Trellix: Customer product upgrade and migration – CSP Global Technologies Sdn Bhd

Solution

Environment

Agent
Application Control and Change Control
Email Security - Server
Endpoint Detection & Response EDR
Endpoint Security ENS
ePolicy Orchestrator - OnPrem
ePolicy Orchestrator - SaaS
Intrusion Prevention System
Threat Intelligence Exchange

Summary

As of April 7, 2025, Trellix will no longer support or distribute McAfee-branded products or end-of-life Trellix-branded products reliant on McAfee domains. By updating to the latest product versions, customers will receive superior protection and service with advanced threat intelligence innovation and capabilities.

List of affected products, their versions, and KB articles with additional information

Product	Affected Versions	Impact of inaction	Solution	KB(s) reference
ENS Windows - Web Control/Adaptive Threat Protection/Common/Firewall/Threat Prevention	Impacted: Versions prior to 10.7 June ‘22 Unaffected: 10.7 June '22 and above	Reduced detection efficacy. Potentially malicious URLs and processes will not be blocked.	Upgrade product to latest available version. If version 10.7 June ‘22 or above is currently deployed, updating the content version to the latest release will maintain functionality without the need for an ENS version update.	Upgrade Overview Endpoint Security off-box communication URLs - ENS for Windows
ENS Mac - Web Control/Threat Prevention/Adaptive Threat Protection	Impacted: Versions prior to 10.7.9 Unaffected: 10.7.9 and above	Reduced detection efficacy. Potentially malicious URLs, files, and processes will not be blocked.	Upgrade product to latest available version. Note: If you are updating from ENS for Mac version 10.7.9 April 2023, please see guidance specific to this version titled Upgrade Processes for April 2023 Mac product releases.	Upgrade Overview Endpoint Security off-box communication URLs - ENS for macOS Upgrade process for April 2023 Mac product releases
ePO - Cloud Bridge	Impacted: Versions prior to 2.1 OR 2.2 Update 1 Unaffected: 2.1.0.511 and above OR 2.2.0.98 and above	Loss of cloud communications to Trellix Insights, Trellix Agent, and other products.	Upgrade extension to latest available version.	Upgrade Overview Cloud Bridge Single Sign-On feature requires an updated extension
ENS Linux - Threat Prevention	Impacted: Standard clients: Versions prior to 10.7.12 Container clients: Versions prior to 10.7.18 Unaffected: Standard clients: 10.7.12 10.7.13 and above Container clients: 10.7.18 and above	Reduced detection efficacy. Potentially malicious URLs and files will not be blocked. In container clients, Container/Docker image scan functionality stops working (all versions). In addition, files inside container or docker will not be scanned	Upgrade product to latest available version.	Upgrade Overview Endpoint Security off-box communication URL - ENS for Linux
Threat Intelligence Exchange - TIE Server	Impacted: Versions prior to 4.0.0 Unaffected: 4.0.0 and above	TIE will no longer integrate with the Trellix Global Threat Intelligence (GTI).	Upgrade product to latest available version.	Upgrade Overview
Threat Intelligence Exchange - TIE Server			Follow steps in the knowledge base article to retain GTI connectivity from these versions.	Changes to Trellix GTI URLs for Threat Intelligence Exchange
Trellix Agent - All versions	Impacted: Versions prior to 5.8.2 + EDR Deployed + ePO On Prem + Repository Pull Task Enabled Versions prior to 5.8.2 (ePO On Prem) + EDR Deployed + Repository Pull Task Disabled Versions prior to 5.8.2 + EDR deployed + DLP SaaS customer + Encryption SaaS customer + ePO SaaS Unaffected: 5.8.2 and above Note: You are not required to update all endpoints to TA 5.8.2. Instead, you can upgrade the TA Extensions to 5.8.2 or above and update TA 5.8.2 MsgBus Cert Update to endpoints. For details, see Trellix Agent URL Changes.	TA will fail to fetch IAM Tokens from Trellix IAM. Cloud integrations will be negatively impacted in the following ways: EDR Customers will not see any data in Trellix Cloud Services. DLP SaaS customers will not be able to upload evidence to S3 buckets. Encryption SaaS customers will face issues with Key Escrow, User Assignments, Key Recovery, and Reporting.	Upgrade product to latest available version.	ePO managed: ePO Deployment Task Unmanaged Agents: Unmanaged Windows Macintosh Unmanaged Mac and Linux (generic) Ubuntu Red Hat
Trellix Agent - All versions			Allow access to updated Trellix URLs.	Trellix Agent URL Changes
ePO On Prem	Impacted: Versions prior to 5.10.0 SP1 update Unaffected: 5.10.0 SP1 Update and above	Software Catalog downloads fail. Product Compatibility List (PCL) XML downloads fail.	Upgrade product to version 5.10.0 SP1 or higher.	Upgrade Overview ePolicy Orchestrator URL Changes
Trellix Application Change Control (TACC) - Windows	Impacted: Versions prior to 8.3.6 Unaffected: 8.3.6 and above	GTI file and certificate reputation will not be looked up, which will affect product decisions to allow a file to execute due to lack of a reputation score.	Upgrade product to latest available version.	Upgrade Overview
Trellix Application Change Control (TACC) - Linux	Impacted: Versions prior to 6.4.24 Unaffected: 6.4.24 and above	Customers with latest available version will have support to GTI, selinux, secure boot, latest distros, and latest kernels. Latest version is docker compatible. Customers may miss out on security enhancements if they do not upgrade to the latest version.	Upgrade product to latest available version.	How to install TACC Linux on Kubernetes nodes or any container runtime Supported distributions for the TACC Secure Boot feature Supported platforms for Trellix Application and Change Control
Network Data Loss Prevention (NDLP) - ePO SaaS Only	Impacted: Versions prior to 11.10.700 Unaffected: 11.10.700 and above	New customers can't register to SaaS. Evidence uploads to Amazon S3 Storage will fail.	Upgrade product to latest available version. On-Prem NDLP instances do not require action.	Upgrade Overview DLP Network Monitor and Prevent SaaS is unable to upload evidences to S3 buckets
Trellix Protection for Native Security (MVision Endpoint)	Impacted: Versions prior to 2311 Unaffected: 2311 and above	Potentially malicious files will not be identified as malware.	Upgrade product to latest available version.	Upgrade Overview
EDR - Client	Impacted: Versions prior to 4.2.1 (Windows) Versions prior to 4.2.0 (Mac) Unaffected: 4.2.1 and above (Windows) 4.2.0 and above (Mac)	Quarantined endpoints will not be accessible from the EDR Console and unquarantine actions can't be initiated.	Upgrade product to latest available version and apply the latest hotfix.	Upgrade Overview Changes to Trellix communication URLs for EDR Client
Cloud Workload Security (CWS) - Advanced	Impacted: Versions prior to 5.3.5 Unaffected: 5.3.5 and above	IP risk indicators will not be displayed in the console.	Upgrade extension to latest available version.	Upgrade Overview
ePO Minimum Escalation Requirements (MER) And Web Minimum Escalation Requirements (MER)	Impacted: Versions prior to 4.5 Unaffected: ePO MER 4.5 and above Web MER 4.5 and above	MER logs will not be uploaded to the Trellix log store.	Upgrade extension to latest available version.	Upgrade Overview Product Updates or Download (ePO MER) Download (Web MER)
		MER logs will not be uploaded to the Trellix log store.	Run the MER tool and save the results locally using the /save [path] CLI option. Upload the results to the applicable Thrive Case.	MER User Guide
MVision ePO Migration Extension	Impacted: Versions prior to 5.10.0.1616 Unaffected: 5.10.1616 and above	Unable to link ePO - SaaS account with ePO server.	Upgrade extension latest available version.	Upgrade Overview ePO Migration Extension URL Changes
SSSO Tool	Impacted: Versions prior to 22.10 Unaffected: 22.10 and above	Logs will not be uploaded to the Trellix log store.	Use the latest available version.	Download
Advanced Threat Defense/Trellix Intelligent Sandbox	Impacted: Versions below 5.2.0 Unaffected: Version 5.2.0 and above	GAM updates cannot be downloaded. GTI reputation check will fail for both file and URL queries, leading to potential false positives. Automatic Content update download will fail and may render the customer's system unprotected from latest threats.	Upgrade product to latest available version.	Upgrade Overview
Network IPS	Impacted: Certification releases: IPS Manager - prior to 10.1.19.56 IPS Sensor - prior to 10.1.17.91 Non Certification releases: IPS Manager - prior to 10.1.7.66 IPS Sensor - prior to 10.1.5.190 Virtual IPS Manager - prior to 10.1.7.66 Virtual IPS Sensor - prior to 10.1.7.156 Unaffected: Certification releases: IPS Manager - 10.1.19.56 and above IPS Sensor - 10.1.17.91 and above Non Certification releases: IPS Manager - 10.1.7.66 and above IPS Sensor - 10.1.5.190 and above Virtual IPS Manager - 10.1.7.66 and above Virtual IPS Sensor - 10.1.7.156 and above	Signatures cannot be updated. Call back detectors will not be downloaded. Sensor software cannot be updated. GTI reputation check will fail for both IP and URL queries, leading to potential false positives. GAM updates cannot be downloaded.	Upgrade product to latest available version. In addition to resolving connectivity issues, the latest IPS Manager addresses two critical vulnerabilities (CVE-2024-5671 and CVE-2024-5731).	Upgrade Overview
Database Security	Impacted: Versions prior to 10.0.x Unaffected: 10.0.0	Missing out on security enhancements, library upgrades and support for additional database versions	Upgrade product to latest available version.	Upgrade Overview How to migrate from a McAfee environment to a Trellix environment