MVISION EDR Support
Install/Upgrade
The documentation below provides information on how to get MVISION EDR set up and deployed in your environment using either MVISION ePO or On-Prem ePO. Before starting your install process, please review the following information to ensure that your environment is prepared for and compatible with MVISION EDR:
- Supported Platforms for MVISION EDR
- Server and Client Requirements
- Network Ports Used by EDR
- URL Allow List for EDR
Installation/Upgrade guides for MVISION ePO
Installation/Upgrade guides for On-Prem ePO
- Install MVISION EDR on McAfee ePO
- Upgrade MVISION EDR Client on McAfee ePO
- Migrate from McAfee Active Response to MVISION EDR
Configuration/Best Practices
The documentation below provides information on additional configuration steps for MVISION EDR, as well as best practice information as it pertains to installation on systems that serve a specific purpose.
Configuration Best Practices:
For systems running software sensitive to outside interference, review the 3rd party software’s list of recommended A/V exclusions and implement these within your EDR policy following the syntax defined for each component below:
- Configuration examples and benefits
- Network Flow policy configuration
- File Hashing policy configuration
- Trace policy configuration
SIEM Integration Documentation:
- Configure Data Sources for SIEM
- McAfee SIEM Integration Detailed Instructions
- Advanced SIEM Integration Using MVISION EDR Activity Feed
ATD Integration Documentation:
API Documentation:
Troubleshooting
If you encounter issues when using MVISION EDR, whether that be during the installation process or during normal use of the product after install, the information below can serve as a starting point towards identifying the source of the problem and getting the issue fixed. In the event that the below information is not able to solve your problem, please contact McAfee Support for assistance.
- How to troubleshoot McAfee Endpoint Detection and Response connection issues
- How to generate a test detection with McAfee MVISION EDR
- Check MVISION EDR Known Issues
- How to use the MVISION EDR Client MER tool for Linux
- How to use EDR MER for Windows
- How to Enable EDR Debug logging.
EDR Logging locations:
- EDR for Windows logs: %systemdrive%\ProgramData\McAfee\Mar\data\mar.log
- EDR for Linux logs: /var/McAfee/Mar/data/mar.log
- EDR for MacOS logs: private/var/McAfee/mvedr/data/mar.log
Youtube Videos
| Video Link | Title |
|---|---|
| https://youtu.be/etgSL4qsqZI | Introducing MVISION EDR Custom Collectors |
| https://www.youtube.com/watch?v=VGA4BEWTrhU | MVISION EDR Real-time Search Dashboard updates |
| https://www.youtube.com/watch?v=LQidbchunu0 | MVISION EDR: Advanced Use Case Demonstration |
| https://www.youtube.com/watch?v=5Vi9eI3C4cw | MVISION EDR: General Use Case Demonstration |
| https://www.youtube.com/watch?v=6wyP5WEsE8o | MVISION EDR: Client Install |
| https://www.youtube.com/watch?v=mQ6uMIrFMbE | MVISION EDR: Cloudbridge Connector |
| https://www.youtube.com/watch?v=k3vJr5B4dWw | MVISION EDR: Extension Check-In |
| https://www.youtube.com/watch?v=_vvQZotipz0 | MVISION EDR: Historical Device Search |
| https://www.youtube.com/watch?v=C1rCg68NPe8 | MVISION EDR: Investigation |
| https://www.youtube.com/watch?v=nQMRSifYK4o | MVISION EDR: Monitoring |
| https://www.youtube.com/watch?v=yDK0gfz1Ups | MVISION EDR: Overview |
| https://www.youtube.com/watch?v=vTyMGxNp8PM | MVISION EDR: Phishing |
| https://www.youtube.com/watch?v=a0WMHI5XMFk | MVISION EDR: Real Time Search |