McAfee Active Response (MAR) is an active Endpoint Detection and Response tool. A cyber security technology by McAfee to monitor the endpoints. It helps identify advanced threats and mitigate malicious cyber-attacks.
Endpoint Detection and Response (EDR) offers integrated and structured endpoint protection. EDR combines real-time monitoring with endpoint data. It helps detect threats across your network containing attacks to the endpoints.
EDR tool alerts the security team about the malicious activity. It enables them to perform fast investigations and prevent the endpoints from being attacked.
Early detection of Attacks
With the continuous visibility of your endpoints, McAfee Active Response helps in the early detection of attacks. It allows quick identifying and remediating of breaches to the endpoints. The tool increases the visibility for early discovery of attacks. It also helps you detect the attack and respond to it quickly.
Comprehensive detection of Attacks
McAfee Active Response provides advanced discovery and detailed analysis to detect the attack on endpoints. It helps security practitioners to improve their threat detection quality. Forensic investigation and comprehensive reporting help the security team trigger alerts and take action. McAfee Active Response uses the collection of endpoint data and real-time monitoring for active response to the attacks. It captures and monitors each file, context events, host, objects, and system changes that may be indicators of attack.
McAfee offers two types of installation:
- First-time installation Workflow
- Upgrade installation Workflow
Below are the steps of both types of installation; follow the steps accordingly.
First-time installation Workflow
- On the McAfee ePO server, install Data Exchange Layer (DXL) broker and the client extensions.
- Similarly, install the TIE server management extension on McAfee ePO serve.
- Also, install Active response extensions and client packages on the same server.
- Locate the Active response services and TIE to a shared appliance.
- Create and configure a Cloud Bridge account.
- Also, configure the Data Exchange Layer broker extension.
- Deploy Active Response clients to the endpoints.
- Locate DXL, and McAfee agents to the endpoints.
- At the last, verify the installation.
Upgrade installation Workflow
- Export the customer catalog content from the Active Response Catalogue.
- Power Off the old Active Response server.
- Check-in and on the McAfee ePO server, install the updated Active Response extensions.
- If needed, upgrade the DXL broker on the McAfee ePO server.
- Upgrade the TIE server and the Active Response service on the TIE server appliance.
- Upgrade the Active Response clients.
- Complete the registration of the Active Response server.
- Import the export catalog content into the Active Response Catalog.
- At the last, Verify the installation.
To uninstall the McAfee Active clients:
- Start the system and log in to the McAfee ePO server as an administrator.
- Select the Menu and then the Software. Now, select the Product Deployment and then the New Deployment.
- Complete the new deployment information and save it; this uninstalls the software.
- On the Product Deployment page, select Uninstall from the Action drop-down list.
- Then start the deployment to uninstall the Active Response.
How to uninstall the McAfee Active extension?
- Start the system and log into the McAfee ePO server as an administrator.
- Select then Menu, choose the option Software, and then Extension.
- Select the Active Response in the extension pane to view all the Active Response extensions.
- To remove the extension in a specific order, click Remove.
Here, the blog talks about the McAfee Active Response (MAR) detection and response tool. You can understand why to choose MAR for the endpoints. With this blog, you can learn how to install and uninstall the McAfee Active Response. The blog has mentioned each step involved in the installation and uninstallation process of the McAfee Action Response.