manualshive.com logo in svg

McAfee EPOCDE-AA-BA - ePolicy Orchestrator - PC, Product Manual

The McAfee EPOCDE-AA-BA ePolicy Orchestrator for PC is a powerful security management tool. Stay protected with this user-friendly product manual, available for free download at manualshive.com. Safeguard your digital assets by easily accessing the manual anytime, anywhere. Protect your PC now with McAfee EPOCDE-AA-BA.

Share
Download
background image

Default notification rules

Rule Name

Associated Events

Configurations

Distributed repository

update or replication

failed

Distributed repository

update or replication

failed

Sends a notification message when any update or

replication fails.

Malware detected

Any events from any

unknown products

Sends a notification message:
• When the number of events is at least 1,000

within an hour.

• At most, once every two hours.

• With the source system IP address, actual threat

names, and actual product information, if
available, and many other parameters.

• When the number of selected distinct value is 500.

Master repository

update or replication

failed

Master repository

update or replication

failed

Sends a notification message when any update or

replication fails.

Non-compliant

computer detected

Non-Compliant Computer
Detected

 events

Sends a notification message when any events are

received from the Generate Compliance Event server

task.

RSD: Query New

Rogue Detection

New rogue system

detected

Queries the newly detected system for a McAfee

Agent.

Planning

Before creating rules that send notifications, save time by planning:
• The event type and group (product and server) that trigger notification messages in your

environment.

• Who should receive which notification messages. For example, it might not be necessary to notify

the administrator of group B about a failed replication in group A, but you might want all
administrators to know that an infected file was discovered in group A.

• Which types and levels of thresholds you want to set for each rule. For example, you might not

want to receive an email message every time an infected file is detected during an outbreak.
Instead, you can choose to have such a message sent at most once every five minutes, regardless
of how often that server is receiving the event.

• Which commands or registered executables you want to run when the conditions of a rule are met.

• Which server task you want to run when the conditions of a rule are met.

Determining how events are forwarded

Use these tasks to determine when events are forwarded and which events are forwarded immediately.

The server receives event notifications from McAfee Agents. You can configure agent policies to
forward events either immediately to the server or only at agent-to-server communication intervals.

18

Responding to events in your network

Planning

214

McAfee

®

 ePolicy Orchestrator

®

 4.6.0 Software Product Guide

Summary of Contents for EPOCDE-AA-BA - ePolicy Orchestrator - PC

Page 1: ...Product Guide McAfee ePolicy Orchestrator 4 6 0 Software...

Page 2: ...registered and unregistered trademarks herein are the sole property of their respective owners LICENSE INFORMATION License Agreement NOTICE TO ALL USERS CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT...

Page 3: ...ers 22 Server configuration overview 22 Setting up and configuring your ePolicy Orchestrator server 3 Configuring essential features 27 About essential features 27 Using the Guided Configuration to co...

Page 4: ...n 56 Authenticating with certificates 58 When to use certificate authentication 58 Configuring ePolicy Orchestrator for certificate authentication 58 Uploading server certificates 59 Removing server c...

Page 5: ...Setting up registered servers 95 Registering servers 95 Registering McAfee ePO servers 95 Registering LDAP servers 97 Registering SNMP servers 98 Registering a database server 99 10 Setting up Agent...

Page 6: ...group 144 Synchronizing the System Tree on a schedule 146 Updating the synchronized group with an NT domain manually 147 Moving systems manually within the System Tree 147 Transferring systems betwee...

Page 7: ...gs of a policy 181 Viewing policy ownership 182 Viewing assignments where policy enforcement is disabled 182 Viewing policies assigned to a group 182 Viewing policies assigned to a specific system 183...

Page 8: ...nfiguring the action for Automatic Response rules 224 Frequently asked questions 226 Monitoring and reporting on your network security status 19 Monitoring with Dashboards 229 Working with dashboards...

Page 9: ...em Detection permission sets 271 How the Rogue System Sensor works 272 Passive listening to layer 2 traffic 272 Intelligent filtering of network traffic 272 Data gathering and communications to the se...

Page 10: ...Benefits of adding comments to ticketed issues 297 How tickets are reopened 297 Ticketed issue synchronization 297 Integration with ticketing servers 297 Considerations when deleting a registered tic...

Page 11: ...features Security officers People who determine sensitive and confidential data and define the corporate policy that protects the company s intellectual property Reviewers People who evaluate the prod...

Page 12: ...your goals Finding product documentation McAfee provides the information you need during each phase of product implementation from installation to daily use and troubleshooting After a product is rel...

Page 13: ...re is the components of the software and how they protect your environment Then review the configuration process overview Chapter 1 Introducing McAfee ePolicy Orchestrator Software version 4 6 0 Chapt...

Page 14: ......

Page 15: ...ey do How the software works How to navigate the ePolicy Orchestrator interface What is ePolicy Orchestrator software ePolicy Orchestrator software is a scalable extensible management platform that en...

Page 16: ...ter repository retrieves user specified updates and signatures from McAfee or from user defined source sites Distributed repositories Local access points strategically placed throughout your environme...

Page 17: ...tem in your network Once an agent is deployed to a system the system can be managed by your ePolicy Orchestrator server Secure communication between the server and managed system is the bond that conn...

Page 18: ...duled intervals 7 Distributed repositories placed throughout your network host your security content locally so agents can receive updates more quickly 8 Remote Agent Handlers help to scale your netwo...

Page 19: ...to a page in the Menu or click an icon in the navigation bar the name of that page is displayed in the blue box next to the Menu On systems with 1024x768 screen resolution the navigation bar can disp...

Page 20: ......

Page 21: ...ase Horizontal scalability Accomplished by increasing the deployment size that a single ePolicy Orchestrator server can manage Scaling your server horizontally is accomplished by installing multiple r...

Page 22: ...use Agent Handlers require a very fast network connection there are some scenarios in which you should not use them including To replace distributed repositories Distributed repositories are local fil...

Page 23: ...rrectly but you can customize some aspects of how your server works 3 Create user accounts User accounts provide a means for users to access the server 4 Configure permission sets Permission sets gran...

Page 24: ......

Page 25: ...sential features Chapter 4 Configuring general server settings Chapter 5 Creating user accounts Chapter 6 Setting up permission sets Chapter 7 Configuring advanced server settings Chapter 8 Setting up...

Page 26: ......

Page 27: ...systems The McAfee Agent Enables management of a system on your network Once deployed the agent communicates status and all associated data to and from your server and the managed system It is the ve...

Page 28: ...Deploy your security software to your managed systems You don t have to complete each step and you can revisit any step as often as you like However McAfee recommends that you use this configuration t...

Page 29: ...t step Manual Manually add systems to your System Tree by specifying names or browsing a list of systems by domain 1 In the New Systems page click Browse to add individual systems from a Domain and cl...

Page 30: ...p opens To complete this step a Select the location in the System Tree that contains the systems where you want to deploy your software then click Next The Software Deployment dialog box opens Click O...

Page 31: ...ettings control functionality that does not require specific configuration or basic features that are not required for your server to function properly Use these tasks to configure your ePolicy Orches...

Page 32: ...u choose a refresh interval 5 minutes by default that is frequent enough to ensure accurate and timely information is displayed without consuming undue network resources Task For option definitions cl...

Page 33: ...update and whether global updates are enabled are configured using the Global Updating server setting Global updates are disabled by default However McAfee recommends that you enable and use them as...

Page 34: ...gin message Create and display a custom login message to be displayed on the Log On page Your message can be written in plain text or formatted using HTML If you create an HTML formatted message you a...

Page 35: ...e such as in an outbreak scenario Working with McAfee Labs Security Threats Use these task to mark threat notifications as read or unread or to delete them Data is sorted by the date the threat was di...

Page 36: ...g Directory where exported tables and dashboards are stored Task For option definitions click in the interface 1 Click Menu Configuration Server Settings then select Printing and Exporting in the Sett...

Page 37: ...browser trusts This is the best option Because the certificate is signed by a trusted CA you do not need to add the certificate to all web browsers within your organization If the server host name ch...

Page 38: ...Certificate dialog box Do not click Install Certificate on the General tab If you do the process fails 5 Select the Certification Path tab then select Orion_CA_ servername and click View Certificate...

Page 39: ...as this option is selected However these systems can be sorted again manually by taking the Sort Now action or by changing this setting to sort on each agent server communication If you selected to so...

Page 40: ...custom login message displayed if any to users in your environment when they navigate to the ePolicy Orchestrator console log on screen McAfee Labs Security Threats Specifies the update frequency for...

Page 41: ...ich sites should be used as a fallback System Details Settings Specifies which queries and systems properties are displayed in the System Details page for your managed systems System Tree Sorting Spec...

Page 42: ......

Page 43: ...Managing ePolicy Orchestrator users with Active Directory While user accounts and permission sets are closely related they are created and configured using separate steps For more information on permi...

Page 44: ...tus of this account If this account is for someone who is not yet a part of the organization you might want to disable it 4 Select whether the new account uses McAfee ePO authentication Windows authen...

Page 45: ...nt instead of deleting it until you are sure all valuable information associated with the account has been moved to other users Task For option definitions click in the interface 1 Click Menu User Man...

Page 46: ......

Page 47: ...ion sets Permission sets A particular access profile is defined within a permission set This usually involves a combination of access levels to various parts of ePolicy Orchestrator For example a sing...

Page 48: ...reators 5 Create a query group called Dallas Reports and give it By permission set Shared Groups visibility to the Dallas Users and Dallas Report Creators permission sets 6 In the Dallas Users permiss...

Page 49: ...ission sets Creating a new permission set Providing access levels between seeing everything or nothing requires you to create a permission set If you want to create a new permission set that is unlike...

Page 50: ...ystem and will be propagated to the remainder of your network according to your policy configuration Duplicating a permission set Occasionally the easiest way to create a new permission set is to dupl...

Page 51: ...ion set you want to import 4 Choose whether you want to keep permission sets with the same name as an imported permission set or not by selecting the appropriate option Click OK If ePolicy Orchestrato...

Page 52: ...set you want to delete in the Permission Sets list Its details appear to the right 2 Click Actions Delete then click OK in the Action pane The permission set no longer appears in the Permission Sets...

Page 53: ...ory Configuring Windows authentication and authorization Managing ePolicy Orchestrator users with Active Directory ePolicy Orchestrator offers the ability to dynamically create McAfee ePO users and as...

Page 54: ...ion specifies which Active Directory AD server ePolicy Orchestrator uses to gather user and group information for a particular domain You can specify multiple domain controllers and AD servers This se...

Page 55: ...r can do within the system When using Windows authentication you can determine what users from different domains should be authorized to do This is done by attaching permission sets to groups containe...

Page 56: ...ows Authentication page in the server settings you must first stop the ePolicy Orchestrator service This task must be performed on the McAfee ePO server itself Task For option definitions click in the...

Page 57: ...authenticate users with servers in the order they are listed It starts at the first server in the list and continues down the list until the user authenticates successfully Configuring Windows authori...

Page 58: ...sed authentication has a number of advantages over password authentication Certificates have predefined lifetimes This allows for a forced periodic review of a user s permissions when their certificat...

Page 59: ...tificate Task For option definitions click in the interface 1 Click Menu Configuration Server Settings 2 Select Certificate Based Authentication and click Edit 3 Select Enable Certificate Based Authen...

Page 60: ...ed Authentication 4 Use one of these methods to provide credentials Copy the DN field from the certificate file and paste it into the Personal Certificate Subject DN Field edit box Upload a certificat...

Page 61: ...ettings These settings are user configured and have two important functions Editing Detected System Exception Categories on page 62 Editing Detected Systems Matching on page 62 Use this task to edit t...

Page 62: ...s click in the interface 1 Click Menu Configuration Server Settings then from the Settings Categories list select Detected System Exception Categories and click Edit 2 Add or subtract exception catego...

Page 63: ...and click Edit 2 Choose one of the following options to specify where to update your list of OUIs URL Specifies the location of an OUI txt file to be read The McAfee ePO server must have access to th...

Page 64: ...cure communication ASSC keys Backing up and restoring keys Security keys and how they work The ePolicy Orchestrator server relies on three security key pairs The three security pairs are used to Authe...

Page 65: ...ivate key signs all unsigned content in the master repository This key is a feature of agents 4 0 and later Agents 4 0 and later use the public key to verify the repository content that originates fro...

Page 66: ...mport The Import Keys wizard opens 6 Browse to the zip file containing the exported master repository key files then click Next 7 Verify that these are the keys you want to import then click Save The...

Page 67: ...t to Select file browse to and select the master key pair file you saved then click Next The summary dialog box appears 9 If the summary information appears correct click Save The new master key pair...

Page 68: ...to ensure that all agents can communicate with the required McAfee ePO servers in an environment where each McAfee ePO server must have a unique agent server secure communication key pair Viewing syst...

Page 69: ...r For option definitions click in the interface Task 1 Click Menu Configuration Server Settings select Security Keys from the Setting Categories list then click Edit The Edit Security Keys page appear...

Page 70: ...ge appears 2 From the Agent server secure communication keys list select a key then click Make Master 3 Create an update task for the agents to run immediately so that agents update after the next age...

Page 71: ...ce Task 1 From each McAfee ePO server in your environment export the master agent server secure communication key pair to a temporary location 2 Import each of these key pairs into every McAfee ePO se...

Page 72: ...uration Server Settings select Security Keys from the Setting Categories list then click Edit The Edit Security Keys page appears 2 Click Back Up All near the bottom of the page The Backup Keystore di...

Page 73: ...to keep your security software up to date Working with source and fallback sites Use these tasks to change the default source and fallback sites You must be a global administrator or have appropriate...

Page 74: ...where the repository resides Use this format COMPUTER FOLDER 5 On the Credentials page provide the Download Credentials used by managed systems to connect to this repository Use credentials with read...

Page 75: ...option definitions click in the interface Task 1 Click Menu Configuration Server Settings 2 Select Source Sites then click Edit The Edit Source Sites page appears 3 Locate the site in the list then c...

Page 76: ......

Page 77: ...t allows Once your repository infrastructure is in place create update tasks that determine how where and when your software is updated Are you setting up repositories for the first time When creating...

Page 78: ...oss low bandwidth connections or at remote sites with a large number of client systems If you create a distributed repository in the remote location and configure the systems within that location to u...

Page 79: ...situations The default fallback site is the McAfeeHttp update site You can enable only one fallback site If managed systems use a proxy server to access the Internet you must configure agent policy se...

Page 80: ...d systems McAfee recommends that you manage all distributed repositories through ePolicy Orchestrator This and using global updating or scheduled replication tasks frequently ensures your managed envi...

Page 81: ...mediate previous version of each file type You can populate the Previous branch by selecting Move existing packages to Previous branch when you add new packages to your master repository The option is...

Page 82: ...re that the McAfee ePO master repository managed systems and the McAfee Labs Security Threats dashboard monitor can access the Internet when using the McAfeeHttp and the McAfeeFtp sites as source and...

Page 83: ...he server can connect to directly by typing the IP addresses or fully qualified domain name of those systems separated by semi colons 7 Click Save Configuring proxy settings for the McAfee Agent Use t...

Page 84: ...ll communication or different proxy servers for HTTP and FTP proxy servers Then type the IP address or fully qualified domain name and the Port number of the proxy server If you are using the default...

Page 85: ...te a new policy duplicate an existing one or open one that s already applied to systems that host a SuperAgent where you want to host SuperAgent repositories 3 Select the General tab then ensure Conve...

Page 86: ...during the next agent server communication For option definitions click in the interface Task 1 Open the desired McAfee Agent policy pages in edit mode from the desired assignment point in the System...

Page 87: ...FTP HTTP server or UNC share Use this task to create the folder that hosts repository contents on the distributed repository system For UNC share repositories create the folder on the system and enab...

Page 88: ...ons to the HTTP server FTP server or UNC share that hosts the repository HTTP or FTP server type Select Anonymous to use an unknown user account Select FTP or HTTP authentication if the server require...

Page 89: ...the task fails This feature ensures packages that are used by only a few systems are not replicated throughout your entire environment 9 Review the Summary page then click Save to add the repository...

Page 90: ...Sharing tab select Share this folder 4 Configure share permissions as needed Systems updating from the repository require only read access but administrator accounts including the account used by the...

Page 91: ...y b Click on an existing agent policy or create a new agent policy Policy inheritance cannot be broken for tabs of a policy Therefore when you apply this policy to systems ensure that only the desired...

Page 92: ...es from a repository list file This is valuable after reinstalling a server or if you want one server to use the same distributed repositories as another server Importing source sites from the SiteMgr...

Page 93: ...tion to save the file then click Save Importing distributed repositories from the SiteMgr xml file Use this task to import distributed repositories from a repository list file This is valuable after r...

Page 94: ...nitions click in the interface 1 Click Menu Distributed Repositories The Distributed Repositories page appears 2 Click Actions and select Change Credentials The Change Credentials wizard opens to the...

Page 95: ...stering McAfee ePO servers on page 95 You can register additional McAfee ePO servers for use with your main McAfee ePO server to collect or aggregate data Registering LDAP servers on page 97 You must...

Page 96: ...pecifies the version of the ePO server being registered Password Specifies the password for this server Policy sharing Specifies whether to enable or disable policy sharing for this server SQL Server...

Page 97: ...t Rules to enable dynamically assigned permission sets and to enable Active Directory User Login Task For option definitions click in the interface 1 Select Menu Configuration Registered Servers then...

Page 98: ...ck Test Connection to verify communication with the server as specified Alter information as necessary 12 Click Save to register the server Registering SNMP servers To receive an SNMP trap you must ad...

Page 99: ...m the drop down list of registered types Indicate if you want this database type to be as the default If there is already a default database assigned for this database type it is indicated in the Curr...

Page 100: ......

Page 101: ...raphically distributed agents How Agent Handlers work Agent Handlers distribute network traffic which is generated by an agent to server communication interval ASCI by assigning managed systems or gro...

Page 102: ...ty is unavailable the agent falls back to the next handler in the list This priority information is contained in the repository list sitelist xml file in each agent When you change handler assignments...

Page 103: ...er to manage multiple handlers throughout your network and can play a role in your fallback strategy Managing Agent Handler groups on page 105 Use this table to complete common management tasks for Ag...

Page 104: ...ique name that identifies this handler assignment Agent criteria The systems that are included in this assignment You can add and remove System Tree groups or modify the list of systems in the text bo...

Page 105: ...ion Agent Handlers then click the Handler Groups monitor To do this Do this Delete a handler group Click Delete in the selected group row Edit a handler group Click on the handler group The Agent Hand...

Page 106: ...me for the Assignment Name 3 You can configure Agent Criteria by System Tree locations by agent subnet or individually using the following System Tree Locations Select the group from the System Tree l...

Page 107: ...signment 4 To change the priority of an assignment which is shown in the Priority column on the left do one of the following Use drag and drop Use the drag and drop handle to drag the assignment row u...

Page 108: ......

Page 109: ...ode Similarly if your network is configured to use both IPv4 and IPv6 addresses your server works in Mixed mode Until IPv6 is installed and enabled your ePolicy Orchestrator server listens only on IPv...

Page 110: ...extensions may add items to this list Please check the extension s documentation for details Dashboards Permission Sets Queries Reports Server Tasks Users Automatic Responses The following items can h...

Page 111: ...ects X X xml Policy assignments X X xml Query definitions X X xml Query data X multiple Reports X X xml Repositories X X xml Server tasks X X xml Site lists X X xml Subnets in the form of a list X X t...

Page 112: ...can be queried against You can create queries with the Query Builder wizard that target this data or you can use the default queries that target this data For example the Failed Logon Attempts query...

Page 113: ...x next to Purge records older than type a number and select a time unit 4 Click OK All records older than the specified timeframe are purged Purging the Audit Log on a schedule Use this task to purge...

Page 114: ...lder than a specified user configurable number of days weeks months or years Viewing the Server Task Log Use this task to review the status of server tasks and long running actions The status of each...

Page 115: ...fields separated by a space Accepted Cron syntax by field in descending order is detailed in the following table Most Cron syntax is acceptable but a few cases are not supported For example you cannot...

Page 116: ...ct in response to the threat IPv4 Address IPv4 address of the system which sent the event Agent GUID Unique identifier of the agent that forwarded the event IPv6 Address IPv6 address of the system whi...

Page 117: ...ewing the Threat Event Log on page 117 Use this task to view the Threat Event Log Purging Threat Events on page 117 Use this task to purge Threat Event records from the database Purging Threat Event r...

Page 118: ...r Tasks then click Actions New Task The Server Task Builder wizard opens to the Description page 2 Name describe the task and click Enabled after Schedule Status 3 Click Next The Actions page appears...

Page 119: ...zation from threats Chapter 12 Organizing the System Tree Chapter 13 Working with the agent from the McAfee ePO server Chapter 14 Using the Software Manager to check in software Chapter 15 Using polic...

Page 120: ......

Page 121: ...nd drop Contents The System Tree structure Considerations when planning your System Tree Tags and how they work Active Directory and NT domain synchronization Criteria based sorting How a system is ad...

Page 122: ...ystem s domain If no such group exists one is created If you delete systems from the System Tree be sure you select the option to remove their agents If the agent is not removed deleted systems reappe...

Page 123: ...requires different policies and possibly different management McAfee recommends planning your System Tree before implementing the McAfee ePO software Regardless of the methods you choose to create and...

Page 124: ...als or groups responsible for managing different portions of the network Sometimes these borders do not coincide with topological or geographic borders Who accesses and manages the segments of the Sys...

Page 125: ...ssign tasks and take a number of actions on systems with the same tags Traits of tags With tags you can Apply one or more tags to one or more systems Apply tags manually Apply tags automatically based...

Page 126: ...th systems and the structure are updated in the System Tree to reflect the systems and structure of Active Directory Import systems as a flat list from the Active Directory container and its subcontai...

Page 127: ...tory structure If the organization of Active Directory meets your security management needs and you want the System Tree to continue to look like the mapped Active Directory structure use this synchro...

Page 128: ...s and setting your sorting criteria perform a Test Sort action to confirm that the criteria and sorting order achieve the desired results Once you have added sorting criteria to your groups you can ru...

Page 129: ...ble System Tree sorting If criteria based sorting does not meet your security management needs and you want to use other System Tree features like Active Directory synchronization to organize your sys...

Page 130: ...ng When multiple subgroups have matching criteria changing this order can change where a system ends up in the System Tree Additionally if you are using catch all groups they must be the last subgroup...

Page 131: ...onsiders the sorting criteria of all top level groups according to the sorting order on the My Organization group s Group Details tab The system is placed in the first group with matching criteria or...

Page 132: ...f criteria with the Apply Tag action Tags without criteria can only be applied manually to selected systems Task For option definitions click in the interface 1 Click Menu Systems Tag Catalog then cli...

Page 133: ...ag page appears c Verify the desired systems are in the list Applying tags to selected systems Use this task to apply a tag manually to selected systems in the System Tree Task For option definitions...

Page 134: ...ia and applies the tag to systems which match criteria but were excluded from receiving the tag 4 Click OK 5 Verify the systems have the tag applied a Click Menu Systems Tag Catalog then select the de...

Page 135: ...vidual systems or by importing systems directly from your network You can also populate groups using drag and drop by dragging the selected systems and dragging them into any group in the System Tree...

Page 136: ...rectory containers directly into your System Tree by mapping Active Directory source containers to the groups of the System Tree Unlike previous versions you can now Importing NT domains to an existin...

Page 137: ...roup Adding systems manually to an existing group Use this task to import systems from your Network Neighborhood to groups You can also import a network domain or Active Directory container Task For o...

Page 138: ...an import this list into your McAfee ePO Server to quickly restore your previous structure and organization This task does not remove systems from you System Tree It creates a txt file that contains t...

Page 139: ...twork utilities such as the NETDOM EXE utility available with the Microsoft Windows Resource Kit to generate complete text files containing complete lists of the systems on your network Once you have...

Page 140: ...e sorting on the server System Tree sorting must be enabled on the server and the desired systems for systems to be sorted Enabling and disabling System Tree Sorting on Systems on page 141 The sorting...

Page 141: ...taking the Sort Now action or by changing this setting to sort on each agent server communication If you selected to sort on each agent server communication all enabled systems are sorted at each age...

Page 142: ...s you can now Synchronize the System Tree structure to the Active Directory structure so that when containers are added or removed in Active Directory the corresponding group in the System Tree is add...

Page 143: ...y management and use other System Tree management functionality for example tag sorting for further organizational granularity below the mapping point 6 In Active Directory domain you can Type the ful...

Page 144: ...in Active Directory Synchronization server task to keep your System Tree up to date with any new systems or organizational changes in your Active Directory containers Importing NT domains to an existi...

Page 145: ...p to this group then click OK Alternatively you can type the name of the domain directly in the text box When typing the domain name do not use the fully qualified domain name 6 Select whether to depl...

Page 146: ...page appears 10 Click Save then view the results in the System Tree if you clicked Synchronize Now or Update Group Once the systems are added to the System Tree distribute agents to them if you did no...

Page 147: ...o longer in the domain Remove agents from all systems that no longer belong to the specified domain Task For option definitions click in the interface 1 Click Menu Systems System Tree Group Details th...

Page 148: ...then click OK Transferring systems between McAfee ePO servers Use this task to transfer systems between McAfee ePO servers For option definitions click in the interface Task 1 Click Menu Systems Syst...

Page 149: ...t system properties as well as events that have not yet been sent and sends them to the server The server sends new or changed policies and tasks to the agent and the repository list if it has changed...

Page 150: ...or Agent Handlers is highly distributed Inadequate available bandwidth In general if your environment includes these variables you want to perform an agent server communication less frequently For cli...

Page 151: ...s out of compliance and you want to test its status as part of a troubleshooting procedure If you are have converted a particular Windows system to use as a SuperAgent it can issue wake up calls to de...

Page 152: ...uired by the agents assigned to it because it does not pull any content from the McAfee ePO server until requested from a client This minimizes traffic between the SuperAgent and the McAfee ePO server...

Page 153: ...em Tree 2 On the Systems tab click the row corresponding to the system you want to examine Information about the system s properties installed products and agent appear New in ePolicy Orchestrator 4 6...

Page 154: ...now feature ePolicy Orchestrator puts tasks into a queue when they are scheduled to run instead of immediately executing them While a task can be queued up immediately it only starts executing at the...

Page 155: ...is wake up call select Force complete policy and task update 8 Enter a Number of attempts Retry interval and Abort after settings for this wake up call if you do not want the default values 9 Click OK...

Page 156: ...agent server communication The query results allow you take a variety of actions with respect to the systems identified including ping delete wake up and re deploy an agent Queries provided by McAfee...

Page 157: ...Memory Installed Products IP Address IPX Address Is 64 Bit OS Is Laptop Last Communication MAC Address Managed State Management Type Number Of CPUs Operating System OS Build Number OS OEM Identifier O...

Page 158: ......

Page 159: ...d removing software using the Software Manager What s in the Software Manager The Software Manager eliminates the need to access the McAfee Product Download website to obtain new McAfee software and s...

Page 160: ...tained from the Software Manager Help extensions can be installed automatically PDF and HTML documentation such as Product Guides and Release Notes can also be downloaded from the Software Manager Abo...

Page 161: ...abel Displays software by function as described by McAfee product suites 3 When you ve located the correct software click Download to download product documentation to a location on your network Check...

Page 162: ......

Page 163: ...oups and systems Contents Policy management Policy application How policy assignment rules work Creating Policy Management queries Working with the Policy Catalog Working with policies Viewing policy...

Page 164: ...nforcement below the locked node If policy enforcement is turned off systems in the specified group do not receive updated sitelists during an agent server communication As a result managed systems in...

Page 165: ...n the Policy Catalog to any group or system provided you have the appropriate permissions Assignment allows you to define policy settings once for a specific need then apply the policy to multiple loc...

Page 166: ...ific criteria User based policies Policies that include at least one user specific criteria For example you can create a policy assignment rule that is enforced for all users in your engineering group...

Page 167: ...ontrol Internet access In your System Tree there is a group named Engineering which consists of systems tagged with either IsServer or IsLaptop In the System Tree policy A is assigned to all systems i...

Page 168: ...ules causes your ePolicy Orchestrator server to perform a look up on the LDAP server for every managed system in your network at each agent server communication interval About system based policy assi...

Page 169: ...form common management tasks when working with policy assignment rules Creating policy assignment rules Use this task to create policy assignment rules Policy assignment rules allow you to enforce pol...

Page 170: ...a policy assignment rule Click Edit Priority The Policy Assignment Rule Edit Priority page opens where you change the priority of policy assignment rules using the drag and drop handle View the summa...

Page 171: ...w policy from the Policy Catalog By default policies created here are not assigned to any groups or systems When you create a policy here you are adding a custom policy to the Policy Catalog Duplicati...

Page 172: ...5 Edit the policy settings on each tab as needed 6 Click Save Duplicating a policy on the Policy Catalog page Use this task to create a new policy based on an existing one For example if you already h...

Page 173: ...sired policy s row The Rename Policy dialog box appears 3 Type a new name for the existing policy then click OK Deleting a policy from the Policy Catalog Use this task to delete a policy from the Poli...

Page 174: ...roup You can assign policies before or after a product is deployed Enforcing policies for a product on a group on page 178 Use this task to enable or disable policy enforcement for a product on a Syst...

Page 175: ...egory All created policies for the selected category appear in the details pane 2 Locate the desired policy then click on the Owner of the policy The Policy Ownership page appears 3 Select the desired...

Page 176: ...es for the selected category appear in the details pane 2 Click Export next to Product policies The Export page appears 3 Right click the link to download and save the file If you plan to import this...

Page 177: ...he desired group under System Tree All the systems within this group but not its subgroups appear in the details pane 2 Select the desired system then click Actions Agent Modify Policies on a Single S...

Page 178: ...nce and assign the policy and settings below 4 Next to Enforcement status select Enforcing or Not enforcing accordingly 5 Choose whether to lock policy inheritance Locking inheritance for policy enfor...

Page 179: ...Use this task to copy policy assignments from a group in the System Tree Task For option definitions click in the interface 1 Click Menu Systems System Tree Assigned Policies then select the desired...

Page 180: ...ion definitions click in the interface 1 Click Menu Systems System Tree Systems then select the desired group in the System Tree All of the systems belonging to the selected group appear in the detail...

Page 181: ...nce of a specific group Viewing and resetting broken inheritance on page 183 Use this task to view where policy inheritance is broken Viewing groups and systems where a policy is assigned Use this tas...

Page 182: ...ents where policy enforcement is disabled Use this task to view assignments where policy enforcement per policy category is disabled Task For option definitions click in the interface 1 Click Menu Pol...

Page 183: ...lick Menu Systems System Tree Assigned Policies All assigned policies organized by product appear in the details pane The desired policy row under Broken Inheritance displays the number of groups and...

Page 184: ...rvers Registering servers for policy sharing Use this task to register the servers that will share a policy For option definitions click in the interface Task 1 Click Menu Configuration Registered Ser...

Page 185: ...s task then click Next The Summary page opens 5 Review the summary details then click Save Frequently asked questions What is a policy A policy is a customized subset of product settings that correspo...

Page 186: ...systems Why New policy assignments are not enforced until the next agent server communication I pasted policy assignments from one group or system source to another target but the policies assigned to...

Page 187: ...deployment First time product and update deployment overview Server tasks and what they do Client tasks and what they do Confirming that clients are using the latest DAT files Evaluating new DATs and...

Page 188: ...aster repository manually For specific locations see the documentation for that product Agent language packages File type zip An agent language package contains files necessary to display agent inform...

Page 189: ...implementing global updating for product deployment a deployment task must be configured and scheduled for managed systems to retrieve the package If not implementing global updating for product updat...

Page 190: ...traffic is minimal Although global updating is much faster than other methods it increases network traffic during the update Global updating process Most environments can be updated within an hour us...

Page 191: ...systems however must see the SuperAgent repository from which to update Deploying update packages automatically with global updating Use this task to enable global updating on the server Global updat...

Page 192: ...can specify which packages are copied from the source site to the master repository ExtraDAT files must be checked in to the master repository manually They are available from the McAfee website A sch...

Page 193: ...mental replication task Schedule a weekly full replication task if it is possible for files to be deleted from the distributed repository outside of the replication functionality of the ePolicy Orches...

Page 194: ...epository to distributed repositories You can schedule a Repository Replication server task that occurs regularly or run a Replicate Now task for immediate replication Using pull tasks to update the m...

Page 195: ...s and choose the packages to pull from the source site when this task runs Figure 16 2 Available Source Site Packages dialog box 9 Click Next The Schedule page of the wizard appears 10 Schedule the ta...

Page 196: ...istributed repositories You can schedule a Repository Replication server task that occurs regularly or run a Replicate Now task for immediate replication Tasks Running a Repository Replication server...

Page 197: ...The Summary page appears The Schedule page provides more flexibility than the scheduling functionality of previous versions In addition to more granular scheduling in all of the schedule types you can...

Page 198: ...terface Task 1 Click Menu Software Distributed Repositories then click on the desired repository The Distributed Repository Builder wizard opens 2 On the Package Types page deselect the package that y...

Page 199: ...nformation in the server task log Click Menu Automation Server Task Log to access the following information for replication tasks Start date and task duration Status of task at each site when expanded...

Page 200: ...oduct Deployment client task to install the product on managed systems The task installs any product that is deployable through the ePolicy Orchestrator software and has been checked in to the master...

Page 201: ...o not see the product you want to deploy listed here you must first check in that product s package Set the Action to Install then select the Language of the package and the Branch To specify command...

Page 202: ...er repository If you do not see the product you want to deploy listed here you must first check in that product s package Set the Action to Install then select the Language of the package and the Bran...

Page 203: ...on task if you are using scheduled replication tasks Run update tasks for DAT and engine files at least once a day Managed systems might be logged off from the network and miss the scheduled task Runn...

Page 204: ...s task to only computers that have the following criteria Use one of the edit links to configure the criteria 10 On the Schedule page select whether the schedule is enabled and specify the schedule de...

Page 205: ...on definitions click in the interface 1 Click Menu Systems System Tree Client Tasks then select the group where the desired client task was in the System Tree 2 Click Edit Settings next to the task Th...

Page 206: ...rver The next time the agent updates it retrieves them from the Evaluation branch For additional information see Configuring the Deployment task for groups of managed systems 3 Create a scheduled Upda...

Page 207: ...definitions click in the interface 1 Ensure that the extension file is in an accessible location on the network 2 Click Menu Software Extensions Install Extension The Install Extension dialog box app...

Page 208: ...Master Repository tab Deleting DAT or engine packages from the master repository Use this task to delete packages from the master repository As you check in new update packages regularly they replace...

Page 209: ...ext The Package Options page appears 4 Select a branch Current Use the packages without testing them first Evaluation Used to test the packages in a lab environment first Once you finish testing the p...

Page 210: ......

Page 211: ...il SMTP server at Server Settings Email contacts list Specify the list from which you select recipients of notification messages at Contacts Registered executables Specify a list of registered executa...

Page 212: ...urce attacker so that you can isolate the system infecting the rest of your environment Outbreak situations For example 1000 virus detected events are received within five minutes High level complianc...

Page 213: ...eived 100 virus detection events from any system Throttling Once you have configured the rule to notify you of a possible outbreak use throttling to ensure that you do not receive too many notificatio...

Page 214: ...planning The event type and group product and server that trigger notification messages in your environment Who should receive which notification messages For example it might not be necessary to not...

Page 215: ...server communication interval If the currently applied policy is not set for immediate uploading of events either edit the currently applied policy or create a new McAfee Agent policy This setting is...

Page 216: ...s feature require additional permissions depending on the specific component used For example to create an automatic response that triggers a predefined server task users need full rights to the Serve...

Page 217: ...rmissions to Threat Event Log Server Tasks Detected Systems and Systems Tree to create a response rule For option definitions click in the interface Task 1 Click Menu User Management Permission Sets t...

Page 218: ...existing SNMP server entries Deleting an SNMP server on page 219 Use this task to delete an SNMP server from Notifications Importing MIB files on page 220 Use this task when setting up rules to send n...

Page 219: ...d for protocol verification Confirm Authentication Passphrase Retype the password for protocol verification Privacy Protocol Specifies the protocol used by the SNMP server to customize the privacy def...

Page 220: ...atch the properties of the Client Status event rsdAddDetectedSystemEvent This trap is sent when an Automatic Response for a Rogue System Detected event is triggered It contains variables that match th...

Page 221: ...cutable in the list The Edit Registered Executable page appears 2 Edit the name or select a different executable on the system then click Save Deleting registered executables Use this task to delete a...

Page 222: ...hen the event triggers the rule on the Aggregation page of the Response Builder wizard Configuring the action for Automatic Response rules on page 224 Use this task to configure the responses that are...

Page 223: ...t to Status 6 Click Next Setting filters for the rule Use this task to set the filters for the response rule on the Filters page of the Response Builder wizard For option definitions click in the inte...

Page 224: ...f event property selected exceeds 300 or when the number of events exceeds 3 000 whichever threshold is crossed first 3 Next to Grouping select whether to group the aggregated events If you select to...

Page 225: ...e Number of Distinct Values List of Distinct Values List of All Values Some events do not include this information If a selection you made is not represented the information was not available in the e...

Page 226: ...tification can be sent only once per specified quantity of events within a specified amount of time or sent at a maximum of once in a specified amount of time Can I create a rule that generates notifi...

Page 227: ...rt that status to stakeholders and decision makers using preconfigured customizable queries and reports Chapter 19 Monitoring with Dashboards Chapter 20 Querying the database and reporting on system s...

Page 228: ......

Page 229: ...irst time When using dashboards for the first time 1 The ePolicy Orchestrator server has a default dashboard you will see if you have never loaded a dashboard before 2 Create any needed dashboards and...

Page 230: ...ashboard is no longer available Customize the default dashboard to meet your organization s needs Assigning permissions to dashboards on page 233 Dashboards are only visible to users with proper permi...

Page 231: ...you have read permissions to the monitor Task For option definitions click in the interface 1 Click Menu Reporting Dashboards then select a dashboard from the Dashboard drop down list 2 Choose a moni...

Page 232: ...For option definitions click in the interface 1 Click Menu Reporting Dashboards 2 Click Dashboard Actions Import The Import Dashboard dialog box appears 3 Click Browse and select the XML file containi...

Page 233: ...he default for that permission set 5 Click and to add additional or remove existing permission set dashboard mappings If a user is assigned multiple permission sets their default dashboard is the firs...

Page 234: ...avior is configured on a monitor by monitor basis Moving and resizing dashboard monitors on page 235 Monitors can be moved and resized to efficiently use screen space Configuring dashboard monitors Mo...

Page 235: ...or If you attempt to resize the monitor to a shape not supported in the monitor s current location it returns to its prior size When you have finished modifying the dashboard click Save Changes To rev...

Page 236: ...ged systems in your environment which are compliant or noncompliant by version of VirusScan Enterprise for Windows McAfee Agent and DAT files Malware Detection History Displays a line chart of the num...

Page 237: ...Summary dashboard The Rogue System Detection RSD Summary dashboard provides a summary of the state of detected systems on your network The monitors included in this dashboard are Rogue Systems by Doma...

Page 238: ......

Page 239: ...n your McAfee ePO server and throughout your network Audit log Server Task log Threat Event log To get you started McAfee includes a set of default queries that provide the same information as the def...

Page 240: ...ic group Use public queries create and edit personal queries Grants permission to use any queries or reports that have been placed in a Public group as well as the ability to use the Query Builder to...

Page 241: ...orted results Query results can be exported to four different formats Exported results are historical data and are not refreshed like other monitors when used as dashboard monitors Like query results...

Page 242: ...d and displayed and how it is displayed Result types The first selections you make in the Query Builder wizard are the Schema and result type from a feature group This selection identifies from where...

Page 243: ...ng a query group on page 245 Query groups allow you to save queries or reports without allowing other users access to them Moving a query to a different group on page 246 You can change the permission...

Page 244: ...s of the query which is actionable so you can take any available actions on items in any tables or drill down tables Selected properties appear in the content pane with operators that can specify crit...

Page 245: ...re not limited to selecting one action for the query results Click the button to add additional actions to take on the query results Be careful to place the actions in the order you want them to be ta...

Page 246: ...it to a different group Task For option definitions click in the interface 1 Click Menu Reporting Queries Reports In the Queries list select the query you want to move 2 Click Actions and select one...

Page 247: ...gs By default most browsers ask you to save the file The exported XML file contains a complete description of all settings required to replicate the exported query Importing a query Importing a query...

Page 248: ...ill down tables 4 Select whether the data files are exported individually or in a single archive zip file 5 Select the format of the exported file CSV Use this format to use the data in a spreadsheet...

Page 249: ...ing server As a prerequisite to running a Rolled Up Compliance History query you must take two preparatory actions on each server whose data you want to include Creating a query to define compliance G...

Page 250: ...tered servers 9 Review the settings then click Save Creating a query to define compliance Compliance queries are required on McAfee ePO servers whose data is used in rollup queries Task For option def...

Page 251: ...ine queries and other elements into PDF documents providing detailed information for analysis You run reports to find out the state of your environment vulnerabilities usage events etc so you can make...

Page 252: ...Date Time Page Number User Name Custom text Page elements Page elements provide the content of the report They can be combined in any order and may be duplicated as needed Page elements provided with...

Page 253: ...ontain highly structured information so exporting and importing them from one server to another allows your data retrieval and reporting to be consistently performed from any ePolicy Orchestrator serv...

Page 254: ...on page 256 Headers and footers provide information about the report Removing elements from a report on page 257 You can remove elements from a report if no longer needed Reordering elements within a...

Page 255: ...Configuring text report elements You can insert static text within a report to explain its contents Before you begin You must have a report open in the Report Layout page Task For option definitions...

Page 256: ...row at the top left corner of the chart Click Configure This will display the Configure Query Chart page If you are adding a new query chart to the report the Configure Query Chart page appears immedi...

Page 257: ...and Exporting and click Edit 5 To change the logo click Edit Logo a If you want the logo to be text select Text and enter the text in the edit box b To upload a new logo select Image then browse to a...

Page 258: ...the same report it is recommended you archive the output elsewhere Task For option definitions click in the interface 1 Click Menu Reporting Queries Reports then select the Report tab 2 In the report...

Page 259: ...a link to the PDF containing those results Configuring Internet Explorer 8 to automatically accept McAfee ePO downloads As a security measure Microsoft Internet Explorer might block ePolicy Orchestra...

Page 260: ...information will only be used if you enable Schedule status 5 Click Save to save the server task The new task now appears in the Server Tasks list Exporting reports Using the same report definition o...

Page 261: ...6 Click Import to finalize the import Newly imported reports acquire the permissions of the group they were imported into Deleting reports You can delete reports that are no longer being used Before y...

Page 262: ...gistered modified viewed and deleted Tasks Modifying a database registration on page 262 If connection information or login credentials for a database server changes you must modify the registration t...

Page 263: ...confirmation dialog appears click Yes to delete the database The database has been deleted Any queries reports or other items within ePolicy Orchestrator that used the deleted database will be marked...

Page 264: ......

Page 265: ...utomatically deploying an agent to the system In addition to Rogue System Detection other McAfee products like McAfee Network Access Control add detected systems control to ePolicy Orchestrator Conten...

Page 266: ...tatus The Detected Systems page displays information on each of these states via corresponding status monitors This page also displays the 25 subnets with the most rogue system interfaces in the Top 2...

Page 267: ...played in this list even before you deploy sensors to the subnets that contain these systems When the agent reports to the McAfee ePO database the system is automatically listed in the Managed categor...

Page 268: ...o prevent receiving further reporting about its status Contains Rogues Subnets that contain rogue systems are listed in the Contains Rogues category to make it easier to take action on them Covered Co...

Page 269: ...r policy settings in the Rogue System Detection policy pages the same way you would for any managed security product Policy settings that you assign to higher levels of the System Tree are inherited b...

Page 270: ...r to report on all subnets and systems that connect to it DHCP monitoring allows you to cover your network with fewer sensors to deploy and manage and reduces the potential for missed subnets and syst...

Page 271: ...s included on a network found during installation Only listen on interfaces whose IP addresses are included in specific networks Specifying these settings allows you to choose the networks that the se...

Page 272: ...P IP traffic and DHCP responses To obtain additional information the sensor also performs NetBIOS calls and OS fingerprinting on systems that were already detected It does this by listening to the bro...

Page 273: ...y Orchestrator data to determine whether the system is a rogue system Bandwidth use and sensor configuration To save bandwidth in large deployments you can configure how often the sensor sends detecti...

Page 274: ...ally you can manually merge the system with an existing detected system Matching detected systems Automatic matching of detected systems is necessary to prevent previously detected systems from being...

Page 275: ...he agent if available Removing systems from the Detected Systems list on page 279 Use this task to remove systems from the Detected Systems list You might want to remove a system from this list when y...

Page 276: ...dd to Exceptions The Add to Exceptions dialog box appears 4 Select one of the following to configure the Detected Systems Exceptions display and click OK No Category Displayed without a category entry...

Page 277: ...ct the detected systems you want to add to the System Tree 2 Click Actions Detected Systems Add to System Tree The Add to System Tree page opens 3 Click Browse to open the Select System Tree Group dia...

Page 278: ...etwork s Exceptions list For option definitions click in the interface Task 1 Click Menu Systems Detected Systems click Import Export Exceptions from the Overall System Status monitor then click the I...

Page 279: ...is task can be performed from Getting there Detected Systems page Click Menu Systems Detected Systems Detected Systems Status page Click Menu Systems Detected Systems then click any category in the Ov...

Page 280: ...terface Task 1 Click Menu Systems Detected Systems 2 In the Rogue System Sensor Status monitor click View Blacklist 3 Select the system you want to remove from the Rogue System Blacklist page 4 Click...

Page 281: ...ork Installing sensors on specific systems Use this task to install sensors to specific systems on your network This task creates a deployment task that installs the sensor to the selected systems the...

Page 282: ...en click Actions New Task The Client Task Builder wizard opens 8 On the Description page name and describe the task and specify the Schedule status then click Next 9 On the Action page select Run Quer...

Page 283: ...Details page Click Menu Systems Detected Systems click any sensor category in the Rogue System Sensor Status monitor then click any sensor Rogue System Sensor page Click Menu Systems Detected Systems...

Page 284: ...bnets on page 285 Use this task to include subnets that have previously been ignored by Rogue System Detection This task can be performed by querying ignored subnets using the steps below or you can i...

Page 285: ...u Systems Detected Systems Ignoring a subnet deletes all detected interfaces associated with that subnet All further detections on that subnet are also ignored To view the list of ignored subnets clic...

Page 286: ...at displays detected subnets For option definitions click in the interface Task 1 Click Menu Systems Detected Systems 2 In the Subnet Status monitor click any category to view the list of detected sub...

Page 287: ...dd those dashboard monitors to the Dashboards section in ePolicy Orchestrator For more information on using dashboards seeAssessing Your Environment With Dashboards Rogue System Detection query defini...

Page 288: ......

Page 289: ...the issue is referred to as a ticketed issue A ticketed issue can have only one associated ticket Integrating issues with third party ticketing servers Integration of a ticketing server forces the cr...

Page 290: ...es Tasks Creating basic issues manually on page 290 Basic issues can be created manually Non basic issues must be created automatically Configuring responses to automatically create issues on page 291...

Page 291: ...ime that the issue is due Due dates in the past are not allowed 4 Click Save Configuring responses to automatically create issues You can use responses to automatically create issues when certain even...

Page 292: ...if needed after a certain number of events have occurred or a certain property accumulates a specified number of distinct values 5 Next to Grouping select one Do not group aggregated events events of...

Page 293: ...nformation to help fix the issue 10 If applicable type or select the appropriate option Use this To do this State Assign a state to the issue Unknown New Assigned Resolved Closed Priority Assign a pri...

Page 294: ...tomation Issues 2 Perform the tasks that you want Task Do this Adding comments to issues 1 Select the checkbox next to each issue you want to comment then click Action Add comment 2 In the Add comment...

Page 295: ...a closed ticketing issue deletes the issue but the associated ticket remains in the ticketing server database Tasks Purging closed issues manually on page 295 Periodically purging closed issues from...

Page 296: ...the ticketing server that ticket s ID is added to the ticketed issue The ticket ID creates the ticket to issue association After the steps for integrating a ticketing server are completed all subsequ...

Page 297: ...ticket does not reopen the associated ticket issue The configuration mapping for the ticketing server must also be configured to allow tickets to be reopened See Required fields for mapping Ticketed i...

Page 298: ...that server task if you are upgrading the ticketing server For more details see Upgrading a registered ticketing server When the registered ticketing server is deleted the ticket ID that associated th...

Page 299: ...KNOWN 20 ASSIGNED 20 Ticket field Information Operation Identity Source field Description Ticket field HistoryLines Operation Identity Source field Activity Log Ticket field Type the name or ID for an...

Page 300: ...e Values Default Value 0 Source Value Mapped Value NEW 0 RESOLVED 2 ASSIGNED 1 Ticket field 2 Operation Custom Mapping Source field Type the user name for the ticketing server This is the same user na...

Page 301: ...and synchronize ticketed issues with the Issue Synchronization server task Tasks Adding tickets to issues on page 301 You can add a ticket to a single issue or to multiple issues at once Synchronizing...

Page 302: ...cketed issues and their associated tickets in the ticketing server Use this task to configure the Issue synchronization server task to run on a schedule The schedule for the Issue synchronization serv...

Page 303: ...hen repeat steps 1 3 6 Under Service status click Start The server is now running Tasks Stopping and starting the server on page 303 You must stop an ePolicy Orchestrator server before you can copy th...

Page 304: ...opy the required files to the Server common lib folder of your ePolicy Orchestrator software installation For example C Program Files McAfee ePolicy Orchestrator Server common lib Copying the BMC Reme...

Page 305: ...alling the ticketing server extensions You must install the ticketing server extensions before you can integrate them into the ePolicy Orchestrator ticketing system Task For option definitions click i...

Page 306: ...ose the hosts file 4 Restart the McAfee ePO server Registering a ticketing server You must register a ticketing server before tickets can be associated with issues Task For option definitions click in...

Page 307: ...hen type the Mapped Value that should be substituted for this value in the ticket 3 Click to map another value 4 When finished click OK If Numeric Range is selected select an issue field to map in the...

Page 308: ...OK The test mapping function verifies the mapping for the basic issue type regardless of the issue type configured Therefore testing the mapping for issue types from other product extensions extended...

Page 309: ...icketing server based on the configuration requirements for the upgraded ticketing server Delete the existing registered ticketing server then create a new one based on the configuration requirements...

Page 310: ......

Page 311: ...s up the ePolicy Orchestrator server in simple recovery mode it marks the backed up transaction log records as inactive also known as truncating the log In this way new operations written to the trans...

Page 312: ...er balance the load you might perform incremental daily or nightly backups and a full weekly backup each week Save the backup copy to a different server than the one hosting your live database If your...

Page 313: ...figuration file ePO installation directory server conf orion db properties by hand put in the plaintext password start the server then use the config page to re edit the db config which stores the enc...

Page 314: ......

Page 315: ...estrator components 16 properties viewing 153 responses and event forwarding 214 wake up calls 155 agent communication port 36 agent deployment credentials 31 Agent Handlers about 101 Agent Handlers c...

Page 316: ...ting and scheduling 204 deleting 205 editing settings for 205 installing RSD sensors 282 objects 200 sharing 200 working with 204 command line options notifications and registered executables 221 rogu...

Page 317: ...adding to 277 detected systems continued status monitors 266 viewing 280 working with 274 Detected Systems list removing systems from 279 detections configuring RSD policies 275 settings for rogue sy...

Page 318: ...Rogue System Detection 265 F fallback sites about 78 configuring 73 deleting 75 edit existing 75 switching to source 75 features ePolicy Orchestrator components 16 filters Event Filtering settings 39...

Page 319: ...and Rogue System Sensor 272 interface favorites bar 18 menu 18 navigation 18 interface Menu 18 internet explorer blocked downloads 259 Internet Explorer configuring proxy settings 83 proxy settings an...

Page 320: ...ning 123 use global updating 190 use IP addresses for sorting 124 use tag based sorting criteria 124 McAfee ServicePortal accessing 12 Menu navigating in the interface 19 menu based navigation 18 mess...

Page 321: ...with Policy Catalog 171 policies Rogue System Detection about 269 compliance settings 61 configuring 275 policies Rogue System Detection continued considerations 269 matching settings 62 policy assig...

Page 322: ...continued personal query group 245 report formats 240 result type 249 results as dashboard monitors 240 results as tables 242 rollup from multiple servers 249 running existing 244 scheduled 245 using...

Page 323: ...page 222 setting filters for 223 setting thresholds 223 responses assigning permissions 217 responses continued configuring 216 220 224 configuring to automatically create issues 291 contacts for 224...

Page 324: ...r task log continued Replicate Now task 197 reviewing status of tasks 114 working with 114 server tasks about 190 allowing Cron syntax 115 198 Data Rollup 249 for policy sharing 184 installing Rogue S...

Page 325: ...79 wake up calls 151 155 wake up calls to System Tree groups 155 synchronization Active Directory and 127 defaults 130 deploying agents automatically 127 excluding Active Directory containers 127 NT d...

Page 326: ...302 ticketing installing server extensions 303 ticketing servers about sample mappings 298 BMC Remedy Action Request System versions 6 3 and 7 0 297 configuring DNS for Service Desk 4 5 306 considera...

Page 327: ...date task 203 user accounts about 43 changing passwords 44 creating 44 deleting 45 editing 44 working with 44 user based policies about 167 user based policies continued criteria 167 users permission...

Page 328: ...00...

Reviews:

No comments

Related manuals for EPOCDE-AA-BA - ePolicy Orchestrator - PC

Blackberry MAIL - BROWSING SMARTPHONE User Manual preview
MAIL - BROWSING SMARTPHONE
Brand: Blackberry Pages: 25
Novell EVOLUTION 2.6 Manual preview
EVOLUTION 2.6
Brand: Novell Pages: 126
Minolta DIMAGE VIEWER 2.1 Instruction Manual preview
DIMAGE VIEWER 2.1
Brand: Minolta Pages: 84
HP EliteBook 8460W Quickspecs preview
EliteBook 8460W
Brand: HP Pages: 41
HP Elite 7300 Microtower Illustrated Parts & Service Map preview
Elite 7300 Microtower
Brand: HP Pages: 4
HP MultiSeat ms6000 Hardware Reference Manual preview
MultiSeat ms6000
Brand: HP Pages: 63
HP EliteBook 8560p Brochure preview
EliteBook 8560p
Brand: HP Pages: 4
HP Elitebook 8560W Getting Started preview
Elitebook 8560W
Brand: HP Pages: 74
HP Fabric OS 7.0.0 Troubleshooting Manual preview
Fabric OS 7.0.0
Brand: HP Pages: 138
HP Evo D510 e-pc Technical Reference Manual preview
Evo D510 e-pc
Brand: HP Pages: 50
HP EliteBook 2560p Specifications preview
EliteBook 2560p
Brand: HP Pages: 34
HP FTAM/9000 Reference Manual preview
FTAM/9000
Brand: HP Pages: 102
HP NAS 1200s Release Note preview
NAS 1200s
Brand: HP Pages: 16
HP Evo D300 - Convertible Minitower Supplementary Manual preview
Evo D300 - Convertible Minitower
Brand: HP Pages: 2
HP e-PC c10/s10 Administrator'S Manual preview
e-PC c10/s10
Brand: HP Pages: 66
HP Elite 7500 Microtower Manual preview
Elite 7500 Microtower
Brand: HP Pages: 4
HP Neoware c50 - Thin Client User Manual preview
Neoware c50 - Thin Client
Brand: HP Pages: 228
HP Elitebook 8560W Maintenance And Service Manual preview
Elitebook 8560W
Brand: HP Pages: 175

Brands by name

Popular brands

Load more brands