McAfee TEECDE-AA-AA - Total Protection For Endpoint Evaluator Manual Download Page 1

Page: 1 / 44

McAfee Total Protection for Endpoint
Lab Evaluation Guide

Summary of Contents for TEECDE-AA-AA - Total Protection For Endpoint

Page 1: ...McAfee Total Protection for Endpoint Lab Evaluation Guide ...

Page 2: ... trademarks herein are the sole property of their respective owners LICENSE INFORMATION License Agreement NOTICE TO ALL USERS CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED PLEASE CONSULT THE SALES AND OTHER REL...

Page 3: ...Endpoint suite 11 Logging on to ePolicy Orchestrator 13 Set Up the ePolicy Orchestrator Server 14 Add Systems to Manage 16 Setting Policies for Endpoints 18 Setting Policies for Email Servers 26 Set Tasks for Endpoints 32 Deploy the McAfee Agent 35 Using Dashboards and Queries 39 Summary 42 References 43 3 McAfee Total Protection for Endpoint Lab Evaluation Guide ...

Page 4: ...on Windows This guide provides real examples of steps you take during a live deployment It does not cover every possible deployment scenario nor examine every feature For complete information on all aspects of the products included in Total Protection for Endpoint see their respective product guides Full product documentation is available on the McAfee KnowledgeBase Under Self Service click Produc...

Page 5: ...usions by combining signature and behavioral protection with a system firewall Shielding McAfee Host Intrusion Prevention 7 0 your assets improves the availability confidentiality and integrity of your business processes A single agent makes it easy to deploy configure and manage and patching becomes less frequent and less urgent SiteAdvisor Enterprise Plus allows your employees to surf and search...

Page 6: ...th McAfee GroupShield and McAfee Security for Lotus Domino to reduce resource usage on your busy mail servers When you are ready to deploy products to your environment like VirusScan Enterprise or Host Intrusion Prevention you will use ePolicy Orchestrator and the McAfee Agent to handle the deployment and updates McAfee recommends that you use the workflow in the following sections to get started ...

Page 7: ...fee recommends using static IP addresses for ePO servers Server class operating system 32bit or 64bit Windows Server 2003 Enterprise with Service Pack 2 or later Windows Server 2003 Standard with Service Pack 2 or later Windows Server 2003 Web with Service Pack 2 or later Windows Server 2003 R2 Enterprise with Service Pack 2 or later Windows Server 2003 R2 Standard with Service Pack 2 or later Win...

Page 8: ...the use of Port 8443 for HTTPS communication Although this is the default port it is also the primary port used by many web based activities is a popular target for malicious exploitation and it is likely to be disabled by the system administrator in response to a security violation or outbreak NOTE Ensure that the ports you choose are not already in use on the ePolicy Orchestrator server computer...

Page 9: ...r you install the SQL Server software you may have issues installing or starting the ePolicy Orchestrator software Other relevant database installations and upgrades See the documentation provided by the database manufacturer for information about the following installation scenarios Maintenance settings McAfee recommends making specific maintenance settings to ePO databases For instructions see M...

Page 10: ...1 Microsoft updates and patches Update both the ePO server and the database server with the latest Microsoft security updates If you are upgrading from MSDE 2000 or SQL 2000 be sure to follow Microsoft s required upgrade scenarios Operating systems language support This version of the ePolicy Orchestrator runs on any supported operating system irrespective of the language of the operating system F...

Page 11: ...e following options enabled by default Base Installation Host Intrusion Prevention McAfee Security for Lotus Domino and MS Exchange GroupShield 7 Click Next The Set Administrator Information page appears 8 Type the username and password to use for the ePolicy Orchestrator administrative account and click Next The Choose Setup Type page appears NOTE You will use the same credentials later to log on...

Page 12: ... view the Readme Select Yes I want to launch McAfee ePolicy Orchestrator now to launch the ePolicy Orchestrator user interface NOTE During installation you may be prompted to change one or more of the default port numbers incase of any conflict 13 Click Finish Setting up McAfee Total Protection for Endpoint suite McAfee Total Protection for Endpoint Lab Evaluation Guide 12 ...

Page 13: ... to ePolicy Orchestrator dialog box appears NOTE You can also double click the Launch McAfee ePolicy Orchestrator 4 5 console icon on the desktop to launch ePolicy Orchestrator 2 Type the User name and Password of a valid account created in Step 7 under the Setting up McAfee Total Protection for Endpoint suite section NOTE Passwords are case sensitive 3 Select the Language you want the software to...

Page 14: ...k that retrieves updates from a McAfee site HTTP or FTP at specified intervals NOTE A repository pull task was created for you automatically during installation Task Use this task to create a repository pull task that adds and updates the client software 1 Click Menu Automation Server Tasks 2 In the list find the task named Update Master Repository and under the Actions column click Edit to open t...

Page 15: ... current updates and opens the Server Task Log Checking the status of the pull task The Server Task Log is useful to show the status of the McAfee Pull task Use this task to verify that the Update Master Repository task has finished pulling updates from the McAfee site Task 1 Click Menu Automation Server Task Log 2 In the list of tasks find the Update Master Repository task 3 The task is finished ...

Page 16: ...add a small number of systems in your test network You can try the other approaches once you become familiar with ePolicy Orchestrator Creating your System Tree groups Use this task to add groups to your System Tree For this exercise we are creating two groups Servers and Workstations 1 Click Menu Systems System Tree then click Group Details on the menu bar 2 Highlight My Organization then click N...

Page 17: ...s not function until a system that is not in the System Tree calls in to the ePO server You can also schedule the sorting rule or run it manually Task Use this task to create a sorting rule based on the default tags 1 Click Menu Systems System Tree then click Group Details on the menu bar 2 Highlight Test Group 3 At the top of the Group page locate the label Sorting Criteria and click Edit 4 Selec...

Page 18: ... to the McAfee Agent system tray icon on client systems This policy option is enabled by default It allows you to view the local Agent Status Monitor on the client to see the communication of the client with the ePO Server It is also possible to remotely see a client s Agent log through your browser Another reason to change the McAfee Agent policy might be slow WAN connections to remote offices or...

Page 19: ...r new Lock VSE Console policy click Edit Settings 7 On the menu bar click Password Options 8 Make sure the Settings for option is set to Workstation 9 For User interface password select Password protection for all items listed 10 Type a password in the boxes provided then click Save Creating file exclusions on a server NOTE In the above examples you created your new policies in Policy Catalog In t...

Page 20: ...ications you can either disable the rule or modify its exclusions to allow mail to be sent by email servers or other systems that send alerts via SMTP Both options are described below Use any of the following tasks to create a VirusScan policy that allows email servers to send emails using Port 25 Option 1 Turning OFF the Port block rule 1 Click Menu Policy Policy Catalog 2 From the Product drop d...

Page 21: ...to clean such as your IT department s administrative tools For example you might have remote administrative tools port scanners or password cracking utilities that your IT staff uses Many of these tools have legitimate uses on the network by administrators This section presents a methodology for detecting the PUPs on your network to discover what exists create exclusions for any with legitimate pu...

Page 22: ...cy Policy Catalog 2 From the Product drop down menu select SiteAdvisor Enterprise Plus 3 From the Category drop down menu select Rating Actions 4 On the line that lists McAfee Default click Duplicate 5 For Name type Rating Actions Policy then click OK 6 On the line that lists your new policy click Edit Settings 7 For Site navigation rating actions set Warn on yellow sites set Block on red sites an...

Page 23: ...elect Break inheritance and assign the policy and settings below From the Assigned Policy drop down menu select Rating Actions Policy Click Save On the line that lists Enforcement Messaging click Edit Assignment For Inherit from select Break inheritance and assign the policy and settings below From the Assigned Policy drop down menu select Enforcement Messaging Policy Click Save 5 Assign the Virus...

Page 24: ...ht want to let clients learn the communication needs of the various applications on your protected computers This learning process is called Adaptive mode In this mode the firewall automatically appends rules to the policy to allow traffic this is not already handled by the Firewall Rules policy This is done without prompting users At each agent server communication the McAfee Agent sends any rule...

Page 25: ...n find Firewall Options Windows then click Edit Assignment 5 For Inherit from select Break inheritance and assign the policy and settings below 6 From the Assigned Policy drop down menu select Adaptive to let the firewall create rules for traffic not already handled by the Firewall Rules policy 7 Click Save For more information about managing the Host Intrusion Prevention Firewall review the Host ...

Page 26: ...tion purposes only Configuring banned content policies This section provides an example of filtering banned content Use this task to create a policy that requires any email with the words Company Confidential in a document attachment have the message replaced with an alert and a notification sent to the administrator 1 Click Menu Policy Policy Catalog 2 From the Product drop down menu select Group...

Page 27: ...drop down menu select Content The Select rules from this group option should contain Blocked content Select Blocked Content 26 From the If detected take the following action drop down menu select Replace item with an alert Under the And Also section select Notify administrator 27 Click Save 28 Click Save again when on the On Access Policies page Configuring anti spam scanner policies Use this task...

Page 28: ...d assign the policy and settings below 6 From the Assigned policy drop down menu select My Exchange Policy 7 Click Save 8 Click Systems on the menu bar 9 Click Actions Agent Wake Up Agents 10 Under Wake Up McAfee Agent set Randomization to zero minutes 11 Click OK NOTE Actually you may not have set up an Exchange server as part of your evaluation So the GroupShield policies created are not applied...

Page 29: ...l trigger when the following word or phrase is found text box type Company Confidential and select Ignore Case 15 Select the File Format tab Deselect the Everything option Under File Categories select Documents Under Subcategories select All 16 Click Save 17 Click Save again when on the Shared Resource page 18 In the Policy Catalog click Edit Settings 19 Under Policy Manager click External Mails 2...

Page 30: ...ty for Lotus Domino 7 5 x x 3 From the Category drop down menu select Scanner Settings 4 On the line that lists My Domino Policy click Edit Settings 5 Under Policy Manager click External Mails 6 Click Master Policy or if you are still on the My Domino policy page select Master Policy from the Policy drop down menu 7 Click the View Settings tab From the Selection drop down menu select Anti Phishing...

Page 31: ...ave set up a Lotus Domino server as part of your evaluation So the policies created are not applied to any client computers However the above policy examples provide a good introduction on configuring and applying policies for your email servers Setting Policies for Email Servers 31 McAfee Total Protection for Endpoint Lab Evaluation Guide ...

Page 32: ...et in the third party anti virus software management console While McAfee updates the anti virus products list periodically some products might not be recognized and removed automatically In such cases you must look for tools or scripts that will help you automate the removal Creating a deployment task In this section you create a client task that deploys one or more products to a group of systems...

Page 33: ...f systems McAfee recommends specifying some randomization to stagger the client requests 7 For Options select Run missed task 8 Set Schedule to Repeat Between and set the time values to 7 00am 6 59am and every 4 hours 9 On the Summary page click Save The time span for the schedule is an example only Typically in a live environment you want to schedule client systems to check for updates throughout...

Page 34: ...e scheduled time Later try experimenting with the task settings For instance you can modify its schedule to Run Immediately send an Agent Wake Up Call to the clients to force an immediate scan if required and then set the schedule type back to weekly It is recommended to scan the entire drive s for this audit operation Make sure that the client systems have the normal set of tools installed so tha...

Page 35: ...stems 1 Click Menu Systems System Tree then click Systems on the menu bar 2 Highlight Test Group If this group has no systems but has subgroups with systems click the Filter drop down and select This Group and All Subgroups 3 Select one or more systems from the list and click Actions Agent Deploy Agents 4 Type credentials that have rights to install software on client systems such as a Domain Admi...

Page 36: ...ns Agent Wake Up Agents 5 If you were waking up a large number of systems adding a few minutes of Randomization is useful Click OK 6 After a few minutes click individual systems The System Details page provides information about the system including the installed McAfee software Revisiting the PUP audit VirusScan policy At this point the software installation client tasks have run or are running a...

Page 37: ...y to clean PUPs you won t remove spyware Resetting the On Access Scan policy Previously you created a new policy that instructed the on access scanner to detect PUPs but not clean them Use this task to reapply the default scanner policy which enables cleaning 1 Click Menu Systems System Tree then click Assigned Policies on the menu bar 2 From the Product drop down menu select VirusScan Enterprise ...

Page 38: ...n any PUPs that you have not explicitly excluded The next time client systems poll the server they will download your configuration changes Deploy the McAfee Agent McAfee Total Protection for Endpoint Lab Evaluation Guide 38 ...

Page 39: ... bar Take a moment to examine this dashboard and the information it provides Changing a dashboard monitor Most default dashboards contain six monitors If the default monitors do not give you the information you want you can change the set of monitors rather than create a new dashboard To view some information about VirusScan Enterprise and Potentially Unwanted Programs you will duplicate then modi...

Page 40: ...ie slice You can click on the pie slice showing version 4 x of the McAfee Agent to see the systems Click Close to return to the pie chart and click Close again to return to the list of queries To check whether Host Intrusion Prevention is installed and has the correct version of the program run the HIP Client Versions query To check whether those clients have the most current updates run the HIP C...

Page 41: ...oup When saving it to a new group you have the choice of storing it under a Private Group under My Groups or a Public Group under Shared Groups Queries stored in a Private Group are only visible to the administrator under whose login it was created Those queries stored in a Shared Group are visible under all ePO administrative accounts so they can be shared with others Using Dashboards and Queries...

Page 42: ...eAdvisor Enterprise Plus policy A Host Intrusion Prevention policy 6 Created a deployment task to install VirusScan Host Intrusion Prevention and SiteAdvisor Enterprise Plus on the client systems 7 Created and applied policies for email protection 8 Created a client update task to keep the clients current 9 Created a VirusScan On demand scan task 10 Deployed the McAfee Agent 11 Verified agent serv...

Page 43: ...n Enterprise 8 7i Installation Guide VirusScan Enterprise 8 7i Product Guide Access Protection in McAfee VirusScan Enterprise and Host Intrusion Prevention Whitepaper AntiSpyware Enterprise 8 7 AntiSpyware Enterprise 8 7 Product Guide AntiSpyware Enterprise 8 7 Release Notes McAfee Host Intrusion Prevention 7 0 Host Intrusion Prevention 7 0 0 Installation Guide Adopting Host Intrusion Prevention B...

Page 44: ...ndum McAfee Security for Lotus Domino v7 5 Windows McAfee Security for Lotus Domino v7 5 Windows User Guide McAfee Security for Lotus Domino v7 5 Windows Release Notes Support by Seeing Video tutorials View video tutorials that address common issues and questions Support by Doing Download Software Updates Obtain the latest anti virus definitions product security updates and product versions To get...

Search results

Summary of Contents for TEECDE-AA-AA - Total Protection For Endpoint

Reviews:

Related manuals for TEECDE-AA-AA - Total Protection For Endpoint

Brands by name

Popular brands

McAfee TEECDE-AA-AA - Total Protection For Endpoint, Evaluator Manual

Search results

Summary of Contents for TEECDE-AA-AA - Total Protection For Endpoint

Reviews:

Related manuals for TEECDE-AA-AA - Total Protection For Endpoint

Brands by name

Popular brands