background image

22 

McAfee Total Protection Service Product Guide

Using the Client Software
Types of client software updates

About the console 

Check the protection status and access the features of the client software through the console. 
To display the console, use one of these methods: 
•    Double-click the Total Protection Service icon in the system tray. 
•    Click the icon, then select 

Open Console

Click 

Start | Programs | McAfee | Managed Services | Total Protection Service

The basic console displays the status of the protection features installed on the computer. 
•    Detected risks are highlighted in red. Click 

Fix

 to resolve the risk. 

•    To access product features and perform tasks, click 

Action Menu

, then select from 

the options: 
•    

Product Details

 — Display the full console with links to features and tasks. 

•    

Scan Computer

 — Select a scan target and begin scanning for threats. 

•    

Set Connection Type

 — Specify the type of network the computer connects to. This 

determines which communications firewall protection allows to access the computer. 

•    

View Application List

 — Specify applications that are allowed to access the Internet 

or blocked. 

•    

Admin Login

 — Log on as an administrator to access administrative features. Requires 

site administrator credentials. 

•    

View Help

 — Display online help. 

NOTE: 

The client features you can access are determined by policy options assigned to 

the computer. 

Types of client software updates 

Regular updates are the cornerstone of Total Protection Service. To perform updates, the client 
software connects directly to a site on the Internet and checks for: 
•    Updates to the detection definition (DAT) files used to detect threats. DAT files contain 

definitions for threats such as viruses and spyware, and these definitions are updated as 
new threats are discovered. 

•    Upgrades to software components. (To simplify product terminology, both updates and 

upgrades are referred to as updates.) 

Updates usually occur automatically in the background. Even computers without Internet access 
can retrieve updates through relay servers. In addition, users can perform on-demand (manual) 
updates at any time, and you can configure optional policy settings for updating tasks. 
Client software is updated in these ways. 

...indicates:

This icon...

The last update failed to complete. Check your Internet or LAN connection
and perform a manual update (click the icon, then select Update Now).

On-access scanning is disabled.

CBS100083_McAfeeProdGde_12-10   22

12/20/10   8:51 AM

Summary of Contents for MTP10EMB3RAA - Total Protection 2010

Page 1: ...McAfee Total Protection Service Product Guide...

Page 2: ...brand products All other registered and unregistered trademarks herein are the sole property of their respective owners LICENSE INFORMATION License Agreement NOTICE TO ALL USERS CAREFULLY READ THE AP...

Page 3: ...19 Using the Client Software 20 How to access the client software 20 About the icon 21 About the console 22 Types of client software updates 22 Terminal server support 24 Specifying when computers che...

Page 4: ...of group administrators 44 Working with group administrators 45 Management of security policies 46 McAfee Default policy 47 Working with policies 51 Generation of security reports 51 Scheduling report...

Page 5: ...pproving and unapproving programs in a policy 72 Managing detections 73 Viewing scan results on client computers 73 Managing potentially unwanted programs on client computers 74 Viewing quarantined fi...

Page 6: ...he account 95 Viewing user approved programs and applications 95 Viewing blocked communications 96 Reports for firewall protection 97 Unrecognized Programs report 97 Inbound Events Blocked by Firewall...

Page 7: ...ns 118 Using the SaaS Vulnerability Scanning Service 119 Vulnerability scanning features 119 Certification programs 120 The SaaS vulnerability scanning widget and portal 121 Accessing the SaaS vulnera...

Page 8: ...er person such as a purchasing department representative purchases the subscription and then designates you to be the site administrator For a more hands on approach use the SecurityCenter to view and...

Page 9: ...ach computer where it is installed 2 The client software up dates itself automatically and silently by downloading the latest detection definition DAT files from your account s administrative website...

Page 10: ...Service checks for product updates at regular intervals throughout the day comparing security components against the latest releases When a computer needs a newer version the client software retrieves...

Page 11: ...il these reports at regular intervals Schedule reports Select a customized policy as the default assigned to computers in your account Designate a default policy for your account Organize the computer...

Page 12: ...informed about your account s status Updates to the client software Regular updates are the cornerstone of Total Protection Service The client software periodically checks a site on the Internet for n...

Page 13: ...od or a combination of methods which enables you to tune the impact updates have on network resources 1 For simple updates each client computer on your account has a direct connection to the Internet...

Page 14: ...lable for Total Protection Service 3 If new components are available the client computer attempts to retrieve them from its peers It queries whether computers on the LAN have already downloaded the ne...

Page 15: ...the SecurityCenter It shows summary information for your account at a glance Alerts and action items Indicate whether any action is required to address security issues and links you to instructions f...

Page 16: ...ation reference information and subscription status Helpful utilities Product documentation and links to product support and demos Create user groups A group consists of one or more computers that sha...

Page 17: ...Daily Daily Weekly On Demand Scan Enabled Enabled Enabled Enable outbreak response Enabled Enabled No Scan within archives during on access scans 4 hours 4 hours 12 hours Check for updates every Promp...

Page 18: ...Team group performs the tasks defined in the Sales policy 3 Check for updates to software components and DAT files every 4 hours Check for an outbreak DAT file every hour Scan for viruses and potentia...

Page 19: ...information is the same method used to retrieve updates i e through a direct connection Rumor technology or a relay server A summary of this information is sent to you in a weekly status email unless...

Page 20: ...ctly on a client computer by using the tasks described in this section Contents How to access the client software Types of client software updates Performing setup and maintenance tasks Frequently ask...

Page 21: ...ription or buy more licenses How the icon indicates the status of the client software The appearance of the icon changes to indicate the status of the client software Hold your cursor over the icon to...

Page 22: ...ernet or blocked Admin Login Log on as an administrator to access administrative features Requires site administrator credentials View Help Display online help NOTE The client features you can access...

Page 23: ...ates manually For example when a computer appears to be out of date in your administrative reports users might need to update manually as part of the troubleshooting process Manual updates When an out...

Page 24: ...must be kept up to date DAT files are updated by McAfee Avert Labs whenever new threats are discovered Use this task to select how often client computers check for updates to software components and...

Page 25: ...tal Protection Service client software Tasks Testing virus protection Changing the language for the software Logging on as a site administrator Configuring notifications Configuring what users see Uni...

Page 26: ...l console and these additional tasks available Viewing the progress of scheduled scans that are in progress Managing files in the Quarantine Viewer Disabling and enabling on access scanning Logging on...

Page 27: ...icon only The tray icon is displayed and the tray menu lists only the Update Now option 4 Click Save For a new policy click Next select additional options for the policy then click Save Uninstalling t...

Page 28: ...ion Basic authentication is not supported Automatic updates do not occur when a CHAP or NTML proxy is set up in Internet Explorer Is it okay to delete the Temp folder in my program s directory structu...

Page 29: ...folder in the Program Files McAfee Managed VirusScan folder Activate your software You have not activated your copy of Total Protection Service You cannot receive updates against the latest threats u...

Page 30: ...ve hands on involvement you can take advantage of the management console available on the SecurityCenter Use the SecurityCenter to centrally manage the client computers and information for your accoun...

Page 31: ...redentials email or weekly status email you received from your service provider NOTE Before typing your login credentials you can access multimedia demos and tutorials for more information about using...

Page 32: ...e You must have a local email application installed to use this feature Click the print icon located along the upper right margin of the page to open the page in a separate browser window then select...

Page 33: ...that require your attention appear in red The method for resolving them varies depending on the page Check your action items and alerts Click the button at the end of the text to display instructions...

Page 34: ...ction coverage resolve action items and update protection Task For option definitions click in the interface 1 Click the Dashboard tab 2 Select the group for which you want to display information Opti...

Page 35: ...size a widget click its border and drag to a new size To email the information in the widget click the email icon in the upper right corner You can also schedule it to be sent as an email attachment a...

Page 36: ...Computers where protection is not installed In a widget click links that display more information about reported activity such as the computer names or the number of detections View details about act...

Page 37: ...time for which to display information View by Display individual computers or groups Group Display only the computers in a group or display all computers Not available if you selected View by Groups S...

Page 38: ...computers from the listing delete a computer with enabled client software from the listing it automatically reappears the next time its report data is uploaded however you can no longer view its hist...

Page 39: ...up list select a group then click Save Move the computer to a new group In the Policy list select a new policy then click Save Assign a new policy Select the Click here to install link to open the ins...

Page 40: ...uters page If you have not created any groups or policies only the Default Group is displayed The Default Group Until you create additional groups all computers are assigned to the Default Group when...

Page 41: ...date 5 Check the status of the last synchronization tasks Your account can contain both Active Directory groups and groups that you create in the SecurityCenter See also Management of computer groups...

Page 42: ...e this task to install the client software on computers in Active Directory groups Before you begin You must import Active Directory groups before you can perform this task Note that all Active Direct...

Page 43: ...will be placed in the same groups they are in on your network If you do not select this option computers will be placed in the Default Group 5 Click Save See also Logging on as a site administrator o...

Page 44: ...oversee and manage the groups that you the site administrator assign to them When creating group administrators you specify which groups they manage a password they use to access the SecurityCenter a...

Page 45: ...Up to six group administrators can be listed If you have created more than six group administrator accounts click View all group administrators to display a complete listing Task For option definitio...

Page 46: ...policies Use this page to create copy modify and delete policies for your account If you have not created any policies only the McAfee Default policy is displayed Do this To Under Actions select Delet...

Page 47: ...on explains only the settings for the McAfee Default policy See the chapters for particular types of protection for a complete explanation of all related policy options Client Settings Option definiti...

Page 48: ...e Enabled Detect code starting to run from data in reserved memory and prevent that code from running Enable buffer overflow protection Enabled Detect harmful code embedded in web pages that would cau...

Page 49: ...To ensure the highest level of security we recommend that administrators create a new policy and configure firewall protection Definition Option Disabled Do not check whether browser protection is ins...

Page 50: ...Unrated Allow NOTE This feature is not supported on Firefox browsers Enabled Do not allow access to pages with phishing content even if they are located on a website with a green overall safety ratin...

Page 51: ...vide valuable tools for monitoring detections and fine tuning your protection strategy Only the reports available for the types of protection installed appear on this page Do this To Select an existin...

Page 52: ...NOTE For blocked events to be reported the Report blocked events option must be enabled in the Firewall Protection policy Blocked events are logged for all computers that are assigned a policy where...

Page 53: ...eek on the selected day Monthly on Send the information each month on the selected day 4 Type one or more email addresses to receive the report Separate multiple addressees with commas 5 Type a subjec...

Page 54: ...black box Alphabetic characters are not case sensitive 4 Click Upload Logo If your logo file is not the correct size the SecurityCenter resizes it to fit the allotted area and displays a preview of h...

Page 55: ...s the listing it automatically reappears the next time its report data is uploaded however you can no longer view its historical detection data Click a computer name to display the Computer Details pa...

Page 56: ...g up for email notifications Viewing and updating subscription information Buying and renewing subscriptions and licenses Locating or creating keys for your account Merging accounts Configuring your a...

Page 57: ...criptions and to update subscription information It is important to check the status of your subscriptions to ensure that protection remains active and you have the right number of licenses to protect...

Page 58: ...y computers are protected Task 1 On the My Account page click the Subscription Notification tab The Subscription Summary section lists details about each subscription including the number of licences...

Page 59: ...count you want to merge into your main account then click Next 4 On the Step 2 page view details for the account you have selected Verify that the licenses and computers listed for the account are the...

Page 60: ...nt Downloads a wizard that guides you through the steps for migrating computers in a McAfee ProtectionPilot account to a Total Protection Service account A link to documentation is also provided Getti...

Page 61: ...y If you do need to merge multiple accounts then use the Manage Accounts section of the Accounts Keys tab Why do my cloned systems all report as the same computer The client software generates a uniqu...

Page 62: ...ick Delete 4 Install the software on the new computer The new computer appears in your reports after it uploads its status to the SecurityCenter This usually takes about 20 minutes My computer crashed...

Page 63: ...nent within Total Protection Service but includes policy options that let you configure some of the virus protection and spyware protection features separately Virus and spyware protection includes op...

Page 64: ...and blocked programs created by the administrator for computers using the policy Checks the list of programs the user has approved If the Prompt program is not on either list spyware protection displa...

Page 65: ...figured in the SecurityCenter Policy settings determine the types of files programs and other items detected whether users can manage their detections how frequently computers check for updates and wh...

Page 66: ...r a program attempts to install spyware Scan for all types of virus and spyware threats Send unrecognized detections to McAfee Avert Labs Enable on access scanning when computers check for updates On...

Page 67: ...configure these spyware scanning features Whether files are scanned for spyware The types of spyware threats to detect Approved programs that should not be detected as threats The default spyware rela...

Page 68: ...tray then select Open Console 2 From the Action Menu select Scan Computer 3 Select the scan target Scan my entire computer Scan all drives folders and files Scan a specific drive or folder Type the f...

Page 69: ...f the scan NOTE This option is available only when a scheduled scan is in progress 4 If needed click Pause Scan to temporarily interrupt the scan or Cancel Scan to end the scan Optional 5 Click View d...

Page 70: ...cheduling a scan Use this SecurityCenter task to schedule an on demand scan Task For option definitions click in the interface 1 On the Policies page click Add Policy or click Edit to modify an existi...

Page 71: ...ipt scanning is always enabled for on access and on demand scans Enable script scanning Look for threats in email before it is placed into the user s Inbox Email is always scanned when it is accessed...

Page 72: ...each type of program you want to detect 6 Click Save For a new policy click Next select additional options for the policy then click Save Approving and unapproving programs in a policy Use this Securi...

Page 73: ...unwanted programs from the Reports page on the SecurityCenter Before you begin Run an on demand scan Task Select View detailed report in the Scan Completed panel A browser window opens and displays t...

Page 74: ...item was added to the list of user approved programs and will no longer be detected as spyware Cleaned The item was cleaned successfully and can be used safely A backup copy of the original item was p...

Page 75: ...heck the status of each item Cleaned The item was cleaned successfully and can be used safely A backup copy of the original item was placed in a quarantine folder in a proprietary binary format Clean...

Page 76: ...ms buffer overflow processes cookies Task For option definitions click in the interface 1 Click the Reports tab then click Detections 2 In the Detections report view detailed information about detecti...

Page 77: ...s report Lists programs detected on client computers that are not recognized by spyware protection and firewall protection Allows you to approve programs from within the report Detection History repor...

Page 78: ...ist the computers where detections occurred the names of detections or the groups containing computers where detections occurred View Display all the computers on your account or only those in a singl...

Page 79: ...iangle icon next to a name Display computers or detections Under a computer name show which programs were detected Under a program name show the computers where it was detected Click a group name to d...

Page 80: ...are protection mode to Protect to automatically clean potentially unwanted programs NOTE Protect mode is not the default setting For maximum protection create a policy that includes Protect mode Enabl...

Page 81: ...ng the features of virus and spyware protection File does not exist This error verifies that the computer is protected from threats When you clicked to open an infected file from Windows Explorer the...

Page 82: ...ministrator configures firewall settings The McAfee default policy is configured to let client computer users decide which communications and applications firewall protection allows The administrator...

Page 83: ...ound Events Blocked by Firewall The connection type does not affect the way that firewall protection handles detections of Internet applications running on client computers Custom connections Trusted...

Page 84: ...pecific IP addresses Configure settings for custom connections on the General tab of the Firewall Protection policy page Once configured custom connection settings are saved until you reconfigure them...

Page 85: ...be used as a learn mode to discover which applications to allow and block Prompt Users are prompted about detections Detections are reported to the SecurityCenter Administrator can select allowed app...

Page 86: ...addresses You can specify IP addresses that conform to either of these standards IPv4 Internet Protocol Version 4 The most common Internet addressing scheme Supports 32 bit IP addresses consisting of...

Page 87: ...ports as needed Standard service ports for typical system services are Firewall configuration Protecting computers from suspicious activity with a firewall involves monitoring network activity to iden...

Page 88: ...or avoiding risk Configuring firewall features enables you the administrator to control which applications and communications are allowed on your network It provides the means for you to ensure the hi...

Page 89: ...ings Use this task to configure these settings for firewall protection Who configures the firewall Connection type NOTE To ensure the highest level of security we recommend that administrators configu...

Page 90: ...s users for a response or simply reports it to the SecurityCenter Specific applications to allow or block Before you begin On the Firewall Protection policy page you must select Administrator configur...

Page 91: ...es for custom connections Tasks Configuring system services and port assignments Configuring IP addresses Configuring system services and port assignments Use this task to configure system service por...

Page 92: ...select Custom settings then click edit Perform these steps To do this Allow an existing service by opening its ports 1 Select the checkbox for a service listed in the table 2 Click OK Computers using...

Page 93: ...ng policy updates Enabling and disabling firewall protection Perform these steps To do this Accept communications from any IP address 1 Select Any computer 2 Click OK Accept communications from IP add...

Page 94: ...nitions click in the interface 1 On the Policies page click Add Policy or click Edit to modify an existing policy 2 Select Firewall Protection then click the General Settings tab 3 Under Firewall Conf...

Page 95: ...ns users have approved to run on their computers You can also add the applications to one or more policies so they will not be detected as unrecognized programs on computers using the policies Do this...

Page 96: ...report each attempt to communicate is called an event Before you begin To view this report the Report blocked events option must be enabled on the Firewall Protection policy tab When this option is e...

Page 97: ...the triangle icon next to a name Display computers or detections Under a computer name show which applications were detected Under an application name show the computers where it was detected Click a...

Page 98: ...g on client computers If you know some of the applications are safe and do not want them to be detected as threats add them to policies 5 If you want to monitor the inbound communications that firewal...

Page 99: ...ection to Protect mode to automatically block suspicious activity 8 If your account includes computers that are operated in multiple environments such as in the office and in unsecured public networks...

Page 100: ...ver it does not report them because event logging is disabled in the Windows firewall by default If both firewalls are enabled you must enable Windows firewall logging to be able to view a list of all...

Page 101: ...eports provide details Information that browser protection sends to McAfee Installing browser protection during policy updates Web filtering features Enabling and disabling browser protection via poli...

Page 102: ...ing policy options also allow you to disable browser protection at the policy level or from an individual client computer Web filtering features are described in more detail later in this section How...

Page 103: ...by a broken Internet connection or a problem with the SiteAdvisor server where ratings information is stored Testing communication problems Use this task from a client computer to determine why browse...

Page 104: ...eAdvisor menu Client settings that affect the SiteAdvisor menu button When browser protection is disabled the menu button is gray When visiting a site on your network s intranet the menu button is gra...

Page 105: ...registered outside of your country of residence Country The level of how popular the website is Don t assume however that popularity always goes hand in hand with safety For example some very popular...

Page 106: ...find annoying such as excessive popups requests to change a user s home page or requests to add a site to the browser s Annoyances favorites list We also list 3rd party cookies sometimes known as tra...

Page 107: ...nt computer Language and country locale selected for the operating system and browser running on the client computer Host name and part of the URL for each website the client computer requests to acce...

Page 108: ...eled Browser Protection Web Filtering The additional policy options enable you to configure these features Regulate user access to websites based on their safety rating for example block access to red...

Page 109: ...enabled at the policy level This feature is available only in versions of the browser protection service that include the web filtering module Task For option definitions click in the interface 1 On t...

Page 110: ...he site is blocked A policy option allows you to customize the message that is displayed When you configure a warning action for a site users are redirected to a message explaining that there might be...

Page 111: ...downloading files that contain threats or to warn users about potential threats from downloads A site with an overall safety rating of green can contain individual download files rated yellow or red...

Page 112: ...n click the General Settings tab 3 Under Access to Phishing Pages select Block phishing pages 4 Click Save For a new policy click Next select additional options for the policy then click Save Block an...

Page 113: ...o modify an existing policy 2 Select Browser Protection Web Filtering then click the Content Rules tab 3 Select one or more filtering options to customize the content categories listed Optional Functi...

Page 114: ...ath Site patterns must be at last six characters in length and they do not accept wildcard characters The browser protection service does not check for matches in the middle or end of URLs Site patter...

Page 115: ...allowed to access Prohibit Add the site to the Exceptions list as a prohibited site which users are not allowed to access Cancel Close the text box without adding the site to the list 5 Repeat step 4...

Page 116: ...ccess Task 1 Click the Reports tab then click Web Filtering 2 In the Web Filtering report view the number of green sites visited by client computers on the network No detailed information is available...

Page 117: ...n all computers 2 Check the Web Filtering report regularly to see what sites users are visiting their safety ratings and their content categories 3 Using the Web Filtering report Determine whether use...

Page 118: ...rated for security For example if a client computer visited 10 different pages on this website over the course of a single browser session www mcafee com only a single visit would be logged to this do...

Page 119: ...e audits to locate and resolve security risks in your network devices and to confirm compliance with certification standards A security plan that includes regular and comprehensive device audits Prote...

Page 120: ...d PCI DSS by providing the tools needed to complete the PCI certification process remain in compliance and create quarterly validation reports McAfee SECURE Trustmark certification program Adds the Mc...

Page 121: ...rd page of the SecurityCenter The widget contains a link Click here to configure to the SaaS vulnerability scanning portal The portal provides tools for adding the IP addresses to scan performing scan...

Page 122: ...ess This is the high level process for configuring vulnerability scans for your network 1 Log on to the SaaS vulnerability scanning portal 2 Specify what to scan by one of these methods If you know wh...

Page 123: ...Add devices to scan and configure scanning options For Service Level select Devices McAfee SECURE The Scan Frequency defaults to Daily per the requirements for certification You can schedule additiona...

Page 124: ...tions do not include application servers the web server itself is configured to act in an application server capacity Domain name servers DNS These resolve Internet addresses by translating domain nam...

Page 125: ...hich IP addresses within a network a specified range of IP addresses are active Security level Description 5 Urgent Provide intruders with remote root or remote administrator capabilities By exploitin...

Page 126: ...rity Dashboard page 3 Under Discovery select DNS 4 On the DNS Discovery page select an action Discovering IP addresses in a network The network discovery tool identifies which IP addresses within a ne...

Page 127: ...credit card issuers by meeting the vulnerability scanning requirements of the Payment Card Industry PCI data security standard Select this option if you are scanning devices involved with processing c...

Page 128: ...feesecure com help ScanIps sa accessible from the SaaS vulnerability scanning portal Sign up for the RSS feed at http www mcafeesecure com help ScanIps rss 2 Follow the instructions provided in the do...

Page 129: ...e group you want to reconfigure click the Configure Group icon on the right side of the group table 5 Under Devices In Group Select a device from the Not In Group list then click Add to add the device...

Page 130: ...next 24 hours for an IP address domain or network Task 1 Open the SaaS vulnerability scanning portal click the link in the SaaS Vulnerability Scanning PCI Certification widget on the Dashboard page of...

Page 131: ...ts select Devices 4 Select a device using one of these methods On the Devices page click the device name On the Device Groups page click the name of the group containing the device then on the Devices...

Page 132: ...curity Dashboard page This type of report Shows Audit Report Results for audit scans run on IP addresses To view Under Audits select Reports select the type of report and the devices to include then c...

Page 133: ...Devices Not Currently Auditing 6 On the Add Devices page select options adding the devices for scanning Viewing results for network discovery scans Use this task to view the discovery status for netwo...

Page 134: ...ount and their scan status 4 Select an option Select this option To view these results By Network A listing of all networks in your account Select a network to display details about it By Port A listi...

Reviews: