McAfee EPOCDE-AA-BA - ePolicy Orchestrator - PC Product Manual

Product guide

page of 328

/ 328
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

Product Guide

McAfee

ePolicy Orchestrator

4.6.0

Software

Table of Contents

Chapters

Table of Contents

Summary of Contents for McAfee EPOCDE-AA-BA - ePolicy Orchestrator - PC

Page 1 Product Guide ® ® McAfee ePolicy Orchestrator 4.6.0 Software...
Page 2: License Agreement
MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
Page 3: Table Of Contents
Creating a custom login message ......34 McAfee Labs Security Threats ......
Page 4 Configuring proxy settings ......83 Configuring proxy settings for the McAfee Agent ....83 Configuring proxy settings for McAfee Labs Security Threats .
Page 5 Registering servers ....... . . 95 Registering McAfee ePO servers ......95 Registering LDAP servers .
Page 6 Locate inactive agents ....... 156 Queries provided by McAfee Agent ......156 Windows system and product properties reported by the agent .
Page 7 Viewing and resetting broken inheritance ....183 Sharing policies among McAfee ePO servers ..... . 183 Setting up policy sharing for multiple McAfee ePO servers .
Page 8 Exporting a query ......247 ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 9 Running reports ....... 259 Configuring Internet Explorer 8 to automatically accept McAfee ePO downloads ..259 Running a report with a server task .
Page 10 Changing SQL Server information ......312 Index ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 11: Preface
Preface This guide provides the information you need to configure, use, and maintain your McAfee product. Contents About this guide Finding product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized.
Page 12: What's In This Guide
Finding product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.
Page 13: Introducing Mcafee Epolicy Orchestrator Software Version
Get familiar with what ePolicy Orchestrator software is, the components of the software, and how they protect your environment. Then, review the configuration process overview. Chapter 1 Introducing McAfee ePolicy Orchestrator Software version 4.6.0 Chapter 2 Planning your ePolicy Orchestrator configuration ®...
Page 15: Introducing Mcafee Epolicy Orchestrator Software Version
Introducing McAfee ePolicy Orchestrator Software version 4.6.0 McAfee ePolicy Orchestrator software is a key component of the McAfee Security Management Platform which provides unified management of endpoint, network, and data security. It provides you with end-to-end visibility and powerful automation features that reduce incident response times, strengthens protection, and decreases the complexity of managing risk and security.
Page 16: Components And What They Do
Database — The central storage component for all data created and used by ePolicy Orchestrator. You can choose whether to house the database on your McAfee ePO server or on a separate system, depending on the specific needs of your organization.
Page 17: How The Software Works
How the software works How the software works McAfee ePO software is designed to be extremely flexible. It can be set up in many different ways, to meet your unique needs. The software follows the classic client-server model, in which a client system (system) calls into your server for instructions.
Page 18: How To Navigate The Epolicy Orchestrator Interface
Introducing McAfee ePolicy Orchestrator Software version 4.6.0 How to navigate the ePolicy Orchestrator interface Your ePolicy Orchestrator server connects to the McAfee update server to pull down the latest security content. The ePolicy Orchestrator database stores all the data about the managed systems on your network, including: •...
Page 19: About The Navigation Bar
Introducing McAfee ePolicy Orchestrator Software version 4.6.0 How to navigate the ePolicy Orchestrator interface The Menu uses categories that comprise the various features and functionality of your ePolicy Orchestrator server. Each category contains a list of primary feature pages associated with a unique icon.
Page 21: Planning Your Epolicy Orchestrator Configuration
Your organization is distributed over a large geographic area, and uses a network connection with relatively low bandwidth such as a WAN, VPN, or other slower connections typically found between remote sites. For more information about bandwidth requirements, see the McAfee ePolicy Orchestrator Hardware Usage and Bandwidth Sizing Guide.
Page 22: When To Use Multiple Remote Agent Handlers
Orchestrator servers to your environment. The Agent Handler is the component of your server responsible for managing agent requests. Each McAfee ePO server installation includes an Agent Handler by default. Some scenarios in which you might want to use multiple remote Agent Handlers include: •...
Page 23 Configure essential features — ePolicy Orchestrator software has some essential features that you must configure for your server to function properly. Use the Guided Configuration tool to configure the essential features of your McAfee ePO server. Configure general server settings — Server settings in this group affect functionality that you do not need to modify for your server to operate correctly, but you can customize some aspects of how your server works.
Page 25: Setting Up And Configuring Your Epolicy Orchestrator Server
Setting up permission sets Chapter 7 Configuring advanced server settings Chapter 8 Setting up repositories Chapter 9 Setting up registered servers Chapter 10 Setting up Agent Handlers Chapter 11 Other important server information ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 27: Configuring Essential Features
• The McAfee Agent — Enables management of a system on your network. Once deployed, the agent communicates status and all associated data to and from your server and the managed system. It is the vehicle through which security software is deployed, policies are enforced, and tasks are assigned.
Page 28: Using The Guided Configuration To Configure Essential Features
• Select the security software you want to deploy to systems on your network. • Select the systems on your network you want manage with your McAfee ePO server, and add them to the System Tree. • Configure a Default policy to be assigned and enforced on your managed systems.
Page 29 2 Select a product from the Product list and click My Default to edit the default policy settings. 3 Click Next to move on to the next step. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 30 Select the location in the System Tree that contains the systems where you want to deploy your software, then click Next. The Software Deployment dialog box opens. Click OK to continue. Specify your settings for the McAfee Agent deployment, then click Deploy. Click Skip Agent Deployment if you want to wait until later to perform this action.
Page 31: Configuring General Server Settings
Orchestrator server is not required. However, before your server can send an automatically generated email in response to an event in your network, you must configure the Email Server settings your McAfee ePO server needs to connect to your email server.
Page 32: Specifying Default Dashboards And Dashboard Refresh Intervals
Click Menu | Configuration | Server Settings, select Event Filtering, then click Edit at the bottom of the page. The Edit Event Filtering page appears. Select the events you want the agent to forward to the server, then click Save. Changes to these settings take effect after all agents have communicated with the McAfee ePO server. ® ®...
Page 33: Choosing An Epo Notification Event Interval
Global Updating server setting. Global updates are disabled by default. However, McAfee recommends that you enable and use them as part of your updating strategy. You can specify a randomization interval and package types to be distributed during the update.
Page 34: Providing A License Key
Select Display custom login message, then type your message and click Save. McAfee Labs Security Threats The McAfee Labs Security Threats page informs you of the top ten medium-to-high-risk threats for corporate users. You no longer need to manually search for this information from the press (TV, radio, ®...
Page 35: Controlling Unsupported Product Policy Visibility
Use these task to mark threat notifications as read or unread or to delete them. Data is sorted by the date the threat was discovered. In addition, you can click the threat name to go to the McAfee Labs website to view information about each threat.
Page 36: Changing Agent Communication Ports
Select Image and browse to the image file, such as your company logo. • Select the default McAfee logo. Click OK to return to the Edit Printing and Exporting page. From the drop-down lists, select any metadata that you want displayed in the header and footer.
Page 37: Ssl Certificates
The browsers supported by McAfee ePO show a warning about a server’s SSL certificate if it cannot verify that the certificate is valid or signed by a source that the browser trusts. By default, the McAfee ePO server uses a self-signed certificate for SSL communication with the web browser, which, by default, the browser will not trust.
Page 38 Orchestrator for the change to take effect. Installing a trusted security certificate for the McAfee ePO browser Use these tasks to install a trusted security certificate for your McAfee ePO browser, to stop the server certificate warning from appearing every time you log on.
Page 39: Enabling System Tree Sorting On The Server
These are the default server settings categories available in ePolicy Orchestrator software. When you check in additional software to your McAfee ePO server, product-specific server settings are added to the Server settings category list. For information on product-specific server settings, see the associated product documentation.
Page 40 PDF exports. It also specifies the default location where the exported files are stored. Proxy Settings Specifies the type of proxy settings configured for your McAfee ePO server. Repository Packages Specifies whether any package can be checked in to any branch. Only agents later then version 3.6 can retrieve packages other than updates...
Page 41 Specifies which queries and systems properties are displayed in the System Details page for your managed systems. System Tree Sorting Specifies whether and how System Tree sorting is enabled in your environment. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 43: Creating User Accounts
• Change server settings. • Add and delete user accounts. • Add, delete, and assign permission sets. • Import events into ePolicy Orchestrator databases and limit events that are stored there. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 44: Working With User Accounts
Select whether the new account uses McAfee ePO authentication,Windows authentication, or Certificate Based Authentication and provide the required credentials or browse and select the certificate.
Page 45: Deleting User Accounts
Use this task to delete a user account. You must be a global administrator to delete user accounts. McAfee recommends disabling the Login status of an account instead of deleting it, until you are sure all valuable information associated with the account has been moved to other users.
Page 47: Setting Up Permission Sets
Due to the interwoven nature of these objects, you might have to create and modify permission sets, groups, and users multiple times to get everything set up the way you want. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 48 You've now got an entire class of users (members of the "Dallas" Active Directory server) with access to a specific query group, and an individual with the ability to create and modify queries and reports within that group. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 49: Working With Permission Sets
If you have added any Active Directory servers you want to remove, select them in the Active Directory list box click Remove. Click Save to create the permission set. At this point, you have created the permission set but have not yet assigned permissions to it. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 50: Modifying An Existing Permission Set
Orchestrator servers is to export them and import them onto other servers. Permission sets cannot be exported individually. You can only export the entire list of permission sets at one time. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 51: Importing Permission Sets
Select the permission set(s) you want to export. Click Permission Sets Actions | Export All The McAfee ePO server sends an XML file to your browser. What happens next depends on your browser settings. By default, most browsers ask you to save the file.
Page 52 Permission Sets list. Its details appear to the right. Click Actions | Delete, then click OK in the Action pane. The permission set no longer appears in the Permission Sets list. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 53: Configuring Advanced Server Settings
This process is accomplished by mapping McAfee ePO permission sets to Active Directory groups in your environment. This feature can reduce the management overhead when you have a large number of McAfee ePO users in your organization. To complete the configuration, you must work though the following process: Configure user authentication.
Page 54 Windows authentication server setting. Registered LDAP servers It is necessary to register LDAP servers with your McAfee ePO server to permit dynamically assigned permission sets for Windows users. Dynamically assigned permission sets are permission sets assigned to users based on their Active Directory group memberships.
Page 55 An Active Directory server that contains information about this user has been registered with ePolicy Orchestrator. • The user is a member of at least one Domain Local or Domain Global group that maps to an McAfee ePO permission set. Windows authentication and authorization strategies There are a variety of approaches you can take when planning how to register your LDAP servers.
Page 56: Configuring Windows Authentication And Authorization
Before more advanced Windows authentication can be used, the server must be prepared. To activate the Windows Authentication page in the server settings, you must first stop the ePolicy Orchestrator service. This task must be performed on the McAfee ePO server itself. Task For option definitions, click ? in the interface.
Page 57 Without any special configuration, users can authenticate using Windows credentials for the domain that the McAfee ePO server is joined to, or any domain that has a two-way trust relationship with the McAfee ePO server's domain. If you have users in domains that don't meet that criteria, you must configure Windows authentication.
Page 58: Authenticating With Certificates
Before users can log on with certificate authentication, ePolicy Orchestrator must be configured properly. Before you begin You must have already received a signed certificate in P7B, PKCS12, DER, or PEM format. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 59: Uploading Server Certificates
Server certificates can and should be removed if they are no longer used. Before you begin The server must already be configured for certificate authentication before you can remove server certificates. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 60: Configuring Users For Certificate Authentication
• Verify the user has not been disabled. • Verify the certificate has not expired or been revoked. • Verify the certificate is signed with the correct certificate authority. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 61: Configuring Rogue System Detection Server Settings
They specify the time-frame that determines the state of detected systems (Managed, Rogue, Exception, Inactive). • They control the visual feedback of the Rogue System Detection status monitors on the Detected Systems page. For option definitions, click ? in the interface. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 62 Edit the number of days to categorize Detected Systems as Managed or Inactive. The number of days in Rogue | Has Agent in McAfee ePO Database, but is older than__days is controlled by the number of days set in the Managed field.
Page 63 • Server location — Specifies a location on this McAfee ePO server where the OUI.txt file is located. • File upload — Type or browse to an OUI.txt file to upload to this McAfee ePO server for processing, then click Update.
Page 64: Managing Security Keys
The agent uses the server's public key to verify the agent's message. • You can have multiple secure communication key pairs, but only one can be designated as the master key. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 65: Master Repository Key Pair
• If you are upgrading from ePolicy Orchestrator 4.0, the master key is unchanged. Whether or not you upgrade from version 4.0 or 4.5, the existing keys are migrated to your McAfee ePO 4.6 server. Local master repository key pairs •...
Page 66 Using one master repository key pair for all servers Use this task to ensure that all McAfee ePO servers and agents use the same master repository key pair in a multi-server environment. This consists of first exporting the key pair you want all servers to use, then importing the key pair into all other servers in your environment.
Page 67: Agent-Server Secure Communication (Assc) Keys
Configuring advanced server settings Managing security keys The following process exports the key pair from one McAfee ePO server to a target McAfee ePO server, then, at the target McAfee ePO server, imports and overwrites the existing key pair. For option definitions, click ? in the interface.
Page 68 Deleting agent-server secure communication (ASSC) keys on page 68 Use this task to delete unused keys in the Agent-server secure communication keys list. Make sure that the selected key is not being used by any agent that is managed by this McAfee ePO server.
Page 69 Importing ASSC keys Use this task to import agent-server secure communication keys that were exported from a different McAfee ePO server. This procedure allows agents from that server to access this McAfee ePO server. For option definitions, click ? in the interface.
Page 70 Back up all keys. Using the same ASSC key pair for all servers and agents Follow this process to ensure that all McAfee ePO servers and agents use the same agent-server secure communication (ASSC) key pair. If you have a large number of managed systems in your environment, McAfee recommends performing this process in phases so you can monitor agent updates.
Page 71: Backing Up And Restoring Keys
Using a different ASSC key pair for each McAfee ePO server Use this task to ensure that all agents can communicate with the required McAfee ePO servers in an environment where each McAfee ePO server must have a unique agent-server secure communication key pair.
Page 72 Restoring security keys McAfee recommends periodically backing up all security keys. In the unexpected event any security keys are lost from the McAfee ePO server, you can restore them from the backup that you have stored in a secure network location.
Page 73: Configuring Source And Fallback Sites
You can edit settings, delete existing source and fallback sites, or switch between them. McAfee recommends using the default source and fallback sites. If you require different sites for this purpose, you can create new ones.
Page 74 • URL or path on the previous panel of the wizard. • The HTTP, FTP or UNC site on the system. Click Next. Review the Summary page, then click Save to add the site to the list. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 75 Select Source Sites, then click Edit. The Edit Source Sites page appears. Click Delete next to the required source site. The Delete Source Site dialog box appears. Click OK. The site is removed from the Source Sites page. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 77 Using SuperAgents as distributed repositories Creating and configuring FTP, HTTP, and UNC repositories Using local distributed repositories that are not managed Working with the repository list files Changing credentials on multiple distributed repositories ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 78: Setting Up Repositories Repository Types And What They Do
Doing so causes the files on the master repository to become locked by users of the distributed repository, which can cause pulls and package check-ins to fail and leave the master repository in an unusable state. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 79: Types Of Distributed Repositories
Use pull tasks to copy source site contents to the master repository. McAfee update sites provide updates to detection definition (DAT) and scanning engine files, as well as some language packs. You must check in all other packages and updates, including service packs and patches, to the master repository manually.
Page 80: Repository Branches And Their Purposes
You can create a UNC shared folder to host a distributed repository on an existing server. Be sure to enable sharing across the network for the folder, so that the McAfee ePO server can copy files to it and agents can access it for updates.
Page 81: Repository List File And Its Uses
Backup and restore your distributed repositories and source sites if you need to reinstall the server. • Import the distributed repositories and source sites from a previous installation of the ePolicy Orchestrator software. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 82: How Repositories Work Together
McAfeeFtp sites as source and fallback sites. This section describes the steps for configuring the McAfee ePO master repository, the McAfee Agent, and McAfee Labs Security threats to connect to the download site directly or via a proxy. The default selection is Do not use proxy.
Page 83: Configuring Proxy Settings
For option definitions, click ? in the interface. Task Click Menu | Policy | Policy Catalog, then from the Product list click McAfee Agent, and from the Category list, select Repository. A list of agents configured for the McAfee ePO server appears.
Page 84: Configuring Proxy Settings For Mcafee Labs Security Threats
Click Save. Configuring proxy settings for McAfee Labs Security Threats Use this task to configure proxy settings for the McAfee Labs Security Threats. For option definitions, click ? in the interface. Task Click Menu | Configuration | Server Settings.
Page 85: Creating Superagent Repositories
For option definitions, click ? in the interface. Task Click Menu | Policy | Policy Catalog, then from the Product list click McAfee Agent, and from the Category list, select General. A list of agents configured for the McAfee ePO server appears.
Page 86: Selecting Which Packages Are Replicated To Superagent Repositories
For option definitions, click ? in the interface. Task Open the desired McAfee Agent policy pages (in edit mode) from the desired assignment point in the System Tree or from the Policy Catalog page. On the General tab, deselect Use systems running SuperAgents as distributed repositories, then click Save.
Page 87: Creating A Folder Location On An Ftp, Http Server Or Unc Share
On the Description page, type a unique name and select HTTP, UNC, or FTP, then click Next. The name of the repository does not need to be the name of the system hosting the repository. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 88 If credentials are incorrect, check the following: • User name and password • URL or path on the previous panel of the wizard • HTTP, FTP, or UNC site on the system ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 89: Avoiding Replication Of Selected Packages
To disable the impending replication of a package, disable the replication task before checking in the package. Use this task to disable replication before checking in the new package. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 90: Enabling Folder Sharing For Unc And Http Repositories
Change configuration, authentication, and package selection options as needed. Click Save. Deleting distributed repositories Use this task to delete HTTP, FTP, or UNC distributed repositories. Doing this removes them from the repository list, and removes the distributed repository contents. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 91: Using Local Distributed Repositories That Are Not Managed
Configure an agent policy for managed systems to use the new unmanaged distributed repository: Click Menu | Policy | Policy Catalog, then select the Product as McAfee Agent and Category as Repository. Click on an existing agent policy or create a new agent policy.
Page 92: Working With The Repository List Files
• SiteList.xml — For use by the agent and supported products. • SiteMgr.xml — For use when reinstalling the McAfee ePO server, or for importing into other McAfee ePO servers that use the same distributed repositories or source sites. Tasks •...
Page 93: Exporting The Repository List Sitemgr.xml File For Backup Or Use By Other Servers
McAfee ePO server, or when you want to share distributed repositories or source sites with another McAfee ePO server. You can export this file from either the Distributed Repositories or Source Sites pages. However, when you import this file to either page, it imports only the items from the file that are listed on that page.
Page 94: Changing Credentials On Multiple Distributed Repositories
The Repository Selection page appears. Select the desired distributed repositories, then click Next. The Credentials page appears. Edit the credentials as needed, then click Next. The Summary page appears. Review the information, then click Save. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 95: Setting Up Registered Servers
Before you can retrieve data from a database server, you must register it with ePolicy Orchestrator. Registering McAfee ePO servers You can register additional McAfee ePO servers for use with your main McAfee ePO server to collect or aggregate data. ®...
Page 96 • Try to use SSL • Always use SSL • Never use SSL Verifies the connection for the detailed server. Test connection ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 97: Registering Ldap Servers
When enabled, select Automatic sitelist import or Manual sitelist import. When choosing Manual sitelist import, it is possible to cause older versions of McAfee Agent (version 4.0 and earlier) to be unable to contact their Agent Handler. This may happen when •...
Page 98: Registering Snmp Servers
• If you select SNMPv1 or SNMPv2c as the SNMP server version, type the community string of the server under Security. • If you select SNMPv3, provide the SNMPv3 Security details. Click Send Test Trap to test your configuration. Click Save. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 99: Registering A Database Server
Enter the connection specifics and login credentials for the database server. To verify that all connection information and login credentials are entered correctly, click Test Connection. A status message indicates success or failure. Click Save. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 101: Setting Up Agent Handlers
Handler instead of to the main McAfee ePO server. The handler provides updated sitelists, policies, and policy assignment rules, just as the McAfee ePO server does. The handler also caches the contents of the master repository, so that agents can pull product update packages, DATs, and other necessary information.
Page 102: Handler Groups And Priority
In addition to assigning handler priority within a group of handlers, you can also set handler assignment priority across several groups of handlers. This adds an additional layer of redundancy to your environment to further ensure that your agents can always receive the information they need. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 103: Working With Agent Handlers
Task For option definitions, click ? in the interface. Click Menu | Configuration | Agent Handlers, then click Actions | New Assignment. Specify a unique name for this assignment. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 104: Managing Agent Handler Assignments
Use this task to set up Agent Handler groups. Handler groups can make it easier to manage multiple handlers throughout your network, and can play a role in your fallback strategy. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 105: Managing Agent Handler Groups
Agent Handler assignment priority, or individually using the System Tree. Handler assignments can specify an individual handler or a list of handlers to use. The list that you specify can be made up of individual handlers or groups of handlers. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 106 Agent Handlers from the list (an Agent Handler can be included in more than one group). Use the drag-and-drop handle to change the priority of handlers. Priority determines which handler the agents try to communicate with first. Click Save. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 107 In the System Tree column, navigate to the system or group you want to move. Use the drag-and-drop handle to move systems from the currently configured system group to the target system group. Click OK. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 109: Other Important Server Information
When IPv6 is enabled, it works in the mode in which it is configured. When the McAfee ePO server communicates with an Agent Handler or Rogue System Sensor on IPv6, address-related properties such as IP address, subnet address, and subnet mask are reported in IPv6 format.
Page 110: Exporting Objects From Epolicy Orchestrator
Items exported from ePolicy Orchestrator are stored in XML files that describe the exported items in detail. Objects exported from an McAfee ePO server are displayed in your browser as XML. Your browser settings determine now the XML is displayed and saved.
Page 111: Exporting Objects And Data From Your Epolicy Orchestrator Server
• A browser dialog box opens where you can choose whether to Open or Save the file. • An Export page containing a link to the file opens. Left-click the link to view the file in your browser. Right-click the link to Save the file. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 112: Epolicy Orchestrator Log Files
The Audit Log Use the Audit Log to maintain and access a record of all McAfee ePO user actions. The Audit Log entries are displayed in a sortable table. For added flexibility, you can also filter the log so that it displays only failed actions, or only entries that are within a certain age.
Page 113 After Purge records older than, type a number and select the time unit to use before purging the Audit Log entries. Click Next. The Schedule page appears. Schedule the task as needed, then click Next. The Summary page appears. Review the task's details, then click Save. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 114: The Server Task Log
• Purge — The Purge dialog box appears. Type a number and a time unit to determine the number of task log entries to delete, then click OK. • Terminate Task — Stop a task that is in progress. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 115: Allowed Cron Syntax When Scheduling A Server Task
The question mark must be used in one of these fields, but cannot be used in both. • Forward slashes (/) identify increments. For example, "5/15" in the minutes field means the task runs at minutes 5, 20, 35 and 50. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 116: The Threat Event Log
• Detecting Product Version — Version number of • Threat Source IPv4 Address — IPv4 address of the detecting product. the system from which the threat originated. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 117 Event Received Time (UTC) — Time in Coordinated • Threat Type — Class of the threat. Universal Time that the event was received by the McAfee ePO server. • File Path — File path of the system which sent •...
Page 118 Click Next. The Schedule page appears. Schedule the task as needed, then click Next. The Summary page appears. Review the task's details, then click Save. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 119: Managing Your Network Security With Your Epolicy Orchestrator Server
Orchestrator server Your ePolicy Orchestrator server makes deploying products to your systems and keeping them updated with the latest content from McAfee is an essential part of protecting your organization from threats. Chapter 12 Organizing the System Tree...
Page 121: Organizing The System Tree
Working with tags Creating and populating groups Moving systems manually within the System Tree Transferring systems between McAfee ePO servers The System Tree structure The System Tree is a hierarchical structure that allows you to organize systems in your network into groups and subgroups.
Page 122 As part of the planning process, consider the best way to organize systems into groups prior to building the System Tree. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 123: Considerations When Planning Your System Tree
System Tree only once. Because every network is different and requires different policies — and possibly different management — McAfee recommends planning your System Tree before implementing the McAfee ePO software. Regardless of the methods you choose to create and populate the System Tree, consider your environment while planning the System Tree.
Page 124: Environmental Borders And Their Impact On System Organization
These borders influence the organization of the System Tree differently than the organization of your network topology. McAfee recommends evaluating these borders in your network and organization, and whether they must be considered when defining the organization of your System Tree.
Page 125: Operating Systems And Software
Use scheduled queries with chained tag actions to maintain tags on specific systems within the parts of the System Tree where they have access. • Configure sorting criteria based on tags to ensure that systems stay in the appropriate groups of the System Tree. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 126: Active Directory And Nt Domain Synchronization
System Tree according to the synchronization settings. Use an NT Domain/Active Directory Synchronization server task to regularly synchronize the systems (and possibly the Active Directory structure) with the System Tree according to the synchronization settings. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 127: Nt Domain Synchronization
If you move systems to other groups or subgroups of the System Tree, be sure to select to not add the systems when they already exist elsewhere in the System Tree. This prevents duplicate entries for systems in the System Tree. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 128: Criteria-Based Sorting
However, if you define sorting criteria after the initial agent-server communication, you must run the Sort Now action on those systems to move them immediately to the appropriate group, or wait until the next agent-server communication. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 129: How Settings Affect Sorting
Disable System Tree sorting — If criteria-based sorting does not meet your security management needs and you want to use other System Tree features (like Active Directory synchronization) to organize your systems, select this setting to prevent other McAfee ePO users from mistakenly configuring sorting criteria on groups and moving systems to undesirable locations.
Page 130: Tag-Based Sorting Criteria
Parent groups of a criteria-based subgroup must have either no criteria or matching criteria. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 131 10 If the server cannot sort the system into any group, it is placed in the Lost&Found group within a subgroup that is named after its domain. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 132: Working With Tags
If the tag has criteria, this page displays the number of systems that will receive this tag when evaluated against its criteria. The tag is added to the list of tags on the Tag Catalog page. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 133: Excluding Systems From Automatic Tagging
Verify the desired systems are in the list. Applying criteria-based tags automatically to all matching systems Use these tasks to apply criteria-based tags automatically to all systems that match its criteria. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 134 Click Menu | Automation | Server Tasks, then click Actions | New Task. The Server Task Builder page appears. On the Description page, name and describe the task and select whether the task is enabled once it is created, then click Next. The Actions page appears. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 135: Creating And Populating Groups
System Tree in a text file and import it into your System Tree. If you have a smaller network, you can create your System Tree by hand and add each system manually. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 136: Creating Groups Manually
• From the System Tree page (Menu | Systems | System Tree) click System Tree Actions | New Subgroup. The New Subgroup dialog box appears. You can create more than one subgroup at a time. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 137: Adding Systems Manually To An Existing Group
Next to Target systems, type the NetBIOS name for each system in the text box, separated by commas, spaces, or line breaks. Alternatively, click Browse to select the systems. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 138: Exporting Systems From The System Tree
It can be useful to have a list of the systems in your System Tree. You can import this list into your McAfee ePO Server to quickly restore your previous structure and organization. This task does not remove systems from you System Tree. It creates a .txt file that contains the names and structure of systems in your...
Page 139 Click Menu | Systems | System Tree, then click System Tree Actions and select New Systems. The New Systems page appears. Select Import systems from a text file into the selected group, but do not push agents. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 140: Sorting Systems Into Criteria-Based Groups
Select Systems that match any of the criteria below, then the criteria selections appear. Although you can configure multiple sorting criteria for the group, a system only has to match a single criterion to be placed in this group. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 141 Otherwise, they can only be sorted with the Sort Now action. Sorting systems manually Use this task to sort selected systems into groups with criteria-based sorting enabled. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 142: Importing Active Directory Containers
Active Directory container. You cannot synchronize the Lost&Found group of the System Tree. Figure 12-3 Synchronization Settings page Next to Synchronization type, click Edit. The Synchronization Settings page for the selected group appears. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 143 Select whether to deploy agents automatically to new systems. If you do, be sure to configure the deployment settings. McAfee recommends that you do not deploy the agent during the initial import if the container is large. Deploying the 3.62 MB agent package to many systems at once may cause network traffic issues.
Page 144: Importing Nt Domains To An Existing Group
Set up IP address or tag sorting criteria on subgroups to automatically sort the imported systems. • Schedule a recurring NT Domain/Active Directory Synchronization server task for easy maintenance. For option definitions, click ? in the interface. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 145 Select whether to deploy agents automatically to new systems. If you do so, be sure to configure the deployment settings. McAfee recommends that you do not deploy the agent during the initial import if the domain is large. Deploying the 3.62 MB agent package to many systems at once may cause network traffic issues.
Page 146: Synchronizing The System Tree On A Schedule
Prevents or allows duplicate entries of systems that still exist in the System Tree that you've moved to other locations. The agent cannot be deployed to all operating systems in this manner. You might need to distribute the agent manually to some systems. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 147: Updating The Synchronized Group With An Nt Domain Manually
In addition to the steps below, you can also drag-and-drop systems from the Systems table to any group in the System Tree. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 148: Transferring Systems Between Mcafee Epo Servers
Select the group in which to place the systems, then click OK. Transferring systems between McAfee ePO servers Use this task to transfer systems between McAfee ePO servers. For option definitions, click ? in the interface. Task Click Menu | Systems | System Tree, then select the systems you want to transfer.
Page 149: Working With The Agent From The Mcafee Epo Server
Working with the agent from the McAfee ePO server The McAfee ePO interface includes pages where agent tasks and policies can be configured, and where agent properties can be viewed. Contents Agent-server communication Viewing agent and product properties Responding to policy events...
Page 150: Agent-Server Communication Interval
The agent-server communication interval determines how often the agent calls in to the server. The agent-server communication interval (ASCI) is set on the General tab of the McAfee Agent policy page. The default setting of 60 minutes means that the agent contacts the server once every hour.
Page 151: Wake-Up Calls And Tasks
No package to receive (status code from McAfee ePO) • Agent needs to regenerate GUID (status code from McAfee ePO) Other results such as connection refused, failed to connect, connection timeout, or other errors causes the agent to retry immediately using the next connection method in the list.
Page 152: Superagent Caching And Communication Interruptions
The SuperAgent caches the contents of its repository in a specific manner designed to minimize wide-area network (WAN) usage. If an agent has been converted to a SuperAgent, it can cache content from its McAfee ePO server to distribute locally to other agents, reducing WAN bandwidth. To activate this, turn on LazyCaching in the McAfee Agent | General policy options page which you access from Menu | Policy | Policy Catalog.
Page 153: Viewing Agent And Product Properties
When a SuperAgent receives a request for content that might be outdated, the SuperAgent attempts to contact the McAfee ePO server and other sites listed in Sitelist.xml to see if new content is available. If the connection attempts time out, the SuperAgent distributes content from its own repository instead.
Page 154: Running Client Tasks Immediately
Running client tasks immediately When ePolicy Orchestrator 4.6 is communicating with McAfee Agent 4.6, you can run client tasks immediately using the run tasks now feature. ePolicy Orchestrator puts tasks into a queue when they are scheduled to run instead of immediately executing them.
Page 155: Sending Manual Wake-Up Calls To Systems
Working with the agent from the McAfee ePO server Sending manual wake-up calls to systems Sending manual wake-up calls to systems Manually sending an agent or SuperAgent wake-up call to systems in the System Tree is useful when you make policy changes and you want agents to call in for an update before the next agent-server communication.
Page 156: Locate Inactive Agents
10 Click OK to send the agent or SuperAgent wake-up call. Locate inactive agents An inactive agent is one that has not communicated with the McAfee ePO server within a user-specified time period. Some agents might become disabled or be uninstalled by users. In other cases, the system hosting the agent might have been removed from the network.
Page 157: Windows System And Product Properties Reported By The Agent
This list shows the kinds of product data that are reported to ePolicy Orchestrator by the McAfee software installed on your system. If you find errors in the reported values, review the details of your products before concluding that they are incorrectly reported.
Page 159: Using The Software Manager To Check In Software
Checking in, updating, and removing software using the Software Manager What's in the Software Manager The Software Manager eliminates the need to access the McAfee Product Download website to obtain new McAfee software and software updates. You can use the Software Manager to download: •...
Page 160: Checking In, Updating, And Removing Software Using The Software Manager
Notes can also be downloaded from the Software Manager. About software component dependencies Many of the software products you can install for use with your McAfee ePO server have predefined dependencies on other components. Dependencies for product extensions are installed automatically.
Page 161 • Software Not Checked in — Displays any software that is available, but not installed on this server. • Software (by Label) — Displays software by function as described by McAfee product suites. When you've located the correct software, click: •...
Page 163: Using Policies To Manage Products And Systems
Creating Policy Management queries Working with the Policy Catalog Working with policies Viewing policy information Sharing policies among McAfee ePO servers Frequently asked questions Policy management A policy is a collection of settings that you create, configure, then enforce. Policies ensure that the managed security software products are configured and perform accordingly.
Page 164 Once the policy settings are in effect on the managed system, the agent continues to enforce policy settings locally at a regular interval. This enforcement interval is determined by the Policy enforcement interval setting on the General tab of the McAfee Agent policy pages. This interval is set to occur every five minutes by default.
Page 165: Policy Application
Policy sharing is another way to transfer policies between servers. Sharing policies allows you to manage policies on one server, and use them on many additional servers all through the McAfee ePO console. For more information, see Sharing policies among McAfee ePO servers.
Page 166: How Policy Assignment Rules Work
Therefore, if you wish to use a policy owned by a different user, McAfee recommends that you first duplicate the policy, then assign the duplicate to the desired locations. This provides you ownership of the assigned policy.
Page 167: About User-Based Policy Assignments
About user-based policy assignments User-based policy assignment rules give you the ability to create user specific policy assignments. These assignments are enforced at the target system when a user logs on. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 168: About System-Based Policy Assignments
System-based policies which specify tags as criteria work in a similar fashion to user-based policies. They are assigned based on selection criteria you define using the Policy Assignment Builder. Any system you can tag, you can apply a specific policy to, based on that tag. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 169: Working With Policy Assignment Rules
Click Next. The Selection Criteria page opens. Specify the criteria you want to use in this rule. Your criteria selection determines which systems or users are assigned this policy. Review the summary and click Save. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 170: Creating Policy Management Queries
Select the type of chart or table to display the primary results of the query, then click Next. The Columns page appears. If you select Boolean Pie Chart, you must configure the criteria you want to include in the query. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 171: Working With The Policy Catalog
Before deleting a policy, review the groups and systems where it is assigned. If you don’t want the group or system to inherit the policy from the parent group, assign a different policy . ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 172: Creating A Policy From The Policy Catalog Page
Type the name of the new policy in the field, then click OK. The new policy appears on the Policy Catalog page. Click on the new policy in the list. Edit the settings as needed, then click Save. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 173: Editing A Policy's Settings From The Policy Catalog
If you don’t want the group or system to inherit the policy from the parent group, assign a different policy . If you delete a policy that is applied to the My Organization group, the McAfee Default policy of this category is assigned.
Page 174: Configuring Agent Policies To Use A Distributed Repository
Use this task to customize how agents select distributed repositories. Task For option definitions, click ? in the interface. Click Menu | Policy | Policy Catalog, then select the Product as McAfee Agent and Category as Repository. Click on the required existing agent policy. Select the Repositories tab.
Page 175: Changing The Owners Of A Policy
Exporting a single policy Use this task to export a policy to an XML file. Use this file to import the policy to another McAfee ePO server, or to keep as a backup of the policy.
Page 176: Assigning A Policy To A Group Of The System Tree
Right-click the link to download and save the file. Name the policy XML file and save it. If you plan to import this file into a different McAfee ePO server, ensure that this location is accessible to the target ePolicy Orchestrator server.
Page 177: Assigning A Policy To A Managed System
Assigning a policy to multiple managed systems within a group Use this task to assign a policy to multiple managed systems within a group. You can assign policies before or after a product is deployed. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 178: Enforcing Policies For A Product On A Group
Select the desired Product, then click Enforcing next to Enforcement status. The Enforcement page appears. If you want to change the enforcement status you must first select Break inheritance and assign the policy and settings below. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 179: Copying And Pasting Assignments
OK. Pasting policy assignments to a group Use this task to paste policy assignments to a group. You must have already copied policy assignments from a group or system. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 180: Viewing Policy Information
(Enforce Policies and Tasks). This policy controls the enforcement status of other policies. Confirm the replacement of assignments. Viewing policy information Use these tasks to view detailed information about the policies, their assignments, inheritance, and their owners. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 181: Viewing Groups And Systems Where A Policy Is Assigned
On the Assignments page, each group or system where the policy is assigned appears with its Node Name and Node Type. Viewing the settings of a policy Use this task to view the specific settings of a policy. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 182: Viewing Policy Ownership
Click Menu | Systems | System Tree | Assigned Policies, then select a group in the System Tree. All assigned policies, organized by product, appear in the details pane. Click any policy to view its settings. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 183: Viewing Policies Assigned To A Specific System
Using policies to manage products and systems Sharing policies among McAfee ePO servers Viewing policies assigned to a specific system Use this task to view the policies assigned to a specific system. Task For option definitions, click ? in the interface.
Page 184: Setting Up Policy Sharing For Multiple Mcafee Epo Servers
Use this task to designate a policy to be shared among multiple McAfee ePO servers. • Scheduling server tasks to share policies on page 185 Use this task to schedule a server task so that policies are shared among multiple McAfee ePO servers. Registering servers for policy sharing Use this task to register the servers that will share a policy.
Page 185: Frequently Asked Questions
Using policies to manage products and systems Frequently asked questions Scheduling server tasks to share policies Use this task to schedule a server task so that policies are shared among multiple McAfee ePO servers. Task For option definitions, click ? in the interface.
Page 186 (for that particular policy category) from its parent, which might be a different policy than the one that was inherited onto the source. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 187: Using Tasks To Manage Products And Systems
The ePolicy Orchestrator software deployment infrastructure supports deploying products and components, as well as updating both. Each McAfee product that ePolicy Orchestrator can deploy provides a product deployment package zip file. The zip file contains product installation files, which are compressed in a secure format. ePolicy Orchestrator can deploy these packages to any of your managed systems, once they are checked in to the master repository.
Page 188 A key is used to encrypt or decrypt sensitive data. You are notified when you check in packages that are not signed by McAfee. If you are confident of the content and validity of the package, continue with the check-in process. These packages are secured in the same manner described above, but are signed by ePolicy Orchestrator when they are checked in.
Page 189: Product And Update Deployment
Product and update deployment The McAfee ePO repository infrastructure allows you to deploy product and update packages to your managed systems from a central location. Although the same repositories are used, there are differences.
Page 190: Server Tasks And What They Do
McAfee ePO software includes preconfigured server tasks and actions by default. Most of the additional software products you manage with your ePolicy Orchestrator server also add preconfigured server tasks.
Page 191 SuperAgent wake-up call to alert agents that new updates are available. • Distributed repositories are set up and configured throughout your environment. McAfee recommends SuperAgent repositories, but they are not required. Global updating functions with all types of distributed repositories.
Page 192: Pull Tasks
Use pull tasks to update your master repository with DAT and engine update packages from the source site. DAT and engine files must be updated often. McAfee releases new DAT files daily, and engine files less frequently. Deploy these packages to managed systems as soon as possible to protect them against the latest threats.
Page 193: Replication Tasks
New distributed repositories are added to the repository list file containing all available distributed repositories. The agent of a managed system updates this file each time it communicates with the McAfee ePO server. The agent performs repository selection each time the agent (McAfee Framework Service) service starts, and when the repository list changes.
Page 194: Deploying Update Packages With Pull And Replication Tasks
Replicate Now task for immediate replication. Using pull tasks to update the master repository Use either of these tasks to update the contents of the master repository from the McAfee update site or from a user-configured source site.
Page 195 Use this task to initiate a pull task that updates the master repository from the source site immediately. With this release, you can select which packages in the source site are copied to the master repository. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 196 For option definitions, click ? in the interface. Task Click Menu | Software | Distributed Repositories, then click Actions | Schedule Replication. The Server Task Builder wizard opens. On the Description page, name and describe the task. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 197 On the Repositories page, select which distributed repositories participate in the replication, then click Next. If you are not sure which distributed repositories need to be updated, replicate to them all. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 198: Allowed Cron Syntax When Scheduling A Server Task
Question marks (?) are allowed to specify no specific value in the Day of Week or Day of Month fields. The question mark must be used in one of these fields, but cannot be used in both. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 199: About The Pull And Replication Task Information In The Server Task Log
Orchestrator allows you to create and schedule client tasks to help automate management of systems in your managed network. Which extension files are installed on your McAfee ePO server determines which client tasks are available. Client tasks are commonly used for: •...
Page 200: How The Client Task Catalog Works
As you deploy to each group, monitor the deployment, run reports to confirm successful installations, and troubleshoot any problems with individual systems. If you are deploying McAfee products or components that are installed on a subset of your managed systems: Use a tag to identify these systems.
Page 201 Task For option definitions, click ? in the interface. Click Menu | Policy | Client Task Catalog, select McAfee Agent | Product Deployment as Client Task Types, then click Actions | New Task. The New Task dialog box appears. Ensure that Product Deployment is selected, then click OK.
Page 202 For option definitions, click ? in the interface. Task Click Menu | Policy | Client Task Catalog, select McAfee Agent | Product Deployment as Client Task Types, then click Actions | New Task. The New Task dialog box appears. Ensure that Product Deployment is selected, then click OK.
Page 203: Update Tasks
Task For option definitions, click ? in the interface. Click Menu | Policy | Client Task Catalog, select McAfee Agent | Product Update as Client Task Types, then click Actions | New Task. The New Task dialog box appears. Ensure that Product Update is selected, then click OK.
Page 204: Working With Client Tasks
Click Actions | New Client Task Assignment. The Client Task Assignment Builder wizard appears. On the Select Task page, select Product as McAfee Agent and Task Type as Product Deployment, then select the task you created for deploying product update.
Page 205: Confirming That Clients Are Using The Latest Dat Files
Click Delete next to the desired client task. Click OK. Confirming that clients are using the latest DAT files Use this task to check the version of DAT files on managed systems. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 206: Evaluating New Dats And Engines Before Distribution
For additional information, see Deploying update packages with pull and replication tasks. Create or select a group in the System Tree to serve as an evaluation group, and create a McAfee Agent policy for the systems to use only the Evaluation branch (in the Repository Branch Update Selection section of the Updates tab).
Page 207: Managing Packages And Extensions Manually
Click Menu | Software | Master Repository, then click Actions | Check In Package. The Check In Package wizard opens. Select the package type, then browse to and select the desired package file. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 208: Deleting Dat Or Engine Packages From The Master Repository
Available only when you select Current in Branch. • Package signing — Specifies if the package is signed by McAfee or is third-party package. Click Save to begin checking in the package, then wait while the package is checked in.
Page 209: Checking In Engine, Dat And Extradat Update Packages Manually
Click Save to begin checking in the package. Wait while the package is checked in. The new package appears in the Packages in Master Repository list on the Master Repository page. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 211: Responding To Events In Your Network
Prepare the components and permissions used with Automatic Responses, including: • Automatic Responses permissions — Create or edit permission sets and ensure that they are assigned to the appropriate McAfee ePO users. • Email server — Configure the email (SMTP) server at Server Settings.
Page 212: About Using Automatic Responses
If the conditions of any such rule are met, designated actions are taken, per the rule’s configurations. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 213: Throttling, Aggregation, And Grouping
Specify the email server (click Menu | Configuration | Server Settings) from which the notification messages are sent. • Ensure the recipient email address is the one you want to receive email messages. This address is configured on the Actions page of the wizard. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 214: Planning
Use these tasks to determine when events are forwarded and which events are forwarded immediately. The server receives event notifications from McAfee Agents. You can configure agent policies to forward events either immediately to the server or only at agent-to-server communication intervals.
Page 215: Determining Which Events Are Forwarded Immediately
If the currently applied policy is not set for immediate uploading of events, either edit the currently applied policy or create a new McAfee Agent policy. This setting is configured on the Threat Event Log page. For option definitions click ? in the interface.
Page 216: Configuring Automatic Responses
Assigning permissions to Notifications Use this task to ensure that all desired administrators and users have the appropriate permissions to Notifications. The permissions to Notification enables McAfee ePO users to add registered executables. For option definitions click ? in the interface.
Page 217: Working With Snmp Servers
Assigning permissions to Automatic Responses Use this task to ensure that all desired administrators and users have the appropriate permissions to Responses. The permissions to Responses enables McAfee ePO users to create response rules for different event types and groups.
Page 218 Use this task when setting up rules to send notification messages to an SNMP server via an SNMP trap. Editing SNMP servers Use this task to edit existing SNMP server entries. For option definitions click ? in the interface. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 219: Deleting An Snmp Server
"unlimited strength" version from Sun's Java SE Downloads site. Find the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6 download. To apply the unlimited strength policies to the McAfee ePO server, replace the policy jar files in directory EPO_DIR/jre/lib/security with those downloaded in the jce_pocliy-6.zip, and restart the McAfee ePO server.
Page 220: Working With Registered Executables And External Commands
The EPO-MIB.mib file depends on the other two files to define the following traps: • epoThreatEvent — This trap is sent when an Automatic Response for an McAfee ePO Threat Event is triggered. It contains variables that match properties of the Threat event.
Page 221 Click Menu | Configuration | Registered Executables, then click Duplicate next to the desired registered executable. The Duplicate Registered Executable dialog box appears. Type a name for the registered executable, then click OK. The duplicated registered executable appears in the Registered Executables list. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 222: Creating And Editing Automatic Response Rules
Specify the language used by the response. • Specify the event type and group that triggers this response. • Enable or disable the rule. For option definitions click ? in the interface. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 223: Setting Filters For The Rule
Use this task to define when the event triggers the rule on the Aggregation page of the Response Builder wizard. A rule’s thresholds are a combination of aggregation, throttling, and grouping. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 224: Configuring The Action For Automatic Response Rules
You can configure the rule to trigger multiple actions by using the + and - buttons, located next to the drop-down list for the type of notification. For option definition click ? in the interface. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 225 Select the State, Priority, Severity, and Resolution for the issue from the respective drop-down list. Type the name of the assignee in the text box. Click Next if finished, or click + to add another notification. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 226: Frequently Asked Questions
• Email (including standard SMTP, SMS, and text pager) • SNMP servers (via SNMP traps) • Any external tool installed on the ePolicy Orchestrator server • Issues • Scheduled server tasks ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 227: Monitoring And Reporting On Your Network Security Status
Chapter 19 Monitoring with Dashboards Chapter 20 Querying the database and reporting on system status Chapter 21 Detecting Rogue Systems Chapter 22 Managing Issues and Tickets ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 229: Monitoring With Dashboards
Keeping constant watch on your environment is a difficult task. Dashboards help you do this. Dashboards are collections of monitors. A monitor can be anything from a chart-based query, to a small web application like McAfee Labs Security Threats. A monitor's behavior and appearance is configured individually.
Page 230: Creating Dashboards
Click Add Monitor. The Monitor Gallery appears at the top of the screen. Select a monitor category from the View drop-down list. The available monitors in that category appear in the gallery. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 231: Removing Monitors From Dashboards
OK. The duplicated dashboard will now open. The duplicate is an exact copy of the original dashboard including all permissions. Only the name is changed. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 232: Deleting Dashboards
The imported dashboard is displayed. Regardless of their permissions at the time they were exported, imported dashboards are given private permissions. You must explicitly set their permissions after import. Exporting dashboards Exporting dashboards saves them for later import on the same or a different system. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 233: Changing The System Default Dashboard
Task For option definitions, click ? in the interface. Click Menu | Reporting | Dashboards, then select a dashboard from the Dashboard drop-down list. Click Dashboard Actions | Edit. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 234: Working With Dashboard Monitors
When you have completed modifying the monitor's settings, click OK. If you decide to not make changes, click Cancel. If you decide to keep the resulting changes to the dashboard, click Save, otherwise click Discard. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 235: Moving And Resizing Dashboard Monitors
McAfee ePO users can view them. Audit dashboard The Audit dashboard provides an overview of access-related activities occurring on your McAfee ePO server. The monitors included in this dashboard are: •...
Page 236 • McAfee Labs Threat Advisory — Displays the protection available, any new threats reported, latest DAT and engine available and, if they are in My Repository, a link to the McAfee Labs Security Threats page and the time last checked.
Page 237 • Active Sensor Responses — Displays a Boolean pie chart of active Rogue System Sensors that have or haven't communicated with the McAfee ePO server in the last 24 hours. • Subnet Coverage — Subnets that are or aren't covered by Rogue System Sensors.
Page 239: Querying The Database And Reporting On System Status
Server Task log • Threat Event log To get you started, McAfee includes a set of default queries that provide the same information as the default reports of previous versions. Are you setting up queries and reports for the first time? When setting up queries and reports for the first time: Understand the functionality of queries, reports, and the Query Builder.
Page 240: Query And Report Permissions
Most queries can also be used as dashboard monitors, enabling near real-time system monitoring. Queries can also be combined into reports, giving a more broad and systematic look at your ePolicy Orchestrator software system. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 241: Queries As Dashboard Monitors
CSV — Use the data in a spreadsheet application (for example, Microsoft Excel). • XML — Transform the data for other purposes. • HTML — View the exported results as a web page. • PDF — Print the results. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 242: Query Builder
• Boolean Pie Chart • Pie Chart Bubble • Bubble Chart Summary • Multi-group Summary Table • Single Group Summary Table Line • Multi-line Chart • Single Line Chart List • Table ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 243: Working With Queries
Query results can be exported to a variety of formats including HTML, PDF, CSV, and XML. Creating custom queries You create new queries with the Query Builder. Queries can access system properties, product properties, many of the log files, repositories, and more. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 244: Running An Existing Query
Private group (My Groups) • Public group (Shared Groups) • Existing Group — Select the group from the list of Shared Groups. Click Save. Running an existing query You can run saved queries on-demand. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 245: Running A Query On A Schedule
The list of groups you see within the ePolicy Orchestrator software is the combination of groups you have created and groups you have permission to see. You can also create private query groups while saving a custom query. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 246: Moving A Query To A Different Group
Type a name for the duplicate and select a group to receive a copy of the query, then click OK. Deleting queries Queries can be deleted when they are no longer needed. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 247: Exporting A Query
Click Actions | Export Definitions. The McAfee ePO server sends an XML file to your browser. What happens next depends on your browser settings. By default, most browsers ask you to save the file. The exported XML file contains a complete description of all settings required to replicate the exported query.
Page 248: Exporting Query Results To Other Formats
Click Export. The files are created and either emailed as attachments to the recipients, or you are taken to a page where you can access the files from links. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 249: Multi-Server Rollup Querying
Click Menu | Automation | Server Tasks, then click Actions | New Task. On the Description page, type a name and description for the task, and select whether to enable it, then click Next. Click Actions and select Roll Up Data. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 250: Creating A Query To Define Compliance
Review the settings, then click Save. Creating a query to define compliance Compliance queries are required on McAfee ePO servers whose data is used in rollup queries. Task For option definitions, click ? in the interface. Click Menu | Reporting | Queries & Reports , then click Actions | New .
Page 251: About Reports
Click browse (...) next to the Query field and select a query. The Select a query from the list dialog box appears with the My Groups tab active. Select the compliance-defining query. This could be a default query, such as McAfee Agent Compliance Summary in the Shared Groups section, or a user-created query, such as one described in Creating a query to define compliance.
Page 252: Working With Reports
These tasks create, edit, and manage reports. Reports can provide a large amount of useful data, but there are many tasks to complete to create a collection of reports that is useful to you. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 253: Creating A New Report
Reports must be run before examining their results. • Configuring Internet Explorer 8 to automatically accept McAfee ePO downloads on page As a security measure, Microsoft Internet Explorer might block ePolicy Orchestrator downloads from occurring automatically. This behavior can be changed with an Internet Explorer configuration change.
Page 254 Configuring image report elements You can upload new images and modify the images used within a report. Before you begin You must have a report open in the Report Layout page. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 255 Configuring query table report elements Some queries are better displayed as a table when inside a report. Before you begin You must have a report open in the Report Layout page. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 256 Headers and footers provide information about the report. There are six fixed locations within the header and footer that can contain different data fields. Three are in the header, three in the footer. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 257 Click the arrow in the top left corner of the element you want to delete, then click Remove. The element is removed from the report. To save changes to the report, click Save. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 258: Viewing Report Output
For option definitions, click ? in the interface. Click Menu | Reporting | Queries & Reports, then select the Report tab. Select a report and click Actions | Edit. Click Name, Description and Group. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 259: Running Reports
Last Run Result column in the report list is updated with a link to the PDF containing those results. Configuring Internet Explorer 8 to automatically accept McAfee ePO downloads As a security measure, Microsoft Internet Explorer might block ePolicy Orchestrator downloads from occurring automatically.
Page 260: Running A Report With A Server Task
Select the report(s) you want to export, then click Actions | Export. The McAfee ePO server sends an XML file to your browser. What happens depends on your browser settings. By default, most browsers will ask you to save the file.
Page 261: Importing Reports
You might need to register several different server types to accomplish tasks within ePolicy Orchestrator. These can include authentication servers, Active Directory catalogs, ePolicy Orchestrator servers, and database servers that work with specific extensions you have installed. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 262: Working With Database Servers
Modify the information as appropriate. If you need to verify the database connection, click Test Connection. Click Save to save your changes. Removing a registered database You can remove databases from the system when they are no longer needed. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 263 When the confirmation dialog appears, click Yes to delete the database. The database has been deleted. Any queries, reports, or other items within ePolicy Orchestrator that used the deleted database will be marked invalid until updated to use a different database. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 265: Detecting Rogue Systems
Even in a managed network environment, some systems might not have an active McAfee Agent on them. These can be systems that frequently log on and off the network, including test servers, laptops, or wireless devices.
Page 266: Rogue System Detection States
Exceptions • Inactive • Managed • Rogue The percentage of compliant systems is the ratio of systems in the Managed and Exceptions categories to those in the Rogue and Inactive categories. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 267 Rogue systems are systems that are not managed by your McAfee ePO server. There are three rogue states: • Alien agent — These systems have a McAfee Agent that is not in the local McAfee ePO database, or any database associated with additional McAfee ePO servers you have registered with the local server.
Page 268 Passive Passive sensors check in with the McAfee ePO server, but do not report information about detected systems. They wait for instructions from the McAfee ePO server to replace other sensors that become passive.
Page 269: Rogue Sensor Blacklist
As a result, if you deploy sensors to DHCP servers without enabling DHCP monitoring during your initial configuration, those sensors report limited information to the McAfee ePO server. If you deploy sensors before you configure your policies, you can update them to change sensor functionality.
Page 270: General Settings
Detecting Rogue Systems What are rogue systems The Reporting time for active sensors determines how often active sensors report to the McAfee ePO server. Setting this value too low can have the same effect as setting the value for the sensor’s detected system cache lifetime.
Page 271: Rogue System Detection Permission Sets
Whether the Rogue System Sensor is enabled. The server IP address default value is the address of the McAfee ePO server that you are using to install sensors. Rogue System Detection reports system detections to the specified server. When this server detects a system that has an agent deployed by an McAfee ePO server with a different IP address, that system is detected as a rogue because the agent is considered an alien agent.
Page 272: How The Rogue System Sensor Works
Sensors detect systems, routers, printers, and other devices connected to your network. They gather information about the devices they detect, and forward the information to the McAfee ePO server. The sensor is a Win32 native executable application that runs on any NT-based Windows operating system, including: •...
Page 273: Data Gathering And Communications To The Server
® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 274: How Detected Systems Are Matched And Merged
If the system has been previously detected, Rogue System Detection automatically matches it to the existing record in the McAfee ePO database. When a detected system is not matched automatically, you can manually merge the system with an existing detected system.
Page 275: Configuring Rogue System Detection Policy Settings
Use this task to query Agents installed on detected systems. Not all detected systems have a McAfee Agent installed. The results of this task indicate whether an Agent is installed and provides links to details about the system and the agent, if available.
Page 276: Adding Systems To The Exceptions List
• New Category — Displayed with the new category name you type. • Select Category — Displayed with the category selected from the list. To configure categories, see Editing Detected System Exception Categories. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 277: Adding Systems To The Rogue Sensor Blacklist
Overall System Status monitor, then click any system. Detected Systems page. Click Menu | Systems | Detected Systems, then click any detected system category in the Overall System Status monitor. For option definitions, click ? in the interface. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 278: Exporting The Exceptions List
Select the systems you want to merge. Click Actions, then select Detected Systems | Merge Systems. The Merge Systems page appears. Click Merge. When the merge warning message appears, click OK. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 279: Pinging A Detected System
For option definitions, click ? in the interface. Select the systems whose Agents you want to query. Click Actions | Detected Systems | Query Agent or Actions | Query Agent. The Query McAfee Agent Results page opens. Removing systems from the Detected Systems list Use this task to remove systems from the Detected Systems list.
Page 280: Removing Systems From The Exceptions List
The Detected Systems Details page displays some information that is unique to Rogue System Detection. Working with sensors Use these tasks when working with sensors, for example, to change install or remove a sensor. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 281: Installing Sensors
• In the Systems Details page, you can install the sensor only from the system you are viewing. • In the Systems page, select the desired group in the System Tree, and select the systems where you want to install sensors. In the Action pane, click OK. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 282 Run. Click Save and specify the name of your query and any notes, then click Save again. McAfee recommends using a product-specific prefix when naming your queries, to keep them organized and make them easier to find. For example, RSD: QueryName.
Page 283: Editing Sensor Descriptions
Systems Details page Click Menu | Systems | System Tree | Systems, then click any system. Systems page Click Menu | Systems | System Tree. For option definitions, click ? in the interface. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 284: Working With Subnets
Click Menu | Systems | Detected Systems, then in the Subnet Status monitor, click Add Subnet. The Add Subnets page appears. Choose the method you want to use to add subnets, specify the subnets you want to add, then click Import. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 285: Deleting Subnets
Ignored Subnets page. Click the Ignored link in the Subnet Status monitor on the Detected Systems page to see the list of ignored subnets, where you can optionally choose to include one or more ignored subnets. For option definitions, click ? in the interface. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 286: Renaming Subnets
Forces the sensor to run as a normal command-line executable; otherwise it must be run as an NT service. Prints the Help screen and lists available command-line options. --help --install Registers the sensor with the Windows Service Control Manager. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 287: Default Rogue System Detection Queries
Rogue Systems, By OUI (Last 7 Days) in the last seven days, grouped by organizationally unique identifier, in pie chart format. Subnet Coverage Returns the details of detected subnets on your network, in pie chart format. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 289: Managing Issues And Tickets
Issues are action items that can be prioritized, assigned, and tracked. Issues Users can create basic issues manually or the McAfee ePO server can automatically create issues in response to product events. For example, users with the proper permissions can configure ePolicy Orchestrator to automatically create a Benchmark Rule Compliance issue if a noncompliant system is discovered during an audit.
Page 290: Issues And How They Work
Responses also allow multiple events to be aggregated into a single issue so that the McAfee ePO server is not overwhelmed with large numbers of issues. Issues can be deleted manually, and closed issues can be manually purged based on their age and automatically purged through a user-configured server task.
Page 291: Configuring Responses To Automatically Create Issues
The Description page of the Response Builder appears. Use this... To do this... Type a meaningful name for the response. Name Description Type a description of the response. Select the language in which the response will appear. Language ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 292 Next to Throttling, select the maximum time period that you want this response to occur. Click Next. Select Create issue from the drop-down list, then select the type of issue to create. This choice determines the options that appear on this page. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 293 Assign a state to the issue: • Unknown • New • Assigned • Resolved • Closed Priority Assign a priority to the issue: • Unknown • Lowest • Low • Medium • High • Highest ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 294: Managing Issues
Select the checkbox next to each issue you want to assign, then click Assign to user. Display required Click Actions | Choose Columns. Select columns of data to be displayed on the columns on Issues page. Issues page ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 295: Purging Closed Issues
This function affects all closed issues; not just those in the current view. Purging closed issues on a schedule You can schedule a task to periodically purge the database of closed issues. This keeps the database smaller. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 296: Tickets And How They Work
After the steps for integrating a ticketing server are completed, all subsequent issues are ticketed automatically McAfee recommends always adding an assignee to an issue before the ticket is created. If an assignee is added manually to a ticketed issue, you must add tickets manually to any issues that existed prior to the integration.
Page 297: Benefits Of Adding Comments To Ticketed Issues
New if the registered server for the ticketing server is deleted. Integration with ticketing servers Integration of a ticketing server forces the creation of tickets associated with issues that were created in products. The ePolicy Orchestrator software supports these ticketing servers: ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 298: Considerations When Deleting A Registered Ticketing Server
Mapping is a two-way process. These examples demonstrate how to map an issue to a ticket and to map the ticket's status back to the issue's status. For example, if the ticket is marked as closed, the issue status will be updated to show that it is closed. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 299 Because this section only maps the ticket's status, you are not prompted to add the ID of the issue's status field. This field is implied. • Operation: Substitution • Source field: Status • Values: Default Value: TICKETED Source Value Mapped Value CLOSED ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 300 In this example, "External" specifies that the ticket was created by a product external to the ticketing server. You can type the name of the product instead, to indicate which product created the ticket. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 301: Working With Tickets
A ticket can be added in a similar way when viewing the details of an issue. When a ticket is added, a new ticket is created automatically in the ticketing server. Issues with existing tickets are ignored. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 302: Synchronizing Ticketed Issues
Schedule the server task as needed, then click Next. Review the details of the server task, then click Save. Working with ticketing servers These tasks integrate your ticketing server with ePolicy Orchestrator. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 303: Installing Extensions For Ticketing Server
Orchestrator depend on your ticketing system. Task Go to Start | Control Panel | Administrative Tools, then double-click Services. In the Name column, double-click McAfee Policy Auditor Application Server. Select the General tab. Under Service status, click Stop.
Page 304 Working with ticketing servers Task In Windows, click Start | Control Panel | Administrative Tools, then double-click Services. In the Name column, locate then double-click McAfee Policy Auditor Application Server. Select the General tab. Under Service status, click Stop. The server is now stopped.
Page 305: Registering And Mapping A Ticketing Server
Managing Issues and Tickets Working with ticketing servers Task Copy the following required files to the \Server\bin folder of your ePolicy Orchestrator software installation. For example, C:\Program Files\McAfee\ePolicy Orchestrator\Server\bin. Remedy API Version Required Files Remedy 5.1 • arapi51.dll • arjni51.dll •...
Page 306: Configuring The Field Mappings
The system running the ticketing extension must be able to resolve the address of the Service Desk system. Task On the McAfee ePO server that is integrated with the ticketing system, use a text order to open the hosts file. The hosts file should be located in the c:\windows\system32\drivers\etc\ folder.
Page 307 Because this section only maps the ticket's state/status, you are not prompted to add the ID of the issue's status (state) field. This field is implied. Source values, mapped values, and field IDs are case-sensitive. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 308: Upgrading A Registered Ticketing Server
If this occurs, complete this task, then manually add tickets to all previously ticketed issues. This causes the reopen function to run. For more details, see the section in this guide about how tickets are reopened. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 309 For more details, see the sections in this guide about integrating ticketing servers, installing ticketing server extensions, and registering and configuring a ticketing server. After you have configured the integration with the upgraded ticketing server, enable the server task, which synchronizes ticketed issues. ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 311: A Appendix: Maintaining Epolicy Orchestrator Databases
SQL Express SQL Server Management Studio Express Depending on your deployment of McAfee ePO software, plan on spending a few hours each week on regular database backups and maintenance. The tasks discussed in this section should be performed on a regular basis, either weekly or daily. However, these are not the only maintenance tasks available.
Page 312: Backup And Restore Epolicy Orchestrator Databases
Orchestrator database. Primarily for this reason, McAfee recommends using simple recovery mode for the ePolicy Orchestrator database. If you use full recovery mode, ensure you have a good backup plan for both your ePolicy Orchestrator database and transaction log.
Page 313 Things to know about this page: • Authentication — If the database is up, this page uses normal McAfee ePO user authentication and only a global administrator can access it. If the database is down, a connection is required from the system running the SQL server.
Page 315: Index
GUID and System Tree location viewing action history inactive, on rogue systems working with maintenance authentication McAfee Agent, ePolicy Orchestrator components configuring for Windows properties, viewing authentication, configuring for Windows responses and event forwarding authorization wake-up calls configuring for Windows...
Page 316 RSD sensors deleting objects export sharing granting permissions to working with import ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 317 SuperAgent repositories management tools replicating to McAfee ePO, systems listed in SuperAgent, tasks multi-server querying types ports and communication unmanaged queries and retrieving data unmanaged, copying content to...
Page 318 NT domains exporting systems moving systems manually extension files operating systems and installing pasting policy assignments to Rogue System Detection policies, inheritance of policy enforcement for a product sorting criteria sorting, automated ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 319 LDAP servers, registering defined license key viewing for policies local distributed repositories installation log files Rogue System Sensor server task log intelligent filtering and Rogue System Sensor login messages ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 320 Exceptions list monitors, Rogue System Detection global updating and overall system status installing products on status monitors policy assignment multiple McAfee ePO servers policy management on policy sharing Rogue Sensor Blacklist My Default policy rogue system status frequently asked questions...
Page 321 McAfee ePO servers inheritance registering server ownership using registered server settings, viewing using server tasks sharing between McAfee ePO servers ports using tags to assign agent communication verifying changes RSD sensor-to-server port viewing server settings working with Policy Catalog...
Page 322 Internet Explorer registered servers configuring for master repository adding SNMP servers McAfee Agent enabling policy sharing server settings LDAP servers, adding pull tasks registering considerations for scheduling supported by ePolicy Orchestrator...
Page 323 Response Builder wizard setting up for notifications, SNMP servers response rules Run Tag Criteria action creating and editing Description page setting filters for scalability setting thresholds about responses horizontal assigning permissions planning ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 324 LDAP servers, registering avoid replication of master repository key pair disabling replication of registering sensor-to-server port registering additional McAfee ePO servers server certificate server task log, about removing settings and controlling behavior replacing sharing policies server settings...
Page 325 Top 25 Subnets list System Tree sorting subnets, as grouping criteria default settings SuperAgent repositories enabling about IP address creating on agent-server communication deleting ordering subgroups global updating requirements ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 326 ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...
Page 327 Windows user accounts authentication, configuring about Authorization, configuring changing passwords Windows authentication creating configuring deleting enabling editing strategies working with Windows authorization user-based policies configuring about ® ® McAfee ePolicy Orchestrator 4.6.0 Software Product Guide...

This manual is also suitable for:

Epolicy orchestrator 4.6.0

McAfee EPOCDE-AA-BA - ePolicy Orchestrator - PC Product Manual

Table of Contents

Introducing Mcafee Epolicy Orchestrator Software Version

1 Introducing Mcafee Epolicy Orchestrator Software Version

2 Planning Your Epolicy Orchestrator Configuration

Setting up and Configuring Your Epolicy Orchestrator Server

3 Configuring Essential Features

4 Configuring General Server Settings

5 Creating User Accounts

6 Setting up Permission Sets

7 Configuring Advanced Server Settings

8 Setting up Repositories Repository Types and What They Do

9 Setting up Registered Servers

10 Setting up Agent Handlers

11 Other Important Server Information

Managing Your Network Security with Your Epolicy Orchestrator Server

12 Organizing the System Tree

Creating Groups Manually

13 Working with the Agent from the Mcafee Epo Server

14 Using the Software Manager to Check in Software

15 Using Policies to Manage Products and Systems

16 Using Tasks to Manage Products and Systems

17 Managing Packages and Extensions Manually

18 Responding to Events in Your Network

Monitoring and Reporting on Your Network Security Status

19 Monitoring with Dashboards

20 Querying the Database and Reporting on System Status

Working with Queries

Quick Links

Chapters

Related Manuals for McAfee EPOCDE-AA-BA - ePolicy Orchestrator - PC

Summary of Contents for McAfee EPOCDE-AA-BA - ePolicy Orchestrator - PC