Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for McAfee TEECDE-AA-AA - Total Protection For Endpoint
Summary of Contents for McAfee TEECDE-AA-AA - Total Protection For Endpoint
- Page 1 McAfee Total Protection for Endpoint Lab Evaluation Guide...
- Page 2 EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
-
Page 3: Table Of Contents
Operating systems language support............10 Setting up McAfee Total Protection for Endpoint suite . -
Page 4: Welcome
Protection for Endpoint saves time, saves money, and provides a more powerful, integrated defense against the threats that businesses know about, and the threats they can't see coming. This guide is organized so you can evaluate McAfee Total Protection for Endpoint in a pilot ®... - Page 5 Welcome Product Description McAfee Agent 4.5 McAfee Agent is the client-side framework that supports the McAfee security management infrastructure. It provides secure communication between point-products and ePolicy Orchestrator, and local services to point-products. As a framework, the McAfee Agent enables...
- Page 6 When you are ready to deploy products to your environment, like VirusScan Enterprise or Host Intrusion Prevention, you will use ePolicy Orchestrator and the McAfee Agent to handle the deployment and updates. McAfee recommends that you use the workflow in the following sections to get started with the solution.
-
Page 7: System Requirements
System requirements Before setting up McAfee Total Protection for Endpoint software, verify that each component meets the minimum system requirements that are listed below: • Server • Database Server requirements Free disk space — 1 GB minimum (first-time installation); 2 GB recommended. -
Page 8: Database Requirements
• Install and/or update firewall software on the ePolicy Orchestrator server. Ports • McAfee recommends avoiding the use of Port 8443 for HTTPS communication. Although this is the default port, it is also the primary port used by many web-based activities, is a popular target for malicious exploitation, and it is likely to be disabled by the system administrator in response to a security violation or outbreak. - Page 9 • Local database server — If using SQL Server on the same system as the ePO server, McAfee recommends using a fixed memory size in Enterprise Manager that is approximately two-thirds of the total memory for SQL Server. For example, if the computer has 1GB of RAM set 660MB as the fixed memory size for SQL Server.
-
Page 10: Operating Systems Language Support
Orchestrator interface attempts to display in English. • Chinese (Simplified) • Japanese • Chinese (Traditional) • Korean • English • Russian • French (Standard) • Spanish • German (Standard) McAfee Total Protection for Endpoint Lab Evaluation Guide... -
Page 11: Setting Up Mcafee Total Protection For Endpoint Suite
Setting up McAfee Total Protection for Endpoint suite This section guides you to install the McAfee Total Protection for Endpoint suite with the default options. The McAfee Total Protection for Endpoint suite installer will setup the ePO server and check-in the endpoint softwares to the ePO repository in one go. - Page 12 12 Click Next to begin installation. The InstallShield Wizard Complete page appears with the following options, enabled by default: • Select Yes, I want to view the ReadMe file to view the Readme. • Select Yes, I want to launch McAfee ePolicy Orchestrator now to launch the ePolicy Orchestrator user interface. NOTE: During installation, you may be prompted to change one or more of the default port numbers incase of any conflict.
-
Page 13: Logging On To Epolicy Orchestrator
Orchestrator dialog box appears. NOTE: You can also double-click the Launch McAfee ePolicy Orchestrator 4.5 console icon on the desktop to launch ePolicy Orchestrator. Type the User name and Password of a valid account, created in Step 7 under the "... -
Page 14: Set Up The Epolicy Orchestrator Server
The modular design of ePolicy Orchestrator allows new products to be added as extensions . This includes new or updated versions of McAfee products, such as VirusScan Enterprise, and non-McAfee products from McAfee partners. Packages are components that are checked in to the master repository, then deployed to client systems. - Page 15 Checking the status of the pull task The Server Task Log is useful to show the status of the McAfee Pull task. Use this task to verify that the Update Master Repository task has finished pulling updates from the McAfee site.
-
Page 16: Add Systems To Manage
For Systems to Add, type the NetBIOS name for each system in the text box, separated by commas, spaces, or line breaks. You can also click Browse to select systems. Verify that System Tree sorting is disabled. McAfee Total Protection for Endpoint Lab Evaluation Guide... - Page 17 Orchestrator server, and need to be placed in the System Tree. This occurs if you installed the McAfee Agent on new systems, through use of Rogue System Detection, or through another method. In these cases, systems are placed in the Lost&Found group.
-
Page 18: Setting Policies For Endpoints
24. For this case, you might create a policy called "Low bandwidth" or "3 hour polling" and change the Agent to Server Connection Interval option to 180 minutes from the default of 60. Use the following task to create a policy that enables remote access to the McAfee Agent log on client systems: Task Click Menu | Policy | Policy Catalog. - Page 19 Setting Policies for Endpoints ePolicy Orchestrator provides you with the option to access the McAfee Agent log on each system remotely. NOTE: To view the Agent Log on a remote system, using a web-browser type: http://<computer (where 8081 is the default port for the Agent Wake Up call). If you name or IP address>:8081...
- Page 20 Click Menu | Policy | Policy Catalog. From the Product drop-down menu, select VirusScan Enterprise 8.7.0. From the Category drop-down menu, select Access Protection Policies. On the line that lists McAfee Default, click Duplicate. For Name, type , then click OK.
- Page 21 Click Menu | Policy | Policy Catalog. From the Product drop-down menu, select VirusScan Enterprise 8.7.0. In the Category column, select On-Access Default Processes Policies. On the line that lists McAfee Default, click Duplicate. For Name, type , then click OK.
- Page 22 Click Menu | Policy | Policy Catalog. From the Product drop-down menu, select SiteAdvisor Enterprise Plus. From the Category drop-down menu, select Rating Actions. On the line that lists McAfee Default, click Duplicate. For Name, type , then click OK.
- Page 23 Highlight Test Group. Assign the McAfee Agent policy: • From the Product drop-down menu, select McAfee Agent. • On the line that lists My Default, click Edit Assignment. • For Inherit from, select Break inheritance and assign the policy and settings below.
- Page 24 Firewall Rules policies contain the Allow and Block rules that govern the traffic flow on protected computers. McAfee makes it easy to get started with endpoint firewall protection by including several preconfigured policies in Host Intrusion Prevention.
- Page 25 Click Save. For more information about managing the Host Intrusion Prevention Firewall, review the Host Intrusion Prevention Product Guide . Links to Technical Briefs and other documentation are provided in the References section. McAfee Total Protection for Endpoint Lab Evaluation Guide...
-
Page 26: Setting Policies For Email Servers
7.0.1 for Microsoft Exchange — Protects your email and other documents as they enter and leave your Microsoft Exchange server. • McAfee Security for Lotus Domino, v7.5 on Windows — Protects your email and other documents as they enter and leave your Lotus Domino server. - Page 27 10 From the Take the following action drop-down menu, select Reject the Message. Under the And Also section, deselect Quarantine message. 11 Click Save. 12 Click Save again when on the External Mail Policies page. McAfee Total Protection for Endpoint Lab Evaluation Guide...
- Page 28 McAfee Security for Lotus Domino policies In the following sections, you will create McAfee Security for Lotus Domino sample policies for the banned content, anti-spam and anti-phish scanners. McAfee recommends that you use the anti-virus default policies as they are defined. Start with the default anti-spam policies and fine tune the thresholds as needed.
- Page 29 Setting Policies for Email Servers Click Menu | Policy | Policy Catalog. From the Product drop-down menu, select McAfee Security for Lotus Domino 7.5.x.x. From the Category drop-down menu, select Scanner Settings. On the line that lists My Default, click Duplicate.
- Page 30 Use this task to configure a policy that requires any "spam" email with a high score to be deleted. Click Menu | Policy | Policy Catalog. From the Product drop-down menu, select McAfee Security for Lotus Domino 7.5.x.x. From the Category drop-down menu, select Scanner Settings.
- Page 31 Setting Policies for Email Servers Click Actions | Agent | Wake Up Agents. 10 Under Wake Up McAfee Agent, set Randomization to zero minutes. 11 Click OK. NOTE: Actually, you may not have set up a Lotus Domino server as part of your evaluation. So the policies created are not applied to any client computers.
-
Page 32: Set Tasks For Endpoints
Next, you will schedule the deployment of VirusScan Enterprise, and the other security products. Product deployment is accomplished using a client task that the McAfee Agent retrieves and executes. You also use client tasks for scheduling scans and updating. - Page 33 Systems that temporarily disconnect from your network (for example, laptops) continue to run their assigned update tasks. In such a case, the laptop retrieves updates from the McAfee site (rather than the ePO server) while in a hotel or anywhere there is an Internet connection.
- Page 34 After the creating and testing of any required exclusions, remember to change the On-Demand Scanner settings back to "Clean PUPs", instead of "Continue Scanning". Reverting the policy to "Clean" is covered in the next section. McAfee Total Protection for Endpoint Lab Evaluation Guide...
-
Page 35: Deploy The Mcafee Agent
Type credentials that have rights to install software on client systems, such as a Domain Administrator, and click OK. It will take a few minutes for the McAfee Agent to install and for client systems to retrieve and execute the installation packages for the endpoint products. When first installed, the agent determines a random time within 10 minutes for connecting to the ePO server to retrieve policies and tasks. - Page 36 Click OK. After a few minutes, click individual systems. The System Details page provides information about the system, including the installed McAfee software. Revisiting the PUP audit VirusScan policy At this point, the software installation client tasks have run, or are running, and all the policies you created in previous tasks are downloaded.
- Page 37 It is safer to exclude only the tools you use, rather than deselecting an entire category. For example, considering remote administration tools, you might need to exclude a few tools for normal operations, but you might also want to know if the McAfee AntiSpyware module finds any non-approved, rogue tools of this nature on your network.
- Page 38 Deploy the McAfee Agent VirusScan will now clean any PUPs that you have not explicitly excluded. The next time client systems poll the server, they will download your configuration changes. McAfee Total Protection for Endpoint Lab Evaluation Guide...
-
Page 39: Using Dashboards And Queries
From the Monitor list, select VSE: DAT Deployment, then click OK. 10 Find the monitor named VSE: Threats Detected in the Last 7 Days and click Remove. 11 Click New Monitor. 12 From the Category list, select Queries. McAfee Total Protection for Endpoint Lab Evaluation Guide... - Page 40 Any systems that do not have McAfee Agent is displayed in a second pie slice. You can click on the pie slice showing version 4.x of the McAfee Agent to see the systems. Click Close to return to the pie chart and click Close again to return to the list of queries.
- Page 41 Public Group under Shared Groups. Queries stored in a Private Group are only visible to the administrator, under whose login it was created. Those queries stored in a Shared Group are visible under all ePO administrative accounts, so they can be shared with others. McAfee Total Protection for Endpoint Lab Evaluation Guide...
-
Page 42: Summary
Here is what you have accomplished: Installed the Total Protection for Endpoint suite. Enabled and run a task that updates the ePO master repository from the McAfee site. Created a System Tree structure, and added test systems into groups. Created and applied a new McAfee Agent policy, that enables remote access to the McAfee Agent Log on client computers. -
Page 43: References
• VirusScan Enterprise 8.7i Installation Guide • VirusScan Enterprise 8.7i Product Guide • Access Protection in McAfee VirusScan Enterprise and Host Intrusion Prevention - Whitepaper AntiSpyware Enterprise 8.7 • AntiSpyware Enterprise 8.7 Product Guide • AntiSpyware Enterprise 8.7 Release Notes McAfee Host Intrusion Prevention 7.0... - Page 44 GroupShield 7.0.1 for Microsoft Exchange User Guide Addendum McAfee Security for Lotus Domino, v7.5 (Windows) • McAfee Security for Lotus Domino, v7.5 (Windows) - User Guide • McAfee Security for Lotus Domino, v7.5 (Windows) - Release Notes Support by Seeing...