manualshive.com logo in svg

McAfee EPOLICY ORCHESTRATOR 4.0.2 -, Product Manual

Share
Download
McAfee EPOLICY ORCHESTRATOR 4.0.2 - Product Manual Download Page 201

Setting up automatic responses to Rogue System
Detection events

Use this task to set up automatic responses to Rogue System Detection events using the
Response Builder wizard. You can configure Rogue System Detection to generate an automatic
response when:

• A system is added to the Exceptions list.

• A system is detected.

• A subnet falls into the uncovered state.

Task

For option definitions, click on the page displaying the options.

1

Go to Automation Responses and click New Response. The Response Builder
wizard opens.

2

In the Description page:

Type a name for the new response, and any notes.

From the Event group drop-down list, select Rogue System Events.

From the Event type drop-down list, select an event type.

Table 2: Event type option definitions

Definition

Option

Triggers a response any time a system is added to the Exceptions
list.

Add to Exceptions

Triggers a response any time a subnet does not have any active
sensors monitoring it.

Subnet Falls Into Uncovered State

Triggers a response any time a rogue system is detected.

Rogue System Detected

Select Enabled to activate the response, then click Next.

3

On the Filter page from the Available Properties list, click the properties you want to
use to filter events, then click Next.

4

In the Aggregation page, specify how you want events to be aggregated, the click Next.

5

In the Actions page, select the action to perform when this response is triggered, then
click Next.

Table 3: Action results

Result

Action

Adds the detected system to the Exceptions list.

Add to Exceptions

Adds the detected system to the System Tree.

Add to System Tree

Removes the detected system associated with this event.

Delete Detected System

Deploys a McAfee Agent to the detected system.

Deploy Agent

Opens the Query McAfee Agent Results page, which provides the name of IP
address of the detected system and details about the agent installed on it.

Query Agent

Removes the detected system from the Exceptions list.

Remove from Exceptions

Detecting Rogue Systems
Setting up automatic responses to Rogue System Detection events

201

McAfee ePolicy Orchestrator 4.0.2 Product Guide

Summary of Contents for EPOLICY ORCHESTRATOR 4.0.2 -

Page 1: ...McAfee ePolicy Orchestrator 4 0 2 Product Guide...

Page 2: ...curity is distinctive of McAfee brand products All other registered and unregistered trademarks herein are the sole property of their respective owners LICENSE INFORMATION License Agreement NOTICE TO...

Page 3: ...rol 18 Available server tasks and what they do 19 The Audit Log 20 The Event Log 20 Data exports from any table or chart 21 MyAVERT Security Threats 22 Logging on and off from ePO servers 22 Logging o...

Page 4: ...iewing the Event Log 33 Purging events 33 Purging the Event Log on a schedule 34 Working with MyAvert Security Threats 34 Configuring MyAvert update frequency and proxy settings 35 Viewing threat noti...

Page 5: ...orting systems from a text file 54 Sorting systems into criteria based groups 55 Importing Active Directory containers 57 Importing NT domains to an existing group 59 Synchronizing the System Tree on...

Page 6: ...query results 82 Maintaining the agent 82 Sending manual wake up calls to systems 83 Sending manual wake up calls to a group 83 Sending wake up calls on a schedule 84 Viewing the agent activity log 8...

Page 7: ...other servers 111 Importing distributed repositories from the SITEMGR XML file 111 Importing source sites from the SITEMGR XML file 112 Changing credentials on multiple distributed repositories 112 M...

Page 8: ...es 131 Deployment packages for products and updates 131 Product and update deployment 133 Deployment tasks 134 Update tasks 134 Global updating 135 Pull tasks 136 Replication tasks 137 Repository sele...

Page 9: ...h events are forwarded 157 Setting up ePO Notifications 157 Giving users appropriate permissions to Notifications 157 Working with SNMP servers 158 Working with registered executables and external com...

Page 10: ...Failed User Actions in ePO Console query 182 ePO Failed Logon Attempts query 182 ePO Multi Server Compliance History query 182 ePO Systems per Top Level Group query 183 ePO Systems Tagged as Server qu...

Page 11: ...r settings for Rogue System Detection 199 Editing compliance settings 199 Editing matching settings 199 Editing sensor settings 200 Setting up automatic responses to Rogue System Detection events 201...

Page 12: ...forming daily or weekly database maintenance 214 Performing weekly maintenance of MSDE databases 214 Performing regular maintenance of SQL Server databases 215 Backing up ePolicy Orchestrator database...

Page 13: ...ates and signatures from McAfee or user defined source sites Distributed repositories Placed strategically throughout your environment to provide access for managed systems to receive signatures produ...

Page 14: ...licy Orchestrator environment for the first time and as a reference tool for more experienced users Depending on your environment you may perform some of these tasks in a slightly different order McAf...

Page 15: ...the product Before during and after installation How can my company benefit from this product Online Help Product Guide and Online Help Release Notes Evaluation Tutorial Maintaining the software Known...

Page 16: ...uring the ePO server for the first time 1 Review the conceptual information on user accounts permission sets server settings and server tasks 2 Decide on how to implement the flexibility of permission...

Page 17: ...dd delete and assign permission sets Import events into ePolicy Orchestrator databases and limit events that are stored there How permission sets work A permission set is a group of permissions that c...

Page 18: ...Provides view permissions across ePolicy Orchestrator features Users that are assigned this permission set each need at least one more permission set that grants access needed products and groups of...

Page 19: ...Synchronizes select Windows NT domains and Active Directory containers that are mapped to System Tree groups This task can also be performed manually Purge Audit Log Deletes entries from the Audit Lo...

Page 20: ...which columns are displayed in the sortable table You can choose from a variety of event data to use as columns Depending on which products you are managing you can also take certain actions on the e...

Page 21: ...e threat originated Threat Source IPv6 Address IPv6 address of the system from which the threat originated Threat Source MAC Address MAC address of the system from which the threat originated Threat S...

Page 22: ...upplemental virus definition EXTRA DAT file which you can manually download if you need protection before the next full DAT file is available such as in an outbreak scenario Protection Pending on High...

Page 23: ...sired ePolicy Orchestrator server This information appears in the title bar To view license information go to the logon page To view extension version information go to Configuration Extension Working...

Page 24: ...ccounts Task For option definitions click on the page displaying the options 1 Go to Configuration Users 2 Select the user you want to edit in the Users list then click Edit 3 Edit the account as need...

Page 25: ...ons then click Save 7 Repeat for all desired sections of the permission set Duplicating permission sets Use this task to duplicate a permission set Only global administrators can duplicate permission...

Page 26: ...nistrators can delete permission sets Task For option definitions click on the page displaying the options 1 Go to Configuration Permission Sets then select the permission set you want to delete in th...

Page 27: ...ick on the page displaying the options 1 Go to Configuration Contacts then select a contact 2 Click Delete then click OK in the Action pane The contact no longer appears in the list Working with serve...

Page 28: ...configure Headers and footers including a custom logo name page numbering etc Page size and orientation for printing Directory where exported tables and dashboards are stored Task For option definiti...

Page 29: ...ion After installation you can only change the two ports used for agent communication If you need to change other ports you must reinstall the server and reconfigure the ports in the installation wiza...

Page 30: ...re it finished Task For option definitions click on the page displaying the options 1 Go to Reporting Server Task Log 2 Click any entry in the log to view its details Figure 4 Server Task Log Details...

Page 31: ...w and purge the Audit Log The Audit Log records actions taken by ePO users Tasks Viewing the Audit Log Purging the Audit Log Purging the Audit Log on a schedule Viewing the Audit Log Use this task to...

Page 32: ...on definitions click on the page displaying the options 1 Go to Reporting Audit Log 2 Click Purge 3 In the Action panel next to Purge records older than type a number and select a time unit 4 Click OK...

Page 33: ...1 Go to Reporting Event Log 2 Click any of the column titles to sort the events You can also select Choose Columns from the Options drop down list to select different table columns that meet your need...

Page 34: ...le of events 5 Click Next The Schedule page appears 6 Schedule the task as needed then click Next The Summary page appears 7 Review the task s details then click Save Working with MyAvert Security Thr...

Page 35: ...the options 1 Go to Reporting MyAvert Figure 8 MyAvert Security Threats page 2 If you want to narrow the viewable notifications select an option from the Filter drop down list 3 If you want to mark n...

Page 36: ...location on the server to which a link is provided You can open or save the file to another location by right clicking it NOTE When typing multiple email addresses for recipients you must separate en...

Page 37: ...5 in the minutes field means the task runs at minutes 5 20 35 and 50 The letter L means last in the Day of Week or Day of Month fields For example 0 15 10 6L means the last Friday of every month at 10...

Page 38: ...stems managed by ePolicy Orchestrator it is the the primary interface for managing policies and tasks on these systems You can organize systems into logical groups for example functional department or...

Page 39: ...properties or requirements into these units allows you to manage policies for systems in one place rather than setting policies for each system individually As part of the planning process consider th...

Page 40: ...ronment can affect how your System Tree is structured Plan the organization of the System Tree before you build and populate it Especially for a large network you want to build the System Tree only on...

Page 41: ...es several advantages for configuring policies You can configure update policies for the group so that all systems update from one or more distributed software repositories located nearby You can sche...

Page 42: ...oy and manage security products on these systems separately Additionally by giving these systems a corresponding tag you can automatically sort them into a group Tags and how they work Tags are a new...

Page 43: ...and maintain part or all of the System Tree with Active Directory synchronization settings Once defined the System Tree is updated with any new systems and subcontainers in your Active Directory Activ...

Page 44: ...exist elsewhere in the System Tree this ensures no duplicate systems if you manually move or sort the system to another location Exclude certain Active Directory containers from the synchronization Th...

Page 45: ...ne criterion of a group s sorting criteria to be placed in the group After creating groups and setting your sorting criteria take a Test Sort action to confirm the criteria and sorting order achieve t...

Page 46: ...e sorting is disabled on a system that system will not be sorted regardless of how the sorting action is taken If System Tree sorting is enabled on a system that system is sorted always for the manual...

Page 47: ...the server attempts to locate the system in the System Tree by agent GUID only systems whose agents have already called into the server for the first time have an agent GUID in the database If a matc...

Page 48: ...nd with matching criteria 7 If such a top level group is not found then the subgroups of top level groups without sorting criteria are considered according to their sorting 8 If such a second level cr...

Page 49: ...ot configured When systems are evaluated against a tag s criteria the tag is applied to systems that match the criteria and have not been excluded from the tag 5 Verify the information on this page th...

Page 50: ...d manually The Systems with Tag Applied Manually page appears c Verify the desired systems are in the list Applying criteria based tags automatically to all matching Use these tasks to apply criteria...

Page 51: ...the tag on systems that don t match the criteria and applies the tag to systems that match criteria but were excluded from receiving the tag 5 Click Next The Schedule page appears 6 Schedule the task...

Page 52: ...riteria to ensure the systems stay in the group If your organization s IP address information coincides with your security management needs consider assigning IP address sorting criteria to these grou...

Page 53: ...omatically placed in the appropriate group Adding systems manually to an existing group Use this task to import systems from your Network Neighborhood to groups You can also import a network domain or...

Page 54: ...a text file Then import that information into ePolicy Orchestrator You must have network utilities such as the NETDOM EXE utility available with the Microsoft Windows Resource Kit to generate complete...

Page 55: ...stems manually Adding sorting criteria to groups Use this task to configure sorting criteria for a group Sorting criteria can be based on IP address information or tags Task For option definitions cli...

Page 56: ...g and disabling System Tree Sorting on Systems Use this task to enable or disable System Tree sorting on systems The sorting status of a system determines whether it can be sorted into a criteria base...

Page 57: ...e System Tree is added or removed also Delete systems from the System Tree when they are deleted from Active Directory Prevent duplicate entries of systems in the System Tree when they already exist i...

Page 58: ...oved from the System Tree Systems only Select this option if you only want the systems from the Active Directory container and non excluded subcontainers to populate this group and this group only No...

Page 59: ...on server task for the first synchronization This is useful if you are deploying agents to new systems on the first synchronization when bandwidth is a larger concern 13 When the synchronization compl...

Page 60: ...Next to Domain click Browse and select the NT domain to map to this group then click OK Alternatively you can type the name of the domain directly in the text box NOTE When typing the domain name do n...

Page 61: ...ze Now or Update Group Once the systems are added to the System Tree distribute agents to them if you did not select to deploy agents as part of the synchronization Also consider setting up a recurrin...

Page 62: ...s mapped to the NT domain 2 Next to Synchronization type click Edit The Synchronization Settings page appears 3 Near the bottom of the page click Compare and Update The Manually Compare and Update pag...

Page 63: ...is action 3 Select whether to enable or disable System Tree sorting on the selected systems when they are moved 4 Select the group in which to place the systems then click OK Organizing Systems for Ma...

Page 64: ...to understand the agent its policies and tasks and the methods to distribute it 2 Configure agent policy settings for the System Tree groups to which you are distributing agents 3 Distribute agents wi...

Page 65: ...LES NETWORK ASSOCIATES COMMON FRAMEWORK CAUTION Once the agent has been installed you cannot change its installation directory without first removing it Agent language packages Agent installation pack...

Page 66: ...stem Agent server communication can be initiated in three ways Agent to server communication interval ASCI Agent initiated communication after agent startup Agent wake up calls Communication initiated...

Page 67: ...ul when you have made policy changes or checked in updates that you want to apply to the managed systems sooner than the next ASCI Wake up calls can also configured on query results which are schedule...

Page 68: ...ices To deploy sufficient numbers of SuperAgents to the appropriate locations first determine the broadcast segments in your environment and select a system preferably a server in each to host a Super...

Page 69: ...server Where the agent goes for product and update packages Before distributing a large number of agents throughout your network consider carefully how you want the agent to behave in the segments of...

Page 70: ...the ePO server differ by more than two The properties listed depend on whether you selected to send full or minimal properties on the General tab of the McAfee Agent policy pages Full properties If y...

Page 71: ...xy server settings for the managed systems The Proxy tab of the McAfee Agent policy pages includes settings to Use Internet Explorer proxy settings Configure custom proxy settings Disable any proxy us...

Page 72: ...are several methods you can use to distribute the agent to the systems you want to manage Before using any of these methods you should consider each The following table details the advantages and dis...

Page 73: ...credentials if users do not have local administrator permissions The user account credentials you embed are used to install the agent NOTE For Microsoft Windows XP Service Pack 2 and later operating...

Page 74: ...ify that the server can communicate with a few systems in each segment of your network If the targeted systems respond to the ping then ePolicy Orchestrator can reach the segments NOTE The ability to...

Page 75: ...ent page 3 Select the desired Agent version from the drop down list 4 If you are deploying agents to a group select whether to include systems from its subgroups 5 Select whether to Install only on sy...

Page 76: ...pected systems to the desired groups If you don t all systems are added to the Lost Found group and you must move them later manually The details of the login script depends on your needs Consult your...

Page 77: ...cally on a system This is a desirable method to install agents for the following circumstances Your organization requires that software is installed on systems manually You intend to use ePolicy Orche...

Page 78: ...ory list SITELIST XML from the Master Repository page to a temporary folder on the system such as C TEMP 2 Run this command on the desired system FRMINST EXE INSTALL AGENT SITEINFO C TEMP SITELIST XML...

Page 79: ...to force the new agent to call into the ePO server immediately You can do this from any system on which an agent has just been installed This is useful after installing the agent manually Task For opt...

Page 80: ...such as VirusScan Enterprise to systems that are already running agents Best practices information You can use the deployment task to upgrade agents McAfee releases newer versions of the agent periodi...

Page 81: ...oving agents from systems in query results Running FRMINST EXE from a command line Use this task to remove the agent from a command line Task Run the agent installation FRMINST EXE program with the RE...

Page 82: ...emoving agents from systems in query results Use this task to remove agents from systems listed in the results of queries for example the Agent Versions Summary query Task For option definitions click...

Page 83: ...r next to Target systems 4 Select whether to send an Agent Wake Up Call or SuperAgent Wake Up call next to Wake up call type 5 Accept the default or type a different Randomization 0 60 minutes Conside...

Page 84: ...his wake up call ensure this is option selected 8 Click OK to send the agent or SuperAgent wake up call Sending wake up calls on a schedule Use this task to create a scheduled agent wake up call NOTE...

Page 85: ...ting the option and applying the change 2 Select Status Monitor from the menu The status monitor appears the agent activity log is displayed 3 Close the status monitor when finished Viewing the agent...

Page 86: ...manually Sending full properties to the ePO server Sending events to the ePO server immediately Updating policies Enforcing policies Viewing agent settings Viewing agent and product version numbers Ru...

Page 87: ...ay icon on the desired system then select McAfee Agent Status Monitor The Agent Status Monitor appears 2 Click Check New Policies Enforcing policies Use this task to prompt an agent to enforce all con...

Page 88: ...either of these tasks to ensure that all agents can communicate with any required server in the environment Previous versions of ePolicy Orchestrator allowed agents to easily roam among multiple ePO...

Page 89: ...n ASSC keys Do this if you discover a key has been compromised McAfee recommends creating and using new ASSC keys routinely for example every three months Task For option definitions click on the page...

Page 90: ...l of the systems whose agents are using the selected keys Click any system in the list to view its details or select the checkboxes next to desired systems and take any of the actions available below...

Page 91: ...repositories in your organization or McAfee source sites The master repository key pair is unique for each installation If you use multiple servers each uses a different key If your agents may downloa...

Page 92: ...r option definitions click on the page displaying the options 1 Go to Configuration Server Settings on each server in your environment select Security Keys in the Setting Categories list then click Ed...

Page 93: ...dialog box appears 3 Click Save The Save As dialog box appears 4 Browse to a secure network location to store the ZIP file then click Save Restoring security keys from a backup file Use this task to...

Page 94: ...ons These options are not case sensitive but their values are FRAMEPKG EXE and FRMINST EXE command line options Description Command Specifies the folder on the system to store agent data files The def...

Page 95: ...s the agent and removes it if not in use Sample FRMINST REMOVE AGENT REMOVE AGENT Installs the agent in silent mode hiding the installation interface from the end user Sample FRAMEPKG INSTALL AGENT SI...

Page 96: ...s to use and their locations 3 Create and populate your repositories Contents Repository types and what they do How repositories work together Ensuring access to the source site Working with source an...

Page 97: ...lected updates and packages are checked into the master repository You do not need to spend additional time creating and configuring repositories or the update tasks Source site The source site provid...

Page 98: ...e recommends combining SuperAgent repositories and global updating to ensure your managed environment is up to date FTP repositories If you are unable to use SuperAgent repositories use an existing FT...

Page 99: ...ployment packages can be added only to the Current branch unless support for the other branches has been enabled Evaluation branch You may want to test new DAT and engine updates with a small number o...

Page 100: ...tories work together The repositories work together in your environment to deliver updates and software to managed systems You may or may not need distributed repositories Figure 18 Sites and Reposito...

Page 101: ...the Internet Explorer browser that is installed on your ePO server NOTE A user must be logged on to the ePO server sytem for the scheduled tasks to run when using Internet Explorer proxy settings If y...

Page 102: ...are Master Repository then click Configure Proxy Settings The Configure Proxy Settings page appears Figure 19 Configure Proxy Settings page 2 Ensure Use Internet Explorer settings is selected next to...

Page 103: ...separated by semi colons 6 Click OK to save these settings Working with source and fallback sites Use these tasks to change the default source and fallback sites You must be a global administrator to...

Page 104: ...text box If you selected UNC type the network directory where the site resides in Replication UNC path Use this format computer FOLDER You can use variables to define this location 4 On the Credential...

Page 105: ...source or fallback sites Use this task to delete source or fallback sites Before you begin You must have appropriate permissions to perform this task Task For option definitions click on the page disp...

Page 106: ...n You can use standard Windows variables such as PROGRAM_FILES_DIR NOTE Managed systems updating from this SuperAgent repository are able to access this folder You do not need to manually enable file...

Page 107: ...General tab deselect Use systems running SuperAgents as distributed repositories then click Save NOTE To delete a limited number of your existing SuperAgent distributed repositories duplicate the McA...

Page 108: ...HTTP type the web address in URL and the HTTP port number in Port which is 80 by default and type the network directory where the repository resided in Replication UNC path You can also enter the serv...

Page 109: ...all packages if a needed package type is not present in the repository the task fails This feature ensures packages that are only used by a few systems are not replicated throughout your entire enviro...

Page 110: ...o the desired repository 2 On the Delete Repository dialog box click OK NOTE Deleting the repository does not delete the packages on the system hosting the repository Working with the repository list...

Page 111: ...ther the Distributed Repositories or Source Sites pages However when you import this file to either page it imports only the items from the file that are listed on that page For example when this file...

Page 112: ...on definitions click on the page displaying the options 1 Go to Software Source Sites then click Import Source Sites The Import Source Sites dialog box appears 2 Browse to and select the exported SITE...

Page 113: ...3 Select the desired distributed repositories then click Next The Credentials page appears 4 Edit the credentials as needed then click Next The Summary page appears 5 Review the information then clic...

Page 114: ...reate and assign policies to groups and systems 4 Create and assign client tasks to groups and systems Contents Extensions and what they do Policy management Policy application Client tasks and what t...

Page 115: ...mponent The ePolicy Orchestrator console allows you to configure policy settings for all products and systems from a central location Policy categories Policy settings for most products are grouped by...

Page 116: ...y settings have changed NOTE There is a delay of up to three minutes after the interval before policies for Norton AntiVirus products are enforced The agent first updates the GRC DAT file with policy...

Page 117: ...eated it Ownership provides that no one can modify or delete a policy except its creator or a global administrator Any user with appropriate permissions can assign any policy in the Policy Catalog pag...

Page 118: ...to view detailed information about the policies their assignments inheritance and their owners Tasks Viewing groups and systems where a policy is assigned Viewing the settings of a policy Viewing pol...

Page 119: ...lick Edit next to the desired policy The policy pages and their settings appear NOTE You can also view this information when accessing the assigned policies of a specific group accessed from the Syste...

Page 120: ...ee Systems then select the desired group in the System Tree All systems belonging to the group appear in the details pane 2 Select the system then click Modify Policies on a Single System 3 Select the...

Page 121: ...en click Reset Inheritance Working with the Policy Catalog Use these tasks to create and maintain policies from the Policy Catalog page Tasks Creating a policy on the Policy Catalog page Duplicating a...

Page 122: ...rs 3 Type the name of the new policy in the field then click OK for example Sales Europe The new policy appears on the Policy Catalog page 4 Click Edit next to the new policy s name in the list The po...

Page 123: ...itions click on the page displaying the options 1 Go to Systems Policy Catalog then select the Product and Category from the drop down lists All created policies for that category appear in the detail...

Page 124: ...down lists All created policies for that category appear in the details pane 2 Locate the desired policy then click Export next to the policy The Download File page appears 3 Right click the link and...

Page 125: ...ak inheritance and assign the policy and settings below next to Inherited from 4 Select the desired policy from the Assigned policy drop down list NOTE From this location you can also edit the selecte...

Page 126: ...n lists then click Save Enforcing policies for a product on a group Use this task to enable or disable policy enforcement for a product on a System Tree group Policy enforcement is enabled by default...

Page 127: ...s from different portions of the System Tree Tasks Copying policy assignments from a group Copying policy assignments from a system Pasting policy assignments to a group Pasting policy assignments to...

Page 128: ...system You must have already copied policy assignments from a group or system Task For option definitions click on the page displaying the options 1 Go to Systems System Tree Systems then select the...

Page 129: ...or the selected group and any group that inherits the task Editing client tasks Use this task to edit a client task s settings or schedule information for any exisitng task Task For option definitions...

Page 130: ...ected when the policy is modified in the Policy Catalog All groups and systems where a policy is applied receive any modification made to the policy at the next agent server communication The policy i...

Page 131: ...deployment Checking in packages manually Using the Product Deployment task to deploy products to managed systems Deploying update packages automatically with global updating Deploying update packages...

Page 132: ...ate package If bandwidth is a concern McAfee recommends updating DAT and engine files separately SuperDAT SDAT EXE files File type SDAT EXE McAfee website Download and check supplemental virus definit...

Page 133: ...e corresponding package in to the master repository Doing so copies the packages into both directory structures enabling you to support legacy products Package ordering and dependencies If one product...

Page 134: ...recommends considering the size of the package and the available bandwidth between the master or distributed repositories and the managed systems In addition to potentially overwhelming the ePO serve...

Page 135: ...o run daily or several times a day Global updating McAfee recommends using global updating with your updating strategy Global updating automates replication to your distributed repositories and updati...

Page 136: ...is release you can specify which packages are copied from the source site to the master repository NOTE EXTRA DAT files must be checked in to the master repository manually They are available from the...

Page 137: ...ling a daily incremental replication task Schedule a weekly full replication task if it is possible for files to be deleted from the distributed repository outside of ePolicy Orchestrator s own replic...

Page 138: ...er task log The following information is available for replication tasks on the Reporting Server Task Log tab Start date and task duration Status of task at each site when expanded Any errors or warni...

Page 139: ...rt Netshield for NetWare Select this option if you are checking in a package for NetShield for Netware Move the existing package to the Previous branch Moves the existing package of the same type but...

Page 140: ...sitory If you do not see the product you want to deploy listed here you must first check in that product s package 7 Set the Action to Install then select the language version of the package 8 To spec...

Page 141: ...ed are those for which you have already checked in a package file to the master repository If you do not see the product you want to deploy listed here you must first check in that product s package f...

Page 142: ...n update Global updating initiates an update only if new packages for the components specified here are checked in to the master repository or moved to another branch Select these components carefully...

Page 143: ...ability to select which packages are copied from the source site Before you begin You must have the appropriate permissions to perform this task Task For option definitions click on the page displayin...

Page 144: ...cron syntax by selecting the Advanced schedule type 11 Review the summary information then click Save The scheduled Repository Pull task is added to the task list on the Server Tasks page Running a Pu...

Page 145: ...epository to distributed repositories You can schedule a Repository Replication server task that occurs regularly or run a Replicate Now task for immediate replication Tasks Running a Repository Repli...

Page 146: ...n all of the schedule types you can use cron syntax by selecting the Advanced schedule type 9 Review the summary information then click Save The scheduled Repository Pull task is added to the task lis...

Page 147: ...them by response time Subnet value Compares the IP addresses of client systems and all repositories and sorts repositories based on how closely the bits match The more closely the IP addresses resembl...

Page 148: ...e new distributed repository to the list j Select the new repository in the list The type Local indicates it is not managed by ePolicy Orchestrator When a non managed repository is selected in the Rep...

Page 149: ...System Tree Client Tasks select the desired group in the System Tree to which you want the task to apply then click New Task The Description page of the Client Task Builder wizard appears 2 Name and...

Page 150: ...e agent calls into the server The next time the agent updates it retrieves them from the Evaluation branch 3 Create a scheduled Update client task for the evaluation systems that updates DAT and engin...

Page 151: ...s from the master repository As you check in new update packages regularly they replace the older versions or move them to the Previous branch if you are using the Previous branch However you may want...

Page 152: ...stem infecting the rest of your environment Outbreak situations For example 1000 virus detected events are received within five minutes High level compliance of ePolicy Orchestrator server events For...

Page 153: ...virus detection events occur within the entire System Tree Throttling and aggregation You can configure when notification messages are sent by setting thresholds based on aggregation and throttling A...

Page 154: ...yOrganization are met sending notification messages or launching registered executables per the rules configurations Scenario two For this scenario 50 virus detections are detected in Subgroup2C and 5...

Page 155: ...ents from any product Virus detected and not removed When the number of events exceeds 1000 within an hour At most once every two hours With the source system IP address actual threat names and actual...

Page 156: ...forwards all events as soon as they are received If you want all events sent to the server immediately so that they can be processed by Notifications when the events occur configure the agent to send...

Page 157: ...Server Settings Email contacts list Specify the list from which you select recipients of notification messages at Configuration Contacts SNMP servers Specify a list of SNMP servers to use while creat...

Page 158: ...steps 6 through 8 until all users are assigned the appropriate permissions Working with SNMP servers Use these tasks to configure Notifications to use your SNMP server You can configure Notifications...

Page 159: ...ormation as needed then click Save Deleting an SNMP server Use this task to delete an SNMP server from Notifications Task For option definitions click on the page displaying the options 1 Go to Automa...

Page 160: ...Editing registered executables Deleting registered executables Adding registered executables Use this task to add registered executables to your available resources You can then configure commands an...

Page 161: ...ou must use a browser session from the ePO server system Task 1 Go to Automation Registered Executables then select Delete next to the desired executable in the list 2 When prompted click OK 3 Click O...

Page 162: ...s Use this task to edit an existing external command Before you begin You must have appropriate permissions to perform this task Task For option definitions click on the page displaying the options 1...

Page 163: ...ail Enable or disable the rule Task For option definitions click on the page displaying the options 1 Go to Automation Notification Rules then click New Rule or Edit next to an existing rule The Notif...

Page 164: ...d a message for a Symantec Anti Virus Virus detected but NOT cleaned event If only the event category is important then select Any product 4 In Threat name define the pattern matching the threat compa...

Page 165: ...d buttons next to the drop down list for the type of notification Task For option definition click on the page displaying the options 1 If you want the notification message to be sent as an email or t...

Page 166: ...licking Next the Summary page appears Verify the information is correct then click Save The new notification rule appears in the Notification Rules list Viewing the history of Notifications Use these...

Page 167: ...order Viewing the details of Notification Log entries Use this task to view the details of notifications This list can be sorted by the data of any column by clicking the column title Task For option...

Page 168: ...t Unknown product Virex GroupShield Domino GroupShield Exchange VirusScan Enterprise LinuxShield System Compliance Profiler Symantec NAV Security Shield Frequently asked questions If I set up a notifi...

Page 169: ...Any external tool installed on the ePolicy Orchestrator server Sending Notifications Frequently asked questions 169 McAfee ePolicy Orchestrator 4 0 2 Product Guide...

Page 170: ...needs that aren t met by the default queries Contents Queries Query Builder Multi server roll up querying Preparing for roll up querying Working with queries Default queries and what they display Quer...

Page 171: ...rivate queries exist in the user s My Queries list and are only available to their creator Pubic queries exist in the Public Queries list and are available to everyone who has permissions to use publi...

Page 172: ...ts from the results of a Boolean pie chart query Additionally when creating a Compliance History query be sure the time unit matches the schedule interval for the server task McAfee recommends creatin...

Page 173: ...led Up Compliance History Query results from these types of queries are not actionable How it works To roll up data for use by roll up queries you must register each server including the local server...

Page 174: ...ption definitions click on the page displaying the options 1 Go to Network Registered Servers then click New Server The Registered Server Builder wizard appears 2 Select the server type and type a nam...

Page 175: ...queries with the Query Builder wizard You can query on system properties product properties many of the log files repositories and more Task For option definitions click on the page displaying the opt...

Page 176: ...Running an existing query Use this task to run an existing query from the Queries page Task For option definitions click on the page displaying the options 1 Go to Reporting Queries then select a que...

Page 177: ...of the Compliance Check server task of previous versions of ePolicy Orchestrator Repository Replication Replicates master repository contents to the distributed repositories in the query results This...

Page 178: ...k to make personal queries public All users with permissions to public queries have access to any personal queries you make public Before you begin You must have appropriate permissions to perform thi...

Page 179: ...k on the page displaying the options 1 Go to Reporting Queries then click Import Query The Import Query dialog box appears 2 Click Browse The Choose File dialog box appears 3 Select the exported file...

Page 180: ...n of the document covers McAfee Agent and ePO queries only See the product documentation of any others for information on their default queries MA Agent Communication Summary query Use this query with...

Page 181: ...non compliant by versions VirusScan Enterprise McAfee Agent and DAT files This query only considers systems that have communicated with the server in the last 24 hours Query results The results of thi...

Page 182: ...art of all logon attempts in the Audit Log divided according to whether they were successful Query results The results of the query are displayed in a Boolean pie chart which you can use to drill down...

Page 183: ...ivided according to whether they have the Server tag Query results The results of the query are displayed in a Boolean pie chart which you can use to drill down into the systems that make up each slic...

Page 184: ...want available as tabs from the navigation bar Contents Dashboards and how they work Setting up dashboard access and behavior Working with Dashboards Dashboards and how they work Dashboards are colle...

Page 185: ...Select a permission No permissions Use public dashboards Use public dashboards create and edit personal dashboards Edit public dashboards create and edit personal dashboards make personal dashboards p...

Page 186: ...tions drop down list The Manage Dashboards page appears Figure 32 New Dashboard page 2 Click New Dashboard 3 Type a name and select a size for the dashboard 4 For each monitor click New Monitor then s...

Page 187: ...Go to Dashboards then select Select Active Dashboards from the Options drop down list Figure 33 Select Active Dashboards page 2 Click the desired dashboards from the Available Dashboards list They ar...

Page 188: ...ns drop down list 2 Select the desired dashboard from the Available Dashboards list then click Make Public 3 Click OK when prompted The dashboard appears in the Public Dashboards list on the Manage Da...

Page 189: ...e ePO server Rogue System Detection provides information to ePolicy Orchestrator to allow you to take remediation steps including alerting network and anti virus administrators or automatically deploy...

Page 190: ...s Resolution Protocol RARP IP traffic and DHCP responses The sensor also performs NetBIOS calls and OS fingerprinting on systems already detected to obtain additional information It does this by liste...

Page 191: ...y settings Systems that host sensors Install sensors on systems that are likely to remain on and connected to the network at all times such as servers If you don t have a server running in a given bro...

Page 192: ...fied in the Rogue System Matching server settings You can specify which attributes the database uses for matching based on which attributes are unique in your environment If a system on your network h...

Page 193: ...io of systems in the Managed and Exceptions categories to those in the Rogue and Inactive categories Exceptions Exceptions are systems that don t need a McAfee Agent such as routers printers or system...

Page 194: ...f these three rogue states are categorized as Rogue systems Rogue System Sensor status Rogue System Sensor status is the measure of how many sensors installed on your network are actively reporting to...

Page 195: ...uncovered are not reporting information about detected systems to the ePO server Top 25 Subnets The Top 25 Subnets list provides the starting IP addresses and subnet range for the 25 subnets that con...

Page 196: ...or functionality Considerations for policy settings Policy settings configure the features and performance of the Rogue System Sensor These settings are separated into four groups Communication settin...

Page 197: ...em that has an agent deployed by an ePO server with a different IP address that system is detected as a rogue because the agent is considered an alien agent Interface settings Interface settings deter...

Page 198: ...System Detection events Configuring Rogue System Detection policy settings Use this task to configure Rogue System Detection policy settings Policy settings determine how the sensor obtains and report...

Page 199: ...ying the options 1 Go to Configuration Server Settings then in the Settings Categories list click Rogue System Compliance 2 In the details pane click Edit 3 Edit the number of days to categorize Detec...

Page 200: ...o edit the sensor settings for Rogue System Detection Sensor settings are user configured and specify The amount of time sensors are active The maximum number of sensors active in each subnet How long...

Page 201: ...ls Into Uncovered State Triggers a response any time a rogue system is detected Rogue System Detected d Select Enabled to activate the response then click Next 3 On the Filter page from the Available...

Page 202: ...k to add detected systems to the Exceptions list Getting there This task can be performed from Go to Network Detected Systems click any detected system category in the Overall System Status monitor an...

Page 203: ...ed from Go to Network Detected Systems click any detected system category in the Overall System Status monitor and click any system Detected Systems Details page Go to Network Detected Systems and cli...

Page 204: ...e Detected Systems For example you might want to remove systems from the Detected Systems list when you know it is no longer in service Once a system has been removed it will not appear in the Detecte...

Page 205: ...ystems you are viewing 2 Click Remove from Exceptions Removing systems from the Rogue Sensor Blacklist Use this task to remove detected systems from the Rogue Sensor Blacklist Rogue System Detection p...

Page 206: ...sensors Editing sensor descriptions Removing sensors Changing the sensor to server port number Use this task to change the sensor to server port number You can change the port that the Rogue System Se...

Page 207: ...k any system Systems Details page Go to Systems System Tree Systems page Task For option definitions click on the page displaying the options 1 Select the systems where you want to install sensors the...

Page 208: ...hedule for the task then click Next 13 Review the summary of the task then click Save Using client tasks to install sensors Use this task to create a client task that installs sensors to systems on yo...

Page 209: ...Managed Systems Managed Systems for Subnet xxx xxx xxx xxx page Go to Systems System Tree Systems and click any system Systems Details page Go to Systems System Tree Systems page Task For option defi...

Page 210: ...ding subnets Renaming subnets Viewing detected subnets and their details Adding subnets Use this task to add subnets to Rogue System Detection Task For option definitions click on the page displaying...

Page 211: ...o ignore and click Ignore 2 In the Action pane click OK When ignoring a subnet on the Detected Systems homepage in the Top 25 Subnets list a dialog box opens Click OK Including subnets Use this task t...

Page 212: ...unctionality or to check the sensor version The following table lists the run time command line options for the sensor Description Switch Forces the sensor to run as a normal command line executable o...

Page 213: ...eturns the details of passive sensors installed on your network in the last 24 hours in pie chart format RSD Passive Sensor Response Last 24 Hours Returns the details of systems detected on your netwo...

Page 214: ...to maintain both MSDE and SQL Server databases Contents Performing daily or weekly database maintenance Backing up ePolicy Orchestrator databases regularly Changing SQL Server information Restoring e...

Page 215: ...ompatible with simple recovery If you have multiple databases with different recovery models you can create separate database maintenance plans for each recovery model In this way you can include a st...

Page 216: ...Microsoft SQL Server or SQL 2005 Express as the database see the SQL Server product documentation Backing up an MSDE database If you are using Microsoft Data Engine MSDE as the ePolicy Orchestrator d...

Page 217: ...ges to take affect As a last resort you could always edit the config file by hand orion server home conf orion db properties putting in the plaintext password starting the server and then using the co...

Page 218: ...les and remote consoles 3 Start the Database Backup Utility DBBAK EXE The default location is C PROGRAM FILES MCAFEE EPO 4 Type the Database Server Name 5 Type the Database Name 6 Select NT Authentica...

Page 219: ...nt activity logs 69 85 agent distribution deploying from ePolicy Orchestrator 74 FRMINST EXE command line 81 94 methods 72 74 agent distribution continued Novell NetWare servers 79 requirements for de...

Page 220: ...eries and 184 configuring access and behavior 185 configuring for exported reports 28 configuring refresh frequency 185 creating 186 default monitors 184 granting permissions to 185 how they work 184...

Page 221: ...gue System Blacklist 195 rogue system status 193 Exceptions list adding systems 202 compared to Rogue Sensor Blacklist 195 events and automatic responses 201 Exceptions list continued exporting 203 im...

Page 222: ...ories about 96 checking in packages manually 148 communicating with source site 101 configuring proxy settings 102 ePO components 13 key pair for unsigned content 72 key pairs using 91 pulling from so...

Page 223: ...rk 17 rogue system detection 197 working with 24 25 26 permissions assigning for notifications 157 permissions continued for queries 171 global administrator 17 to dashboards 185 policies about 115 as...

Page 224: ...result types 172 query names Agent Communication Summary 180 Agent Version Summary 180 Compliance History 181 Compliance Summary 181 Detection History 181 Distributed Repository Status 182 Failed Log...

Page 225: ...ask Builder wizard 51 server task log about 138 server task log continued filtering for recent activity 30 Pull Now task 144 purging 31 Replicate Now task 146 reviewing status of tasks 30 working with...

Page 226: ...k bandwidth 41 operating systems 42 planning considerations 40 text files importing systems and groups 54 using subgroups 59 System Tree sorting default settings 48 enabling 56 on agent server communi...

Page 227: ...4 scheduling an update task 149 user accounts about 17 changing passwords 24 creating 23 creating permission sets for 25 user accounts continued permission sets and 17 working with 23 24 user interfac...

Page 228: ...McAfee ePolicy Orchestrator 4 0 2 Product Guide 228 Index...

Reviews:

No comments

Brands by name

Popular brands

Load more brands