For a successful deployment of McAfee Data Loss Prevention (DLP) Endpoint, please verify you are using a supported Microsoft Windows platform.

Introduction to Endpoint Upgrade Assistant is a free product from McAfee that allows McAfee ePolicy Orchestrator (McAfee ePO) customers to validate if managed endpoints, including those with McAfee DLP Endpoint, need to be updated for upcoming Microsoft Windows releases. If you have the Endpoint Upgrade Assistant (EUA) extension installed, check if your endpoints are supported by clicking on “Check McAfee product compatibility” under Getting Started in the EUA.

For a list of system requirements and a detailed list of software that works with McAfee DLP, review the following documents:

For Google Chrome support-related queries, please review the following:

If you encounter an issue during installation, review this documentation:

If you need McAfee technical support, collect these logs prior to contacting McAfee:

All Compatibility Resources

Clean Install

McAfee defines a clean installation as a deployment where there are no elements of McAfee software pre-existing on the endpoint. See “Upgrades” if there is pre-existing software. Before deploying McAfee DLP Endpoint, review the supported environments documentation covering Windows and macOS platforms to ensure the environment is compatible.

Review the guides below for information about how to install McAfee DLP Endpoint and for additional details regarding system requirements.

A license key is required to use McAfee DLP Endpoint. The license key is available when you download the product from the McAfee download site. Your license key is found in the notes section when downloading the installation file. To find out where to activate the license key, review the following:

If you encounter an issue during installation, review this documentation:

If you need McAfee technical support, collect these logs prior to contacting McAfee:


McAfee defines an upgrade as a deployment where a version of McAfee DLP already exists on the endpoint. If your environment has the End-of-Life version 9.3 installed, upgrade immediately to version 11.x.

Review the supported environments documentation to ensure that the environment is compatible before deployment:

Review guides for McAfee DLP Endpoint installation and system requirements:

Part of the upgrade process may involve policy conversion and data migration:

If you encounter an issue during installation, review this documentation:

If you need McAfee technical support, collect these logs prior to contacting McAfee:

All Installation Resources

Rule Configuration

Rules are an integral part of McAfee DLP. Two commonly used rules are Device Control and Data Protection.

To configure Device Control rules, you must be licensed for Device Control:

To create and configure DLP rules, review the following documentation:

Common Rule Use Cases

To learn more about whitelisting and exceptions, view the following documentation:

McAfee DLP Endpoint and Google Chrome

The web protection feature in McAfee DLP Endpoint prevents sensitive information from being sent to cloud storage services. To learn more about Chrome supportability and DLP functionality with Chrome, review the following documentation. Note: McAfee DLP Endpoint behavior has changed from Chrome 68 and later.

If you encounter an issue during rule creation or unexpected outcomes from creating and deploying a rule to the endpoint, see the following documentation and collect the essential requirements (like the MER and Diagnostic Tool).

All Rule Configuration Resources

Performance & Hang/Crash Issues

McAfee DLP Endpoint integrates with many third-party products, which can lead to performance or hang/crash symptoms when the third-party product updates. Performance-related issues are different from hang/crash issues. For example, a performance-related issue is a slow endpoint that can still perform tasks.

An example of a hang or crash issue is a non-responsive application that no longer functions. An example of a crash issue is an application or endpoint that stops abruptly and requires a restart.

Capturing data during the performance problem or the hang or crash event is imperative to quickly addressing the issue. To address these issues, review this documentation:

All Performance and Hang/Crash Resources

Root Certificate Expiration

The McAfee product line uses TLS for secure communication. Two certificates validate McAfee TLS chains, including a primary expiring in 2038 and a secondary expiring on May 30, 2020. If either certificate, or both, are present in your environment, TLS will function correctly prior to May 30, 2020. After May 30, 2020, only the primary certificate will be valid. Out of an abundance of caution McAfee is informing customers of this impending event.

Generally, certificates are auto-updated through operation systems and customers will not be impacted. However, in environments where automatic management of root certificates is disabled and the primary certificate has not been manually deployed, customers will potentially be impacted. KB92937 provides information on how to verify and install the primary certificate.

Failure to have a valid certificate will cause product issues including reduced detection efficacy.

The primary certificate that needs to be validated is in a customer's environment as below:

Subject : CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
Thumbprint : 2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
Expiration : 2038-01-18

Subscribe to KB92937 to receive updates.

Take the Next Step to Safeguard Your Data

Trellix Logo

You're exiting McAfee Enterprise.

Please pardon our appearance as we transition from McAfee Enterprise to Trellix.

Exciting changes are in the works.
We look forward to discussing your enterprise security needs.

You will be redirected in 0 seconds. If not, please click here to continue

McAfee Logo