McAfee Embedded Control

McAfee Embedded Control

Secure embedded systems from malware and attacks by hackers and cybercriminals

Next Steps:


McAfee Embedded Control blocks unauthorized applications and change on fixed-function, point-of-service infrastructures, including retail devices, medical devices, industrial control systems, office equipment, gaming devices, automotive, and various military and aerospace devices. Embedded Control provides a simple, lightweight software technology to make your devices resilient to malware infections and attacks.

Viable security for fixed-function and legacy systems — Embedded Control uniquely extends a layer of device security with a fixed CPU or memory, including point-of-sale (POS) terminals, ATMs, and medical imaging systems that perform critical functions and often store sensitive data. A low-overhead footprint does not impact system performance, and it is equally effective in standalone mode, without network access. Dynamically manage whitelists, making it easy to support multiple configurations for different business needs.

An efficient, transparent solution — Embedded Control runs transparently on fixed-function embedded systems, enables the entire point-of-service infrastructure to be monitored without impact, and can be set up quickly. This flexible, affordable, and embedded system security solution dynamically manages whitelists and supports multiple configurations for different business needs and devices.

Comprehensive change policy enforcement and compliance management — Get continuous change detection capabilities, while proactively preventing unauthorized, out-of-policy change attempts. Embedded Control links protection directly to policy and verifies changes against the source, time window, or approved change ticket. Changes outside of policy are blocked, greatly reducing change-related outages and compliance violations. Embedded Control provides categorical management, enabling IT to fulfill and validate compliance requirements efficiently and cost effectively. This supports many compliance standards, including PCI and SOX, as well as healthcare and energy industry requirements.

Complete protection from unwanted applications — Embedded Control extends coverage to Java, ActiveX controls, scripts, batch files, and specialty code for greater control over application components.

Features & Benefits

Get zero-day protection

Implement embedded system security with solutions that prevent zero-day attacks, as hackers and cyberthieves create and release more unique and virulent malware than ever before. McAfee Embedded Control’s whitelisting is a wholly new approach to solve security threats on embedded devices.

Prevent unauthorized software changes on production devices

Stop unapproved changes to all types of embedded devices and equipment that can lead to costly system shutdowns, exposure to data loss, unanticipated loss of device control, and various regulatory fines and penalties. Embedded Control can help prevent these problems with application whitelisting and change control.

Mitigate support and field maintenance costs related to security problems

Prevent unauthorized changes to devices that cost device manufacturers time and resources while they resolve system errors and malfunctions. Whitelisting and change control solutions from McAfee ensure these expensive, unauthorized changes never occur in the first place.

Reduce frequent, costly OS patching

Lock down the runtime environment and help prevent costly OS patching cycles with application whitelisting. New security vulnerabilities are discovered and published to the Internet every day, making it difficult for manufacturers and their customers to ensure devices are safe and secure from the most recent exploits.

Meet PCI compliance requirements

Maintain PCI compliance through whitelisting and change control, as retail sales devices used to process customer transactions often require strict adherence to a series of PCI requirements.

Leverage resource intensive, multiple security solutions for security and compliance

Use a whitelisting approach to dramatically decrease complex security systems and achieve increased protection against malicious zero-day attacks. Changing the approach to security yields substantial cost reduction while improving a company’s security posture.

Avoid system unavailability due to unauthorized changes

Design pre-emptive protection into manufacturers’ devices upfront to yield significant benefits for both the device manufacturer and the customer. When expensive manufacturing, medical, and financial systems go down due to unauthorized system changes, companies can experience significant financial loss and customer dissatisfaction.

System Requirements

These are minimum system requirements only. Actual requirements will vary depending on the nature of your environment.

  • Platforms Supported
    • Windows 7 (32/64-bit)
    • Windows 7 Embedded (32/64-bit)
    • Windows Vista
    • Windows XPE
    • Windows XP (32/64-bit)
    • Windows 2008
    • Windows 2008 R2
    • Windows 2003
    • Windows 2003 R2
    • Windows 2000
    • Windows NT
    • WEPOS, POS rReady 2009
    • WES 2009
    • RHEL 4/5/6 (32/64-bit)
    • CentOS 4/5 (32/64-bit)
    • SuSE 10/11 (32/64-bit)
    • Open SuSE 10/11 (32-bit)
    • Solaris 9/10 (SPARC)
    • Solaris 10 (32/64-bit)
    • WindRiver Linux 4.3
  • System Requirements
    • Windows/Unix
    • Single/Multiple Intel Pentium
    • 512 MB RAM
    • 20 MB free disk space
    • Administrator privileges on the system


Data Sheets

McAfee Embedded Control

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Embedded Control for Healthcare

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Embedded Control for Aerospace and Defense

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Embedded Control for Consumer and Home Networking

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Embedded Control — Retail

For a technical summary on the McAfee product listed above, please view the product data sheet.


Maintain Security for XP Systems

Learn about how application whitelisting can maintain security for Microsoft Windows XP systems no longer supported by Microsoft.

Maintain PCI Retail Compliance for Systems No Longer Supported

Learn about how to maintain PCI retail compliance for systems no longer supported.


Retail Reputations: A Risky Business

As a consumer, you can research products, find out about return policies, general pricing, or service issues, but there’s one important piece of information missing—can you trust the retailer’s security and how they protect your information?

Embedded Security for an IP-Enabled World

Forrester discusses how embedded security will be expected to secure data, devices, and networks.

Solution Briefs

McAfee Application Control Extends the Life of Legacy Microsoft Windows XP Systems

McAfee Application Control provides an effective way to block unauthorized applications from running and will continue to support Windows XP systems even after Microsoft’s phase-out of support has taken effect.

McAfee Embedded Security

McAfee Embedded Security is deployed by major manufacturers of automated teller machines, point-of-sale terminals, medical devices, thin clients, storage appliances and other devices.

Technology Blueprints

Securing ATMs

McAfee has integrated application whitelisting with other important controls — file integrity monitoring and change management — into a single “deploy and forget” solution optimized for ATM devices. McAfee Embedded Control provides tight control over attempted changes, as well as broad visibility into changes to ensure that ATM devices remain up and running and free of malware.

White Papers

McAfee Embedded Control

Learn how McAfee Embedded Control enhances embedded device integrity, maximizing uptime, reducing support costs, and helping to ensure compliance throughout the lifecycle of your devices.



  • McAfee Customers Protected from Regin Malware Since 2011
    Raj Samani - December 1, 2014

    Protecting customers take precedence over seeking headlines – this was the title of a recent blog by our very own Christiaan Beek into the priorities of the team.  Yet, within 72 hours we were awoken with news of a recently discovered espionage campaign using a toolkit under the name of Regin. McAfee is aware of […]

    The post McAfee Customers Protected from Regin Malware Since 2011 appeared first on McAfee.

  • Dealing with the Bash Bug
    Raj Samani - September 26, 2014

    By Brad Antoniewicz and Raj Samani Headlines across multiple media outlets are sounding the alarm on a new vulnerability affecting Linux and Unix systems. Nicknamed “Shellshock,” the vulnerability is said by some to have wider reach and impact than the recent Heartbleed vulnerability in April that, by some estimates, affected over million Internet-accessible systems.  For […]

    The post Dealing with the Bash Bug appeared first on McAfee.

  • How Much Are Your Assets Worth?
    Cybermum Australia - September 26, 2013

    Now, if your tax returns are up to date and you have a healthy relationship with a financial planner, I have no doubt you could answer this question in an instant. But what about your other assets? And I am not referring to your children because clearly they are priceless – most of the time!! […]

    The post How Much Are Your Assets Worth? appeared first on McAfee.

  • What is Encryption?
    Robert Siciliano - September 10, 2013

    Encryption is the science of encoding and decoding secret messages.  It began as cryptography—the ancient Greeks used it to protect sensitive information that might fall into the hands of their enemies. More recently, governments have used encryption for military purposes, but these days the term if often used in reference to online security. Encryption is […]

    The post What is Encryption? appeared first on McAfee.

  • Hesperus (Evening Star) Shines as Latest ‘Banker’ Trojan
    Vikas Taneja - September 6, 2013

    Hesperus, or Hesperbot, is a newly discovered banker malware that steals user information, mainly online banking credentials. In function it is similar to other “bankers” in the wild, especially Zbot. Hesperus means evening star in Greek. It is very active in Turkey and the Czech Republic and is slowly spreading across the globe. This sophisticated […]

    The post Hesperus (Evening Star) Shines as Latest ‘Banker’ Trojan appeared first on McAfee.