Professional Documents
Culture Documents
5
Evaluation Guide
COPYRIGHT
Copyright 2009 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form
or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE
EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN,
WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in
connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property
of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED,
WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH
TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS
THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET,
A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU
DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN
THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
License Attributions
Refer to the product Release Notes.
Contents
Introducing ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Components of ePolicy Orchestrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
What's new in this release. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Pre-Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Server and Agent Handler requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Database requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Database considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Distributed repositories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Supported products and components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Operating systems language support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Contents
Deployment Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Creating a product deployment task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Creating a product update task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Verifying client software installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Revisiting the PUP audit VirusScan policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Resetting the On-Access Scan policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Verifying the On-Demand Scan task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Setting Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Creating policies for the McAfee Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Creating policies for VirusScan Enterprise. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Locking the local VirusScan console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Creating file exclusions on a server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Creating policies for the AntiSpyware Enterprise module. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Assigning policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Assigning McAfee Agent policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Assigning VirusScan Enterprise policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Navigation redesign
Navigation for the ePO console has been redesigned for the 4.5 release. Now you can access
any of the first-level ePolicy Orchestrator tabs from the new ePO Menu.
Drag-and-drop
You can use drag-and-drop functionality to move certain objects in the interface. You can:
Add Menu items to the favorites bar.
In tables, add commonly used actions from the Actions menu to the Action bar.
Using the Systems table, move selected systems or groups of systems to a different group
in the System Tree.
In the System Tree, move groups and subgroups into other groups.
Policy Assignment Rules
ePolicy Orchestrator 4.5 allows you to assign policies to unique groups or to individual users
through the use of Policy Assignment Rules. This feature enables policy assignment based on
the Active Directory groups that users belong to, instead of the system they are using. You can
include individual users, groups, and Organizational Units (OUs) in a rule. You can also exclude
specific users from a rule. McAfee SiteAdvisor Enterprise 3.0 is the first managed product to
leverage this feature.
Automatic Responses
The new Automatic Responses feature replaces the Notifications feature. This new feature
allows you to create rules for responding to events that are specific to your business environment.
Available actions include:
Sending email notifications
Sending SNMP traps
Creating issues for use with integrated third-party ticketing systems
Running a registered executable or server task
IPv6 support
ePolicy Orchestrator 4.5 is fully compatible with IPv6 in both native and mixed environments,
including:
Native IPv4
Native IPv6
Mixed IPv4 and IPv6
LDAP support
ePolicy Orchestrator 4.5 supports LDAP (Lightweight Directory Access Protocol) through the
use of Active Directory servers. This version of ePolicy Orchestrator allows closer integration
with Active Directory servers so that you can:
Assign permission sets to users based on their Active Directory group
Browse your Active Directory server for users or groups when creating Policy Assignment
Rules
Automatically assign administrator rights to users when they log on with their Active Directory
domain credentials
Pre-Installation
Before installing ePolicy Orchestrator 4.5, review these requirements and recommendations.
Contents
System requirements
Supported products and components
Operating systems language support
System requirements
Verify that your environment meets the minimum requirements listed here:
Server and Agent Handler
Database
Distributed repositories
Pre-Installation
System requirements
Select Use a proxy server for your LAN, then select Bypass proxy server for local
addresses.
Domain controllers The server must have a trust relationship with the Primary Domain
Controller (PDC) on the network. For instructions, see the Microsoft product documentation.
Security software
Install and/or update the anti-virus software on the ePolicy Orchestrator server and scan
for viruses.
CAUTION: If running VirusScan Enterprise 8.5i or 8.7i on the system where you are installing
ePolicy Orchestrator, you must ensure that the VSE Access Protection rules are disabled
during the installation process, or the installation fails.
Install and/or update firewall software on the ePolicy Orchestrator server.
Ports
McAfee recommends avoiding the use of Port 8443 for HTTPS communication. Although this
is the default port, it is also the primary port used by many web-based activities, is a popular
target for malicious exploitation, and it is likely to be disabled by the system administrator
in response to a security violation or outbreak.
NOTE: Ensure that the ports you choose are not already in use on the ePolicy Orchestrator
server computer.
Notify the network staff of the ports you intend to use for HTTP and HTTPS communication
via ePolicy Orchestrator.
NOTE: Installing the software on a Primary Domain Controller (PDC) is supported, but not
recommended.
Supported virtual infrastructure software
VMware ESX 3.5.x
Microsoft Virtual Server 2005 R2 with Service Pack 1
Windows Server 2008 Hyper-V
10
Pre-Installation
System requirements
Database requirements
Microsoft updates and patches
Update both the ePO server and the database server with the latest Microsoft security updates.
If you are upgrading from MSDE 2000 or SQL 2000, be sure to follow Microsoft's required
upgrade scenarios.
Databases supported for use with ePolicy Orchestrator
SQL Server 2005 Express. This database is included with ePolicy Orchestrator for use in
environments where there is no supported database available.
SQL Server 2005.
SQL Server 2008 Express.
SQL Server 2008.
NOTE: Use of ePolicy Orchestrator with MSDE 2000 or SQL 2000 (or earlier) is not supported.
Database installation documented in this Guide
The only database installation scenario described in detail is a first-time installation of SQL
Server 2005 Express. In this scenario, the ePOSetup installs both the ePolicy Orchestrator
software and the database on the same server. If the database is to be installed on a different
server from the ePolicy Orchestrator software, manual installation is required on the remote
servers.
Other relevant database installations and upgrades
See the documentation provided by the database manufacturer for information about the
following installation scenarios:
Installing SQL Server 2005.
Installing SQL Server 2008.
Upgrading from MSDE 2000.
Upgrading from SQL 2000.
Upgrading from SQL 2005.
Upgrading from SQL 2005 Express.
Maintenance settings McAfee recommends making specific maintenance settings to
ePO databases. For instructions, see Maintaining ePO databases in the ePolicy Orchestrator
Help.
SQL Server
Dedicated server and network connection Use a dedicated server and network
connection if managing more than 5,000 client computers.
Local database server If using SQL Server on the same system as the ePOserver,
McAfee recommends using a fixed memory size in Enterprise Manager that is approximately
two-thirds of the total memory for SQL Server. For example, if the computer has 1GB of
RAM set 660MB as the fixed memory size for SQL Server.
11
Pre-Installation
System requirements
SQL Server licenses If using SQL Server, a SQL Server license is required for each
processor on the computer where SQL Server is installed.
CAUTION: If the minimum number of SQL Server licenses is not available after you install
the SQL Server software, you may have issues installing or starting the ePolicy Orchestrator
software.
Database considerations
Using ePolicy Orchestrator with a database
A database must be installed before ePolicy Orchestrator can be installed. Any of the following
databases, if previously installed, meets this requirement.
SQL Server 2005
SQL Server 2005 Express
SQL Server 2008
SQL Server 2008 Express
NOTE: SQL Server 2000 is not supported.
If none of those databases was previously installed, the ePO installation wizard detects that no
database is present and offers you the opportunity to install SQL Server 2005 Express.
The following tables provide additional information about the database choices and other
software requirements.
Database
Requirements
Note
Licenses
Software
Note
MSXML 6.0
Select MSXML6.
12
Pre-Installation
Supported products and components
Software
Note
Internet Explorer 7 or 8, or
Firefox 3.0
You must acquire and install if using SQL Server 2005 Express.
MDAC 2.8
If no other database has been previously installed, this database can be installed
automatically at users selection.
Microsoft updates
Update the ePolicy Orchestrator server and the database server with the most
current updates and patches.
MSI 3.1
Distributed repositories
Free disk space 400 MB on the drive where the repository is stored.
NOTE: The disk space requirement for the distributed repositories on agents that are designated
as SuperAgents is equal to the disk space available for the master repository.
Memory 256 MB minimum.
Possible hosts:
HTTP-compliant servers on Microsoft Windows, Linux, or Novell NetWare operating systems
Windows, Linux, or NetWare FTP servers
Windows, Linux, or UNIX Samba UNC shares
Computer with a SuperAgent installed on it
13
Pre-Installation
Supported products and components
14
Pre-Installation
Operating systems language support
Japanese
Chinese (Traditional)
Korean
English
Russian
French (Standard)
Spanish
German (Standard)
15
Using an account with local administrator permissions, log on to the Windows server
computer to be used as the ePO server.
16
Click Next. The installation process for each software item not listed as Optional begins
automatically.
If you intend to use an existing instance of SQL Server 2005, or SQL 2008, you can continue
without selecting the checkbox for installation of SQL Server 2005 Express.
If you do not have a supported version of SQL or MSDE, take one of the following actions:
Install SQL 2005 or 2008 on a server.
If you are installing ePolicy Orchestrator with SQL 2005, the SQL Browser must be
enabled or you cannot complete the installation wizard.
Install SQL Server 2005 Express on the same computer where you are installing ePolicy
Orchestrator. If you selected the checkbox for installation of SQL Server 2005 Express,
ePolicy Orchestrator installs the database automatically.
If you are installing SQL Server 2005 Express, you might be prompted to install SQL
Server 2005 Backward Compatibility. You must install it.
In the Welcome page of the installation wizard, click Next. The License Key page appears.
NOTE: License Keys are distributed from the same McAfee website from which the ePolicy
Orchestrator software is downloaded.
Select whether you are installing based on a license key or installing an evaluation version.
If you have a License Key, type its number here.
If you select License Key but do not type its number, you are asked if you want to
install an evaluation version. Click OK to proceed with installation of the evaluation
version, or Cancel to return to the previous page.
If you are installing a beta version of the software, the Beta test information box appears.
Click OK.
Accept the End User License Agreement, then click OK to continue. The Choose
Destination Location dialog box appears. Click Next.
Accept the default installation path or click Browse to select or create a different location,
then click Next.
If installing on a cluster server, the Set Database and Virtual Server Settings dialog box
appears. Otherwise the Set Administrator Information dialog box appears.
Type and verify the password for logging on to this ePolicy Orchestrator server, then click
Next.
If your environment employs Microsoft Cluster Server (MSCS) for a high availability system
that ensures failover support, the Set Database and Virtual Server Settings dialog box
appears.
10 In the Set Database Information dialog box, identify the type of account and
authentication details that the ePO server will use to access the database:
a Use the drop-down list to select a database server. If SQL Express was installed, the
name of the database is <computername>\EPOSERVER.
b Select the type of authentication, then click Next. The available options are:
Windows authentication (recommended) Specify the NetBIOS name of the
Domain associated with the desired domain administrator user account. Then, provide
and verify a password.
NOTE: If the database identification fails, type 1433 or 1434 in the SQL server TCP
port field.
SQL authentication Provide the User name that the ePolicy Orchestrator software
will use to access the database, then provide a password. If the installer cannot identify
17
the port used for communication to and from the server, you might be prompted to
provide that information.
NOTE: The ePolicy Orchestrator account must have DB ownership to the database.
11 Set the HTTP Configuration. Designate the port to be used by each function, then click
Next.
Function
Port
Configurable.
Configurable.
NOTE: Client firewalls block communication from the ePO server. Ensure that the ports
required for communication from the ePO server are available on the client.
12 Optional step (can be performed after ePolicy Orchestrator is up-and-running). In the
Default Notification Email Address dialog box, type the email address of the recipient of
messages from ePolicy Orchestrator notification or leave the default. For a new recipient,
complete these options, then click Next.
a Provide a default destination for messages.
b Select Setup email server settings now. However, if you choose Setup email
server settings later, leave the default address.
c Type the Fully Qualified Domain Name (FQDN) of the mail server and specify the Port
to use for email.
d Select This server requires authentication if needed, then type the User name
and Password required to access the server.
For more information, see Automatic Responses in the ePolicy Orchestrator 4.5 Product
Guide.
13 In the Start Copying Files dialog box, click Next to begin the installation.
14 In the Installation Complete dialog box, you can view the Release Notes, launch ePolicy
Orchestrator, or click Finish to complete the installation.
18
Open the folder where you extracted the contents of the ePolicy Orchestrator installation
package.
Copy the AgentHandler folder to the intended Agent Handler server system.
Double-click and run Setup.exe. Installation activities take place in the background. When
they are completed, the InstallShield Wizard for McAfee Agent Handler opens. Click Next.
Accept the default destination or click Browse to change the destination, then click Next.
The Server Information page opens.
Type the machine name of the ePO Server with which the Agent Handler is to communicate.
Type the port to be used for server-handler communication. Port 8433 is the default. McAfee
recommends that you change the port designation. See the discussion of Ports in the Server
and Agent Handler requirements section.
Type the ePO Admin User name and password of a user with global administrator
privileges. If these credentials are to be used for the database as well, click Next to start
the installation.
If you want to use different database credentials than those mentioned in step 7, follow
these additional steps:
a Deselect Use ePO Server's database credentials, then click Next.
b Type the name of the SQL database server.
c Select Windows Authentication or SQL Authentication, then type the credentials.
NOTE: These credentials must be previously defined in SQL Server.
To launch the ePolicy Orchestrator software, open an Internet browser and go to the URL
of the server (For example: https://<servername>:8443). The Log On to ePolicy
Orchestrator dialog box appears.
NOTE: You can also double-click the McAfee ePolicy Orchestrator icon on the desktop to
launch ePolicy Orchestrator.
Type the User name and Password of a valid account, created during the installation of
the software.
NOTE: Passwords are case-sensitive.
19
in version 4.0
in version 4.5
The Menu
The Menu is new in version 4.5 of ePolicy Orchestrator software. The Menu uses categories
that comprise the various ePO features and functionalities. Each category contains a list of
primary feature pages associated with a unique icon. The Menu and its categories replace static
group of section icons used to navigate the 4.0 version of the interface. For example, in the
4.5 version, the Reporting category includes all of the pages included in the 4.0 version Reporting
20
section, plus other commonly used reporting tools such as the Dashboards page. When an item
in the Menu is highlighted, its choices appear in the details pane of the interface.
In ePolicy Orchestrator 4.5, the navigation bar is customizable. In the 4.0 version of the interface,
the navigation bar was comprised of a fixed group of section icons that organized functionality
into categories. Now you can decide which icons are displayed on the navigation bar by dragging
any Menu item on or off the navigation bar. When you navigate to a page in the Menu, or click
an icon in the navigation bar, the name of that page is displayed in the blue box next to the
Menu.
On systems with 1024x768 screen resolution, the navigation bar can display six icons. When
you place more than six icons on the navigation bar, an overflow menu is created on the right
side of the bar. Click > to access the Menu items not displayed in the navigation bar. The icons
displayed in the navigation bar are stored as user preferences, so each user's customized
navigation bar is displayed regardless of which console they log on to.
21
In the list, find the task named Update Master Repository and, under the Actions
column, click Edit to open the Server Task Builder.
On the Description page, set Schedule status to Enabled, then click Next.
On the Actions page, there is a gray bar just below the page description labeled 1. Select
Respository Pull from the drop-down list.
22
On the Schedule page, choose when you want ePolicy Orchestrator to check the McAfee
site for updates.
Click Next.
On the Summary page, click Save. The console returns to the Server Tasks page.
Find the Update Master Repository task and, under the Actions column, click Run. This
immediately retrieves the current updates, and opens the Server Task Log.
Click Menu | Software | Master Repository, then click Actions | Check In Package.
The Check In Package wizard opens.
23
Select the package type, then browse to and select the VirusScan Enterprise 8.7i deployment
package file.
NOTE: If you had downloaded the evaluation version of McAfee VirusScan Enterprise 8.7i
Repost Patch 1, then browse for the file VSE870MLRP1.ZIP.
Click Save to begin checking in the package. Wait while the package is checked in.
The new package appears in the Packages in Master Repository list on the Master Repository
tab.
24
Click Menu | Systems | System Tree, then click Group on the menu bar.
Type Test Group, then click OK. The new group appears in the System Tree.
25
Highlight Test Group, click System Tree Actions | New Subgroup, type Servers, and
click OK.
Repeat Step 4, but type Workstations for the group name. Once you return to the Group
page, highlight Test Group. Your Servers and Workstations groups are listed on the Group
page. The sorting order should be the same as the order in which you created the groups.
In the System Tree, highlight the Workstation group and click System Tree Actions
| New Systems.
For How to Add Systems, select Add systems to the current group, but do not
deploy agents.
For Systems to Add, type the NetBIOS name for each system in the text box, separated
by commas, spaces, or line breaks. You can also click Browse to select systems.
Click OK.
26
Click Menu | Systems | System Tree, then click Group Details on the menu bar.
At the top of the Group page, locate the label Sorting Criteria and click Edit.
Select Systems that match any of the criteria below (IP addresses and/or tags).
The page expands with additional options.
From the drop-down menu, select Server, click the plus sign (+), then select Workstation.
Click Save.
In the Sorting Order list, find the entry for Test Group. In the Actions column, click
Move Up until the group is at the top of the list. Now this group is the first to be evaluated
when new systems are put into the System Tree.
Click Menu | Systems | System Tree, then click Systems on the menu bar.
Highlight Test Group. If this group has no systems, but has subgroups with systems, click
the Level Filter drop-down list and select This Group and All Subgroups.
Select one or more systems from the list, and click Actions | Agent | Deploy Agents.
Type credentials that have rights to install software on client systems, such as a Domain
Administrator, and click OK.
It will take a few minutes for the McAfee Agent to install and for client systems to retrieve
and execute the installation packages for the endpoint products. When first installed, the
agent determines a random time within 10 minutes for connecting to the ePO server to
retrieve policies and tasks.
27
There are many other ways to deploy the McAfee Agent (see the ePolicy Orchestrator
Product Guide or Help).
Click Menu | Systems | System Tree, then click Systems on the menu bar.
If an IP address and user name are listed, the agent on the client system is communicating
with the server.
If five to ten minutes pass and systems do not have an IP address and user name, select
Actions | Agent | Wake Up Agents.
If sending a wake-up call fails to retrieve an IP address and user name, other environmental
factors might be preventing the initial agent deployment. If this happens, you can copy
the agent installer, Framepkg.exe, from the ePO server and run it on the client systems.
28
Deployment Tasks
You have now created a System Tree, added some client systems, checked in the software,
and configured your policies. Next, you will schedule the deployment of VirusScan Enterprise.
Product deployment is accomplished using a client task that the McAfee Agent retrieves and
executes. You also use client tasks for scheduling scans and updating.
After creating the deployment and update tasks in this section, create a VirusScan Enterprise
On-Demand Scan task.
Contents
Creating a product deployment task
Creating a product update task
Verifying client software installation
Revisiting the PUP audit VirusScan policy
Resetting the On-Access Scan policy
Verifying the On-Demand Scan task
Click Menu | Systems | System Tree, then click Client Tasks on the menu bar.
For Type, select Product Deployment from the drop-down menu, then click Next.
Select Run at Every Policy Enforcement (Windows only), then click Next.
Schedule status
Enabled
Schedule type
Run Immediately
29
Deployment Tasks
Creating a product update task
Click Menu | Systems | System Tree, then click Client Tasks on the menu bar.
For Type, select Product Update from the drop-down menu, then click Next.
On the Configuration page under Products and components, select McAfee Agent
for Windows 4.x.x.xxx, set Action to Install, select Engine and DAT, then click Next.
Set Schedule to Repeat Between, and set the time values to 7:00am, 6:59am, and
every 4 hours.
30
Deployment Tasks
Revisiting the PUP audit VirusScan policy
Click Menu | Systems | System Tree, then click Systems on the menu bar.
Select individual systems using the checkboxes, or use Select All in this Page or Select
All in all Pages.
If you were waking up a large number of systems, adding a few minutes of randomization
is useful. Click OK.
After a few minutes, click individual systems. The System Details page provides information
about the system, including the installed McAfee software.
Click Menu | Systems | System Tree, then click Assigned Policies on the menu bar.
Select Break inheritance and assign the policy and settings below.
Type a name for the policy, such as PUP exclusions for IT staff, and click OK. The Policy editor
opens.
In the Unwanted Program Exclusions area, type PortScan-SuperScan and click the plus symbol
(+) on the right.
10 Click Save.
31
Deployment Tasks
Resetting the On-Access Scan policy
11 From the Assigned policy drop-down menu, select the policy PUP exclusions for IT
staff, then click Save.
It is safer to exclude only the tools you use, rather than deselecting an entire category.
For example, considering remote administration tools, you might need to exclude a few
tools for normal operations, but you might also want to know if the McAfee AntiSpyware
module finds any non-approved, rogue tools of this nature on your network.
After completing the PUP audit, it is important that you change the VirusScan setting back
to Clean, and create a policy with exclusions. If you don't, you won't remove spyware.
Click Menu | Systems | System Tree, then click Assigned Policies on the menu bar.
Select the radio button for the policy Audit for PUPs, which is either Global Root or My
Organization, depending on your previous settings.
Click Save.
Click Menu | Systems | System Tree, then click Client Tasks on the menu bar.
Locate the scan task you created, then under the Actions column click Edit Settings.
On the Configuration page, click Actions, then in the When an Unwanted Program
is Found drop-down menu, select Clean Files.
Click Save.
VirusScan will now clean any PUPs that you have not explicitly excluded. The next time
client systems communicate with the server, they will download your configuration changes.
32
Setting Policies
A policy is a collection of settings that you create, configure, then enforce. Policies ensure that
the managed security software products are configured and perform accordingly.
Some policy settings are the same as the settings you configure in the interface of the product
installed on the managed system. Other policy settings are the primary interface for configuring
the product or component. The ePolicy Orchestrator console allows you to configure policy
settings for all products and systems from a central location.
Policy categories
Policy settings for most products are grouped by category. Each policy category refers to a
specific subset of policy settings. Policies are created by category. In the Policy Catalog page,
policies are displayed by product and category. When you open an existing policy or create a
new policy, the policy settings are organized across tabs.
Where policies are displayed
To see all of the policies that have been created per policy category, click Menu | Policy |
Policy Catalog, then select a Product and Category from the drop-down lists. On the Policy
Catalog page, users can see only policies of the products to which they have permissions.
To see which policies, per product, are applied to a specific group of the System Tree, click
Menu | Systems | System Tree | Assigned Policies page, select a group, then select a
Product from the drop-down list.
NOTE: A McAfee Default policy exists for each category. You cannot delete, edit, export or
rename these policies, but you can copy them and edit the copy.
Contents
Creating policies for the McAfee Agent
Creating policies for VirusScan Enterprise
Assigning policies
33
Setting Policies
Creating policies for VirusScan Enterprise
change the Agent to Server Connection Interval option to 180 minutes from the default
of 60.
NOTE: This functionality is enabled by McAfee Agent 4.0 latest patch, which is included in the
ePolicy Orchestrator 4.5 evaluation software.
Use this task to create a policy that displays the McAfee Agent on client systems:
Task
For option definitions, click ? in the interface.
1
Select the box next to Show the McAfee system tray icon, and click Save.
ePolicy Orchestrator provides you with the option to access the McAfee Agent log on each
system remotely. See the ePolicy Orchestrator Product Guide for details on this useful
troubleshooting tool.
34
Setting Policies
Creating policies for VirusScan Enterprise
On the line that lists your new Lock VSE Console policy, click Edit.
For User interface password, select Password protection for all items listed.
Click Menu | Systems | System Tree, then click Assigned Policies on the menu bar.
Expand Test Group, then click your Servers group. This policy can be configured prior
to adding systems to this group.
For Inherit from, select Break inheritance and assign the policy and settings
below.
In the Create a new policy dialog box, for Policy Name, type Database AV Exclusions,
then click OK. This opens the policy editor.
35
Setting Policies
Assigning policies
This section presents a methodology for detecting the PUPs on your network to discover what
exists, create exclusions for any with legitimate purposes, then configure the scanner to block
the remainder.
The task modifies the VirusScan On-Access Scan settings to log PUPs that it finds, but not delete
them. VirusScan continues to detect and clean viruses, worms, Trojan horses, and other threats.
The intent is to check for PUPs in "audit mode" for a few days or a week, check the PUP detection
reports in ePolicy Orchestrator, and identify your required exclusions. Later, you will change
the policy assignment so it once again cleans PUPs.
Use this task to modify the default VirusScan On-Access Scan policy so that PUPs are audited
on your managed systems.
Task
For option definitions, click ? in the interface.
1
For When an unwanted program is found, select Allow access to files from the
drop-down menu for the first action to perform. This disables the secondary action.
10 Click Save.
Assigning policies
Use these tasks to assign policies from the System Tree interface and assign the VirusScan
Enterprise policies.
Tasks
Assigning McAfee Agent policy
Assigning VirusScan Enterprise policies
36
Click Menu | Systems | System Tree, then click Assigned Policies on the menu bar.
Setting Policies
Assigning policies
For Inherit from, select Break inheritance and assign the policy and settings
below.
From the Assigned Policy drop-down menu, select Show Agent Icon.
Click Save.
On the line that lists User Interface Policies, click Edit Assignment.
For Inherit from, select Break inheritance and assign the policy and settings
below.
From the Assigned Policy drop-down menu, select Lock VSE Console.
Click Save.
Click Save. When you return to the Policies page, you will see that On-Access Default
Processes Policies has an entry in the Broken Inheritence column. This is because
you already assigned the Database AV Exclusions policy to the Servers group.
37
Activating a dashboard
To make a dashboard part of your active set on the tab bar of the Dashboards page, you
need to activate it.
Task
For option definitions, click ? in the interface.
1
Click Menu | Reporting | Dashboards, click Options, then select Manage Dashboards.
The Manage Dashboards page appears.
From the Dashboards list, highlight VSE: Current Detections, then click Make Active.
The Make Active dialog box appears.
38
To view some information about VirusScan Enterprise and Potentially Unwanted Programs, you
will duplicate, then modify the VSE: Current Detections dashboard.
Task
For option definitions, click ? in the interface.
1
Click Menu | Reporting | Dashboards, click Options, then select Manage Dashboards.
The Manage Dashboards page appears.
From the Dashboards list, highlight VSE: Current Detections then click Duplicate.
Click Edit.
Find the monitor named VSE: Threats Detected in the Last 24 Hours and click Delete.
From the Monitor list, select VSE: DAT Deployment, then click OK.
Find the monitor named VSE: Threats Detected in the Last 7 Days and click Delete.
39
Summary
Congratulations. By completing this guide, you have performed many of the common tasks
used in creating and maintaining a secure network environment.
Here is what you have accomplished:
1
Enabled and run a task that updates the ePO master repository from the McAfee site.
Created a System Tree structure, and added test systems into groups.
Created and applied a new McAfee Agent policy that displays the system tray icon on
managed systems.
Created and applied new policies for endpoint products, consisting of several VirusScan
policies, including a policy to audit PUPs.
Verified agent-server communication, and sent agent wake-up calls to ensure that your
managed systems retrieved the new policies.
40
References
Use the links in this section to access more information.
Support by Reading
Search McAfee's award-winning KnowledgeBase to find answers to questions.
Search the Knowledge base
For more information on ePolicy Orchestrator 4.5, refer to the following product documentation:
ePolicy Orchestrator 4.5
ePolicy Orchestrator 4.5 Product Guide
ePolicy Orchestrator 4.5 Installation Guide
License Management in ePolicy Orchestrator 4.5 FAQ
ePolicy Orchestrator 4.5 - Master list of release Support articles
VirusScan Enterprise 8.7i
VirusScan Enterprise 8.7i Installation Guide
VirusScan Enterprise 8.7i Product Guide
Access Protection in McAfee VirusScan Enterprise and Host Intrusion Prevention - Whitepaper
Support by Seeing
View tutorials
View video tutorials that address common issues and questions.
Support by Doing
Download Software Updates
Obtain the latest anti-virus definitions, product security updates and product versions. To get
product patches and maintenance releases you must be logged on to the ServicePortal.
Global Support Lab
Configure and walk through common issues in a live test environment.
41