Page 1 McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 2 EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
Page 3: Table Of Contents
Finding documentation for McAfee enterprise products........
Page 4 Installing the McAfee Agent........
Page 5 Removing the McAfee Agent........
Page 6 Repository types and what they do............130 McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 7 Configuring proxy settings for the McAfee Agent........
Page 8 Deployment packages for products and updates..........171 McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 9 Sharing a query between ePO servers..........200 McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 10 Subnet status..............228 McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 11 Including subnets..............245 McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 12 How tickets are reopened............272 McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 13 Changing SQL Server information............286 McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 14: Introducing Epolicy Orchestrator 4.5
Orchestrator. You can choose whether to house the database on your ePO server or on a separate system, depending on the specific needs of your organization. • Master repository — The central location for all McAfee updates and signatures, residing on the ePO server. Master repository retrieves user-specified updates and signatures from McAfee or from user-defined source sites.
Page 15: Using This Guide
The agent retrieves updates, ensures task implementation, enforces policies, and forwards events for each managed system. It uses a separate secure data channel to transfer data to the ePO server. A McAfee Agent can also be configured as a SuperAgent with the addition of a repository.
Page 16 Introducing ePolicy Orchestrator 4.5 Finding documentation for McAfee enterprise products regarding the product is entered into the online KnowledgeBase, available through the McAfee ServicePortal. Installation phase — Before, during, and after installation • Release Notes • Installation Guide Setup phase — Using the product •...
Page 17: Getting Started With Epolicy Orchestrator 4.5
Select the Language you want the software to display. Click Log On. Logging off ePO servers Use this task to log off from ePO servers. Log off from the ePO server whenever you finish using the software. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 18: Viewing The Server Version Number
Orchestrator server. This information appears in the title bar. NOTE: For more specific information about the version of ePolicy Orchestrator: Click Menu | Software | Extensions, then click Server in the McAfee category of the Extensions list. Scroll through the server extension to ePO Core.
Page 19: The Navigation Bar
Orchestrator. Each of the steps represents a chapter in this product guide, where you can find the detailed information you need to understand the features and functionalities of ePolicy Orchestrator, along with the tasks needed to implement and use them. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 20: Configure Your Epo Server
Orchestrator. Before setting up other features, you must create your System Tree. There are several ways you can add systems to the System Tree, including: • Synchronize ePolicy Orchestrator with your Active Directory server. • Browse to systems on your network individually. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 21: Distribute Agents To Your Systems
To begin adding systems to the System Tree, click Menu | Systems | System Tree. Distribute agents to your systems Each system you want to manage must have the McAfee Agent installed. You can install agents on Windows-based systems manually, or by using the ePO interface. You must install agents on non-Windows systems manually.
Page 22: Configure Your Policies And Client Tasks
Policies A policy is a collection of settings that you create and configure. These policies are enforced by McAfee products. Policies ensure that the managed security products are configured and perform according to that collection of settings. Once configured, policies can be enforced at any level of the System Tree, as well as on specific groups of users.
Page 23: Configuring Epolicy Orchestrator
Server settings and the behaviors they control Managing ePolicy Orchestrator users with Active Directory Registering servers for use with ePolicy Orchestrator Security keys and how they work MyAvert Security Threats Agent Handlers and what they do IPv6 McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 24: Epo User Accounts
Use this task to create a user account. You must be a global administrator to add, edit, or delete user accounts. Task For option definitions, click ? in the interface. Click Menu | User Management | Users, then click New User. The New User page appears. Type a user name. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 25: How Permission Sets Work
Use this task to delete a user account. You must be a global administrator to delete user accounts. NOTE: McAfee recommends disabling the Login status of an account instead of deleting it, until you are sure all valuable information associated with the account has been moved to other users.
Page 26: Working With Permission Sets
Duplicating permission sets Editing permission sets Deleting permission sets Creating permission sets for user accounts Use this task to create a permission set. Before you begin You must be a global administrator to perform this task. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 27 Click Edit next to any section where you want to grant permissions. On the Edit Permission Set page that appears, select the appropriate options, then click Save. Repeat for all appropriate sections of the permission set. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 28: Contacts
Use this task to edit information in an existing entry on the Contacts page. Task For option definitions, click ? in the interface. Click Menu | User Management | Contacts, then select a contact. Click Actions | Edit. The Edit Contact page appears. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 29: Server Settings And The Behaviors They Control
Orchestrator, via the hyperlink from the Log On to ePO page to an Enter License Key page, or via this Server Settings page. McAfee introduced license keys to help customers with license usage tracking needs and to be compliant with McAfee licensing terms.
Page 30: Working With Server Settings
Viewing and changing communication ports Specifying an email server Use this task to specify an email server that ePolicy Orchestrator uses to send email messages. Task For option definitions, click ? in the interface. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 31 Click Menu | Configuration | Server Settings, then select Printing and Exporting in the Settings list. Click Edit. The Edit Printing and Exporting page appears. In the Headers and footers for exported documents section, click Edit Logo to open the Edit Logo page. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 32 • Select Image and browse to the image file, such as your company logo. • Select the default McAfee logo. b Click OK to return to the Edit Printing and Exporting page. From the drop-down lists, select any metadata that you want displayed in the header and footer.
Page 33 This causes a warning message to display every time you visit the ePO console. To stop this warning message from appearing you must do one of the following: McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 34: Installing Trusted Security Certificate For Epo
To the right of the address bar, click Certificate Error to display the certificate warning. At the bottom of the warning, click View certificates to open the Certificate dialog box. CAUTION: Do not click Install Certificate on the General tab. If you do, the process fails. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 35 Installing the security certificate when using Firefox 3.0 Use this task to install the security certificate when using Firefox 3.0, so that the warning dialog box won’t appear every time you log on. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 36: Managing Epolicy Orchestrator Users With Active Directory
Windows users. Dynamically assigned permission sets are permission sets assigned to users based on their Active Directory group memberships. NOTE: Users trusted via one-way external trusts are not supported. Active Directory is the only LDAP server type supported at this time. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 37: Configuring Windows Authentication And Authorization
Use this task to configure Windows authentication. How you configure these settings depends on several variables: • Do you want to use a WINS server to look up which domain your users are authenticating against? • Do you want to use multiple domain controllers? McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 38 Orchestrator application service using these steps: From the server console, click Start | Settings | Control Panel | Administrative Tools | Services. The Services window opens. Right-click McAfee ePolicy Orchestrator Applications Server and select Stop. Rename the WinAuth.dll file to WinAuth.bak. NOTE:...
Page 39: Registering Servers For Use With Epolicy Orchestrator
Orchestrator 4.5 can be set up to work with a variety of servers that you might use in your network. Different types of servers are needed to support various functionalities of ePolicy Orchestrator and other McAfee and third-party products. Contents...
Page 40 Make sure you have the appropriate rights to modify server settings, permission sets, users, and registered servers. Task For option definitions, click ? in the interface. Click Menu | Configuration | Registered Servers, then click New Server. The Registered Server Builder wizard opens. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 41: Security Keys And How They Work
• Verify the contents of local repositories. • Verify the contents of remote repositories. Each pair's secret key signs messages or packages at their source, while the pair's public key verifies the messages or packages at their target. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 42: Backing Up And Restoring Keys
Other repository key pairs • The secret key of a trusted source signs its content when posting that content to its remote repository. Trusted sources include the McAfee download site and the McAfee Security Innovation Alliance (SIA) repository. CAUTION: If this key is deleted, you cannot perform a pull, even if you import a key from another server.
Page 43 Security keys and how they work Backing up all security keys McAfee recommends periodically backing up all security keys, and always creating a backup before making any changes to the key management settings. Store the backup in a secure network location, so that the keys can be restored easily in the unexpected event any are lost from the ePO server.
Page 44: Master Repository Key Pair
Keys other than the master key pair are the public keys that agents use to verify content from other master repositories in your environment or from McAfee source sites. Each agent reporting to this server uses the keys in the Other repository public keys list to verify content that originates from other ePO servers in your organization, or from McAfee-owned sources.
Page 45 Before you begin McAfee recommends that you back up the existing master repository key pair on the target ePO server before overwriting it with an imported master repository key pair.
Page 46: Agent-Server Secure Communication (Assc) Keys
Make sure that the selected key is not being used by any agent that is managed by this ePO server. CAUTION: Do not delete any keys that are currently in use by any agents. If you do, those agents cannot communicate with the server. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 47 Configuring ePolicy Orchestrator Security keys and how they work Before you begin McAfee recommends backing up all keys before making any changes to the key management settings. Task For option definitions, click ? in the interface. Click Menu | Configuration | Server Settings, select Security Keys from the Setting Categories list, then click Edit.
Page 48 CAUTION: In large installations, generating and using new master key pairs should be performed only when you have specific reason to do so. McAfee recommends performing this procedure in phases so you can more closely monitor progress. After all agents have stopped using the old key, delete it.
Page 49 Security keys and how they work Process overview TIP: If you have a large number of managed systems in your environment, McAfee recommends performing this process in phases so you can monitor agent updates. Create an agent update task. Export the keys chosen from the selected ePO server.
Page 50: Myavert Security Threats
You no longer need to manually search for this information from the press (TV, radio, newspapers), informational websites, mailing lists, or your peers. You are automatically notified of these threats from McAfee Avert Labs. Protection status and risk assessment...
Page 51 Task For option definitions, click ? in the interface. Click Menu | Reporting | MyAvert. Select threat notifications for which protection is available, then click Actions and select Delete. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 52: Agent Handlers And What They Do
Once the assignments are received, the agent waits until the next regularly scheduled communication to implement them. You can perform an immediate agent wake-up call to update the agent immediately. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 53: Working With Agent Handlers
Use these tasks to configure and manage Agent Handlers. Before you begin You must have Agent Handlers installed in your network to complete these tasks. For information on Agent Handler installation, see the McAfee ePolicy Orchestrator 4.5 Installation Guide . Tasks Assigning agents to Agent Handlers...
Page 54 Click Edit Priority. The Agent Handler Assignment | Edit Priority page opens, where you assignments change the priority of handler assignments using the drag-and-drop handle. View the summary of a Click > in the selected assignment row. handler assignments details McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 55 Use this table to complete common management tasks for Agent Handler groups. To perform these actions, click Menu | Configuration | Agent Handlers, then click the Handler Groups monitor . Figure 2: Handler Groups monitor Task For option definitions, click ? in the interface. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 56 • System Tree Locations — Select the group from the System Tree location. NOTE: You can browse to select other groups from the Select System Tree and use + and – to add and remove System Tree groups that are displayed. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 57 • Click Move to Top — In the Quick Actions, click Move to Top to automatically move the selected assignment to the top priority. When the priorities of the assignments are configured correctly, click Save. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 58: Ipv6
IP addresses in your network. This also simplifies aspects of address assignment and renumbering when you change Internet connectivity providers. McAfee ePolicy Orchestrator 4.5 is fully compatible with IPv6. The changeover from IPv4 to IPv6 will be gradual, and some organizations might use both protocols. To accommodate all instances, ePolicy Orchestrator 4.5 works in three different modes:...
Page 59: Exporting Tables And Charts To Other Formats
When typing multiple email addresses for recipients, you must separate entries with a comma or semi-colon. Click Export. The files are created and either emailed as attachments to the recipients, or you are taken to a page where you can access the files from links. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 60: Distributing Agents To Manage Systems
• McAfee Agent • SuperAgent • Agent Handler McAfee Agent The McAfee Agent is the client-side component that provides secure communication between McAfee managed products and ePolicy Orchestrator. The agent also provides local services to McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 61: Agent-Server Communication
About the McAfee Agent these products and to products developed by McAfee's Security Innovation Alliance partners. While enabling products to focus on enforcing their policies, the McAfee Agent delivers services that include updating, logging, reporting events and properties, task scheduling, communication and policy storage.
Page 62: Wake-Up Calls And Wake-Up Tasks
About the McAfee Agent Agent-server communication interval The agent-server communication interval (ASCI) is set on the General tab of the McAfee Agent policy page. This setting determines how often the agent calls in to the server. The default setting of 60 minutes means that the agent contacts the server once every hour.
Page 63: Superagents And Broadcast Wake-Up Calls
• On a schedule set by the administrator — This approach is useful when agent-server communication has been disabled on the General tab of the McAfee Agent policy catalog. The administrator can create and deploy a wake-up task , which triggers a wake-up call on a schedule.
Page 64 HP-UX 11i v2 (build 11.23) IBM AIX 5.3 (TL8 or later) Power 5 IBM AIX 6.1 Power 5 McAfee Email and Web Security 3100 Not applicable McAfee Email and Web Security 3200 Red Hat Linux Enterprise 4 x86, x64 or compatible Red Hat Linux Enterprise 5 Solaris 8;...
Page 65: Installing The Mcafee Agent
Prevention (DEP). Installing the McAfee Agent The installation procedure for the McAfee Agent varies depending on: • The operating system in use — Windows, Solaris, HB-UX, Macintosh, or Linux. • The type of installation — First-time installation or upgrade on a system already hosting an agent.
Page 66 Installing on Windows from ePolicy Orchestrator You must have administrator privileges on the Windows system to perform this task. The agent extension must be installed on the ePolicy Orchestrator server before the agent is installed on any clients. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 67 The agent extension must be installed on the ePO server before the agent is installed on any target systems. McAfee recommends that you refer to the release notes to verify that you are using the most current package and extension.
Page 68 Installing on UNIX-based operating systems Installing on Windows manually This method is appropriate if your organization requires that software is installed on systems manually. You can install the agent on the system, or distribute the FramePkg.exe installer for McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 69 Check in the agent package to one of the repository branches, Current (default), Previous, or Evaluation. TIP: The path includes the name of the selected repository. For example, if checked in to the Current branch of the ePO software repository, the path of the required files is: McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 70 Type the appropriate Credentials for agent installation, then click OK. When prompted, select the file to be downloaded. Click to open the file. Right-click to save the file. Distribute the custom installation package file as needed. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 71 Before you begin • McAfee recommends first creating segments of your System Tree that use either network domain names or sorting filters that add the expected systems to the desired groups. If you don’t, all systems are added to the Lost&Found group, and you must move them manually.
Page 72 Including the agent on an image When you include the McAfee Agent on an image, you must remove its GUID from the registry. This allows subsequently installed agent images to generate their own GUID at their first agent-server communication.
Page 73 For option definitions, click ? in the interface. Click Menu | Automation | Server Tasks, then click Edit in the row labeled Duplicate Agent GUID - remove systems. The Server Task Builder wizard opens. On the Description page, select Enabled. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 74 System Tree. However, McAfee does not recommend this procedure if you are importing large domains or Active Directory containers. Those activities generate significant network traffic.
Page 75 If you are deploying agents to a group, select whether to include systems from its subgroups. If desired, select one of these options: • Install only on systems that do not already have an agent managed by this ePO server • Force installation over existing version McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 76 Orchestrator to updater (unmanaged) mode. Information is provided for converting from managed mode to unmanaged mode. Use these tasks to enable agents on existing McAfee products in your environment so that they work with ePolicy Orchestrator or to disable management of systems by ePolicy Orchestrator.
Page 77 For example, on HP-UX, Linux, and Solaris systems, the location is . On /opt/McAfee/cma/bin Macintosh systems, the location is /Library/McAfee/cma/bin /opt/McAfee/cma/bin/msaconfig -m -d <path of location containing srpubkey.bin, reqseckey.bin and SiteList.xml> [-nostart] NOTE: Optional indicates that the agent does not restart after changing mode.
Page 78: Agent Installation Folder - Windows
Script for starting and stopping the agent, manually and when called by the system. /opt/McAfee/cma/ All binaries, logs, agent working area. Configuration and management information (including /etc/cma.d/ GUID and agent version) needed to manage Linux point-products. /etc/ cma.conf McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 79: The Agent Installation Package
This is the installation package that the server uses to distribute and install agents. Other FramePkg.exe files are created when: • Agent packages are checked in to any branch of the repository (Previous, Current, or Evaluation) McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 80: Agent Installation Command-Line Options
Specifies that the existing agent is uninstalled, then the new agent is installed. Use this option only to change the installation directory or to downgrade the agent. When using this option, McAfee recommends specifying a different directory for the new installation (/INSTDIR).
Page 81: Assigning Values To Custom Properties
For full ePolicy Orchestrator functionality, upgrade to agent version 4.5 or later. Tasks Upgrading agents using product deployment task Upgrading agents manually or with login scripts Restoring a previous version of the agent (Windows) Restoring a previous version of the agent (UNIX) McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 82: Upgrading Agents Using Product Deployment Task
Periodically, McAfee releases newer versions of the agent, which can be deployed and managed using ePolicy Orchestrator. When the agent installation package is available, you can download it from the McAfee download site, check it in to the master repository, then use the deployment task to upgrade the agent.
Page 83: Upgrading Agents Manually Or With Login Scripts
Tasks, policies and other data are restored at the first agent-server communication following reinstallation. Configuring Agent Policies Agent policy general settings are specified on the Policy Catalog pages of the ePolicy Orchestrator console, including policies for events, logging, repositories, updates, and proxy. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 84: About Agent Policy Settings
Before distributing a large number of agents throughout your network, consider carefully how you want the agent to behave in the segments of your environment. Although you can configure agent policy settings after agents are distributed, McAfee recommends setting them prior to the distribution, to prevent unnecessary impact on your resources.
Page 85 If you plan to use Automatic Responses, McAfee recommends that you enable priority uploading of higher severity events for those features to function as intended. You can enable priority uploading of events on the Events tab of the McAfee Agent policy pages. Selecting a repository Use this task to set the policy for repository selection.
Page 86: Proxy Settings For The Agent
Configuring Agent Policies Proxy settings for the agent To access the McAfee update sites, the agent must be able to access the Internet. Use the agent policy settings to configure proxy server settings for managed systems. The Proxy tab of the McAfee Agent policy pages includes these settings: •...
Page 87: Retrieving System Properties
Use this task to schedule a client task for a group. Task For option definitions, click ? in the interface. Click Menu | Systems | System Tree | Client Tasks. In the System Tree, select the group to be configured. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 88: Creating A New Scheduled Client Task
Creating a new scheduled client task Use this task to create a new client task that runs on a schedule, such as a mirror task, update task, and McAfee Agent wake-up task. Task For option definitions, click ? in the interface.
Page 89: Configuring Selected Systems For Updating
Use this task to verify that the properties match the policy changes you have made. This is useful for troubleshooting. The available properties depend on whether you configured the agent to send full or minimal properties on the McAfee Agent policy pages. Task For option definitions, click ? in the interface.
Page 90: Viewing System Information
Set the scheduled wake-up call Click Menu | Systems | System Tree | Client Tasks | <select a wake-up task or create a New Task> | Type = McAfee Agent Wakeup | Next. Select Send all properties defined by the agent...
Page 91: Windows System And Product Properties Reported By The Agent
This list shows the kinds of product data that are reported to ePolicy Orchestrator by the McAfee software installed on your system. If you find errors in the reported values, review the details of your products before concluding that they are incorrectly reported.
Page 92: Sending Manual Wake-Up Calls To Systems
Before you begin Before sending the agent wake-up call to systems, make sure that Enable agent wake-up call support is enabled and applied on the General tab of the McAfee Agent policy pages. It is enabled by default. Task For option definitions, click ? in the interface.
Page 93: Making The System Tray Icon Visible
Click Menu | Systems | System Tree | Assigned Policies | <Product = McAfee Agent>. Click a policy, for example McAfee Default. The McAfee Agent General tab for the selected policy opens. Select Show the McAfee system tray icon (Windows only).
Page 94: Running A Manual Update
NOTE: The agent interface is available on the managed system only if you selected Show McAfee system tray icon on the General tab of the McAfee Agent policy pages. Tasks Running a manual update Enforcing policies...
Page 95: Updating Policies
Use this Windows-only task to prompt the agent on the managed system to call in to the server to update policy settings. Task On the managed system, right-click the McAfee system tray icon, then select McAfee Agent | Status Monitor. Click Check New Policies. The policy-checking activity is displayed in the Agent Status Monitor.
Page 96: Forcing The Agent To Call In To The Server
Task On the managed system, right-click the McAfee system tray icon. Select About to view information about the agent: • Computer name •...
Page 97: Agent Command-Line Options
Displays the Agent Monitor and its options. Using the system tray icon In a Windows environment, if the agent policy has been set to show the McAfee icon in the system tray of the managed system, the user can access shortcuts to information and functionality of managed products.
Page 98: Making The System Tray Icon Visible
Click Menu | Systems | System Tree | Assigned Policies | <Product = McAfee Agent>. Click a policy, for example McAfee Default. The McAfee Agent General tab for the selected policy opens. Select Show the McAfee system tray icon (Windows only).
Page 99: Running Frminst.exe From The Command Line
When you delete a group, all of its child groups and systems are also deleted. Task For option definitions, click ? in the interface. Click Menu | Systems | System Tree, then select a group to be deleted. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 100: Removing Agents From Systems In Query Results
-e MFEcma rpm -e MFErt NOTE: Be certain to follow the order listed here. Macintosh /Library/McAfee/cma/uninstall.sh Solaris pkgrm MFEcma Click Menu | Systems | System Tree, then select the systems you have uninstalled. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 101: Agent Activity Logs
This log file records agent activity related to things such as policy enforcement, agent-server communication, and event forwarding. You can define a size limit of this log file. On the Logging tab of the McAfee Agent policy pages, you can configure the level of agent activity that is recorded.
Page 102 Distributing Agents to Manage Systems Agent Activity Logs On the managed system, right-click the McAfee Agent icon in the system tray, then select Status Monitor. The Status Monitor displays the agent activity log. When finished viewing the agent activity log, close the Status Monitor.
Page 103: Organizing The System Tree
System Tree. TIP: Many factors can influence how you should create and organize your System Tree. McAfee recommends taking time to review this entire guide before you begin creating your System Tree.
Page 104: The System Tree
If you delete systems from the System Tree, be sure you select the option to remove their agents. If the agent is not removed, deleted systems reappear in the Lost&Found group because the agent continues to communicate to the server. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 105: Considerations When Planning Your System Tree
System Tree only once. Because every network is different and requires different policies — and possibly different management — McAfee recommends planning your System Tree before implementing the ePO software. Regardless of the methods you choose to create and populate the System Tree, consider your environment while planning the System Tree.
Page 106: Environmental Borders And Their Impact On System Organization
These borders influence the organization of the System Tree differently than the organization of your network topology. McAfee recommends evaluating these borders in your network and organization, and whether they must be considered when defining the organization of your System Tree.
Page 107: Tags And Systems With Similar Characteristics
• Apply and remove existing tags to systems in the groups where they have access. • Exclude systems from receiving specific tags. • Use queries to view and take actions on systems with certain tags. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 108: Active Directory And Nt Domain Synchronization
• Allow or disallow duplicate entries of systems that already exist elsewhere in the System Tree. Use the Synchronize Now action to import Active Directory systems (and possibly structure) into the System Tree according to the synchronization settings. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 109 Use this synchronization type when you use Active Directory as a regular source of systems for ePolicy Orchestrator, but the organizational needs for security management do not coincide with the organization of containers and systems in Active Directory. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 110: Nt Domain Synchronization
Although this page does not display the sorting status of systems, if you select systems on the page (even ones with sorting disabled), clicking Move Systems places those systems in the location identified. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 111: How Settings Affect Sorting
Check IP Integrity action in the Group Details tab Tag-based sorting criteria In addition to using IP address information to sort systems into the appropriate group, you can define sorting criteria based on the tags assigned to systems. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 112: Group Order And Sorting
The server applies all criteria-based tags to the system if the server is configured to run sorting criteria at each agent-server communication. What happens next depends on whether System Tree sorting is enabled on both the server and the system. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 113: Working With Tags
Applying criteria-based tags automatically to all matching systems Creating tags with the Tag Builder Use this task to create a tag with the New Tag Builder wizard. Tags can use criteria that’s evaluated against every system: McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 114: Excluding Systems From Automatic Tagging
Click Menu | Systems | Tag Catalog, then select the desired tag in the list of tags. b Next to Systems with tag in the details pane, click the link for the number of systems excluded from criteria-based tag application. The Systems Excluded from the Tag page appears. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 115: Applying Tags To Selected Systems
Click OK. Verify the systems have the tag applied: a Click Menu | Systems | Tag Catalog, then select the desired tag in the list of tags. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 116: Creating And Populating Groups
There is no single way to organize a System Tree, and because every network is different, your System Tree organization can be as unique as your network layout. Although you won’t use each method offered, you can use more than one. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 117 IP address and tag sorting criteria. Although you can create a detailed System Tree with many levels of groups. McAfee recommends that you create only as much structure as is useful. In large networks, it is not uncommon to have hundreds or thousands of systems in the same container.
Page 118: Creating Groups Manually
Adding systems manually to an existing group Use this task to import systems from your Network Neighborhood to groups. You can also import a network domain or Active Directory container. Task For option definitions, click ? in the interface. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 119: Importing Systems From A Text File
Select either a specific Agent Handler or all Agent Handlers. Click OK. Importing systems from a text file Use these tasks to create a text file of systems and groups to import into the System Tree. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 120 Select Import systems from a text file into the selected group, but do not push agents. Select whether the import file contains: • Systems and System Tree Structure • Systems only (as a flat list) Click Browse, then select the text file. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 121: Sorting Systems Into Criteria-Based Groups
Enabling System Tree sorting on the server Use this task to enable System Tree sorting on the server. System Tree sorting must be enabled on the server and the desired systems for systems to be sorted. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 122 If you want to preview the results of the sort before sorting, click Test Sort instead. (However, if you move systems from within the Test Sort page, all selected systems are sorted, even if they have System Tree sorting disabled.) Click OK to sort the systems. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 123: Importing Active Directory Containers
System Tree. This should be the group to which you want to map an Active Directory container. NOTE: You cannot synchronize the Lost&Found group of the System Tree. Figure 5: Synchronization Settings page Next to Synchronization type, click Edit. The Synchronization Settings page for the selected group appears. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 124 TIP: McAfee recommends that you do not deploy the agent during the initial import if the container is large. Deploying the 3.62 MB agent package to many systems at once may cause network traffic issues. Instead, import the container, then deploy the agent to groups of systems at a time, rather than all at once.
Page 125: Importing Nt Domains To An Existing Group
• Schedule a recurring NT Domain/Active Directory Synchronization server task for easy maintenance. Task For option definitions, click ? in the interface. Click Menu | Systems | System Tree | Group Details and select or create a group in the System Tree. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 126 TIP: McAfee recommends that you do not deploy the agent during the initial import if the domain is large. Deploying the 3.62 MB agent package to many systems at once may cause network traffic issues. Instead, import the domain, then deploy the agent to smaller groups of systems at a time, rather than all at once.
Page 127: Synchronizing The System Tree On A Schedule
From the drop-down list, select Active Directory Synchronization/NT Domain. Select whether to synchronize all groups or selected groups. If you are synchronizing only some synchronized groups, click Select Synchronized Groups and select specific ones. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 128: Updating The Synchronized Group With An Nt Domain Manually
For option definitions, click ? in the interface. Click Menu | Systems | System Tree | Systems and then browse to and select the systems. Click Actions | Directory Management | Move Systems. The Select New Group page appears. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 129: Transferring Systems Between Epo Servers
System Tree of the target server. The length of time required to complete both agent-server communications depends on your configuration. The default agent-server communication interval is one hour. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 130: Creating Repositories
This repository is the source for the rest of your environment. The master repository is configured when ePolicy Orchestrator is installed. However, you must ensure that proxy server settings are configured correctly. By default, ePolicy Orchestrator uses Microsoft Internet Explorer proxy settings. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 131 Source sites are not required. You can download updates manually and check them in to your master repository. However, using a source site automates this process. McAfee posts software updates to these sites regularly. For example, DAT files are posted daily. Update your master repository with updates as they are available.
Page 132: Types Of Distributed Repositories
If you are unable to use managed distributed repositories, ePolicy Orchestrator administrators can create and maintain distributed repositories that are not managed by ePolicy Orchestrator. If a distributed repository is not managed, a local administrator must keep it up-to-date manually. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 133: Repository Branches And Their Purposes
Once the distributed repository is created, use ePolicy Orchestrator to configure managed systems of a specific System Tree group to update from it. NOTE: Refer to Enabling the agent on unmanaged McAfee products so that they work with ePolicy Orchestrator for configuration of unmanaged systems. TIP: McAfee recommends that you manage all distributed repositories through ePolicy Orchestrator.
Page 134: Repository List File And Its Uses
Figure 7: Sites and repositories delivering packages to systems The master repository regularly pulls DAT and engine update files from the source site. The master repository replicates the packages to distributed repositories in the network. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 135: Ensuring Access To The Source Site
Security Threats dashboard monitor can access the Internet when using the McAfeeHttp and the McAfeeFtp sites as source and fallback sites. This section describes the steps for configuring the ePO master repository, the McAfee Agent and MyAvert to connect to the download site directly or via a proxy. The default selection is Do not use proxy.
Page 136: Configuring Proxy Settings For Myavert Security Threats
Task For option definitions, click ? in the interface. Click Menu | Policy | Policy Catalog, then from the Product list click McAfee Agent, and from the Category list, select General. A list of agents configured for the ePO server appears.
Page 137: Working With Source And Fallback Sites
You can edit settings, delete existing source and fallback sites, or switch between them. McAfee recommends using the default source and fallback sites. If you require different sites for this purpose, you can create new ones.
Page 138: Editing Source And Fallback Sites
Use this task to edit the settings of source or fallback sites, such as URL address, port number, and download authentication credentials. Before you begin You must have appropriate permissions to perform this task. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 139: Deleting Source Sites Or Disabling Fallback Sites
This task assumes that you know where the desired systems are located in the System Tree. McAfee recommends that you create a “SuperAgent” tag so that you can easily locate the systems with the Tag Catalog page, or by running a query.
Page 140: Selecting Which Packages Are Replicated To Superagent Repositories
If the folder you specify cannot be created, one of two folders is created: • <DOCUMENTS AND SETTINGS>\ ALL USERS\APPLICATION DATA\MCAFEE\FRAMEWORK\DB\SOFTWARE • <AGENT INSTALLATION PATH>\DATA\DB\SOFTWARE In addition, the location is added to the repository list (SiteList.xml) file.
Page 141: Deleting Superagent Distributed Repositories
Task For option definitions, click ? in the interface. Open the desired McAfee Agent policy pages (in edit mode) from the desired assignment point in the System Tree or from the Policy Catalog page. On the General tab, deselect Use systems running SuperAgents as distributed repositories, then click Save.
Page 142: Adding The Distributed Repository To Epolicy Orchestrator
Click Test Credentials. After a few seconds, a confirmation message appears, stating that the site is accessible to systems using the authentication information. If credentials are incorrect, check the following: • User name and password McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 143: Avoiding Replication Of Selected Packages
Click Menu | Software | Distributed Repositories, then select Edit Settings next to the desired repository. The Distributed Repository Builder wizard opens. On the Package Types page, deselect the package that you want to avoid being replicated. Click Save. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 144: Disabling Replication Of Selected Packages
Click Menu | Software | Distributed Repositories, then select Edit Settings next to the desired repository. The Distributed Repository Builder wizard opens, displaying the details of the distributed repository. Change configuration, authentication, and package selection options as needed. Click Save. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 145: Deleting Distributed Repositories
Click Save, browse to the location to save the SiteList.xml file, then click Save. Once you have exported this file, you can import it during the installation of supported products. For instructions, see the Installation Guide for that product. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 146: Exporting The Repository List Sitemgr.xml File For Backup Or Use By Other Servers
Browse to select the exported SiteMgr.xml file, then click OK. The Import Repositories page appears. Select the desired distributed repositories to import into this server, then click OK. The selected repositories are added to the list of repositories on this server. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 147: Importing Source Sites From The Sitemgr.xml File
Next. The Repository Selection page appears. Select the desired distributed repositories, then click Next. The Credentials page appears. Edit the credentials as needed, then click Next. The Summary page appears. Review the information, then click Save. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 148: Managing Your Network With Policies And Client Tasks
The extensions contain the files, components, and information necessary to manage such a product. Extensions replace the NAP files of previous releases. Functionality that extensions add When a managed product extension is installed, added functionality can include: McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 149: Policy Management
Menu | Systems | System Tree | Assigned Policies page, select a group, then select a Product from the drop-down list. NOTE: A McAfee Default policy exists for each category. You cannot delete, edit, export or rename these policies, but you can copy them and edit the copy. How policy enforcement is set For each managed product or component, choose whether the agent enforces all or none of its policy selections for that product or component.
Page 150: Policy Application
The frequency of this communication is determined by the Agent-to-server-communication interval (ASCI) settings on the General tab of the McAfee Agent policy pages, or the McAfee Agent Wakeup client task schedule (depending on how you implement agent-server communication). This interval is set to occur once every 60 minutes by default.
Page 151: Creating Policy Management Queries
Therefore, if you wish to use a policy owned by a different user, McAfee recommends that you first duplicate the policy, then assign the duplicate to the desired locations. This provides you ownership of the assigned policy.
Page 152: Client Tasks And What They Do
Like policy settings, client tasks are inherited from parent groups in the System Tree. Which extension files are installed on your ePO server determines which client tasks are available. Client tasks are commonly used for: • Product deployment McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 153: Bringing Products Under Management
Use this task to view the groups and systems where a policy is assigned. This list shows the assignment points only, not each group or system that inherits the policy. Task For option definitions, click ? in the interface. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 154: Viewing The Settings Of A Policy
The owners of the policy are displayed under Owner. Viewing assignments where policy enforcement is disabled Use this task to view assignments where policy enforcement, per policy category, is disabled. Task For option definitions, click ? in the interface. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 155: Viewing Policies Assigned To A Group
The desired policy row, under Inherit from, displays the name of the group from which the policy is inherited. Viewing and resetting broken inheritance Use this task to view where policy inheritance is broken. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 156: Working With The Policy Catalog
When you create a policy here, you are adding a custom policy to the Policy Catalog. You can create policies before or after a product is deployed. Task For option definitions, click ? in the interface. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 157: Duplicating A Policy On The Policy Catalog Page
Click Menu | Policy | Policy Catalog, then select the Product and Category from the drop-down lists. All created policies for the selected category appear in the details pane. Locate the desired policy, then click Edit Settings next to it. Edit the settings as needed, then click Save. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 158: Renaming A Policy From The Policy Catalog
If you don’t want the group or system to inherit the policy from the parent group, assign a different policy . If you delete a policy that is applied to the My Organization group, the McAfee Default policy of this category is assigned.
Page 159: Changing The Owners Of A Policy
Use this task to export all policies of a product to an XML file. Use this file to import the policy to another ePO server, or to keep as a backup of the policies. Task For option definitions, click ? in the interface. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 160: Assigning A Policy To A Group Of The System Tree
Click Save. Assigning a policy to a managed system Use this task to assign a policy to a specific managed system. You can assign policies before or after a product is deployed. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 161: Assigning A Policy To Multiple Managed Systems Within A Group
Click Menu | Systems | System Tree | Assigned Policies, then select the desired group in the System Tree. Select the desired Product, then click the link next to Enforcement Status. The Enforcement page appears. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 162: Enforcing Policies For A Product On A System
Use this task to copy policy assignments from a group in the System Tree. Task For option definitions, click ? in the interface. Click Menu | Systems | System Tree | Assigned Policies, then select the desired group in the System Tree. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 163 System Tree. All of the systems belonging to the selected group appear in the details pane. Select the system where you want to paste policy assignments, then click Actions | Agent | Modify Policies on a Single System. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 164: Working With Client Tasks
Click Edit Settings next to the task. The Client Task Builder wizard opens. Edit the task settings as needed, then click Save. The managed systems receive these changes the next time the agents communicate with the server. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 165: Deleting Client Tasks
What are the McAfee Default and My Default policies? Upon installation, each policy category contains at least two policies. These are named McAfee Default and My Default. These are the only policies present for first-time installations. The configurations for both, initially, are the same.
Page 166: Sharing Policies Among Epo Servers
Use this task to register the servers that will share a policy. Before you begin McAfee recommends that you set up policy sharing in a specific sequence. If you have not already designated the policies you want to share, see Designating a policy for sharing before completing this task.
Page 167: How Policy Assignment Rules Work
Use this task to schedule a server task so that policies are shared among multiple ePO servers. Before you begin McAfee recommends that you set up policy sharing in a specific sequence. Before completing this task, be sure that you have completed these tasks:...
Page 168: Policy Assignment Rule Priority
Managing policy assignment rules Creating policy assignment rules Use this task to create policy assignment rules. Policy assignment rules allow you to enforce permissions and criteria based policies for individual users accessing your network. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 169 Edit the priority of a Click Edit Priority. The Policy Assignment Rule | Edit Priority page opens, where you change policy assignment the priority of policy assignment rules using the drag-and-drop handle. rule McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 170 Managing your Network with Policies and Client Tasks How policy assignment rules work To do this... Do this... View the summary of Click > in the selected assignment row. a policy assignment rule McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 171: Deploying Software And Updates
The ePolicy Orchestrator deployment infrastructure supports deploying products and components, as well as updating both. Each McAfee product that ePolicy Orchestrator can deploy provides a product deployment package zip file. The zip file contains product installation files, which are compressed in a secure format.
Page 172 A key is used to encrypt or decrypt sensitive data. You are notified when you check in packages that are not signed by McAfee. If you are confident of the content and validity of the package, continue with the check-in process. These packages are secured in the same manner described above, but are signed by ePolicy Orchestrator when they are checked in.
Page 173: Product And Update Deployment
You can run the Product Deployment task for any group or individual system. When deciding how to stage your product deployment, McAfee recommends considering the size of the package and the available bandwidth between the master or distributed repositories and the managed systems.
Page 174: Update Tasks
Deploying Software and Updates Product and update deployment If you are deploying McAfee products or components that are installed on a subset of your managed systems: Use a tag to identify these systems. Move the tagged systems to a group.
Page 175: Pull Tasks
Pull tasks Use pull tasks to update your master repository with DAT and engine update packages from the source site. DAT and engine files must be updated often. McAfee releases new DAT files McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 176: Replication Tasks
Thursday. You can also use the Pull Now task to check updates in to the master repository immediately. For example, when McAfee alerts you to a fast-spreading virus and releases a new DAT file to protect against it. If a pull task fails, you must check the packages in to the master repository manually.
Page 177: Repository Selection
New distributed repositories are added to the repository list file containing all available distributed repositories. The agent of a managed system updates this file each time it communicates with the ePO server. The agent performs repository selection each time the agent (McAfee Framework Service) service starts, and when the repository list changes.
Page 178: Checking In Packages Manually
A SuperAgent call also occurs, forcing the package to be installed on all the managed systems. • Package signing — Specifies if the package is signed by McAfee or is third-party package. Click Save to begin checking in the package. Wait while the package is checked in.
Page 179: Using The Product Deployment Task To Deploy Products To Managed Systems
The information you add here is visible only when you open the task at this group, or at a child group that inherits the task from this group. Select Product Deployment (McAfee Agent) from the Type drop-down menu. Next to Tags, select the desired platforms to which you are deploying the packages: •...
Page 180: Configuring The Deployment Task To Install Products On A Managed System
• Set the Action to Install, then select the Language of the package, and the Branch. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 181: Deploying Update Packages Automatically With Global Updating
• There must be a SuperAgent in each broadcast segment that you want to receive the SuperAgent wake-up call. • Only global administrators can perform this task. Task For option definitions, click ? in the interface. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 182 NOTE: Be sure to run a Pull Now task and schedule a recurring Repository Pull server task, when you are ready for the automatic updating to begin. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 183: Deploying Update Packages With Pull And Replication Tasks
Replicating packages from the master repository to distributed repositories Using pull tasks to update the master repository Use either of these tasks to update the contents of the master repository from the McAfee update site or from a user-configured source site.
Page 184 • Proxy settings must be configured to allow the master repository to access the source site. Task For option definitions, click ? in the interface. Click Menu | Software | Master Repository, then click Actions | Pull Now. The Pull Now wizard opens. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 185: Replicating Packages From The Master Repository To Distributed Repositories
On the Description page, name and describe the task. Choose whether to enable or disable the task, then click Next. The Actions page appears. Disabled tasks can be run manually, but do not run at scheduled times. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 186 Now. The Replicate Now wizard opens. On the Repositories page, select which distributed repositories participate in the replication, then click Next. If you are not sure which distributed repositories need to be updated, replicate to them all. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 187: Configuring Agent Policies To Use A Distributed Repository
Use this task to customize how agents select distributed repositories. Task For option definitions, click ? in the interface. Click Menu | Policy | Policy Catalog, then click Product | McAfee Agent. Click Edit Settings of an existing agent policy. Select the Repositories tab.
Page 188: Using Local Distributed Repositories That Are Not Managed
Configure an agent policy for managed systems to use the new unmanaged distributed repository: a Click Menu | Policy | Policy Catalog, then click Product | McAfee Agent. b Click Edit Settings of an existing agent policy, or create a new agent policy.
Page 189: Checking In Engine, Dat And Extradat Update Packages Manually
(of the same type that you are checking in) to the Previous branch. Click Save to begin checking in the package. Wait while the package is checked in. The new package appears in the Packages in Master Repository list on the Master Repository page. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 190: Updating Managed Systems Regularly With A Scheduled Update Task
Updating managed systems regularly with a scheduled update task Use this task to create and configure update tasks. If you are not using global updating, McAfee recommends using a daily Update client task to ensure systems are up-to-date with the latest DAT and engine files.
Page 191: Evaluating New Dats And Engines Before Distribution
Create or select a group in the System Tree to serve as an evaluation group, and create a McAfee Agent policy for the systems to use only the Evaluation branch (in the Repository Branch Update Selection section of the Updates tab). For additional information, see Configuring the Deployment task for groups of managed systems .
Page 192: Manually Moving Dat And Engine Packages Between Branches
For option definitions, click ? in the interface. Click Menu | Software | Master Repository. The Packages in Master Repository table appears. In the row of the desired package, click Delete. The Delete Package dialog box appears. Click OK. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 193: Reporting On System Status
• Server Task log • Threat Event log To get you started, McAfee includes a set of default queries that provide the same information as the default reports of previous versions. Are you setting up queries for the first time? When setting up queries for the first time: Understand the functionality of queries and the Query Builder wizard.
Page 194: Public And Personal Queries
My Groups list. Public queries that are migrated are located in the Shared Groups list in the Migrated Queries group. Query permissions Use query permissions to assign specific levels of query functionality to permission sets, which are assigned to individual users. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 195: Query Builder
• Boolean Pie Chart • Pie Chart Bar: • Grouped Bar Chart • Singe Group Bar Chart • Stacked Bar Chart Summary: • Multi-group Summary Table • Single Group Summary Table Line: • Multi-line Chart McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 196: Working With Queries
Select the type of chart or table to display the primary results of the query, then click Next. The Columns page appears. NOTE: If you select Boolean Pie Chart, you must configure the criteria to include in the query. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 197: Running An Existing Query
Click Menu | Automation | Server Tasks, then click Actions | New Task. The Server Task Builder wizard opens. On the Description page, name and describe the task, then click Next. The Actions page appears. From the Actions drop-down menu, select Run Query. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 198 This action is intended for compliance-based Boolean pie chart queries that retrieve data on managed systems (for example, the McAfee Agent and VirusScan Enterprise Compliance Summary default queries).
Page 199: Making A Personal Query Group
• Executive Reviewer — Only users designated as an Executive Reviewer can view the results. • Global Reviewer — Only users designated as a Global Reviewer can view the results. • Group Admin — Only users designated as a Group Admin can view the results. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 200: Making Existing Personal Queries Public
Type a name for the duplicate and select a group to receive a copy of the query, then click Sharing a query between ePO servers Use these tasks to import and export a query for use among multiple servers. Tasks Exporting queries for use by another ePO server Importing queries McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 201: Exporting Query Results To Other Formats
Select the format of the exported file. If exporting to a PDF file, configure the following: • Select the Page size and Page orientation. Optionally select: • Show filter criteria. • Include a cover page with these text and include the needed text. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 202: Multi-Server Rollup Querying
Before you begin Using the Rolled-Up Compliance History result type requires: • A Boolean pie chart query based on managed systems be created on each server. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 203 Depending on the size of your network and the number of managed systems you have, performing the Rollup Data server task can be time intensive. McAfee recommends performing this task during off-peak hours, and using the incremental rollup option whenever possible.
Page 204: Creating A Query To Define Compliance
From the Actions drop-down menu, select Run Query. Click browse (...) next to the Query field and select a query. The Select a query from the list dialog box appears with the My Groups tab active. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 205: The Audit Log
Reporting On System Status The Audit Log Select the compliance-defining query. This could be a default query, such as McAfee Agent and VirusScan Enterprise (for Windows) Compliance Summary in the Shared Groups section, or a user-created query, such as one described in Creating a query to define compliance .
Page 206 You must have appropriate permissions to perform this task. Task For option definitions, click ? in the interface. Click Menu | Automation | Server Tasks, then click Actions | New Task. The Server Task Builder wizard opens to the Description page. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 207: The Server Task Log
• Event Migration (3.6.x -> 4.x) — If you upgrade from a previous ePolicy Orchestrator installation, this task migrates events from the old database to the new database, so that you can run queries against your historical data. McAfee recommends scheduling this task to run at off hours as soon as possible after upgrading.
Page 208 • Delete Systems — Deletes specified systems from the System Tree. You can also remove the agent from the systems at the same time. • Deploy McAfee Agent — Installs the agent on the Windows systems managed by that ePO server.
Page 209 • Share Policies — Synchronizes all policies with other registered servers. • System Search — Searches for a system based on the specified tag or group. • Update Sensor Deployment Client Tasks — Disabled by default, this action updates all sensor deployment client tasks. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 210: Working With The Server Task Log
30 days, or by Failed or In Progress task status. Task For option definitions, click ? in the interface. Click Menu | Automation | Server Task Log. Select the desired filter from the Filter drop-down list. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 211: Allowed Cron Syntax When Scheduling A Server Task
• The letter "W" means "weekday". So, if you created a Day of Month as " ", this means the weekday closest to the 15th of the month. Also, you can specify " ", which means the last weekday of the month. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 212: The Threat Event Log
• File Path — File path of the system which sent the event. • Host Name — Name of the system which sent the event. • IPv4 Address — IPv4 address of the system which sent the event. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 213: Working With The Threat Event Log
Click any of the column titles to sort the events. You can also click Actions | Choose Columns and the Select Columns to Display page appears. From the Available Columns list, select different table columns that meet your needs, then click Save. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 214: Data Exports From Any Table Or Chart
Review the task’s details, then click Save. Data exports from any table or chart Data in any chart or table in ePolicy Orchestrator can be exported to four different formats. Exported results are historical data and are not refreshed. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 215 • HTML — Use this report format to view the exported results as a web page. • PDF — Use this report format when you need to print the results. Exported data can be named and saved to any location, or emailed as attachments. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 216: Monitoring With Dashboards
NOTE: By default, when you log into ePolicy Orchestrator, the ePO Summary dashboard is the only dashboard you see until you make other dashboards active. To make a dashboard active, McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 217 • Quick System Search — You can search for systems by system name, IP address, MAC address, user name, or agent GUID. • McAfee Links — Displays links to McAfee technical support, escalation tools, virus information library, and more. • McAfee Agent and VirusScan Enterprise (for Windows) Compliance Summary —...
Page 218: Setting Up Dashboard Access And Behavior
Setting up dashboard access and behavior Use these tasks to ensure that users have the appropriate access to dashboards, and how often dashboards are refreshed. Tasks Giving users permissions to dashboards Configuring the refresh frequency of dashboards McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 219: Giving Users Permissions To Dashboards
Maximum page refresh interval is 60 minutes. Click Save. Working with Dashboards Use these tasks to create and manage dashboards. Tasks Creating dashboards Making a dashboard active Selecting all active dashboards Making a dashboard public McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 220: Creating Dashboards
Selecting all active dashboards Use this task to select all dashboards that make up your active set. Active dashboards are accessible on the tab bar under Dashboards. Task For option definitions, click ? in the interface. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 221: Making A Dashboard Public
The Manage Dashboards page appears. Select the desired dashboard from the Available Dashboards list, then click Make Public. Click OK when prompted. Click Close. The dashboard appears in the Public Dashboards list on the Manage Dashboards page. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 222: Detecting Rogue Systems
Even in a managed network environment, some systems might not have an active McAfee Agent on them. These can be systems that frequently log on and off the network, including test servers, laptops, or wireless devices.
Page 223: What Are Rogue Systems
Even in a managed network environment, some systems might not have an active McAfee Agent on them. These can be systems that frequently log on and off the network, including test servers, laptops, or wireless devices.
Page 224: Intelligent Filtering Of Network Traffic
You can configure the sensor to cache detection events for a given time period, such as one hour, then to send a single message containing all the events from that time period. For more information, see Configuring Rogue System Detection policy settings . McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 225: Systems That Host Sensors
Merging detected systems When the ePO server cannot automatically match detected systems, you can merge them manually using Merge systems. For example, the ePO server might not be able to match a McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 226: Rogue System Detection States
Systems states are separated into these categories: • Exceptions • Inactive • Managed • Rogue The percentage of compliant systems is the ratio of systems in the Managed and Exceptions categories to those in the Rogue and Inactive categories. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 227: Rogue System Sensor Status
Rogue systems are systems that are not managed by your ePO server. There are three rogue states: • Alien agent — These systems have a McAfee Agent that is not in the local ePO database, or any database associated with additional ePO servers you have registered with the local server.
Page 228: Subnet Status
The Top 25 Subnets list provides the subnet list, by name or IP, for the 25 subnets that contain the most rogue system interfaces on your network. When a top 25 subnet is selected, the rogue system interfaces it contains are displayed in the adjacent Rogue System Interfaces by Subnet table. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 229: Rogue Sensor Blacklist
Client Tasks . TIP: McAfee recommends that you configure policy settings before you deploy sensors to your network. Doing so ensures that the sensors work according to your intended use. For example, DHCP monitoring is disabled by default. As a result, if you deploy sensors to DHCP servers without enabling DHCP monitoring during your initial configuration, those sensors report limited information to the ePO server.
Page 230 Setting this value too low can overwhelm your server with system detections. Setting this value too high prevents you from having current information on system detections. TIP: McAfee recommends that you set the sensor’s detected system cache lifetime and the reporting time for active sensors settings to the same value. Detection settings Detection settings determine whether: •...
Page 231: Rogue System Detection Permission Sets
Permission set Rights Rogue System Detection • Create and edit Rogue System information; manage sensors. • Create and edit Rogue System information; manage sensors; deploy McAfee Agents and add to System Tree. • No permissions. • View Rogue System information.
Page 232: Configuring Rogue System Detection Policy Settings
Use this task to edit the Detected System Compliance settings. These settings are user-configured and have two important functions: • They specify the time-frame that determines the state of detected systems (Managed, Rogue, Exception, Inactive). McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 233: Editing Detected Systems Matching
In Static IP Ranges for Matching, type the static IP ranges to use when matching on static IP addresses. In Alternative McAfee Agent Ports, specify any alternate ports you want to use when querying detected systems to check for a McAfee Agent.
Page 234: Editing Rogue System Sensor Settings
Click Save. Editing Detected System Exception Categories Use this task to configure and edit the categories to use to manage exception systems in your network. Exceptions are system that you know are unmanaged (don't have a McAfee Agent on them). Task For option definitions, click ? in the interface.
Page 235: Editing Detected System Ouis
Removing systems from the Rogue Sensor Blacklist Viewing detected systems and their details Adding systems to the Exceptions list Use this task to add detected systems to the Exceptions list. Task For option definitions, click ? in the interface. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 236: Adding Systems To The Rogue Sensor Blacklist
| Detected Systems, then from the Rogue System Sensor Status monitor, click View Blacklist. Adding detected systems to the System Tree Use this task to add detected systems to the System Tree from the Detected Systems pages McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 237: Editing System Comments
Exceptions. Task For option definitions, click ? in the interface. Click Menu | Systems | Detected Systems, click Import/Export Exceptions from the Overall System Status monitor, then click the Export Exceptions tab. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 238: Importing Systems To The Exceptions List
Click Menu | Systems | Detected Systems, then click any category in the Overall System Status monitor. System Tree page. Click Menu | Systems | System Tree. Task For option definitions, click ? in the interface. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 239: Querying Detected System Agents
Use this task to query Agents installed on detected systems. Not all detected systems have a McAfee Agent installed. The results of this task indicate whether an Agent is installed and provides links to details about the system and the agent, if available.
Page 240: Removing Systems From The Rogue Sensor Blacklist
Detected Systems Details page displays some information that is unique to Rogue System Detection. Working with sensors Use these tasks when working with sensors, for example, to change install or remove a sensor. Tasks Changing the sensor-to-server port number Installing sensors Editing sensor descriptions Removing sensors McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 241: Changing The Sensor-To-Server Port Number
Select the systems where you want to install sensors, then click Actions | Rogue Sensor | Install Rogue Sensor. • In the Managed Systems for Subnet xxx.xx.xx.x page, select the systems where you want to install sensors. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 242 Click Save and specify the name of your query and any notes, then click Save again. TIP: McAfee recommends using a product-specific prefix when naming your queries, to keep them organized and make them easier to find. For example, RSD: QueryName Click Menu | Automation | Server Tasks, then click Actions | New Task.
Page 243: Editing Sensor Descriptions
• In the Managed Systems for Subnet xxx.xx.xx.x page, select the systems where you want to remove sensors. • In the Systems Details page, you can remove the sensor from only the system you are viewing. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 244: Working With Subnets
Click Menu | Systems | Detected Systems, then click any category in the Subnet Status page monitor. Task For option definitions, click ? in the interface. Select the subnets you want to delete, click Actions, then select Detected Systems | Delete. In the Delete confirmation pane, click Yes. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 245: Ignoring Subnets
Use this task to rename subnets. This task can be Getting there performed from: Detected Subnets Click Menu | Systems | Detected Systems, click any subnet category in the Subnet Status Details page monitor, then click any subnet. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 246: Viewing Detected Subnets And Their Details
Overrides the Server Port configuration setting in the registry that you specified during installation. NOTE: This parameter takes effect only when running in command-line mode, which also --console requires the command-line switch. Sample syntax: sensor.exe --port “8081” --console McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 247: Default Rogue System Detection Queries
Returns the details of systems detected on your network as rogue systems in the last seven OUI (Last 7 Days) days, grouped by organizationally unique identifier, in pie chart format. Subnet Coverage Returns the details of detected subnets on your network, in pie chart format. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 248: Setting Up Automatic Responses
• Registered executables — Specify a list of registered executables to run when the conditions of a rule are met. • Rogue System Detection permission — Create or edit permission sets and ensure that they are assigned to the appropriate ePO users. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 249: Automatic Responses And How It Works
• Throttling • Grouping Aggregation Use aggregation to determine the thresholds of events when the rule sends a notification message. For example, configure the same rule to send a notification message when the server McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 250: Default Rules
Sends a notification message when any events are detected Detected events received from the Generate Compliance Event server task. RSD: Query New Rogue New rogue system detected Queries the newly detected system for a McAfee Detection Agent. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 251: Planning
If the currently applied policy is not set for immediate uploading of events, either edit the currently applied policy or create a new McAfee Agent policy. This setting is configured on the Threat Event Log page. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 252: Determining Which Events Are Forwarded
Configuring Automatic Responses Task For option definitions click ? in the interface. Click Menu | Policy | Policy Catalog, then click Product | McAfee Agent. Click Edit Settings of an existing agent policy. On the Events tab, select Enable priority event forwarding.
Page 253 Systems Tree to create a response rule. Task For option definitions click ? in the interface. Click Menu | User Management | Permission Sets, then select either New Permission Set or an existing one. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 254: Working With Snmp Servers
IPv4 — Specifies the IPv4 address of the server ( • IPv6 — Specifies the IPv6 address of the server xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/yyy Security Specifies the security details of the SNMP server. • Community — Specifies the community name of the SNMP protocol. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 255 TVD-MIB.mib EPO-MIB.mib These files allow your network management program to decode the data in the SNMP traps into meaningful text. The EPO-MIB.mib file depends on the other two files to define the following traps: McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 256: Working With Registered Executables And External Commands
Before you begin You must have appropriate permissions to perform this task. You must use a browser session from the ePO server system. Task For option definitions, click ? in the interface. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 257 Use this task to duplicate a registered executables to your available resources. Before you begin You must have appropriate permissions to perform this task. You must use a browser session from the ePO server system. Task For option definitions, click ? in the interface. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 258: Creating And Editing Automatic Response Rules
• Specify the language used by the response. • Specify the event type and group that triggers this response. • Enable or disable the rule. Task For option definitions click ? in the interface. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 259: Setting Filters For The Rule
Setting thresholds of the rule Use this task to define when the event triggers the rule on the Aggregation page of the Response Builder wizard. A rule’s thresholds are a combination of aggregation, throttling, and grouping. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 260: Configuring The Action For Automatic Response Rules
Click Next if finished, or click + to add another notification. If you want the notification message to be sent as an SNMP trap, select Send SNMP Trap from the drop-down list. a Select the desired SNMP server from the drop-down list. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 261: Frequently Asked Questions
Can I create a rule that generates notifications to multiple recipients? Yes. You can enter multiple email addresses for recipients in the Response Builder wizard. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 262 • Email (including standard SMTP, SMS, and text pager) • SNMP servers (via SNMP traps) • Any external tool installed on the ePolicy Orchestrator server • Issues • Scheduled server tasks McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 263: Managing Issues And Tickets
Users can create basic issues manually or the ePO server can automatically create issues in response to product events. For example, users with the proper permissions can configure McAfee Policy Auditor to automatically create a Benchmark Rule Compliance issue if a noncompliant system is discovered during an audit.
Page 264: Creating, Configuring, And Managing Issues
Type a meaningful name for the issue. Priority Assign a priority to the issue: • Unknown • Lowest • • Medium • High • Highest State Assign a state to the issue: • Unknown • • Assign • Resolved McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 265: Configuring Responses To Automatically Create Issues
Select properties to narrow the events that trigger the response. Click Next. The Aggregation page appears. Next to Aggregation, select one: • Trigger this response for every event — generates a response for every event. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 266 10 Type a name and description for the issue. Optionally, select one or more variables for the name and description. This feature provides an number of variables providing information to help fix the issue. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 267 12 Type the user to whom you want the issue assigned. The assignee must have select one or more variables for the name and description. This feature provides an number of variables providing information to help fix the issue. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 268 • Highest State Assign a state to the issue: • Unknown • • Assign • Resolved • Closed Severity Assign a severity to the issue: • Unknown • Lowest • • Medium • High McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 269: Managing Issues
Delete. Click OK in the Action to delete the selected issues. Editing issues Select the checkbox next to an issue, then click Edit. Edit the issue as needed. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 270: Purging Closed Issues
Description page of the Server Task Builder appears. Type a name and description for the server task. Enable or disable the schedule for the server task. The server task does not run until it is enabled. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 271: Tickets And How They Work
After the steps for integrating a ticketing server are completed, all subsequent issues are ticketed automatically McAfee recommends always adding an assignee to an issue before the ticket is created. If an assignee is added manually to a ticketed issue, you must add tickets manually to any issues that existed prior to the integration.
Page 272: How Tickets Are Reopened
The system running the ticketing extension must be able to resolve the address of the Hewlett-Packard Openview Service Desk system. This might involve adding the IP address of the Service Desk system to the hosts file on the system running the ticketing McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 273: Considerations When Deleting A Registered Ticketing Server
Sample mapping for Hewlett-Packard Openview Service Desk This is a reference-only sample mapping for Hewlett-Packard Openview Service Desk versions 4.5 and 5.1. NOTE: Source values, mapped values, and field IDs are case-sensitive. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 274 • Operation: Substitution • Source field: Status • Values: Default Value: TICKETED Source Value Mapped Value CLOSED • Overwrite issue comments with ticket comments: selected • Ticket Comment field: HistoryLines • Tickets can be re-opened: selected McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 275 • Operation: Identity • Source field: Activity Log • Ticket field: Type the name or ID for any open text field. • Operation: Identity • Source field: URL McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 276: Working With Tickets
In the Action panel, click OK to add a ticket to each selected issue. Synchronizing ticketed issues Use this task to run the Issue Synchronization server task, which updates ticketed issues and their associated tickets in the ticketing server. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 277: Synchronizing Ticketed Issues On A Schedule
Review the details of the server task, then click Save. Working with ticketing servers Use these tasks to integrate your ticketing server. Tasks Installing the ticketing server extensions Registering and mapping a ticketing server Configuring the field mappings McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 278: Installing Extensions For Ticketing Server
Under Service status, click Start. The server is now running. Stopping and starting the server Use this task to stop the McAfee ePolicy Orchestrator Application server running on a Microsoft Windows system. The server must be stopped before the required files for the ticketing server can be copied.
Page 279 Remedy 6.3 and 7.0 servers. NOTE: You can use the Remedy 5.1 or 7.0 API files for the Remedy extension. McAfee does not support an integration with the Remedy 5.1 server, but the 5.1 API files will work for integrations with the Remedy 6.3 or 7.0 servers.
Page 280 • icudt32.dll • icuin32.dll • icuuc32.dll Copy these required files to the Server\common\lib folder of your ePolicy Orchestrator installation. For example, C:\Program Files\McAfee\ePolicy Orchestrator\Server\common\lib. • If using the Remedy 5.1 API files: • arapi51.jar • arutil51.jar • If using the Remedy 7.0 API files: •...
Page 281: Registering And Mapping A Ticketing Server
Type a name and description, then click Next. The Details page appears. Type the host for the server. Type the port, user name, and password for the server. If Service Desk 4.5 or 5.1 was selected, select a Workflow. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 282: Configuring The Field Mappings
Type a Default Value that should be substituted if a source range, that is not mapped, is returned. Type the Source Range for the issue, then type the Mapped Value that should be substituted for this range in the ticket. Click + to map another value. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 283 10 When finished testing the mapping, click Save. The Details page of the Registered Server Builder appears. NOTE: You can save the configuration and register the server even if the mapping test fails. 11 When finished, click Save. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 284: Upgrading A Registered Ticketing Server
For more details, see the sections in this guide about integrating ticketing servers, installing ticketing server extensions, and registering and configuring a ticketing server. After you have configured the integration with the upgraded ticketing server, enable the server task, which synchronizes ticketed issues. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 285: Appendix: Maintaining Epolicy Orchestrator Databases
Ensure that the recovery model is set to simple. See the SQL documentation for information on simple recovery. If you choose not to use simple recovery, you need to regularly back up the transaction log. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 286: Backup And Restore Epolicy Orchestrator Databases
Changing the database settings to point this ePO server to an ePO database that is not an exact match can cause the removal of product extensions and the loss of all associated data. McAfee recommends performing this task only to change the configuration of your existing database.
Page 287 Type the following URL in the browser's address field. https://servername:port/core/config On the Configure Database Settings page, change the credentials or SQL Server information, as needed. Click OK when done. Restart the system or ePolicy Orchestrator services to apply the changes. McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 288 UNIX version viewing systems that use a key pair restoring a previous Windows version working with keys 46, Rogue System Detection configuration aggregation, See notifications settings, viewing Applied Policies status creating queries McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 289 RSD sensors in master repository mirror scheduling a task schedule DAT files update deleting from repository wake-up evaluating working with repository branches cmdagent.exe Data Execution Prevention McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 290 Rogue System Detection replicating packages to SuperAgent repositories UNIX, agent package file name replicating to 185, viewing version SuperAgent, tasks types unmanaged unmanaged, copying content to fallback sites domain synchronization about McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 291 (See ticketed issues) updating manually with NT domains creating McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 292 McAfee Agent (see agent) importing to manually created groups McAfee Default policy integration with System Tree frequently asked questions synchronization 110, McAfee Links, default monitor updating synchronized groups McAfee recommendations configure RSD sensor policies before deploying sensors McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 293 149, updates working with Policy Catalog product installation policies, ePolicy Orchestrator configuring deployment tasks 179, about extensions and permission sets enforcing installing extension files policies, McAfee Agent product properties options for policy pages McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 294 Agent Handlers results as tables SiteList.xml, uses for rollup, from multiple servers working with running existing requirements scheduled operating systems using results to exclude tags on systems processors McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 295 Run Tag Criteria action Repository Pull, scheduled Repository Replication scheduling a query scheduling with Cron syntax schedule server task Synchronize Domain/AD for policy sharing types and definitions scheduling servers applying criteria-based tags configuring ePO servers McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 296 Active Directory containers subgroups importing systems and groups 118, and policy management mapping groups to Active Directory containers criteria-based moving systems to groups manually McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 297 Windows synchronizing convert to managed mode on UNIX synchronizing on a schedule updates agent installation packages McAfee ePolicy Orchestrator 4.5 Product Guide...
Page 298 Pull Now task to update master repository Windows scheduling an update task agent installation folder user accounts authentication, configuring 36, about Authorization, configuring changing passwords converting agent mode creating enabling user autocreation creating permission sets for running a manual update McAfee ePolicy Orchestrator 4.5 Product Guide...

McAfee EPOLICY ORCHESTRATOR 4.5 Product Manual

Introducing Epolicy Orchestrator 4.5

Getting Started with Epolicy Orchestrator 4.5

Configuring Epolicy Orchestrator

Distributing Agents to Manage Systems

Organizing the System Tree

Managing Your Network with Policies and Client Tasks

Reporting on System Status

Monitoring with Dashboards

Detecting Rogue Systems

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for McAfee EPOLICY ORCHESTRATOR 4.5

Summary of Contents for McAfee EPOLICY ORCHESTRATOR 4.5