McAfee Deep Defender

McAfee Deep Defender

Stopping stealth attacks with endpoint security beyond the OS

Next Steps:


McAfee Deep Defender is a next generation of hardware-assisted endpoint security, enabled by McAfee DeepSAFE technology, operating beyond the operating system, designed to detect, block and remediate advanced, hidden attacks. McAfee Deep Defender is reinventing the industry approach to security and is the first product built on the McAfee DeepSAFE Technology co-developed with Intel.

Operates beyond the operating system — First-of-its-kind integration with Intel resides between the memory and OS to perform real-time memory and CPU monitoring.

Kernel mode protection — Real-time, kernel-level behavioral monitoring exposes and removes unknown threats, including kernel-mode rootkits, to preempt zero-day malware.

Faster-time-to-protection — Stop low-level stealth attacks as they occur before they cause any damage or steal data.

Deeper-level security for higher-level protection

Read White Paper

Features & Benefits

Stop unknown stealth attacks

Prevent stealth attacks from compromising your endpoints and stealing confidential data with real-time kernel memory protection operating beyond the operating system.

Utilize real-time memory and CPU monitoring

Leverage McAfee DeepSAFE technology, a memory software layer executing in VMX-root mode, to provide real-time kernel memory and CPU event protection with minimal performance impact.

Get true zero-day protection

Identify malicious behavior and provide true zero-day protection. McAfee Deep Defender requires no prior knowledge of the rootkit to detect its existence.

Deploy quickly and manage easily

Use McAfee ePolicy Orchestrator (ePO) software to remotely deploy and manage McAfee Deep Defender alongside your existing McAfee endpoint security solutions, lowering management overhead and costs.

System Requirements

These are minimum system requirements only. Actual requirements will vary depending on the nature of your environment.

  • Supports Intel® Core™ i3, i5, and i7 processors
  • Supports Windows 7 (32-bit and 64-bit)
  • 2 GB RAM (32-bit) or 4 GB RAM (64-bit)
  • Managed by McAfee ePolicy Orchestrator (ePO) 4.5 or higher
  • McAfee Agent 4.6
  • Intel Virtualization Technology (VT) enabled in BIOS
  • Internationalized and localized for deployment worldwide
  • Tested for compatibility with the following McAfee products:
    • VirusScan Enterprise 8.7 or higher
    • Application Control 5.0
    • Endpoint Encryption for PC 5, 5.2.6, 5.2.9, and 6.1
    • Host Data Loss Prevention 9.0 or higher
    • Host Intrusion Prevention for Server 8.0 or higher
    • Network Access Control 3.2

Demos / Tutorials


McAfee Deep Defender is reinventing the industry approach to security and is the first product built on the McAfee DeepSAFE Technology co-developed with Intel.


Your enterprise attack surface might be bigger than you think, and cybercriminals are constantly finding new ways to exploit any weak points they can find. This video explores the unique, hardware-enhanced security made possible by Intel and McAfee that can help you keep your users and data more secure than ever.

McAfee Deep Defender is reinventing the industry approach to security and is the first product built on the McAfee DeepSAFE Technology co-developed with Intel.

Customer Stories

Major Medical Center

McAfee Deep Defender helps a major medical center

  • Reduces total cost of ownership with built-in security and management features of Intel vPro
  • Provides a significant time savings for IT personnel to proactively protect company systems
  • Allows for broad and in-depth desktop security
  • Actively detects and disables malware

News / Events


Data Sheets

McAfee Deep Defender

For a technical summary on the McAfee product listed above, please view the product data sheet.


Proactive Rootkit Protection Comparison Test

In January 2013, AV-TEST performed a comparative review of McAfee Deep Defender, Microsoft System Center Endpoint Protection, and Symantec Endpoint Protection to determine their capabilities to proactively protect against kernel-mode and MBR rootkits, also known as day zero attacks.

Technology Blueprints

Fighting Rootkits

McAfee fights rootkits by using real-time memory and CPU protection, protecting against known and unknown attacks, and getting beneath the operating system.

White Papers

McAfee Deep Defender Technical Evaluation and Best Practices Guide

Learn how McAfee Deep Defender version 1.0 targets the more dangerous kernel mode rootkits.

Root Out Rootkits

This paper describes how McAfee Deep Defender moves endpoint security beyond the operating system. McAfee Deep Defender gets hardware assistance from Intel and uses a privileged early load position to uncloak, block, and remove the kernel-mode activities of stealthy rootkits.

A New Paradigm Shift: Comprehensive Security Beyond the Operating System

Learn how efforts by McAfee and Intel allow you to utilize virtualization for delivering comprehensive security beyond traditional software boundaries.



  • Boosting Your Competitive Presence
    Lang Tibbils - July 29, 2013
    At McAfee, we’re continuing our laser focus on endpoint security. Most recently, you heard from Simon Hunt, CTO for Endpoint Security that the new Endpoint Suites are “strong, fast, simple and 100% effective.” As part of our ongoing ‘Redefining Endpoint Security’ blog series, we caught up with Penny Baldwin,  CMO for McAfee, to learn her […]
  • End-to-end Protection Thwarts Malware
    Ruby Williams - July 11, 2013
    Recently, I wrote about the meaning of integration as it relates to protection against malware, why an integrated solution is important, and what is needed to deliver an integrated solution. Today, I’m going to highlight the importance of end-to-end protection in fighting the malware war. Over the past three months, McAfee has made three important […]
  • What McAfee’s Recent Corporate Announcements Mean for Public Sector Customers
    Ken Kartsen - June 19, 2013
    Customers sometimes ask how McAfee corporate announcements relate to the public sector, so I decided to talk about two recent ones: the pending Stonesoft acquisition and the new Endpoint Suites offering. Both these developments make us an even stronger, more comprehensive security company, and they further strengthen our Security Connected platform. Our proposed acquisition of […]
  • Lessons Learned on the Journey to McAfee Complete Endpoint Suites
    Mike Fey - June 10, 2013
    Security Connected has been McAfee’s approach to security for some time now. We’ve built out a platform of solutions to enable customers to realize it – allowing them to evolve from reactive to proactive security postures. Through innovation and acquisition, we’ve assembled and integrated technologies to deliver across a number of technology fronts.  McAfee’s launch […]
  • Partner Voices: The Impact of McAfee’s New Endpoint Suites
    Lang Tibbils - June 5, 2013
    May 29, 2013 marked the dawn of a new era in endpoint security. We launched the new McAfee Complete Endpoint Protection Suites, the industry’s first endpoint suites to provide customers proactive, chip-to-cloud protection and real-time security. You’ve heard a lot from us leading up to this launch. If you’ve been following our Redefining Endpoint Security […]