manualshive.com logo in svg

McAfee EPOCDE-AA-BA - ePolicy Orchestrator - PC, Руководство по эксплуатации продукта

"McAfee EPOCDE-AA-BA - ePolicy Orchestrator - PC" - это продукт для безопасности компьютера, который поможет вам управлять политиками безопасности и защитить свои данные. Вы можете загрузить бесплатное руководство по использованию этого продукта на manualshive.com. Узнайте больше о его возможностях!

Поделиться
Скачать
background image

Importing a query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Exporting query results to other formats . . . . . . . . . . . . . . . . . . . . . 248

Multi-server rollup querying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Creating a Rollup Data server task . . . . . . . . . . . . . . . . . . . . . . . 249
Creating a query to define compliance . . . . . . . . . . . . . . . . . . . . . . 250
Generating compliance events . . . . . . . . . . . . . . . . . . . . . . . . . 250

About reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Structure of a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Working with reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Creating a new report . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Editing an existing report . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Viewing report output . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Grouping reports together . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Running reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Configuring Internet Explorer 8 to automatically accept McAfee ePO downloads  . . . . . 259
Running a report with a server task . . . . . . . . . . . . . . . . . . . . . . . 260
Exporting reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Importing reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Deleting reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Using database servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Working with database servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Modifying a database registration . . . . . . . . . . . . . . . . . . . . . . . . 262
Removing a registered database . . . . . . . . . . . . . . . . . . . . . . . . 262

21

Detecting Rogue Systems

265

What are rogue systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Rogue System Detection states . . . . . . . . . . . . . . . . . . . . . . . . 266
Rogue Sensor Blacklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Rogue System Detection policy settings . . . . . . . . . . . . . . . . . . . . . 269
Rogue System Detection permission sets . . . . . . . . . . . . . . . . . . . . . 271

How the Rogue System Sensor works . . . . . . . . . . . . . . . . . . . . . . . . . 272

Passive listening to layer-2 traffic . . . . . . . . . . . . . . . . . . . . . . . . 272
Intelligent filtering of network traffic . . . . . . . . . . . . . . . . . . . . . . 272
Data gathering and communications to the server . . . . . . . . . . . . . . . . . 273
Systems that host sensors . . . . . . . . . . . . . . . . . . . . . . . . . . 273

How detected systems are matched and merged . . . . . . . . . . . . . . . . . . . . 274
Working with detected systems . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

Configuring Rogue System Detection policy settings . . . . . . . . . . . . . . . . 275
Adding systems to the Exceptions list . . . . . . . . . . . . . . . . . . . . . . 276
Adding systems to the Rogue Sensor Blacklist . . . . . . . . . . . . . . . . . . 277
Adding detected systems to the System Tree . . . . . . . . . . . . . . . . . . . 277
Editing system comments . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Exporting the Exceptions list . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Importing systems to the Exceptions list . . . . . . . . . . . . . . . . . . . . . 278
Merging detected systems . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Pinging a detected system . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Querying detected system Agents . . . . . . . . . . . . . . . . . . . . . . . 279
Removing systems from the Detected Systems list . . . . . . . . . . . . . . . . . 279
Removing systems from the Exceptions list . . . . . . . . . . . . . . . . . . . . 280
Removing systems from the Rogue Sensor Blacklist . . . . . . . . . . . . . . . . 280
Viewing detected systems and their details . . . . . . . . . . . . . . . . . . . . 280

Working with sensors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Installing sensors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Editing sensor descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Removing sensors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

Working with subnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

Contents

McAfee

®

 ePolicy Orchestrator

®

 4.6.0 Software Product Guide

9

Содержание EPOCDE-AA-BA - ePolicy Orchestrator - PC

Страница 1: ...Product Guide McAfee ePolicy Orchestrator 4 6 0 Software...

Страница 2: ...registered and unregistered trademarks herein are the sole property of their respective owners LICENSE INFORMATION License Agreement NOTICE TO ALL USERS CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT...

Страница 3: ...ers 22 Server configuration overview 22 Setting up and configuring your ePolicy Orchestrator server 3 Configuring essential features 27 About essential features 27 Using the Guided Configuration to co...

Страница 4: ...n 56 Authenticating with certificates 58 When to use certificate authentication 58 Configuring ePolicy Orchestrator for certificate authentication 58 Uploading server certificates 59 Removing server c...

Страница 5: ...Setting up registered servers 95 Registering servers 95 Registering McAfee ePO servers 95 Registering LDAP servers 97 Registering SNMP servers 98 Registering a database server 99 10 Setting up Agent...

Страница 6: ...group 144 Synchronizing the System Tree on a schedule 146 Updating the synchronized group with an NT domain manually 147 Moving systems manually within the System Tree 147 Transferring systems betwee...

Страница 7: ...gs of a policy 181 Viewing policy ownership 182 Viewing assignments where policy enforcement is disabled 182 Viewing policies assigned to a group 182 Viewing policies assigned to a specific system 183...

Страница 8: ...nfiguring the action for Automatic Response rules 224 Frequently asked questions 226 Monitoring and reporting on your network security status 19 Monitoring with Dashboards 229 Working with dashboards...

Страница 9: ...em Detection permission sets 271 How the Rogue System Sensor works 272 Passive listening to layer 2 traffic 272 Intelligent filtering of network traffic 272 Data gathering and communications to the se...

Страница 10: ...Benefits of adding comments to ticketed issues 297 How tickets are reopened 297 Ticketed issue synchronization 297 Integration with ticketing servers 297 Considerations when deleting a registered tic...

Страница 11: ...features Security officers People who determine sensitive and confidential data and define the corporate policy that protects the company s intellectual property Reviewers People who evaluate the prod...

Страница 12: ...your goals Finding product documentation McAfee provides the information you need during each phase of product implementation from installation to daily use and troubleshooting After a product is rel...

Страница 13: ...re is the components of the software and how they protect your environment Then review the configuration process overview Chapter 1 Introducing McAfee ePolicy Orchestrator Software version 4 6 0 Chapt...

Страница 14: ......

Страница 15: ...ey do How the software works How to navigate the ePolicy Orchestrator interface What is ePolicy Orchestrator software ePolicy Orchestrator software is a scalable extensible management platform that en...

Страница 16: ...ter repository retrieves user specified updates and signatures from McAfee or from user defined source sites Distributed repositories Local access points strategically placed throughout your environme...

Страница 17: ...tem in your network Once an agent is deployed to a system the system can be managed by your ePolicy Orchestrator server Secure communication between the server and managed system is the bond that conn...

Страница 18: ...duled intervals 7 Distributed repositories placed throughout your network host your security content locally so agents can receive updates more quickly 8 Remote Agent Handlers help to scale your netwo...

Страница 19: ...to a page in the Menu or click an icon in the navigation bar the name of that page is displayed in the blue box next to the Menu On systems with 1024x768 screen resolution the navigation bar can disp...

Страница 20: ......

Страница 21: ...ase Horizontal scalability Accomplished by increasing the deployment size that a single ePolicy Orchestrator server can manage Scaling your server horizontally is accomplished by installing multiple r...

Страница 22: ...use Agent Handlers require a very fast network connection there are some scenarios in which you should not use them including To replace distributed repositories Distributed repositories are local fil...

Страница 23: ...rrectly but you can customize some aspects of how your server works 3 Create user accounts User accounts provide a means for users to access the server 4 Configure permission sets Permission sets gran...

Страница 24: ......

Страница 25: ...sential features Chapter 4 Configuring general server settings Chapter 5 Creating user accounts Chapter 6 Setting up permission sets Chapter 7 Configuring advanced server settings Chapter 8 Setting up...

Страница 26: ......

Страница 27: ...systems The McAfee Agent Enables management of a system on your network Once deployed the agent communicates status and all associated data to and from your server and the managed system It is the ve...

Страница 28: ...Deploy your security software to your managed systems You don t have to complete each step and you can revisit any step as often as you like However McAfee recommends that you use this configuration t...

Страница 29: ...t step Manual Manually add systems to your System Tree by specifying names or browsing a list of systems by domain 1 In the New Systems page click Browse to add individual systems from a Domain and cl...

Страница 30: ...p opens To complete this step a Select the location in the System Tree that contains the systems where you want to deploy your software then click Next The Software Deployment dialog box opens Click O...

Страница 31: ...ettings control functionality that does not require specific configuration or basic features that are not required for your server to function properly Use these tasks to configure your ePolicy Orches...

Страница 32: ...u choose a refresh interval 5 minutes by default that is frequent enough to ensure accurate and timely information is displayed without consuming undue network resources Task For option definitions cl...

Страница 33: ...update and whether global updates are enabled are configured using the Global Updating server setting Global updates are disabled by default However McAfee recommends that you enable and use them as...

Страница 34: ...gin message Create and display a custom login message to be displayed on the Log On page Your message can be written in plain text or formatted using HTML If you create an HTML formatted message you a...

Страница 35: ...e such as in an outbreak scenario Working with McAfee Labs Security Threats Use these task to mark threat notifications as read or unread or to delete them Data is sorted by the date the threat was di...

Страница 36: ...g Directory where exported tables and dashboards are stored Task For option definitions click in the interface 1 Click Menu Configuration Server Settings then select Printing and Exporting in the Sett...

Страница 37: ...browser trusts This is the best option Because the certificate is signed by a trusted CA you do not need to add the certificate to all web browsers within your organization If the server host name ch...

Страница 38: ...Certificate dialog box Do not click Install Certificate on the General tab If you do the process fails 5 Select the Certification Path tab then select Orion_CA_ servername and click View Certificate...

Страница 39: ...as this option is selected However these systems can be sorted again manually by taking the Sort Now action or by changing this setting to sort on each agent server communication If you selected to so...

Страница 40: ...custom login message displayed if any to users in your environment when they navigate to the ePolicy Orchestrator console log on screen McAfee Labs Security Threats Specifies the update frequency for...

Страница 41: ...ich sites should be used as a fallback System Details Settings Specifies which queries and systems properties are displayed in the System Details page for your managed systems System Tree Sorting Spec...

Страница 42: ......

Страница 43: ...Managing ePolicy Orchestrator users with Active Directory While user accounts and permission sets are closely related they are created and configured using separate steps For more information on permi...

Страница 44: ...tus of this account If this account is for someone who is not yet a part of the organization you might want to disable it 4 Select whether the new account uses McAfee ePO authentication Windows authen...

Страница 45: ...nt instead of deleting it until you are sure all valuable information associated with the account has been moved to other users Task For option definitions click in the interface 1 Click Menu User Man...

Страница 46: ......

Страница 47: ...ion sets Permission sets A particular access profile is defined within a permission set This usually involves a combination of access levels to various parts of ePolicy Orchestrator For example a sing...

Страница 48: ...reators 5 Create a query group called Dallas Reports and give it By permission set Shared Groups visibility to the Dallas Users and Dallas Report Creators permission sets 6 In the Dallas Users permiss...

Страница 49: ...ission sets Creating a new permission set Providing access levels between seeing everything or nothing requires you to create a permission set If you want to create a new permission set that is unlike...

Страница 50: ...ystem and will be propagated to the remainder of your network according to your policy configuration Duplicating a permission set Occasionally the easiest way to create a new permission set is to dupl...

Страница 51: ...ion set you want to import 4 Choose whether you want to keep permission sets with the same name as an imported permission set or not by selecting the appropriate option Click OK If ePolicy Orchestrato...

Страница 52: ...set you want to delete in the Permission Sets list Its details appear to the right 2 Click Actions Delete then click OK in the Action pane The permission set no longer appears in the Permission Sets...

Страница 53: ...ory Configuring Windows authentication and authorization Managing ePolicy Orchestrator users with Active Directory ePolicy Orchestrator offers the ability to dynamically create McAfee ePO users and as...

Страница 54: ...ion specifies which Active Directory AD server ePolicy Orchestrator uses to gather user and group information for a particular domain You can specify multiple domain controllers and AD servers This se...

Страница 55: ...r can do within the system When using Windows authentication you can determine what users from different domains should be authorized to do This is done by attaching permission sets to groups containe...

Страница 56: ...ows Authentication page in the server settings you must first stop the ePolicy Orchestrator service This task must be performed on the McAfee ePO server itself Task For option definitions click in the...

Страница 57: ...authenticate users with servers in the order they are listed It starts at the first server in the list and continues down the list until the user authenticates successfully Configuring Windows authori...

Страница 58: ...sed authentication has a number of advantages over password authentication Certificates have predefined lifetimes This allows for a forced periodic review of a user s permissions when their certificat...

Страница 59: ...tificate Task For option definitions click in the interface 1 Click Menu Configuration Server Settings 2 Select Certificate Based Authentication and click Edit 3 Select Enable Certificate Based Authen...

Страница 60: ...ed Authentication 4 Use one of these methods to provide credentials Copy the DN field from the certificate file and paste it into the Personal Certificate Subject DN Field edit box Upload a certificat...

Страница 61: ...ettings These settings are user configured and have two important functions Editing Detected System Exception Categories on page 62 Editing Detected Systems Matching on page 62 Use this task to edit t...

Страница 62: ...s click in the interface 1 Click Menu Configuration Server Settings then from the Settings Categories list select Detected System Exception Categories and click Edit 2 Add or subtract exception catego...

Страница 63: ...and click Edit 2 Choose one of the following options to specify where to update your list of OUIs URL Specifies the location of an OUI txt file to be read The McAfee ePO server must have access to th...

Страница 64: ...cure communication ASSC keys Backing up and restoring keys Security keys and how they work The ePolicy Orchestrator server relies on three security key pairs The three security pairs are used to Authe...

Страница 65: ...ivate key signs all unsigned content in the master repository This key is a feature of agents 4 0 and later Agents 4 0 and later use the public key to verify the repository content that originates fro...

Страница 66: ...mport The Import Keys wizard opens 6 Browse to the zip file containing the exported master repository key files then click Next 7 Verify that these are the keys you want to import then click Save The...

Страница 67: ...t to Select file browse to and select the master key pair file you saved then click Next The summary dialog box appears 9 If the summary information appears correct click Save The new master key pair...

Страница 68: ...to ensure that all agents can communicate with the required McAfee ePO servers in an environment where each McAfee ePO server must have a unique agent server secure communication key pair Viewing syst...

Страница 69: ...r For option definitions click in the interface Task 1 Click Menu Configuration Server Settings select Security Keys from the Setting Categories list then click Edit The Edit Security Keys page appear...

Страница 70: ...ge appears 2 From the Agent server secure communication keys list select a key then click Make Master 3 Create an update task for the agents to run immediately so that agents update after the next age...

Страница 71: ...ce Task 1 From each McAfee ePO server in your environment export the master agent server secure communication key pair to a temporary location 2 Import each of these key pairs into every McAfee ePO se...

Страница 72: ...uration Server Settings select Security Keys from the Setting Categories list then click Edit The Edit Security Keys page appears 2 Click Back Up All near the bottom of the page The Backup Keystore di...

Страница 73: ...to keep your security software up to date Working with source and fallback sites Use these tasks to change the default source and fallback sites You must be a global administrator or have appropriate...

Страница 74: ...where the repository resides Use this format COMPUTER FOLDER 5 On the Credentials page provide the Download Credentials used by managed systems to connect to this repository Use credentials with read...

Страница 75: ...option definitions click in the interface Task 1 Click Menu Configuration Server Settings 2 Select Source Sites then click Edit The Edit Source Sites page appears 3 Locate the site in the list then c...

Страница 76: ......

Страница 77: ...t allows Once your repository infrastructure is in place create update tasks that determine how where and when your software is updated Are you setting up repositories for the first time When creating...

Страница 78: ...oss low bandwidth connections or at remote sites with a large number of client systems If you create a distributed repository in the remote location and configure the systems within that location to u...

Страница 79: ...situations The default fallback site is the McAfeeHttp update site You can enable only one fallback site If managed systems use a proxy server to access the Internet you must configure agent policy se...

Страница 80: ...d systems McAfee recommends that you manage all distributed repositories through ePolicy Orchestrator This and using global updating or scheduled replication tasks frequently ensures your managed envi...

Страница 81: ...mediate previous version of each file type You can populate the Previous branch by selecting Move existing packages to Previous branch when you add new packages to your master repository The option is...

Страница 82: ...re that the McAfee ePO master repository managed systems and the McAfee Labs Security Threats dashboard monitor can access the Internet when using the McAfeeHttp and the McAfeeFtp sites as source and...

Страница 83: ...he server can connect to directly by typing the IP addresses or fully qualified domain name of those systems separated by semi colons 7 Click Save Configuring proxy settings for the McAfee Agent Use t...

Страница 84: ...ll communication or different proxy servers for HTTP and FTP proxy servers Then type the IP address or fully qualified domain name and the Port number of the proxy server If you are using the default...

Страница 85: ...te a new policy duplicate an existing one or open one that s already applied to systems that host a SuperAgent where you want to host SuperAgent repositories 3 Select the General tab then ensure Conve...

Страница 86: ...during the next agent server communication For option definitions click in the interface Task 1 Open the desired McAfee Agent policy pages in edit mode from the desired assignment point in the System...

Страница 87: ...FTP HTTP server or UNC share Use this task to create the folder that hosts repository contents on the distributed repository system For UNC share repositories create the folder on the system and enab...

Страница 88: ...ons to the HTTP server FTP server or UNC share that hosts the repository HTTP or FTP server type Select Anonymous to use an unknown user account Select FTP or HTTP authentication if the server require...

Страница 89: ...the task fails This feature ensures packages that are used by only a few systems are not replicated throughout your entire environment 9 Review the Summary page then click Save to add the repository...

Страница 90: ...Sharing tab select Share this folder 4 Configure share permissions as needed Systems updating from the repository require only read access but administrator accounts including the account used by the...

Страница 91: ...y b Click on an existing agent policy or create a new agent policy Policy inheritance cannot be broken for tabs of a policy Therefore when you apply this policy to systems ensure that only the desired...

Страница 92: ...es from a repository list file This is valuable after reinstalling a server or if you want one server to use the same distributed repositories as another server Importing source sites from the SiteMgr...

Страница 93: ...tion to save the file then click Save Importing distributed repositories from the SiteMgr xml file Use this task to import distributed repositories from a repository list file This is valuable after r...

Страница 94: ...nitions click in the interface 1 Click Menu Distributed Repositories The Distributed Repositories page appears 2 Click Actions and select Change Credentials The Change Credentials wizard opens to the...

Страница 95: ...stering McAfee ePO servers on page 95 You can register additional McAfee ePO servers for use with your main McAfee ePO server to collect or aggregate data Registering LDAP servers on page 97 You must...

Страница 96: ...pecifies the version of the ePO server being registered Password Specifies the password for this server Policy sharing Specifies whether to enable or disable policy sharing for this server SQL Server...

Страница 97: ...t Rules to enable dynamically assigned permission sets and to enable Active Directory User Login Task For option definitions click in the interface 1 Select Menu Configuration Registered Servers then...

Страница 98: ...ck Test Connection to verify communication with the server as specified Alter information as necessary 12 Click Save to register the server Registering SNMP servers To receive an SNMP trap you must ad...

Страница 99: ...m the drop down list of registered types Indicate if you want this database type to be as the default If there is already a default database assigned for this database type it is indicated in the Curr...

Страница 100: ......

Страница 101: ...raphically distributed agents How Agent Handlers work Agent Handlers distribute network traffic which is generated by an agent to server communication interval ASCI by assigning managed systems or gro...

Страница 102: ...ty is unavailable the agent falls back to the next handler in the list This priority information is contained in the repository list sitelist xml file in each agent When you change handler assignments...

Страница 103: ...er to manage multiple handlers throughout your network and can play a role in your fallback strategy Managing Agent Handler groups on page 105 Use this table to complete common management tasks for Ag...

Страница 104: ...ique name that identifies this handler assignment Agent criteria The systems that are included in this assignment You can add and remove System Tree groups or modify the list of systems in the text bo...

Страница 105: ...ion Agent Handlers then click the Handler Groups monitor To do this Do this Delete a handler group Click Delete in the selected group row Edit a handler group Click on the handler group The Agent Hand...

Страница 106: ...me for the Assignment Name 3 You can configure Agent Criteria by System Tree locations by agent subnet or individually using the following System Tree Locations Select the group from the System Tree l...

Страница 107: ...signment 4 To change the priority of an assignment which is shown in the Priority column on the left do one of the following Use drag and drop Use the drag and drop handle to drag the assignment row u...

Страница 108: ......

Страница 109: ...ode Similarly if your network is configured to use both IPv4 and IPv6 addresses your server works in Mixed mode Until IPv6 is installed and enabled your ePolicy Orchestrator server listens only on IPv...

Страница 110: ...extensions may add items to this list Please check the extension s documentation for details Dashboards Permission Sets Queries Reports Server Tasks Users Automatic Responses The following items can h...

Страница 111: ...ects X X xml Policy assignments X X xml Query definitions X X xml Query data X multiple Reports X X xml Repositories X X xml Server tasks X X xml Site lists X X xml Subnets in the form of a list X X t...

Страница 112: ...can be queried against You can create queries with the Query Builder wizard that target this data or you can use the default queries that target this data For example the Failed Logon Attempts query...

Страница 113: ...x next to Purge records older than type a number and select a time unit 4 Click OK All records older than the specified timeframe are purged Purging the Audit Log on a schedule Use this task to purge...

Страница 114: ...lder than a specified user configurable number of days weeks months or years Viewing the Server Task Log Use this task to review the status of server tasks and long running actions The status of each...

Страница 115: ...fields separated by a space Accepted Cron syntax by field in descending order is detailed in the following table Most Cron syntax is acceptable but a few cases are not supported For example you cannot...

Страница 116: ...ct in response to the threat IPv4 Address IPv4 address of the system which sent the event Agent GUID Unique identifier of the agent that forwarded the event IPv6 Address IPv6 address of the system whi...

Страница 117: ...ewing the Threat Event Log on page 117 Use this task to view the Threat Event Log Purging Threat Events on page 117 Use this task to purge Threat Event records from the database Purging Threat Event r...

Страница 118: ...r Tasks then click Actions New Task The Server Task Builder wizard opens to the Description page 2 Name describe the task and click Enabled after Schedule Status 3 Click Next The Actions page appears...

Страница 119: ...zation from threats Chapter 12 Organizing the System Tree Chapter 13 Working with the agent from the McAfee ePO server Chapter 14 Using the Software Manager to check in software Chapter 15 Using polic...

Страница 120: ......

Страница 121: ...nd drop Contents The System Tree structure Considerations when planning your System Tree Tags and how they work Active Directory and NT domain synchronization Criteria based sorting How a system is ad...

Страница 122: ...ystem s domain If no such group exists one is created If you delete systems from the System Tree be sure you select the option to remove their agents If the agent is not removed deleted systems reappe...

Страница 123: ...requires different policies and possibly different management McAfee recommends planning your System Tree before implementing the McAfee ePO software Regardless of the methods you choose to create and...

Страница 124: ...als or groups responsible for managing different portions of the network Sometimes these borders do not coincide with topological or geographic borders Who accesses and manages the segments of the Sys...

Страница 125: ...ssign tasks and take a number of actions on systems with the same tags Traits of tags With tags you can Apply one or more tags to one or more systems Apply tags manually Apply tags automatically based...

Страница 126: ...th systems and the structure are updated in the System Tree to reflect the systems and structure of Active Directory Import systems as a flat list from the Active Directory container and its subcontai...

Страница 127: ...tory structure If the organization of Active Directory meets your security management needs and you want the System Tree to continue to look like the mapped Active Directory structure use this synchro...

Страница 128: ...s and setting your sorting criteria perform a Test Sort action to confirm that the criteria and sorting order achieve the desired results Once you have added sorting criteria to your groups you can ru...

Страница 129: ...ble System Tree sorting If criteria based sorting does not meet your security management needs and you want to use other System Tree features like Active Directory synchronization to organize your sys...

Страница 130: ...ng When multiple subgroups have matching criteria changing this order can change where a system ends up in the System Tree Additionally if you are using catch all groups they must be the last subgroup...

Страница 131: ...onsiders the sorting criteria of all top level groups according to the sorting order on the My Organization group s Group Details tab The system is placed in the first group with matching criteria or...

Страница 132: ...f criteria with the Apply Tag action Tags without criteria can only be applied manually to selected systems Task For option definitions click in the interface 1 Click Menu Systems Tag Catalog then cli...

Страница 133: ...ag page appears c Verify the desired systems are in the list Applying tags to selected systems Use this task to apply a tag manually to selected systems in the System Tree Task For option definitions...

Страница 134: ...ia and applies the tag to systems which match criteria but were excluded from receiving the tag 4 Click OK 5 Verify the systems have the tag applied a Click Menu Systems Tag Catalog then select the de...

Страница 135: ...vidual systems or by importing systems directly from your network You can also populate groups using drag and drop by dragging the selected systems and dragging them into any group in the System Tree...

Страница 136: ...rectory containers directly into your System Tree by mapping Active Directory source containers to the groups of the System Tree Unlike previous versions you can now Importing NT domains to an existin...

Страница 137: ...roup Adding systems manually to an existing group Use this task to import systems from your Network Neighborhood to groups You can also import a network domain or Active Directory container Task For o...

Страница 138: ...an import this list into your McAfee ePO Server to quickly restore your previous structure and organization This task does not remove systems from you System Tree It creates a txt file that contains t...

Страница 139: ...twork utilities such as the NETDOM EXE utility available with the Microsoft Windows Resource Kit to generate complete text files containing complete lists of the systems on your network Once you have...

Страница 140: ...e sorting on the server System Tree sorting must be enabled on the server and the desired systems for systems to be sorted Enabling and disabling System Tree Sorting on Systems on page 141 The sorting...

Страница 141: ...taking the Sort Now action or by changing this setting to sort on each agent server communication If you selected to sort on each agent server communication all enabled systems are sorted at each age...

Страница 142: ...s you can now Synchronize the System Tree structure to the Active Directory structure so that when containers are added or removed in Active Directory the corresponding group in the System Tree is add...

Страница 143: ...y management and use other System Tree management functionality for example tag sorting for further organizational granularity below the mapping point 6 In Active Directory domain you can Type the ful...

Страница 144: ...in Active Directory Synchronization server task to keep your System Tree up to date with any new systems or organizational changes in your Active Directory containers Importing NT domains to an existi...

Страница 145: ...p to this group then click OK Alternatively you can type the name of the domain directly in the text box When typing the domain name do not use the fully qualified domain name 6 Select whether to depl...

Страница 146: ...page appears 10 Click Save then view the results in the System Tree if you clicked Synchronize Now or Update Group Once the systems are added to the System Tree distribute agents to them if you did no...

Страница 147: ...o longer in the domain Remove agents from all systems that no longer belong to the specified domain Task For option definitions click in the interface 1 Click Menu Systems System Tree Group Details th...

Страница 148: ...then click OK Transferring systems between McAfee ePO servers Use this task to transfer systems between McAfee ePO servers For option definitions click in the interface Task 1 Click Menu Systems Syst...

Страница 149: ...t system properties as well as events that have not yet been sent and sends them to the server The server sends new or changed policies and tasks to the agent and the repository list if it has changed...

Страница 150: ...or Agent Handlers is highly distributed Inadequate available bandwidth In general if your environment includes these variables you want to perform an agent server communication less frequently For cli...

Страница 151: ...s out of compliance and you want to test its status as part of a troubleshooting procedure If you are have converted a particular Windows system to use as a SuperAgent it can issue wake up calls to de...

Страница 152: ...uired by the agents assigned to it because it does not pull any content from the McAfee ePO server until requested from a client This minimizes traffic between the SuperAgent and the McAfee ePO server...

Страница 153: ...em Tree 2 On the Systems tab click the row corresponding to the system you want to examine Information about the system s properties installed products and agent appear New in ePolicy Orchestrator 4 6...

Страница 154: ...now feature ePolicy Orchestrator puts tasks into a queue when they are scheduled to run instead of immediately executing them While a task can be queued up immediately it only starts executing at the...

Страница 155: ...is wake up call select Force complete policy and task update 8 Enter a Number of attempts Retry interval and Abort after settings for this wake up call if you do not want the default values 9 Click OK...

Страница 156: ...agent server communication The query results allow you take a variety of actions with respect to the systems identified including ping delete wake up and re deploy an agent Queries provided by McAfee...

Страница 157: ...Memory Installed Products IP Address IPX Address Is 64 Bit OS Is Laptop Last Communication MAC Address Managed State Management Type Number Of CPUs Operating System OS Build Number OS OEM Identifier O...

Страница 158: ......

Страница 159: ...d removing software using the Software Manager What s in the Software Manager The Software Manager eliminates the need to access the McAfee Product Download website to obtain new McAfee software and s...

Страница 160: ...tained from the Software Manager Help extensions can be installed automatically PDF and HTML documentation such as Product Guides and Release Notes can also be downloaded from the Software Manager Abo...

Страница 161: ...abel Displays software by function as described by McAfee product suites 3 When you ve located the correct software click Download to download product documentation to a location on your network Check...

Страница 162: ......

Страница 163: ...oups and systems Contents Policy management Policy application How policy assignment rules work Creating Policy Management queries Working with the Policy Catalog Working with policies Viewing policy...

Страница 164: ...nforcement below the locked node If policy enforcement is turned off systems in the specified group do not receive updated sitelists during an agent server communication As a result managed systems in...

Страница 165: ...n the Policy Catalog to any group or system provided you have the appropriate permissions Assignment allows you to define policy settings once for a specific need then apply the policy to multiple loc...

Страница 166: ...ific criteria User based policies Policies that include at least one user specific criteria For example you can create a policy assignment rule that is enforced for all users in your engineering group...

Страница 167: ...ontrol Internet access In your System Tree there is a group named Engineering which consists of systems tagged with either IsServer or IsLaptop In the System Tree policy A is assigned to all systems i...

Страница 168: ...ules causes your ePolicy Orchestrator server to perform a look up on the LDAP server for every managed system in your network at each agent server communication interval About system based policy assi...

Страница 169: ...form common management tasks when working with policy assignment rules Creating policy assignment rules Use this task to create policy assignment rules Policy assignment rules allow you to enforce pol...

Страница 170: ...a policy assignment rule Click Edit Priority The Policy Assignment Rule Edit Priority page opens where you change the priority of policy assignment rules using the drag and drop handle View the summa...

Страница 171: ...w policy from the Policy Catalog By default policies created here are not assigned to any groups or systems When you create a policy here you are adding a custom policy to the Policy Catalog Duplicati...

Страница 172: ...5 Edit the policy settings on each tab as needed 6 Click Save Duplicating a policy on the Policy Catalog page Use this task to create a new policy based on an existing one For example if you already h...

Страница 173: ...sired policy s row The Rename Policy dialog box appears 3 Type a new name for the existing policy then click OK Deleting a policy from the Policy Catalog Use this task to delete a policy from the Poli...

Страница 174: ...roup You can assign policies before or after a product is deployed Enforcing policies for a product on a group on page 178 Use this task to enable or disable policy enforcement for a product on a Syst...

Страница 175: ...egory All created policies for the selected category appear in the details pane 2 Locate the desired policy then click on the Owner of the policy The Policy Ownership page appears 3 Select the desired...

Страница 176: ...es for the selected category appear in the details pane 2 Click Export next to Product policies The Export page appears 3 Right click the link to download and save the file If you plan to import this...

Страница 177: ...he desired group under System Tree All the systems within this group but not its subgroups appear in the details pane 2 Select the desired system then click Actions Agent Modify Policies on a Single S...

Страница 178: ...nce and assign the policy and settings below 4 Next to Enforcement status select Enforcing or Not enforcing accordingly 5 Choose whether to lock policy inheritance Locking inheritance for policy enfor...

Страница 179: ...Use this task to copy policy assignments from a group in the System Tree Task For option definitions click in the interface 1 Click Menu Systems System Tree Assigned Policies then select the desired...

Страница 180: ...ion definitions click in the interface 1 Click Menu Systems System Tree Systems then select the desired group in the System Tree All of the systems belonging to the selected group appear in the detail...

Страница 181: ...nce of a specific group Viewing and resetting broken inheritance on page 183 Use this task to view where policy inheritance is broken Viewing groups and systems where a policy is assigned Use this tas...

Страница 182: ...ents where policy enforcement is disabled Use this task to view assignments where policy enforcement per policy category is disabled Task For option definitions click in the interface 1 Click Menu Pol...

Страница 183: ...lick Menu Systems System Tree Assigned Policies All assigned policies organized by product appear in the details pane The desired policy row under Broken Inheritance displays the number of groups and...

Страница 184: ...rvers Registering servers for policy sharing Use this task to register the servers that will share a policy For option definitions click in the interface Task 1 Click Menu Configuration Registered Ser...

Страница 185: ...s task then click Next The Summary page opens 5 Review the summary details then click Save Frequently asked questions What is a policy A policy is a customized subset of product settings that correspo...

Страница 186: ...systems Why New policy assignments are not enforced until the next agent server communication I pasted policy assignments from one group or system source to another target but the policies assigned to...

Страница 187: ...deployment First time product and update deployment overview Server tasks and what they do Client tasks and what they do Confirming that clients are using the latest DAT files Evaluating new DATs and...

Страница 188: ...aster repository manually For specific locations see the documentation for that product Agent language packages File type zip An agent language package contains files necessary to display agent inform...

Страница 189: ...implementing global updating for product deployment a deployment task must be configured and scheduled for managed systems to retrieve the package If not implementing global updating for product updat...

Страница 190: ...traffic is minimal Although global updating is much faster than other methods it increases network traffic during the update Global updating process Most environments can be updated within an hour us...

Страница 191: ...systems however must see the SuperAgent repository from which to update Deploying update packages automatically with global updating Use this task to enable global updating on the server Global updat...

Страница 192: ...can specify which packages are copied from the source site to the master repository ExtraDAT files must be checked in to the master repository manually They are available from the McAfee website A sch...

Страница 193: ...mental replication task Schedule a weekly full replication task if it is possible for files to be deleted from the distributed repository outside of the replication functionality of the ePolicy Orches...

Страница 194: ...epository to distributed repositories You can schedule a Repository Replication server task that occurs regularly or run a Replicate Now task for immediate replication Using pull tasks to update the m...

Страница 195: ...s and choose the packages to pull from the source site when this task runs Figure 16 2 Available Source Site Packages dialog box 9 Click Next The Schedule page of the wizard appears 10 Schedule the ta...

Страница 196: ...istributed repositories You can schedule a Repository Replication server task that occurs regularly or run a Replicate Now task for immediate replication Tasks Running a Repository Replication server...

Страница 197: ...The Summary page appears The Schedule page provides more flexibility than the scheduling functionality of previous versions In addition to more granular scheduling in all of the schedule types you can...

Страница 198: ...terface Task 1 Click Menu Software Distributed Repositories then click on the desired repository The Distributed Repository Builder wizard opens 2 On the Package Types page deselect the package that y...

Страница 199: ...nformation in the server task log Click Menu Automation Server Task Log to access the following information for replication tasks Start date and task duration Status of task at each site when expanded...

Страница 200: ...oduct Deployment client task to install the product on managed systems The task installs any product that is deployable through the ePolicy Orchestrator software and has been checked in to the master...

Страница 201: ...o not see the product you want to deploy listed here you must first check in that product s package Set the Action to Install then select the Language of the package and the Branch To specify command...

Страница 202: ...er repository If you do not see the product you want to deploy listed here you must first check in that product s package Set the Action to Install then select the Language of the package and the Bran...

Страница 203: ...on task if you are using scheduled replication tasks Run update tasks for DAT and engine files at least once a day Managed systems might be logged off from the network and miss the scheduled task Runn...

Страница 204: ...s task to only computers that have the following criteria Use one of the edit links to configure the criteria 10 On the Schedule page select whether the schedule is enabled and specify the schedule de...

Страница 205: ...on definitions click in the interface 1 Click Menu Systems System Tree Client Tasks then select the group where the desired client task was in the System Tree 2 Click Edit Settings next to the task Th...

Страница 206: ...rver The next time the agent updates it retrieves them from the Evaluation branch For additional information see Configuring the Deployment task for groups of managed systems 3 Create a scheduled Upda...

Страница 207: ...definitions click in the interface 1 Ensure that the extension file is in an accessible location on the network 2 Click Menu Software Extensions Install Extension The Install Extension dialog box app...

Страница 208: ...Master Repository tab Deleting DAT or engine packages from the master repository Use this task to delete packages from the master repository As you check in new update packages regularly they replace...

Страница 209: ...ext The Package Options page appears 4 Select a branch Current Use the packages without testing them first Evaluation Used to test the packages in a lab environment first Once you finish testing the p...

Страница 210: ......

Страница 211: ...il SMTP server at Server Settings Email contacts list Specify the list from which you select recipients of notification messages at Contacts Registered executables Specify a list of registered executa...

Страница 212: ...urce attacker so that you can isolate the system infecting the rest of your environment Outbreak situations For example 1000 virus detected events are received within five minutes High level complianc...

Страница 213: ...eived 100 virus detection events from any system Throttling Once you have configured the rule to notify you of a possible outbreak use throttling to ensure that you do not receive too many notificatio...

Страница 214: ...planning The event type and group product and server that trigger notification messages in your environment Who should receive which notification messages For example it might not be necessary to not...

Страница 215: ...server communication interval If the currently applied policy is not set for immediate uploading of events either edit the currently applied policy or create a new McAfee Agent policy This setting is...

Страница 216: ...s feature require additional permissions depending on the specific component used For example to create an automatic response that triggers a predefined server task users need full rights to the Serve...

Страница 217: ...rmissions to Threat Event Log Server Tasks Detected Systems and Systems Tree to create a response rule For option definitions click in the interface Task 1 Click Menu User Management Permission Sets t...

Страница 218: ...existing SNMP server entries Deleting an SNMP server on page 219 Use this task to delete an SNMP server from Notifications Importing MIB files on page 220 Use this task when setting up rules to send n...

Страница 219: ...d for protocol verification Confirm Authentication Passphrase Retype the password for protocol verification Privacy Protocol Specifies the protocol used by the SNMP server to customize the privacy def...

Страница 220: ...atch the properties of the Client Status event rsdAddDetectedSystemEvent This trap is sent when an Automatic Response for a Rogue System Detected event is triggered It contains variables that match th...

Страница 221: ...cutable in the list The Edit Registered Executable page appears 2 Edit the name or select a different executable on the system then click Save Deleting registered executables Use this task to delete a...

Страница 222: ...hen the event triggers the rule on the Aggregation page of the Response Builder wizard Configuring the action for Automatic Response rules on page 224 Use this task to configure the responses that are...

Страница 223: ...t to Status 6 Click Next Setting filters for the rule Use this task to set the filters for the response rule on the Filters page of the Response Builder wizard For option definitions click in the inte...

Страница 224: ...f event property selected exceeds 300 or when the number of events exceeds 3 000 whichever threshold is crossed first 3 Next to Grouping select whether to group the aggregated events If you select to...

Страница 225: ...e Number of Distinct Values List of Distinct Values List of All Values Some events do not include this information If a selection you made is not represented the information was not available in the e...

Страница 226: ...tification can be sent only once per specified quantity of events within a specified amount of time or sent at a maximum of once in a specified amount of time Can I create a rule that generates notifi...

Страница 227: ...rt that status to stakeholders and decision makers using preconfigured customizable queries and reports Chapter 19 Monitoring with Dashboards Chapter 20 Querying the database and reporting on system s...

Страница 228: ......

Страница 229: ...irst time When using dashboards for the first time 1 The ePolicy Orchestrator server has a default dashboard you will see if you have never loaded a dashboard before 2 Create any needed dashboards and...

Страница 230: ...ashboard is no longer available Customize the default dashboard to meet your organization s needs Assigning permissions to dashboards on page 233 Dashboards are only visible to users with proper permi...

Страница 231: ...you have read permissions to the monitor Task For option definitions click in the interface 1 Click Menu Reporting Dashboards then select a dashboard from the Dashboard drop down list 2 Choose a moni...

Страница 232: ...For option definitions click in the interface 1 Click Menu Reporting Dashboards 2 Click Dashboard Actions Import The Import Dashboard dialog box appears 3 Click Browse and select the XML file containi...

Страница 233: ...he default for that permission set 5 Click and to add additional or remove existing permission set dashboard mappings If a user is assigned multiple permission sets their default dashboard is the firs...

Страница 234: ...avior is configured on a monitor by monitor basis Moving and resizing dashboard monitors on page 235 Monitors can be moved and resized to efficiently use screen space Configuring dashboard monitors Mo...

Страница 235: ...or If you attempt to resize the monitor to a shape not supported in the monitor s current location it returns to its prior size When you have finished modifying the dashboard click Save Changes To rev...

Страница 236: ...ged systems in your environment which are compliant or noncompliant by version of VirusScan Enterprise for Windows McAfee Agent and DAT files Malware Detection History Displays a line chart of the num...

Страница 237: ...Summary dashboard The Rogue System Detection RSD Summary dashboard provides a summary of the state of detected systems on your network The monitors included in this dashboard are Rogue Systems by Doma...

Страница 238: ......

Страница 239: ...n your McAfee ePO server and throughout your network Audit log Server Task log Threat Event log To get you started McAfee includes a set of default queries that provide the same information as the def...

Страница 240: ...ic group Use public queries create and edit personal queries Grants permission to use any queries or reports that have been placed in a Public group as well as the ability to use the Query Builder to...

Страница 241: ...orted results Query results can be exported to four different formats Exported results are historical data and are not refreshed like other monitors when used as dashboard monitors Like query results...

Страница 242: ...d and displayed and how it is displayed Result types The first selections you make in the Query Builder wizard are the Schema and result type from a feature group This selection identifies from where...

Страница 243: ...ng a query group on page 245 Query groups allow you to save queries or reports without allowing other users access to them Moving a query to a different group on page 246 You can change the permission...

Страница 244: ...s of the query which is actionable so you can take any available actions on items in any tables or drill down tables Selected properties appear in the content pane with operators that can specify crit...

Страница 245: ...re not limited to selecting one action for the query results Click the button to add additional actions to take on the query results Be careful to place the actions in the order you want them to be ta...

Страница 246: ...it to a different group Task For option definitions click in the interface 1 Click Menu Reporting Queries Reports In the Queries list select the query you want to move 2 Click Actions and select one...

Страница 247: ...gs By default most browsers ask you to save the file The exported XML file contains a complete description of all settings required to replicate the exported query Importing a query Importing a query...

Страница 248: ...ill down tables 4 Select whether the data files are exported individually or in a single archive zip file 5 Select the format of the exported file CSV Use this format to use the data in a spreadsheet...

Страница 249: ...ing server As a prerequisite to running a Rolled Up Compliance History query you must take two preparatory actions on each server whose data you want to include Creating a query to define compliance G...

Страница 250: ...tered servers 9 Review the settings then click Save Creating a query to define compliance Compliance queries are required on McAfee ePO servers whose data is used in rollup queries Task For option def...

Страница 251: ...ine queries and other elements into PDF documents providing detailed information for analysis You run reports to find out the state of your environment vulnerabilities usage events etc so you can make...

Страница 252: ...Date Time Page Number User Name Custom text Page elements Page elements provide the content of the report They can be combined in any order and may be duplicated as needed Page elements provided with...

Страница 253: ...ontain highly structured information so exporting and importing them from one server to another allows your data retrieval and reporting to be consistently performed from any ePolicy Orchestrator serv...

Страница 254: ...on page 256 Headers and footers provide information about the report Removing elements from a report on page 257 You can remove elements from a report if no longer needed Reordering elements within a...

Страница 255: ...Configuring text report elements You can insert static text within a report to explain its contents Before you begin You must have a report open in the Report Layout page Task For option definitions...

Страница 256: ...row at the top left corner of the chart Click Configure This will display the Configure Query Chart page If you are adding a new query chart to the report the Configure Query Chart page appears immedi...

Страница 257: ...and Exporting and click Edit 5 To change the logo click Edit Logo a If you want the logo to be text select Text and enter the text in the edit box b To upload a new logo select Image then browse to a...

Страница 258: ...the same report it is recommended you archive the output elsewhere Task For option definitions click in the interface 1 Click Menu Reporting Queries Reports then select the Report tab 2 In the report...

Страница 259: ...a link to the PDF containing those results Configuring Internet Explorer 8 to automatically accept McAfee ePO downloads As a security measure Microsoft Internet Explorer might block ePolicy Orchestra...

Страница 260: ...information will only be used if you enable Schedule status 5 Click Save to save the server task The new task now appears in the Server Tasks list Exporting reports Using the same report definition o...

Страница 261: ...6 Click Import to finalize the import Newly imported reports acquire the permissions of the group they were imported into Deleting reports You can delete reports that are no longer being used Before y...

Страница 262: ...gistered modified viewed and deleted Tasks Modifying a database registration on page 262 If connection information or login credentials for a database server changes you must modify the registration t...

Страница 263: ...confirmation dialog appears click Yes to delete the database The database has been deleted Any queries reports or other items within ePolicy Orchestrator that used the deleted database will be marked...

Страница 264: ......

Страница 265: ...utomatically deploying an agent to the system In addition to Rogue System Detection other McAfee products like McAfee Network Access Control add detected systems control to ePolicy Orchestrator Conten...

Страница 266: ...tatus The Detected Systems page displays information on each of these states via corresponding status monitors This page also displays the 25 subnets with the most rogue system interfaces in the Top 2...

Страница 267: ...played in this list even before you deploy sensors to the subnets that contain these systems When the agent reports to the McAfee ePO database the system is automatically listed in the Managed categor...

Страница 268: ...o prevent receiving further reporting about its status Contains Rogues Subnets that contain rogue systems are listed in the Contains Rogues category to make it easier to take action on them Covered Co...

Страница 269: ...r policy settings in the Rogue System Detection policy pages the same way you would for any managed security product Policy settings that you assign to higher levels of the System Tree are inherited b...

Страница 270: ...r to report on all subnets and systems that connect to it DHCP monitoring allows you to cover your network with fewer sensors to deploy and manage and reduces the potential for missed subnets and syst...

Страница 271: ...s included on a network found during installation Only listen on interfaces whose IP addresses are included in specific networks Specifying these settings allows you to choose the networks that the se...

Страница 272: ...P IP traffic and DHCP responses To obtain additional information the sensor also performs NetBIOS calls and OS fingerprinting on systems that were already detected It does this by listening to the bro...

Страница 273: ...y Orchestrator data to determine whether the system is a rogue system Bandwidth use and sensor configuration To save bandwidth in large deployments you can configure how often the sensor sends detecti...

Страница 274: ...ally you can manually merge the system with an existing detected system Matching detected systems Automatic matching of detected systems is necessary to prevent previously detected systems from being...

Страница 275: ...he agent if available Removing systems from the Detected Systems list on page 279 Use this task to remove systems from the Detected Systems list You might want to remove a system from this list when y...

Страница 276: ...dd to Exceptions The Add to Exceptions dialog box appears 4 Select one of the following to configure the Detected Systems Exceptions display and click OK No Category Displayed without a category entry...

Страница 277: ...ct the detected systems you want to add to the System Tree 2 Click Actions Detected Systems Add to System Tree The Add to System Tree page opens 3 Click Browse to open the Select System Tree Group dia...

Страница 278: ...etwork s Exceptions list For option definitions click in the interface Task 1 Click Menu Systems Detected Systems click Import Export Exceptions from the Overall System Status monitor then click the I...

Страница 279: ...is task can be performed from Getting there Detected Systems page Click Menu Systems Detected Systems Detected Systems Status page Click Menu Systems Detected Systems then click any category in the Ov...

Страница 280: ...terface Task 1 Click Menu Systems Detected Systems 2 In the Rogue System Sensor Status monitor click View Blacklist 3 Select the system you want to remove from the Rogue System Blacklist page 4 Click...

Страница 281: ...ork Installing sensors on specific systems Use this task to install sensors to specific systems on your network This task creates a deployment task that installs the sensor to the selected systems the...

Страница 282: ...en click Actions New Task The Client Task Builder wizard opens 8 On the Description page name and describe the task and specify the Schedule status then click Next 9 On the Action page select Run Quer...

Страница 283: ...Details page Click Menu Systems Detected Systems click any sensor category in the Rogue System Sensor Status monitor then click any sensor Rogue System Sensor page Click Menu Systems Detected Systems...

Страница 284: ...bnets on page 285 Use this task to include subnets that have previously been ignored by Rogue System Detection This task can be performed by querying ignored subnets using the steps below or you can i...

Страница 285: ...u Systems Detected Systems Ignoring a subnet deletes all detected interfaces associated with that subnet All further detections on that subnet are also ignored To view the list of ignored subnets clic...

Страница 286: ...at displays detected subnets For option definitions click in the interface Task 1 Click Menu Systems Detected Systems 2 In the Subnet Status monitor click any category to view the list of detected sub...

Страница 287: ...dd those dashboard monitors to the Dashboards section in ePolicy Orchestrator For more information on using dashboards seeAssessing Your Environment With Dashboards Rogue System Detection query defini...

Страница 288: ......

Страница 289: ...the issue is referred to as a ticketed issue A ticketed issue can have only one associated ticket Integrating issues with third party ticketing servers Integration of a ticketing server forces the cr...

Страница 290: ...es Tasks Creating basic issues manually on page 290 Basic issues can be created manually Non basic issues must be created automatically Configuring responses to automatically create issues on page 291...

Страница 291: ...ime that the issue is due Due dates in the past are not allowed 4 Click Save Configuring responses to automatically create issues You can use responses to automatically create issues when certain even...

Страница 292: ...if needed after a certain number of events have occurred or a certain property accumulates a specified number of distinct values 5 Next to Grouping select one Do not group aggregated events events of...

Страница 293: ...nformation to help fix the issue 10 If applicable type or select the appropriate option Use this To do this State Assign a state to the issue Unknown New Assigned Resolved Closed Priority Assign a pri...

Страница 294: ...tomation Issues 2 Perform the tasks that you want Task Do this Adding comments to issues 1 Select the checkbox next to each issue you want to comment then click Action Add comment 2 In the Add comment...

Страница 295: ...a closed ticketing issue deletes the issue but the associated ticket remains in the ticketing server database Tasks Purging closed issues manually on page 295 Periodically purging closed issues from...

Страница 296: ...the ticketing server that ticket s ID is added to the ticketed issue The ticket ID creates the ticket to issue association After the steps for integrating a ticketing server are completed all subsequ...

Страница 297: ...ticket does not reopen the associated ticket issue The configuration mapping for the ticketing server must also be configured to allow tickets to be reopened See Required fields for mapping Ticketed i...

Страница 298: ...that server task if you are upgrading the ticketing server For more details see Upgrading a registered ticketing server When the registered ticketing server is deleted the ticket ID that associated th...

Страница 299: ...KNOWN 20 ASSIGNED 20 Ticket field Information Operation Identity Source field Description Ticket field HistoryLines Operation Identity Source field Activity Log Ticket field Type the name or ID for an...

Страница 300: ...e Values Default Value 0 Source Value Mapped Value NEW 0 RESOLVED 2 ASSIGNED 1 Ticket field 2 Operation Custom Mapping Source field Type the user name for the ticketing server This is the same user na...

Страница 301: ...and synchronize ticketed issues with the Issue Synchronization server task Tasks Adding tickets to issues on page 301 You can add a ticket to a single issue or to multiple issues at once Synchronizing...

Страница 302: ...cketed issues and their associated tickets in the ticketing server Use this task to configure the Issue synchronization server task to run on a schedule The schedule for the Issue synchronization serv...

Страница 303: ...hen repeat steps 1 3 6 Under Service status click Start The server is now running Tasks Stopping and starting the server on page 303 You must stop an ePolicy Orchestrator server before you can copy th...

Страница 304: ...opy the required files to the Server common lib folder of your ePolicy Orchestrator software installation For example C Program Files McAfee ePolicy Orchestrator Server common lib Copying the BMC Reme...

Страница 305: ...alling the ticketing server extensions You must install the ticketing server extensions before you can integrate them into the ePolicy Orchestrator ticketing system Task For option definitions click i...

Страница 306: ...ose the hosts file 4 Restart the McAfee ePO server Registering a ticketing server You must register a ticketing server before tickets can be associated with issues Task For option definitions click in...

Страница 307: ...hen type the Mapped Value that should be substituted for this value in the ticket 3 Click to map another value 4 When finished click OK If Numeric Range is selected select an issue field to map in the...

Страница 308: ...OK The test mapping function verifies the mapping for the basic issue type regardless of the issue type configured Therefore testing the mapping for issue types from other product extensions extended...

Страница 309: ...icketing server based on the configuration requirements for the upgraded ticketing server Delete the existing registered ticketing server then create a new one based on the configuration requirements...

Страница 310: ......

Страница 311: ...s up the ePolicy Orchestrator server in simple recovery mode it marks the backed up transaction log records as inactive also known as truncating the log In this way new operations written to the trans...

Страница 312: ...er balance the load you might perform incremental daily or nightly backups and a full weekly backup each week Save the backup copy to a different server than the one hosting your live database If your...

Страница 313: ...figuration file ePO installation directory server conf orion db properties by hand put in the plaintext password start the server then use the config page to re edit the db config which stores the enc...

Страница 314: ......

Страница 315: ...estrator components 16 properties viewing 153 responses and event forwarding 214 wake up calls 155 agent communication port 36 agent deployment credentials 31 Agent Handlers about 101 Agent Handlers c...

Страница 316: ...ting and scheduling 204 deleting 205 editing settings for 205 installing RSD sensors 282 objects 200 sharing 200 working with 204 command line options notifications and registered executables 221 rogu...

Страница 317: ...adding to 277 detected systems continued status monitors 266 viewing 280 working with 274 Detected Systems list removing systems from 279 detections configuring RSD policies 275 settings for rogue sy...

Страница 318: ...Rogue System Detection 265 F fallback sites about 78 configuring 73 deleting 75 edit existing 75 switching to source 75 features ePolicy Orchestrator components 16 filters Event Filtering settings 39...

Страница 319: ...and Rogue System Sensor 272 interface favorites bar 18 menu 18 navigation 18 interface Menu 18 internet explorer blocked downloads 259 Internet Explorer configuring proxy settings 83 proxy settings an...

Страница 320: ...ning 123 use global updating 190 use IP addresses for sorting 124 use tag based sorting criteria 124 McAfee ServicePortal accessing 12 Menu navigating in the interface 19 menu based navigation 18 mess...

Страница 321: ...with Policy Catalog 171 policies Rogue System Detection about 269 compliance settings 61 configuring 275 policies Rogue System Detection continued considerations 269 matching settings 62 policy assig...

Страница 322: ...continued personal query group 245 report formats 240 result type 249 results as dashboard monitors 240 results as tables 242 rollup from multiple servers 249 running existing 244 scheduled 245 using...

Страница 323: ...page 222 setting filters for 223 setting thresholds 223 responses assigning permissions 217 responses continued configuring 216 220 224 configuring to automatically create issues 291 contacts for 224...

Страница 324: ...r task log continued Replicate Now task 197 reviewing status of tasks 114 working with 114 server tasks about 190 allowing Cron syntax 115 198 Data Rollup 249 for policy sharing 184 installing Rogue S...

Страница 325: ...79 wake up calls 151 155 wake up calls to System Tree groups 155 synchronization Active Directory and 127 defaults 130 deploying agents automatically 127 excluding Active Directory containers 127 NT d...

Страница 326: ...302 ticketing installing server extensions 303 ticketing servers about sample mappings 298 BMC Remedy Action Request System versions 6 3 and 7 0 297 configuring DNS for Service Desk 4 5 306 considera...

Страница 327: ...date task 203 user accounts about 43 changing passwords 44 creating 44 deleting 45 editing 44 working with 44 user based policies about 167 user based policies continued criteria 167 users permission...

Страница 328: ...00...

Отзывы:

Нет отзывов

Похожие инструкции для EPOCDE-AA-BA - ePolicy Orchestrator - PC

Cabletron Systems SmartSwitch 1800 User Manual preview
SmartSwitch 1800
Бренд: Cabletron Systems Страницы: 48
IBM ZVSE V4.2 Brochure preview
ZVSE V4.2
Бренд: IBM Страницы: 4
MACROMEDIA COLDFUSION 5 - INSTALING AND CONFIGURING... Manual preview
COLDFUSION 5 - INSTALING AND CONFIGURING...
Бренд: MACROMEDIA Страницы: 160
NEC V850 ZigBee Pro User Manual preview
V850 ZigBee Pro
Бренд: NEC Страницы: 59
NEC Storage Manager Configuration Setting Tool User'S Manual preview
Storage Manager Configuration Setting
Бренд: NEC Страницы: 68
NEC SpectraView User Manual preview
SpectraView
Бренд: NEC Страницы: 68
NEC Storage ReplicationControl SQL Option User Manual preview
Storage ReplicationControl SQL Option
Бренд: NEC Страницы: 104
NEC Storage Performance Monitor/Optimizer User Manual preview
Storage Performance Monitor/Optimizer
Бренд: NEC Страницы: 184
NEC Storage Manager IS015-9E User Manual preview
Storage Manager IS015-9E
Бренд: NEC Страницы: 200
NEC Storage Manager Messages Handbook preview
Storage Manager Messages
Бренд: NEC Страницы: 499
NEC Storage Manager Messages Handbook preview
Storage Manager
Бренд: NEC Страницы: 710
Ken A Vision Applied Vision 4 Instruction Manual preview
Applied Vision 4
Бренд: Ken A Vision Страницы: 16
Red Hat APPLICATION STACK 2.4 RELEASE Release Note preview
APPLICATION STACK 2.4 RELEASE
Бренд: Red Hat Страницы: 22
F-SECURE MOBILE ANTI-VIRUS FOR SERIES 60 User Manual preview
MOBILE ANTI-VIRUS FOR SERIES 60
Бренд: F-SECURE Страницы: 90
THOMSON LCP 400 User Manual preview
LCP 400
Бренд: THOMSON Страницы: 22
MINOLTA-QMS PageScope Software Manual preview
PageScope
Бренд: MINOLTA-QMS Страницы: 60
FieldServer FS-8700-23 Driver Manual preview
FS-8700-23
Бренд: FieldServer Страницы: 11
3Ware OpenSolaris User Manual preview
OpenSolaris
Бренд: 3Ware Страницы: 11

Бренды по названию

Популярные бренды

Загрузить еще бренды