusted backup tool is causing an unneeded performance impact. Which of the following actions should the administrator take?
A. Endpoint Security Threat Prevention Policy Category / Threat Prevention Policy Category / Access Protection / Exclusion / Exclude the Backup Tool executable
B. Endpoint Security Threat Prevention Policy Category / Exploit Prevention/Exclusions / Exclude Backup Tool executable
C. Endpoint Security Threat Prevention Policy Category / On Access scan / Process Settings / Low Risk Processes / Exclude Backup Tool executable
D. Enable McAfee GTI Feedback under Endpoint Security Threat Prevention Policy Category / Options / Proactive Data Analysis
An engineer needs to allow a specific application to run. The engineer just finished creating an Exploit
Prevention process exclusion. After applying the exclusion, the engineer notices the application is not
being run. The following information is provided to the engineer:
Which of the following is the error with the engineer's exclusion?
A. A signature ID was not entered.
B. Exclusions are case sensitive.
C. A hash was not specified.
D. Wildcard was not used.