McAfee GSSCDE-AA-DA - GroupShield Security Suite User Manual

User guide
Table of Contents

Advertisement

Quick Links

User Guide
revision 1.0
®
McAfee
GroupShield
version 7.0
®
For Microsoft
Exchange

Advertisement

Table of Contents
loading

Summary of Contents for McAfee GSSCDE-AA-DA - GroupShield Security Suite

  • Page 1 User Guide revision 1.0 ® McAfee GroupShield ™ version 7.0 ® For Microsoft Exchange...
  • Page 2: License Agreement

    For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein.
  • Page 3: Table Of Contents

    Testing the anti-virus component ........39 Testing the McAfee Anti-Spam component ......40...
  • Page 4 Testing GroupShield installation using McAfee Virtual Technician ..40 Quarantining using McAfee Quarantine Manager 4.1 ..... 41 Upgrading Blacklists and Whitelists .
  • Page 5 McAfee Quarantine Manager ........169...
  • Page 6 ® ™ McAfee GroupShield 7.0 User Guide Contents Diagnostics ........... . . 171 Debug logging .
  • Page 7: Introduction

    Introduction About GroupShield for Exchange ® ™ This section introduces McAfee GroupShield 7.0 and describes how it protects your ® ® Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007 from potentially harmful, unwanted, and undesirable content. Topics covered are:...
  • Page 8: How Groupshield Protects Exchange

    ® The default actions may differ, depending on the installed version of Microsoft Exchange and, where applicable, the chosen scanning method. Note Email server protection — McAfee GroupShield ® McAfee GroupShield 7.0 integrates with Microsoft Exchange Server 2003/2007 to protect against viruses that may be transmitted using your corporate email system.
  • Page 9: How Does Scanning Work

    Other areas to protect ® The following key areas of your network can be protected by McAfee Security products as a part of your integrated virus defense solution: Internet gateway protection — Secure Content Management Appliances...
  • Page 10 Management solution — McAfee ePolicy Orchestrator With ePolicy Orchestrator, you can manage and update all your McAfee anti-virus solutions across your network from a single point, ensuring that the engines and the virus definition (DAT) files are up-to-date and that the suitable policies are in place...
  • Page 11: Groupshield Features

    File filtering — GroupShield scans an email attachment depending on the file name, file type, and the file size of that attachment. ® Enterprise rollout, administration, updating and reporting using McAfee ePolicy ® ® Orchestrator and McAfee ProtectionPilot —...
  • Page 12: What Is New

    ® ™ McAfee GroupShield 7.0 User Guide Introduction GroupShield Features What is New? New Web Based User Interface — GroupShield for Exchange provides a user Start Programs friendly web-based interface based on DHTML. To access this, click McAfee GroupShield for Exchange...
  • Page 13 Integration with: McAfee ePolicy Orchestrator version 3.6 and 4.0 — to provide a single point of control for your McAfee anti-virus products, to manage anti-virus policies and view reports of anti-virus events and virus activity in an enterprise environment.
  • Page 14 McAfee Host Intrusion Prevention Agent. Auto-update of Virus Definitions (V2API DATs), ExtraDATs, Anti-Virus engine, Spam engine and Spam rules — McAfee Security regularly provides updated Virus Definition (DAT) files and virus-scanning engine, spam engine and rules to detect and clean the latest threats.
  • Page 15: Features Not Supported

    7.0 User Guide Introduction GroupShield Features Integration with McAfee Common Management Agent (CMA) version 3.6 and above — You can use the CMA component to manage GroupShield and perform product updates, scheduled tasks, and events reporting as a part of the core installation.
  • Page 16: Using This Guide

    7.0 User Guide Introduction Using this Guide Using this Guide ™ This guide describes the sequential process of installing McAfee GroupShield 7.0 for ® Microsoft Exchange 2003 and 2007. It also gives a detailed description of the software usage. Topics covered are: Pre-Installation —...
  • Page 17: Conventions

    Note: Supplemental information; for example, another method of executing the same command. Note Tip: Suggestions for best practices and recommendations from McAfee for threat prevention, performance and efficiency. Caution: Important advice to protect your computer system, enterprise, software installation or data.
  • Page 18: Getting Product Information

    Getting product information Getting product information Unless otherwise noted, product documentation comes as Adobe Acrobat .PDF files, available on the product CD or from the McAfee download site. Standard documentation User Guide — System requirements and instructions for installing and starting the software.
  • Page 19: Contact Information

    For Products (ServicePortal account and valid grant number required) Product Evaluation McAfee Beta Program Technical Support http://www.mcafee.com/us/support/ KnowledgeBase Search http://knowledge.mcafee.com/ McAfee Technical Support ServicePortal (Logon credentials required) https://mysupport.mcafee.com/eservice_enu/start.swe Customer Service http://www.mcafee.com/us/support/index.html http://www.mcafee.com/us/about/contact/index.html — Phone US, Canada, and Latin America toll-free: +1-888-VIRUS NO or +1-888-847-8766 Monday –...
  • Page 20 ® ™ McAfee GroupShield 7.0 User Guide Introduction Contact information...
  • Page 21: Pre-Installation

    Pre-Installation This chapter provides information that is important to consider before installing GroupShield for Exchange 7.0. Topics covered are: Pre-Installation scenarios System requirements Pre-Installation scenarios ® You MUST log on to Microsoft Windows as a domain administrator. This gives you relevant rights and permissions to install GroupShield.
  • Page 22: Types Of Installation

    Exchange Server 2003/2007 in these ways: Standard installation Silent installation Cluster installation Standard installation ® ® You can install McAfee GroupShield software on Microsoft Exchange Server 2003/2007. Refer to Installing GroupShield for Microsoft® Exchange Server 2003/2007 on page 26 for step-by-step instructions.
  • Page 23: System Requirements

    Mozilla version 2.0 Screen Resolution 1024 x 768 For the best display, set the color resolution to 24-bit or higher General A CD-ROM drive (if installing from a CD) or an Internet connection (if installing from the McAfee download site)
  • Page 24 ® ™ McAfee GroupShield 7.0 User Guide Pre-Installation System requirements...
  • Page 25: Installing The Software

    Accessing the software McAfee distributes GroupShield for Exchange in two ways: As an archived file that you download from the McAfee website or from other electronic services. On the Total Virus Defense (TVD), the Active Virus Defense (AVD) or the suite CDs.
  • Page 26: What Is Included With The Software

    McAfee GroupShield for Microsoft Exchange Server 2003/2007 does not upgrade ® ® McAfee SpamKiller for Exchange installation. You should uninstall McAfee SpamKiller Caution for Exchange manually before installing GroupShield for Exchange 7.0. ® Installing GroupShield for Microsoft Exchange Server 2003/2007 ®...
  • Page 27 5 Click . The dialog box displays the software components you can install. Figure 3-2 McAfee GroupShield for Exchange - Component selection McAfee GroupShield for Exchange 7.0 is selected by default. Buffer Overflow Protection provides buffer overflow protection through host intrusion prevention using McAfee VirusScan Enterprise version 8.5i.
  • Page 28 - installs all the application features. Custom - installs the application features you want and is recommended for advanced users. Figure 3-3 McAfee GroupShield for Exchange - Select Installation type Next Ready to Install the Application Create Desktop 11 Click .
  • Page 29 Note SiteList editor This is a new functionality in the software, where you can see the list of sites configured for update. The user interface is similar to that of McAfee VirusScan Enterprise. sitelist.xml EditSiteList.exe This application modifies the file of the current machine.
  • Page 30: Installing Additional Components

    Note McAfee Anti-Spam for GroupShield component requires a license key for activation. Buffer Overflow Protection Buffer overflow is an attack technique that exploits a software design defect in an application or process to force it to execute code on the computer.
  • Page 31: Installing Mcafee Anti-Spam For Groupshield

    User Guide. Note Installing McAfee Anti-Spam for GroupShield Anti-Spam and Anti-Phish feature is available only if you install McAfee Anti-Spam for GroupShield component during installation. McAfee Anti-Spam for GroupShield requires activation to enable it to work in licensed mode. McAfee Anti-Spam for GroupShield...
  • Page 32: Silent Installation

    ® ™ McAfee GroupShield 7.0 User Guide Installing the Software Silent installation Silent installation The GroupShield for Exchange installation is performed by MSI. You can set the properties used by the MSI either by editing the file or by passing the SILENT.INI...
  • Page 33: Configuring Groupshield In A Cluster Environment

    From the Services MMC, change the Startup type of the GroupShield Exchange Automatic service to GroupShield should not be managed using the Cluster Administrator. A resource of McAfee Cluster Framework type should not be added in the cluster administrator to any of the cluster groups.
  • Page 34 ® ™ McAfee GroupShield 7.0 User Guide Installing the Software Configuring GroupShield in a cluster environment Local Continuous Replication (LCR) on Exchange Server 2007 Local Continuous Replication (LCR) is a single-server solution that uses built-in asynchronous log shipping technology to create and maintain a copy of a storage group on a second set of disks that are connected to the same server as the production storage group.
  • Page 35 Figure 3-6 New Resource Name Description Resource 2 Type a suitable for the Resource type McAfee Cluster Framework 3 From the drop-down list, select Group Cluster group 4 From the drop-down list, select the to which the GroupShield for Exchange resource needs to be added.
  • Page 36 GroupShield for Exchange 7.0 resource. Repeat the above mentioned steps for every Exchange group on which GroupShield for Exchange is to be added. McAfee Cluster FrameWork Physical Disk For an existing resource of type , the...
  • Page 37: Upgrading Groupshield From V6.0.2 Or Higher

    45 of this guide. Repeat this on all nodes of the cluster. Uninstalling the software from the cluster does not delete the McAfee folder on the shared drive. You may delete this folder manually after uninstalling the software. Note Upgrading GroupShield from v6.0.2 or higher...
  • Page 38 ® ™ McAfee GroupShield 7.0 User Guide Installing the Software Upgrading GroupShield from v6.0.2 or higher 3 When the installation is completed successfully, your system is upgraded to GroupShield for Exchange version 7.0. After the upgrade, policies, scheduled tasks, rules, and configuration settings are carried forward to GroupShield 7.0...
  • Page 39: Post-Installation Tasks And Maintenance

    Maintenance This chapter includes information that is important to consider when performing post installation and maintenance tasks: Testing your GroupShield installation Quarantining using McAfee Quarantine Manager Maintaining your GroupShield application Uninstalling the GroupShield for Exchange software Testing your GroupShield installation...
  • Page 40: Testing The Mcafee Anti-Spam Component

    Testing GroupShield installation using McAfee Virtual Technician You can test if GroupShield for Exchange is installed correctly by running McAfee Virtual Technician. McAfee Virtual Technician automatically checks for common deviations that may have occurred since the time you installed the product.
  • Page 41: Quarantining Using Mcafee Quarantine Manager 4.1

    ® McAfee Quarantine Manager in turn uses the same port number by default, to release or send configuration information of the detected email messages to the McAfee ® product. The communication ports mentioned in GroupShield and in the McAfee Quarantine Manager user interface should be the same.
  • Page 42: Upgrading Blacklists And Whitelists

    <SrcPath>: to specify the directory path to the existing GroupShield 6.x user blacklists and whitelists. <DesPath>: to specify the directory path to where the generated BWLIST.XML file is to be stored. The output XML file generated can be imported into the McAfee Import Export Quarantine Manager’s database using its tool.
  • Page 43: Maintaining Your Groupshield Application

    Repairing the GroupShield installation Restoring original out-of-box configuration Modifying the GroupShield installation To modify application features installed for GroupShield for Exchange, you can use the Add/Remove Programs McAfee GroupShield for Exchange Windows feature by running the setup program. Modifying GroupShield ®...
  • Page 44: Repairing The Groupshield Installation

    , then . The window appears. Add/Remove Programs Add/Remove Programs 4 Double-click . The dialog box appears. McAfee GroupShield for Exchange 5 Select from the list. Change Application Maintenance 6 Click . The dialog is displayed. Modify Next...
  • Page 45: Restoring Original Out-Of-Box Configuration

    McAfee GroupShield for Exchange 5 Select from the list. Change Application Maintenance 6 Click . The dialog is displayed. Remove Next 7 Select , then click McAfee GroupShield for Exchange Uninstall Next 8 The dialog box appears, click...
  • Page 46 ® ™ McAfee GroupShield 7.0 User Guide Post-Installation Tasks and Maintenance Uninstalling GroupShield for Exchange Finish 9 Once the software is removed, a message is displayed. Click to close the dialog box.
  • Page 47: Integrating With Epolicy Orchestrator

    Orchestrator. See the ePolicy Orchestrator v3.6 Product Guide for more information. The ePolicy Orchestrator software provides a single point of control for your McAfee anti-virus products, to manage anti-virus policies, view reports of anti-virus events and virus activity in an enterprise environment.
  • Page 48: Introducing Epolicy Orchestrator Console

    ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Introduction Introducing ePolicy Orchestrator console ® The Microsoft Management Console (MMC) is your interface to the ePolicy Orchestrator product and its features. Here you register and configure the GroupShield for Exchange products that are managed through ePolicy Orchestrator.
  • Page 49: Before You Begin

    Download the NAP and package .ZIP archive and extract the file to the temporary directory. Anti-Spam and Anti-Phish feature is only available if you install McAfee Anti-Spam for GroupShield component after installation. To install and deploy Anti-Spam and Note Anti-Phish, you need to check-in the required package into the repository and then deploy.
  • Page 50: Sending An Agent Wakeup Call

    Note To enable ePolicy Orchestrator agent icon in the system tray of the client computer: ePO Agent a Click link on the right pane. McAfee Default ePolicy Orchestrator b Click link for ePolicy Orchestrator agent, the Agent page appears.
  • Page 51 ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Installation Adding GroupShield Installation Package files to the ePolicy repository Repository Repository 14 Click . The page appears. Check in Package Check in package wizard 15 Click . The appears.
  • Page 52: Upgrading From Groupshield For Exchange Version 6.0.X Nap Settings

    ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Installation Installing GroupShield on the client computer ePolicy Orchestrator Site 1 From the console, select the or the Exchange Server on which Tasks you intend to install GroupShield, then click the tab.
  • Page 53: Configuring Groupshield Policies

    ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Configuring GroupShield Policies Importing the GroupShield for Exchange version 6.x NAP settings 1 Using an administrative account, log on to the computer containing ePolicy Orchestrator Server. 2 Create a temporary directory on the network or your local drive.
  • Page 54: Managing Policies

    Properties Tasks 3 The , and tabs appear in the details pane. Policies GroupShield for Exchange McAfee Default Category 4 In the tab, under , click for a view the default policy settings. The Policy Settings dialog box appears. Duplicate...
  • Page 55: Scheduling Tasks

    When GroupShield scans for viruses, spam or phish, it uses information in the DAT and Rule files to find them. Many new threats are discovered daily and McAfee regularly creates new DAT files to provide protection from these viruses. To ensure the best...
  • Page 56 (DATs), anti-spam rules, spam engine, and virus-scanning engine. We recommend that you update DAT files daily and regularly check the McAfee AVERT (Anti-Virus Emergency Response Team) website for new DAT files. If you have multiple servers in the current domain, you can use one server to download the latest DAT files, then configure the others to copy the files from that server.
  • Page 57: Editing A Task

    No additional settings are required for this task page appears with message AutoUpdate is configured to update the product with latest DATs, spam rules, spam and anti-virus engines from McAfee http/ftp website. Note ePolicy Orchestrator Agent Update You can also schedule the autoupdate task from the...
  • Page 58 ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Scheduling tasks Inherit 3 Deselect 4 Select the desired on-demand policy from the list: 5 Click Scheduling settings Schedule 6 Click the tab. Table 5-2 Schedule Options Schedule Task Select one of the available task type from the drop-down list.
  • Page 59: Reports

    ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Reports Table 5-2 Schedule Options Repeat Task Advanced Advanced Scheduled Options Click on the dialog box. Use this option to run a task multiple times in the same day. To...
  • Page 60: Configuring Reports

    ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Uninstallation is selected, the complete report is shown. Tabs may vary based on which report is selected. See ePolicy Orchestrator Product Guide v 3.6 for more details on all the available settings tabs.
  • Page 61 ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Uninstallation Inherit Remove 5 Deselect . From the listed products, select from the list item given GroupShield for Exchange against Run this task at every policy enforcement interval...
  • Page 62 ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Uninstallation groupshield7.0 Remove 3 Right-click and select to uninstall the report file from the ePolicy Orchestrator server.
  • Page 63: Integrating With Epolicy Orchestrator

    Integrating with ePolicy Orchestrator 4.0 Introduction This chapter describes how to configure GroupShield for Exchange using McAfee ePolicy Orchestrator management software version 4.0. To use this chapter effectively, you need to be familiar with ePolicy Orchestrator 4.0. ePolicy Orchestrator 4.0 provides a scalable platform for centralized policy management and enforcement on your security products and systems on which they reside.
  • Page 64: Epolicy Orchestrator Agent

    ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Introduction Insert the CD into the computer’s drive and copy the installation .ZIP files into the temporary directory you created. Download the ZIP files to the temporary directory...
  • Page 65: Installation

    You can check-in the GroupShield for Exchange software package from the Repository page. Master Repository is the central location for all McAfee updates residing on the ePolicy Orchestrator server. It retrieves user-specified updates from McAfee site or user-defined source sites.
  • Page 66: Installing Groupshield For Exchange On The Client Computer

    Client Tasks Create Task 3 From the tab, click Name Notes Type Product Deployment (McAfee 4 Type a for the task and choose the Agent 4.0.0) Next Client Task Builder 5 Click . The page appears.
  • Page 67: Extensions

    ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Installation Extensions You can install, remove and manage the GroupShield for Exchange extension files. Extension files are in ZIP file format and must be installed before that product or component can be managed by ePolicy Orchestrator 4.0.
  • Page 68: Introducing Epolicy Orchestrator 4.0 Dashboard

    ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Introducing ePolicy Orchestrator 4.0 Dashboard Introducing ePolicy Orchestrator 4.0 Dashboard Dashboards are a collection of pre-configured and/or user-selected monitors that provide current data about your detections. The ePolicy Orchestrator dashboard consists of a collection of named dashboard monitors.
  • Page 69: Reporting

    Reports are pre-defined queries which queries the ePolicy Orchestrator database and generates a graphical output. ePolicy Orchestrator 4.0 has its own querying and reporting capabilities. McAfee includes a set of default queries on the left pane. However, you can create a new query, edit, and manage all the queries.
  • Page 70: Systems

    ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Systems Filter 7 The page appears. Specify criteria by selecting properties and operators to limit the data retrieved by the query. Save Save Query 8 Click , then .
  • Page 71: Policies

    (chosen group) page appears. Create new policy Create a new policy 5 Click . The dialog box appears. McAfee Default My Default 6 Choose as desired. McAfee Default policies are read-only and cannot be edited, renamed, or deleted. Note New policy name...
  • Page 72: Client Tasks

    Your software can only provide full protection if you keep it up-to-date with the latest anti-virus definitions (DATs), anti-spam rules, spam engine and virus-scanning engine. We recommend that you update DAT files daily and regularly check the McAfee AVERT (Anti-Virus Emergency Response Team) website for new DAT files.
  • Page 73 ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Systems Creating a new autoupdate task 1 Using an administrative account, log on to the ePolicy Orchestrator server. Systems System Tree 2 Click and choose a desired group.
  • Page 74: Uninstallation

    Client Tasks Create Task 3 From the tab, click Name Notes Type Product Deployment (McAfee 4 Type a for the task and choose the Agent 4.0.0) Next Client Task Builder 5 Click . The page appears.
  • Page 75: Removing The Product Extension

    ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Uninstallation Run update after successful product deployment (4.0 or above) Next 10 Click to schedule this task as desired. Next Save 11 Click to view a summary of the task, then click...
  • Page 76 ® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Uninstallation Force removal, bypassing any checks or errors 4 Select the option 5 Click...
  • Page 77: Integrating With Protectionpilot

    GroupShield for Exchange to be managed through ProtectionPilot. When you first log on to the server, the console displays the current level of protection. This guide describes how to configure GroupShield for Exchange using McAfee ProtectionPilot software version 1.5. To use this guide effectively, you need to be familiar with ProtectionPilot.
  • Page 78 Figure 7-1 ProtectionPilot console The McAfee Common Agent is the key to remotely managing products. Installed on each computer, it deploys products, updates virus definition (DAT) files and the virus-scanning engine, upgrades existing products with service pack and patch releases.
  • Page 79: Before You Begin

    Download the NAP and pkgCatalog.z archive and extract the file to the temporary directory. Anti-Spam and Anti-Phish feature is only available if you install McAfee Anti-Spam for GroupShield component after installation. To install and deploy Anti-Spam and Note Anti-Phish, you need to check-in the required package into the repository and then deploy.
  • Page 80: Configuring Groupshield Policies

    ProtectionPilot server: 1 Locate the NAP file, on the product CD or in the installation .ZIP file downloaded from the McAfee website, and save it to a temporary folder accessible from the ProtectionPilot server. 2 Log on to the ProtectionPilot server with administrative rights.
  • Page 81: Setting And Enforcing Policies

    ProtectionPilot agent. Modifying policies for GroupShield in ProtectionPilot 1 Log on to the ProtectionPilot server. McAfee ProtectionPilot <SERVER> Directory 2 In the console tree under , select the site, group, single computer, or the entire directory to which these policies are to apply.
  • Page 82 ® ™ McAfee GroupShield 7.0 User Guide Integrating with ProtectionPilot 1.5 Configuring GroupShield policies 7 Select the debug logging Level. you can select: High - to collect large number of log entries. Medium - to collect medium number of log entries.
  • Page 83: Scheduling Tasks

    ® ™ McAfee GroupShield 7.0 User Guide Integrating with ProtectionPilot 1.5 Scheduling tasks Database location 3 Specify the or specify a different location for the product log. Use the first field to tell the software about the type of location you are going to specify Full Path in the second field.
  • Page 84: User Guide Contents

    - Policies in this set contain settings for all scanners and filters. These policies will be the typically used for scanning at regular intervals. Creating a new on-demand scan task 1 Log on to the ProtectionPilot server. McAfee ProtectionPilot <SERVER> Directory 2 In the console tree under , select the site, group, single computer, or the entire directory to which these policies are to apply.
  • Page 85: Uninstallation

    Delete to delete the task when it is no longer required. Note Uninstallation Removing McAfee GroupShield for Exchange from the client computer using ProtectionPilot server Site Group Computer 1 Select the required in the ProtectionPilot directory.
  • Page 86 Delete 4 Click to uninstall GroupShield for Exchange package file from the server. Removing the McAfee GroupShield for Exchange NAP file from ProtectionPilot server 1 Log on to the ProtectionPilot server with administrative rights. Repository View contents of server repository...
  • Page 87: Getting Started With The User Interface

    Settings and Diagnostics that you can administer. The right pane shows information depending on the item you select in the left pane. To start GroupShield for Exchange user interface: McAfee GroupShield for Exchange 1 Start from the icon on the desktop. Start...
  • Page 88: Dashboard

    ® ™ McAfee GroupShield 7.0 User Guide Getting Started with the User Interface Dashboard Dashboard The dashboard provides an overview of the scanning details, latest detections, graphical view of these detections, product updates and versions, a list of recently scanned items, anti-virus news, and security news.
  • Page 89: Versions & Updates

    (the link) and schedule a new updating Edit Schedule frequency (the link). McAfee Security regularly provides updated Virus Definition (DAT) files to detect Update Now and clean the latest virus threats. Click to update the most up-to-date virus protection available.
  • Page 90: On-Demand Scans

    ® ™ McAfee GroupShield 7.0 User Guide Getting Started with the User Interface Dashboard Licenses : This tab gives the description of the installed product(s), the type of license, expiry date (if the license type is Beta), and the number of day(s) remaining for the license to expire.
  • Page 91 ® ™ McAfee GroupShield 7.0 User Guide Getting Started with the User Interface Dashboard Choose when to scan 3 In , choose any of these options: Not scheduled — Select the checkbox and specify the number of hours and minutes after which the scanning has to stop.
  • Page 92 ® ™ McAfee GroupShield 7.0 User Guide Getting Started with the User Interface Dashboard Remove Viruses Find Banned Content Remove Banned Content Full Scan Resumable Scanning Restart from last item 7 Select to enable Using this option, you can specify whether a scan can restart from the point where it was stopped.
  • Page 93: Status Report

    ® ™ McAfee GroupShield 7.0 User Guide Getting Started with the User Interface Dashboard The ‘Run Now’ link Once you have scheduled a new task, you can run a scan. Apply This option is available only if you click after creating a new scan task.
  • Page 94 ® ™ McAfee GroupShield 7.0 User Guide Getting Started with the User Interface Dashboard Days — Specify the time how frequently, in days, the report task should take place and at what time of the day. You can select the checkbox and specify the number of hours and minutes after which the report task has to stop.
  • Page 95: Graphical Reports

    ® ™ McAfee GroupShield 7.0 User Guide Getting Started with the User Interface Dashboard 3 Click Refresh Click to update the schedule summary information. Note Graphical reports Graphical Reports section gives an explicit view of a graph of detected items. You can also find each detection by setting filters to specify the type of detections that are of interest.
  • Page 96 ® ™ McAfee GroupShield 7.0 User Guide Getting Started with the User Interface Dashboard Reason Ticket Number Detection Name Spam Score All Dates Date Range 4 Choose or a desired from the drop-down lists. Bar Graph Pie Chart 5 Choose as required.
  • Page 97: Detected Items

    Detected Items Detected Items is used to view information about emails that contains spam, phish, viruses, potentially unwanted programs, unwanted content, banned file types or messages, and all items. You should select at least one search filter, however you can use up to three search filters to narrow your search.
  • Page 98: Spam

    ® ™ McAfee GroupShield 7.0 User Guide Detected Items Spam Spam Spam is an unwanted email message, specifically unsolicited bulk messages. Detected Items Spam Spam 1 Click . The page appears. 2 Select up to three of these search filters:...
  • Page 99: Viruses

    ® ™ McAfee GroupShield 7.0 User Guide Detected Items Viruses All Dates 3 Select to include all the entries. Else, select the desired date and time range Date Range from the drop-down lists. Search 4 Click . A list of phish items matching your search criteria are displayed in the View Results section.
  • Page 100: Unwanted Content

    ® ™ McAfee GroupShield 7.0 User Guide Detected Items Unwanted content Detected Items Potentially Unwanted Programs Potentially Unwanted Programs 1 Click . The page appears. 2 Select up to three of these search filters: Ticket Number Filename Action Taken Submit to Avert...
  • Page 101: Banned File Types/Messages

    ® ™ McAfee GroupShield 7.0 User Guide Detected Items Banned file types/messages Banned file types/messages Banned file types are any files which are banned by an administrator. Detected Items Banned File types/Messages 1 Click 2 Select any of these search filters:...
  • Page 102 ® ™ McAfee GroupShield 7.0 User Guide Detected Items All items Search filters used: Action Taken — to search according to the type of action taken when the item was detected. Filename — to search by file name. Sender — to search by the email address of the sender.
  • Page 103 ® ™ McAfee GroupShield 7.0 User Guide Detected Items All items You can also use: Columns to display View Results - to select additional column headers to be listed in the pane. Click this option, select the desired options, and click You must select at least one column header.
  • Page 104 ® ™ McAfee GroupShield 7.0 User Guide Detected Items All items...
  • Page 105: Policy Manager

    Policy Manager ® This chapter explains how you enforce policies in GroupShield for Microsoft Exchange Policy Manager Server 2003/2007. You can use to specify policies that determine how different types of threats are treated when detected. Each type of policy has a master policy, which is the default policy for that policy type. Master policy cannot be deleted, because there should always be one policy from which other policies can be created.
  • Page 106: Inheritance View

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Policy manager views Inheritance view Inheritance View enables you to view policy settings inherited from another policy. The policy that inherits the settings is known as the “child policy”, and the policy from which it inherits those settings is know as the “parent policy”.
  • Page 107: Advanced View

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Policy manager views Advanced view Advanced View The main purpose of is to allow you to change the order in which any Move subpolicies are applied (in the column). You can click on: Name of the policy —...
  • Page 108: Creating A Subpolicy

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Creating a subpolicy Creating a subpolicy Policy Manager 1 From , select a menu item for which you want to create a subpolicy. Create sub-policy. Create a sub-policy 2 Click page appears with three tabs:...
  • Page 109: Policy Settings

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Policy settings Initialize selected settings with values copied from another policy to choose a policy from the drop-down and initialize the selected settings with the values of that policy Finish Apply...
  • Page 110 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Policy settings Anti-Phishing (Gateway) Core Scanners For more information on mentioned above, see Scanners and filters on page 113 Note Filters — to configure the policy for each type of filter. Typical filters include:...
  • Page 111 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Policy settings Select existing time slot 6 If you choose , choose any one of these from the drop-down menu: Weekdays Weekends Working hours Create a new time slot, 7 If you choose specify a name for the new time slot and select the desired day(s) and time.
  • Page 112: View Settings

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Policy settings View settings View Settings In the tab, you can configure scanner/filter settings for a selected policy and the scanner/filter that you choose. You can: View and configure option settings, including specifying which alert message to use when a detection triggers a content rule.
  • Page 113: Scanners And Filters

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Apply 5 Click Scanners and filters Policy Manager has core scanners, filters and miscellaneous settings for different types of policies (submenu items). The different scanning types in GroupShield for...
  • Page 114: Core Scanners

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters The core scanners, filters, and miscellaneous settings for each type of policy are explained in detail below. Core scanners Core scanners in GroupShield 7.0 include: Anti-Virus Scanner Content Scanning...
  • Page 115 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Options 5 In , select any one of these anti-virus option set that you want to view or configure: High Protection — to view and configure the settings that are applied when a high level of protection is required.
  • Page 116 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Default file types — to specify that only the default file types should be scanned. Defined file types — to specify which file types should be scanned. Scanner options 6 Under , select the scanner options you require.
  • Page 117 — to add PUP names to a list. You can use wildcards to match names. Delete — to delete the PUP names that you have added. The McAfee website http://vil.nai.com/vil/default.aspx contains a list of PUP names. Search...
  • Page 118 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Editing anti-virus scanner actions Policy Manager 1 From , select a submenu item that has anti-virus scanner. The policy page for the submenu item appears. 2 Choose a desired policy.
  • Page 119 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters On-Demand (Default) On-Demand (Find Viruses) On-Demand (Remove Primary actions for Viruses) On-Demand (Full Scan) , and scan include: Replace detected item with an alert — to replace the detected item with an alert message.
  • Page 120 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Content Scanning View Settings 3 Click . The tab for the content scanner appears. Activation Enable 4 In , select or deselect to enable or disable the content scanner settings for this policy.
  • Page 121 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Content Scanning Alert Style Font Size Tokens 6 Under , choose the desired , and from the respective drop-down lists. HTML content (WYSIWYG) Show These options are available only if you choose from the drop-down menu.
  • Page 122 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Insert Table — to insert a table at the current cursor position. Type the values in Rows Columns Table width Border thickness Cell padding Cell spacing , and...
  • Page 123 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters If detected, take the following action 6 Under , choose the desired primary and secondary content scanner actions. Primary and secondary content scanner actions on page 123. Note...
  • Page 124 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Notify recipient — to send an alert message to the recipient, when the recipient is not ® in the same domain as Microsoft Exchange Server 2003/2007. On-Demand (Find Banned Content)
  • Page 125 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Change — to change the primary and secondary actions associated with a file filtering rule. For more information on changing the primary and secondary actions associated with a...
  • Page 126 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters File categories 11 In , click on a file type. An asterisk symbol ( ) appears next to the file type to indicate that the selected file type will be filtered.
  • Page 127 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Primary and secondary file filtering actions On-Access Primary actions for scan include: Replace detected item with an alert — to replace the detected item with an alert message.
  • Page 128 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Notify administrator — to send an alert message to the email administrator. Anti-spam You can configure the file filtering settings for a selected policy. Policy Manager Gateway Gateway...
  • Page 129 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Reject the Message — to reject the email message. Delete message — to delete the email message item. Allow through — to allow the item to continue to the next scanning phase or on to its final destination.
  • Page 130 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters These default settings have been carefully optimized to maintain the balance between a high spam detection rate and a low false positive rate. In the unlikely event that you...
  • Page 131 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Verbose reporting 12 Select or deselect to specify whether verbose reporting is required or not. Verbose reporting includes the names and descriptions of the anti-spam rules that have been triggered.
  • Page 132 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Spam profile Select a required from the drop-down. A spam profile is a set of characteristics that identify a category of spam. To enable the anti-spam software to better detect spam, users can submit examples of spam, which Note enables the software to learn to recognize further spam.
  • Page 133 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters create new set of options — to create a new set of options for anti-phising setting of a selected policy. For more information, refer to Creating new set of options for anti-phishing settings on...
  • Page 134 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Instance name 5 In , specify a name for the anti-phishing settings. This field is mandatory. Reporting 6 In options, select or deselect these options as required: Add prefix to subject of phishing messages —...
  • Page 135: Filters

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Filters Filters in GroupShield 7.0 include: Corrupt Content Protected Content Encrypted Content Signed Content Password-Protected Files Scanner Control MIME Mail Settings HTML Files Mail Size Filtering Corrupt content The content in some mails can be corrupt, which means such content cannot be scanned.
  • Page 136 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Primary and secondary filtering actions for corrupt content On-Access Primary actions for scan include: Replace detected item with an alert — to replace the detected item with an alert message.
  • Page 137: Protected Content

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Notify recipient — to send an alert message to the recipient, when the recipient is not ® in the same domain as Microsoft Exchange Server 2003/2007. Protected content The content of some mails can be protected, which means that content cannot be scanned.
  • Page 138 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Delete message — to delete the email message item. Allow through — to allow the item to continue to the next scanning phase or on to its final destination.
  • Page 139: Signed Content

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Actions 5 In , view the action that will be taken when encrypted content is detected. To Edit change those actions, click the link. Primary and secondary filtering actions for encrypted content is the same as those of protected content.
  • Page 140: Password-Protected Files

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Delete embedded item — to delete the detected item. For example, to delete an attachment that triggers a detection rule. Allow changes to break the signature — to break the signature of the signed content which leads to the change of the content before being uploaded.
  • Page 141 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Policy Manager 1 From , select a submenu item. The policy page for the submenu item appears. 2 Choose a desired policy. Password-Protected Files View Settings 3 Click .
  • Page 142: Scanner Control

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Quarantine — to take a copy of the item and store it in the quarantine database. Notify administrator — to send an alert message to the email administrator.
  • Page 143 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Alert selection 6 In , select an existing alert to use when a scanner control option is Create triggered, else a new alert. View/Hide If the alert text is not shown and you would like to preview it, click View/Hide display the text.
  • Page 144 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters The maximum scanning time is exceeded. On-Access Primary actions for scan include: Replace detected item with an alert — to replace a detected item, such as an attachment, with an alert message.
  • Page 145 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters On-Demand (Find Viruses) On-Demand (Remove Viruses) On-Demand Secondary actions for (Find Banned Content) On-Demand (Remove Banned Content) On-Demand (Full Scan) , and Gateway scan include: — to record the detection in a log.
  • Page 146 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Options 5 In , choose any one of these: Core Mail Settings — to view and configure the default mail size filter settings. An existing instance of MIME mail setting.
  • Page 147 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Re-encode using HTML with numeric unicode references Re-encode using the following character set (in this case, choose a character set from the drop-down list). Preferred re-encoding of modified subject headers...
  • Page 148 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Do not treat as corrupt content NULL characters in the headers of a MIME message 15 In , choose the desired option: Treat as corrupt content and take appropriate action...
  • Page 149 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Notify recipient — to send an alert message to the recipient, when the recipient is not ® in the same domain as Microsoft Exchange Server 2003/2007. On-Demand (Default)
  • Page 150 < META EQUI="Expires" Content="Tue, 04 June 2007 21:29:02"> Links URLs ("<ahref=...") — to scan for URL elements in the HTML message. For example: <a HREF="McAfee.htm"> Source URLS ("<img src=...") — to scan for source URL elements in the HTML message. For example: <IMG SRC="..\..\images\icons\mcafee_logo_rotating75.gif">...
  • Page 151 ActiveX controls — to remove ActiveX control elements from the HTML message. For example: <OBJECT ID="clock" data="http://www.mcafee.com/vscan.png" type="image/png"> VirusScan Image </OBJECT> Macromedia Flash — to remove Macromedia Flash elements from the HTML message. This option gets enabled if you have selected ActiveX controls.
  • Page 152 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Options create new set of options Mail Size Filtering 4 From the drop-down menu, click . The page appears. Instance name 5 Specify an for the mail size filter settings. This field is mandatory.
  • Page 153: Miscellaneous

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Secondary actions are the same for all tabs. — to record the detection in a log. Quarantine — to take a copy of the item and store it in the quarantine database.
  • Page 154 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Edit — to change the alert setting options associated with a policy. Creating new set of options for alert settings Policy Manager 1 From , select a submenu item. The policy page for the submenu item appears.
  • Page 155 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Scanners and filters Disclaimer text Policy Manager Gateway Gateway 1 From , select . The policy page for appears. 2 Choose a desired policy. Disclaimer Text View Settings 3 Click . The tab for the disclaimer text settings appear.
  • Page 156: Shared Resource

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Shared resource Shared resource When setting up policies, you might want the same resource to be used by more than one policy. For example, you might want to use the same disclaimer text in two policies.
  • Page 157 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Shared resource HTML Files Mail Size Filtering. Create New — to create a new shared resource for a selected category. For detailed information, refer to Creating a new shared resource for anti-virus...
  • Page 158 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Shared resource Creating a new shared resource for anti-spam Policy Manager Shared Resource Shared Resources 1 In , click . The page appears. Scanners & Alerts Anti-Spam Category 2 In tab, choose from the drop-down menu.
  • Page 159 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Shared resource nstance name 4 Enter the I Maximum nesting level 5 Enter the Maximum expanded file size (MB) 6 Enter the Maximum scan time (minutes) 7 Enter the Save 8 Click...
  • Page 160: Filter Rules

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Shared resource Alerts Category 5 In the pane, choose a Create New 6 Click and perform steps of Creating a new alert on page 120. Creating a new shared resource for mail size filtering...
  • Page 161 ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Shared resource File Filtering Rules , you can set up rules that apply to file name, file type, and file size. You can use: Create New — to create a new file filtering rule.
  • Page 162: Time Slots

    ® ™ McAfee GroupShield 7.0 User Guide Policy Manager Shared resource File Format Everything 8 Under the tab, select to select all the file categories and its subcategories. You can select multiple categories and file types within the selected categories to be matched.
  • Page 163: Settings & Diagnostics

    (VSAPI) Transport Scan Settings settings, and For Exchange Server 2003 ® By default, the McAfee Transport Scanner is enabled and scans all the email Transport Scan Settings ® messages. If you deselect , Microsoft Virus Scanning API (VSAPI v 2.5) scans the email messages.
  • Page 164 ® ™ McAfee GroupShield 7.0 User Guide Settings & Diagnostics On-access settings General Allow Through Remove 2 In , choose depending on whether you want to allow the email message through or delete it, if scanning fails. Microsoft Virus Scanning API (VSAPI)
  • Page 165 Also, there is a stamping mechanism in case of GroupShield for Exchange Server 2007. ® After an email message is scanned, the McAfee Transport Scanner assigns a stamp to the header of the email message. This prevents the email message from being ®...
  • Page 166 ® ™ McAfee GroupShield 7.0 User Guide Settings & Diagnostics On-access settings Only Un-Scanned Items 4 Select to enable background scanning only to those messages that have not been scanned yet. Force Scan All 5 Select to scan items irrespective of whether the item has a scan stamp or not.
  • Page 167: Notifications

    ® ™ McAfee GroupShield 7.0 User Guide Settings & Diagnostics Notifications Notifications Notification settings allows the user to configure the content and SMTP address for the administrator to send email notifications. Settings & Diagnostics Notifications Notifications 1 Click . The page appears.
  • Page 168: Anti Spam

    3 Select to route junk mails to the user junk folders on the mail server. Apply 4 Click Detected items Detected Items You can use Specify whether local database or the McAfee Quarantine Manager should be used for quarantining email messages.
  • Page 169: Mcafee Quarantine Manager

    Quarantine Manager will use when releasing email messages or sending configuration information to GroupShield for Exchange. Apply 6 Click For more information on using McAfee Quarantine Manager, please see the McAfee Quarantine Manager v 4.1 Product Guide. Note Local database...
  • Page 170: User Interface Preferences

    ® ™ McAfee GroupShield 7.0 User Guide Settings & Diagnostics User interface preferences Apply 7 Click User interface preferences User Interface Preferences You can use to configure user interface refresh, report, metric, graph and chart settings. Dashboard settings Settings & Diagnostics...
  • Page 171: Diagnostics

    ® ™ McAfee GroupShield 7.0 User Guide Settings & Diagnostics Diagnostics Anti-alias 3 Select to specify whether you want to use anti-aliasing techniques when displaying pie charts. If anti-aliasing is used, you will see smoother curves in pie charts. If anti-aliasing is not used, pie chart curves appear more jagged.
  • Page 172: Error Reporting Service

    Avoid using debug logging indiscriminately because it fills up the hard disk space and affects the overall performance of the Exchange Server. It should be enabled for a Note limited duration as advised by an authorized personnel (McAfee support engineer). Error reporting service Error Reporting Service...
  • Page 173: Product Log

    ® ™ McAfee GroupShield 7.0 User Guide Settings & Diagnostics Product log <Windows Folder>\ Specify filename of database 2 Select to specify whether you want to use the default file name or specify a different name. If deselected, the default file name is used. The Database filename productlog.bin...
  • Page 174: Dat Settings

    ® ™ McAfee GroupShield 7.0 User Guide Settings & Diagnostics DAT settings Description — Select the relevant description. You can select up to three search filters. Note All Dates Date Range 3 Choose the radio button to include all entries, else choose choose the desired date range from the drop-down menu.
  • Page 175 Site list A site list specifies from where automatic updates are downloaded. By default, GroupShield uses a site list that points to a McAfee site for automatic updates, but you can use a site list that points to a different location.
  • Page 176 ® ™ McAfee GroupShield 7.0 User Guide Settings & Diagnostics Import and export configuration Apply 3 Click...
  • Page 177: Index

    Pre-requisites Mail size filtering Configuring GroupShield Policies Uninstallation Master policy Contact information ePolicy Orchestrator console McAfee Quarantine Manager Content scan actions ePolicy Orchestrator Reports (MQM) Content scanning evaluating McAfee products, McAfee Quarantine Manager download website Conventions used in the guide...
  • Page 178 Policy types Modify product information, where to find Schedule submit a sample, Avert Labs Product Log WebImmune product upgrades professional services, McAfee resources technical support, contacting Protected Content Testing the GroupShield installation ProtectionPilot Threat Center (See Avert Labs) Installation threat library...
  • Page 180 700-1705-00 Copyright © 2007 McAfee, Inc. All Rights Reserved. mcafee.com...

This manual is also suitable for:

Groupshield 7.0 formicrosoft exchange

Table of Contents