Before one comments to support Critical System Protection (THE PRODUCT) please note (or take the time) that this product *IS* designed to be flexible and monitor other apps. Understand the product and its policy's (or signatures) before making a harsh comment to a customer.
Muydess,
Yes it is possible to make a template policy to monitor for specific Mcafee events being sent to the system as with what the built in Symantec AV policy is performing. I am assuming Mcafee logs similarly to how SEP or SAV would as it will start with posting an event to the Windows Event log with a specific ID.
Please provide me how much knowledge you have of Windows Template Policy in CSP. I can walk you through the basics on how one can set this up. Also review ids_ref.pdf under “more about template policies” specifically in the Windows Event Log template policy.
Next steps would be to gather the events posted by Mcafee (i.e. a log schema) and the actions you would want to alert on. Such as “virus found” etc… from there a template policy can be created for rule by rule event generation from the IDS side of the product.