for Microsoft ISA servers -...
28
SecurityShield ™ for Microsoft ISA servers version 1.0 For use with McAfee ePolicy Orchestrator ™ Configuration Guide
Transcript of for Microsoft ISA servers -...
SecurityShield™ for Microsoft ISA servers
version 1.0 For use with McAfee ePolicy Orchestrator™
Configuration Guide
COPYRIGHTCopyright © 2004 Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or affiliate companies. To obtain this permission, write to the attention of the Network Associates legal department at: 5000 Headquarters Drive, Plano, Texas 75024, or call +1-972-963-8000.
TRADEMARK ATTRIBUTIONSActive Firewall, Active Security, ActiveSecurity (in Katakana), ActiveHelp, ActiveShield, AntiVirus Anyware and design, Bomb Shelter, Certified Network Expert, Clean-Up, CleanUp Wizard, ClickNet, CNX, CNX Certification Certified Network Expert and design, Covert, Design (Stylized E), Design (Stylized N), Disk Minder, Distributed Sniffer System, Distributed Sniffer System (in Katakana), Dr Solomon’s, Dr Solomon’s label, Entercept, Enterprise SecureCast, Enterprise SecureCast (in Katakana), ePolicy Orchestrator, EZ SetUp, First Aid, ForceField, GMT, GroupShield, GroupShield (in Katakana), Guard Dog, HomeGuard, Hunter, IntruShield, Intrusion Prevention Through Innovation, IntruVert Networks, LANGuru, LANGuru (in Katakana), M and Design, McAfee, McAfee (in Katakana), McAfee and design, McAfee.com, McAfee VirusScan, NA Network Associates, Net Tools, Net Tools (in Katakana), NetCrypto, NetOctopus, NetScan, NetShield, NetStalker, Network Associates, Network Associates Coliseum, NetXray, NotesGuard, Nuts & Bolts, Oil Change, PC Medic, PCNotary, PrimeSupport, Recoverkey, Recoverkey - International, Registry Wizard, RingFence, Router PM, SecureCast, SecureSelect, Sniffer, Sniffer (in Hangul), SpamKiller, Stalker, TIS, TMEG, Total Network Security, Total Network Visibility, Total Network Visibility (in Katakana), Total Virus Defense, Trusted Mail, UnInstaller, Virex, Virus Forum, ViruScan, VirusScan, WebScan, WebShield, WebShield (in Katakana), WebSniffer, WebStalker, WebWall, What’s The State Of Your IDS?, Who’s Watching Your Network, WinGauge, Your E-Business Defender, Zip Manager are registered trademarks or trademarks of Network Associates, Inc. and/or its affiliates in the US and/or other countries. Sniffer® brand products are made only by Network Associates, Inc. All other registered and unregistered trademarks herein are the sole property of their respective owners.
LICENSE INFORMATIONLicense AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICHSETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSEYOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THATACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILEON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOTAGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCTTO NETWORK ASSOCIATES OR THE PLACE OF PURCHASE FOR A FULL REFUND.
AttributionsThis product includes or may include:� Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).�� Cryptographic software written by Eric A. Young andsoftware written by Tim J. Hudson.�� Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or othersimilar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access tothe source code. The GPL requires that for any software covered under the GPL which is distributed to someone in an executable binary format, that the source codealso be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licensesrequire that Network Associates provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rightsshall take precedence over the rights and restrictions herein.� � Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer.� Software originally written by Robert Nordier, Copyright © 1996-7 Robert Nordier.�� Software written by Douglas W. Sauder.�� Software developed by theApache Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt.�� International Components for Unicode (“ICU”) Copyright © 1995-2002 International Business Machines Corporation and others.�� Software developedby CrystalClear Software, Inc., Copyright © 2000 CrystalClear Software, Inc.� � FEAD® Optimizer® technology, Copyright Netopsystems AG, Berlin, Germany.� Outside In® Viewer Technology © 1992-2001 Stellent Chicago, Inc. and/or Outside In® HTML Export, © 2001 Stellent Chicago, Inc.�� Software copyrighted byThai Open Source Software Center Ltd. and Clark Cooper, © 1998, 1999, 2000.�� Software copyrighted by Expat maintainers.�� Software copyrighted by TheRegents of the University of California, © 1989. �� Software copyrighted by Gunnar Ritter.�� Software copyrighted by Sun Microsystems®, Inc.© 2003.�� Softwarecopyrighted by Gisle Aas. © 1995-2003.� � Software copyrighted by Michael A. Chase, © 1999-2000.� � Software copyrighted by Neil Winton, © 1995-1996.� Software copyrighted by RSA Data Security, Inc., © 1990-1992.�� Software copyrighted by Sean M. Burke, © 1999, 2000.�� Software copyrighted by MartijnKoster, © 1995.�� Software copyrighted by Brad Appleton, © 1996-1999. �� Software copyrighted by Michael G. Schwern, © 2001.�� Software copyrighted byGraham Barr, © 1998.�� Software copyrighted by Larry Wall and Clark Cooper, © 1998-2000.�� Software copyrighted by Frodo Looijaard, © 1997.�� Softwarecopyrighted by the Python Software Foundation, Copyright © 2001, 2002, 2003. A copy of the license agreement for this software can be found at www.python.org.� Software copyrighted by Beman Dawes, © 1994-1999, 2002.�� Software written by Andrew Lumsdaine, Lie-Quan Lee, Jeremy G. Siek © 1997-2000 University ofNotre Dame.�� Software copyrighted by Simone Bordet & Marco Cravero, © 2002.�� Software copyrighted by Stephen Purcell, © 2001.�� Software developedby the Indiana University Extreme! Lab (http://www.extreme.indiana.edu/).�� Software copyrighted by International Business Machines Corporation and others,© 1995-2003.� � Software developed by the University of California, Berkeley and its contributors.� � Software developed by Ralf S. Engelschall<[email protected]> for use in the mod_ssl project (http://www.modssl.org/).� � Software copyrighted by Kevlin Henney, © 2000-2002.� � Softwarecopyrighted by Peter Dimov and Multi Media Ltd. © 2001, 2002.�� Software copyrighted by David Abrahams, © 2001, 2002. See http://www.boost.org/libs/bind/bind.html for documentation.�� Software copyrighted by Steve Cleary, Beman Dawes, Howard Hinnant & John Maddock, © 2000.�� Software copyrighted byBoost.org, © 1999-2002.�� Software copyrighted by Nicolai M. Josuttis, © 1999.�� Software copyrighted by Jeremy Siek, © 1999-2001.�� Software copyrightedby Daryle Walker, © 2001.�� Software copyrighted by Chuck Allison and Jeremy Siek, © 2001, 2002.�� Software copyrighted by Samuel Krempp, © 2001. Seehttp://www.boost.org for updates, documentation, and revision history.�� Software copyrighted by Doug Gregor ([email protected]), © 2001, 2002.�� Softwarecopyrighted by Cadenza New Zealand Ltd., © 2000.� � Software copyrighted by Jens Maurer, © 2000, 2001.� � Software copyrighted by Jaakko Järvi([email protected]), © 1999, 2000.�� Software copyrighted by Ronald Garcia, © 2002.�� Software copyrighted by David Abrahams, Jeremy Siek, and DaryleWalker, © 1999-2001.� � Software copyrighted by Stephen Cleary ([email protected]), © 2000.� � Software copyrighted by Housemarque Oy <http://www.housemarque.com>, © 2001.�� Software copyrighted by Paul Moore, © 1999.�� Software copyrighted by Dr. John Maddock, © 1998-2002.�� Softwarecopyrighted by Greg Colvin and Beman Dawes, © 1998, 1999.�� Software copyrighted by Peter Dimov, © 2001, 2002.�� Software copyrighted by Jeremy Siek andJohn R. Bandela, © 2001.�� Software copyrighted by Joerg Walter and Mathias Koch, © 2000-2002.
PATENT INFORMATIONProtected by US Patents 6,029,256; 6,230,288; 6,496,875; 6,594,686; 6,622,150; 6,668,289; 6,684,329.
Issued July 2004 / SecurityShield™ software version 1.0DOCUMENT BUILD 009-EN
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Getting information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Contacting McAfee Security & Network Associates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1 Controlling SecurityShield from ePolicy Orchestrator . . . . . . . . . 9
Before you start adding files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Adding SecurityShield information to the Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2 Configuring SecurityShield Policies . . . . . . . . . . . . . . . . . . . . . . 13
Setting policies within ePolicy Orchestrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Enforcing policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3 Scheduling tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Creating a new task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Configuring update tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Scheduling deployment tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Configuring the deployment task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Enabling the schedule settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Scheduling the task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Configuration Guide iii
Contents
iv SecurityShield™ software version 1.0
Preface
This guide introduces McAfee® SecurityShield™ software version 1.0, and provides the following information:
� Overview of the product.
� Detailed instructions for configuring and deploying the software.
� Procedures for performing tasks.
AudienceThis information is designed for system and network administrators who are responsible for their company’s anti-virus and security program.
Configuration Guide 5
Preface
ConventionsThis guide uses the following conventions:
Bold All words from the user interface, including options, menus, buttons, and dialog box names.
ExampleType the User name and Password of the desired account.
Courier The path of a folder or program; a web address (URL); text that represents something the user types exactly (for example, a command at the system prompt).
ExamplesThe default location for the program is:
C:\Program Files\Network Associates\VirusScan
Visit the Network Associates web site at:http://www.networkassociates.com
Run this command on the client computer:C:\SETUP.EXE
Italic For emphasis or when introducing a new term; for names of product manuals and topics (headings) within the manuals.
ExampleRefer to the VirusScan Enterprise Product Guide for more information.
<TERM> Angle brackets enclose a generic term.
ExampleIn the console tree under ePolicy Orchestrator, right-click <SERVER>.
NOTE Supplemental information; for example, an alternate method of executing the same command.
WARNING Important advice to protect a user, computer system, enterprise, software installation, or data.
6 SecurityShield™ software version 1.0
Getting information
Getting informationInstallation Guide *^ System requirements and instructions for installing and starting the software.
SecurityShield 1.0 Installation Guide
Product Guide * Product introduction and features, detailed instructions for configuring the software, information on deployment, recurring tasks, and operating procedures.
SecurityShield 1.0 Product Guide
ePolicy Orchestrator 3.0 Product Guide
Help § High-level and detailed information on configuring and using the software.
Configuration Guide * For use with ePolicy Orchestrator™. Procedures for configuring, deploying, and managing your McAfee product through ePolicy Orchestrator management software.
Release Notes ‡ ReadMe. Product information, resolved issues, any known issues, and last-minute additions or changes to the product or its documentation.
Contacts ‡ Contact information for McAfee and Network Associates services and resources: technical support, customer service, AVERT (Anti-Virus Emergency Response Team), beta program, and training. This file also includes phone numbers, street addresses, web addresses, and fax numbers for Network Associates offices in the United States and around the world.
* An Adobe Acrobat .PDF file on the product CD or the McAfee Security download site.
^ A printed manual that accompanies the product CD. Note: Some language manuals may be available only as a .PDF file.
‡ Text files included with the software application and on the product CD.
§ Help accessed from the software application: Help menu and/or Help button for page-level help; right-click option for What’sThis? help.
Configuration Guide 7
Preface
Contacting McAfee Security & Network AssociatesTechnical Support
Home Page http://www.networkassociates.com/us/support/
KnowledgeBase Search https://knowledgemap.nai.com/phpclient/homepage.aspx
PrimeSupport Service Portal * https://mysupport.nai.com
McAfee Security Beta Program http://www.networkassociates.com/us/downloads/beta/
Security Headquarters — AVERT (Anti-Virus Emergency Response Team)
Home Page http://www.networkassociates.com/us/security/home.asp
Virus Information Library http://vil.nai.com
Submit a Sample — AVERT WebImmune
AVERT DAT Notification Service
https://www.webimmune.net/default.asp
http://vil.nai.com/vil/join-DAT-list.asp
Download Site
Home Page http://www.networkassociates.com/us/downloads/
DAT File and Engine Updates http://www.networkassociates.com/us/downloads/updates/
ftp://ftp.nai.com/pub/antivirus/datfiles/4.x
Product Upgrades * https://secure.nai.com/us/forms/downloads/upgrades/login.asp
Training
McAfee Security University http://www.networkassociates.com/us/services/education/mcafee/university.htm
Network Associates Customer Service
E-mail [email protected]
Web http://www.networkassociates.com/us/index.asp
US, Canada, and Latin America toll-free:
Phone +1-888-VIRUS NO or +1-888-847-8766
Monday – Friday, 8 a.m. – 8 p.m., Central Time
For additional information on contacting Network Associates and McAfee Security— including toll-free numbers for other geographic areas — see the Contact file that accompanies this product release.
* Logon credentials required.
8 SecurityShield™ software version 1.0
1
Controlling SecurityShield from ePolicy OrchestratorIn order that you can control SecurityShield remotely via ePolicy Orchestrator, you must first add information about SecurityShield to the Repository in ePolicy Orchestrator.
� Before you start adding files.
� Adding SecurityShield information to the Repository.
Before you start adding filesEnsure that you know the location of the folder that contains the product package in your preferred language. The folder contains the following installation files:
NOTEPlease be aware that no online Help or Quick Help is available for the SecurityShield interface within ePolicy Orchestrator. We recommend that you have the SecurityShield Product Guide available when configuring SecurityShield using ePolicy Orchestrator.
Adding SecurityShield information to the Repository
Before you can configure SecurityShield from the ePolicy Orchestrator console, you must add the SecurityShield .NAP file to the Repository.
Amongst other information, the NAP file contains descriptions of the pages that you see in SecurityShield. The ePolicy Orchestrator software effectively recreates those pages, making your view of SecurityShield as seen on the ePolicy Orchestrator console almost identical to your view of SecurityShield when seen directly.
� EPOPLUGIN.DLL � ISAPREVINST.DLL
� FRAMEPKG.EXE � PKGCATALOG.Z
� INSTALL.PKG � SECURITYSHIELD.MSI
� ISADET.MCS � SECURITYSHIELD.NAP
� ISAINST.MCS � SECURITYSHIELD1.CAB
Configuration Guide 9
Controlling SecurityShield from ePolicy Orchestrator
1 Log on to the ePolicy Orchestrator server.
2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Repository, then select Configure Repository.
The Software Repository Configuration Wizard opens.
3 Select Add new software to be managed.
4 Click Next to open the Select a Software Package dialog box.
Figure 1-1. Configure Repository option
Figure 1-2. Configure Software Repository
10 SecurityShield™ software version 1.0
Adding SecurityShield information to the Repository
5 Browse to and select the SECURITYSHIELD.NAP file.
6 Click Open to add the file to the Repository.
7 Click OK when complete.
8 If you intend to deploy SecurityShield to other computers, use this same method to add the file, PKGCATALOG.Z to the repository too.
Configuration Guide 11
Controlling SecurityShield from ePolicy Orchestrator
12 SecurityShield™ software version 1.0
2
Configuring SecurityShield PoliciesThis chapter explains how you control SecurityShield policies from ePolicy Orchestrator. There are two main steps:
1 Within ePolicy Orchestrator, you select the names of the computers and the policies that will apply to those computers. For example, you want computers A and B to scan for offensive phrases in e-mail. You can set up many different policies that will apply to many individual servers or groups of servers. See Setting policies within ePolicy Orchestrator.
2 You ask ePolicy Orchestrator to enforce those policies. Over time, as ePolicy Orchestrator communicates with each server in turn, it forwards your new policy. The server then observes your policy, ignoring any policy that was previously configured at the SecurityShield interface. See Enforcing policies on page 15.
Setting policies within ePolicy OrchestratorConfiguring SecurityShield policies from the ePolicy Orchestrator console allows you to enforce, across groups of servers or on a single server, the options that define how all tasks will be configured. These policies override configurations set on individual servers.
For information regarding policies and how they are enforced, see the ePolicy Orchestrator Product Guide.
Before configuring any policies, select the group of servers in the console tree for which you want to modify policies.
You can modify SecurityShield policies on the SecurityShield pages and tabs that are available in the details pane of the ePolicy Orchestrator console. These pages are nearly identical to the pages and dialog boxes that you can access from the SecurityShield interface directly. For complete information about these configuration options, see the SecurityShield Product Guide.
After you have modified the policy and save changes for the intended server or group of servers, you are ready to deploy the new settings via the ePolicy Orchestrator agent. See Enforcing policies on page 15.
Configuration Guide 13
Configuring SecurityShield Policies
To modify policies for SecurityShield in ePolicy Orchestrator:
1 Log on to the ePolicy Orchestrator server.
2 In the console tree under ePolicy Orchestrator | <SERVER> | Directory, select the site, group, single server, or the entire Directory.
The Policies, Properties, and Tasks tabs appear in the upper details pane.
3 Select the Policies tab in the upper details pane, then expand SecurityShield. A single entry, All Settings appears beneath the SecurityShield entry.
NOTEIf you do not have the required version of the Java Runtime Environment installed on your ePolicy Orchestrator server, you will be prompted to install it when the SecurityShield interface is run for the first time.
The lower pane reflects the configuration options found within the SecurityShield interface:
� Policy Identities
� Protocol Settings (including FTP, HTTP, and SMTP)
� Detected Items Database
� Audit Log Settings
� Diagnostics
� Import and Export Configuration
4 In the lower details pane, select an option from the left pane, such as SMTP Settings.
Figure 2-1. ePolicy Orchestrator console
14 SecurityShield™ software version 1.0
Enforcing policies
5 In the SMTP Settings page, deselect Inherit.
6 Configure the required options.
NOTEThese pages are identical to the pages within SecurityShield. To learn more, see the SecurityShield Product Guide.
7 Click Apply to save these settings.
You can continue to configure other policies, then proceed to Enforcing policies.
Enforcing policiesAfter you have configured policies, you then enforce the policies to the SecurityShield servers.
1 In the console tree under Directory, select the site, group, single server, or the entire Directory.
2 In the upper details pane on the Policies tab, select SecurityShield. The SecurityShield page appears in the lower details pane.
3 Deselect Inherit.
4 Select Enforce Policies for SecurityShield.
5 Click Apply to save these settings.
The ePolicy Orchestrator software will make the policies that you configured available to the ePolicy Orchestrator agents on the SecurityShield servers.
Figure 2-2. SecurityShield page
Configuration Guide 15
Configuring SecurityShield Policies
16 SecurityShield™ software version 1.0
3
Scheduling tasksThis chapter explains how to schedule update tasks and deployment tasks for SecurityShield 1.0 from within ePolicy Orchestrator.
Although you can schedule each SecurityShield installation individually to update the virus definition (DAT) files, you can also control these features centrally from the ePolicy Orchestrator console. Here, you can schedule the updates to run on any number of servers that have SecurityShield installed. Any schedule already configured on an individual SecurityShield server will continue to operate as before.
� Creating a new task.
� Configuring update tasks on page 19.
� Scheduling deployment tasks on page 22.
Creating a new task To create a new task:
1 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory or the desired site, group, or computer, then select Schedule Task to open the Schedule Task dialog box.
Figure 3-1. Schedule Task dialog box
Configuration Guide 17
Scheduling tasks
2 Enter a New Task Name.
3 Select the type of task — DAT Update for SecurityShield software.
4 Click OK to create the task.
A new task is entered in the Tasks tab.
Figure 3-2. Tasks tab
18 SecurityShield™ software version 1.0
Configuring update tasks
Configuring update tasksAfter you have created a new update task, you can configure the task as required.
1 On the Tasks tab in the upper details pane, right-click the task, then select Edit Task.
The ePolicy Orchestrator Scheduler dialog box appears.
2 Deselect Inherit.
3 Click OK when you have finished editing the required options, to return to the ePolicy Orchestrator Scheduler dialog box.
4 Select Enable to define the scheduling options under Schedule Settings as well as the scheduling options on the Schedule tab. If you do not select this option, the task will not start, regardless of settings in this dialog box.
5 Select Stop the task if it runs for to define a maximum period for the task to run before being interrupted. If you select this checkbox, use Hours and Minutes to define the period that the task can run before it is interrupted.
NOTEIf you choose to stop the task before it completes, the task will start again from the beginning the next time the task is run.
Figure 3-3. ePolicy Orchestrator Scheduler
Configuration Guide 19
Scheduling tasks
6 Click the Schedule tab of the ePolicy Orchestrator Scheduler dialog box to specify when the task runs.
7 Deselect Inherit.
NOTEEnable must be selected under Schedule Settings on the Task tab to enable the options on the Schedule tab.
8 Select the frequency for the task in Schedule Task, then specify the corresponding Schedule Task options.
Examples:
� If you select a Daily frequency in Schedule Task, specify the daily interval in Schedule Task Daily.
� If you select a Weekly frequency in Schedule Task, specify the weekly interval and select the days of the week on which to execute the task.
9 Select the Start Time and whether to use GMT Time or Local Time.
Figure 3-4. ePolicy Orchestrator Scheduler — Schedule tab
20 SecurityShield™ software version 1.0
Configuring update tasks
10 Set any advanced scheduling by clicking Advanced to open the Advanced Schedule Options dialog box.
11 To start this task randomly on all selected computers, select Enable randomization, then enter the time within which you want all computers to start the task.
12 To ensure that this task is started on any computers that are not available during the scheduled time, select Run missed task.
13 Click OK when you are have finished configuring and scheduling the task.
The schedule is now set. If you want to prevent a task running to schedule, you can deselect Enable ... on its Task tab. The Enable checkbox was described in Step 7.
Figure 3-5. Advanced Schedule Options
Configuration Guide 21
Scheduling tasks
Scheduling deployment tasks You can schedule tasks to deploy the SecurityShield software to a site, group of servers, a single server, or to the entire ePolicy Orchestrator Directory.
Configuring the deployment taskWhen you install the SecurityShield 1.0 package (Pkgcatalog.z file), a deployment task is created. To configure the deployment task:
1 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory or a site, group, or server.
2 Click the Tasks tab.
3 Double-click the Deployment task to open the ePolicy Orchestrator Scheduler dialog box.
4 Click Settings to open the Task Settings dialog box.
Figure 3-6. ePolicy Orchestrator Scheduler — Deployment Task
22 SecurityShield™ software version 1.0
Scheduling deployment tasks
5 Deselect Inherit.
6 Choose either Install or Remove from the Action drop-down lists.
7 Choose the required language from the Language drop-down list.
8 Click OK when you have finished editing the required options, and return to the ePolicy Orchestrator Scheduler dialog box.
Figure 3-7. Product Deployment Options dialog box
Configuration Guide 23
Scheduling tasks
Enabling the schedule settingsYou can schedule the dates and times that deployment tasks are run. To do this, you must first enable the schedule settings.
1 Under Schedule Settings on the Task tab of the ePolicy Orchestrator Scheduler dialog box, deselect Inherit.
2 Select Enable to define the scheduling options on this tab as well as on the Schedule tab. Otherwise, the task will not start, regardless of settings in this dialog box.
3 Select Stop the task if it runs for to define a maximum period for the task to run before being interrupted. If you select this checkbox, use Hours and Minutes to define the period that the task can run before it is interrupted.
NOTEIf you choose to stop the task before it completes, the task will start again from the beginning the next time the task is run.
Scheduling the taskAfter you have enabled the schedule settings, you can define the schedule for the deployment task.
1 Click the Schedule tab of the ePolicy Orchestrator Scheduler dialog box to specify when the task runs.
2 Deselect Inherit. (Enable must be selected under Schedule Settings on the Task tab to enable the options on the Schedule tab.)
Figure 3-8. ePolicy Orchestrator Scheduler — Schedule tab
24 SecurityShield™ software version 1.0
Scheduling deployment tasks
3 Select the frequency for the task in Schedule Task, then specify the corresponding Schedule Task options. You do not usually need to set deployment tasks to repeat on a regular basis.
4 Select the Start Time and whether to use GMT Time or Local Time.
5 To start this task randomly on all the selected computers, select Enable randomization, then enter the time within which you want all computers to start the task.
6 To ensure that this task is started on any selected computers that are not available during the scheduled time, select Run missed task.
7 Click OK when you have finished configuring and scheduling the task.
Configuration Guide 25
Scheduling tasks
26 SecurityShield™ software version 1.0
Index
Aaudience for this manual, 5AVERT (Anti-Virus Emergency Response Team),
contacting, 8
Bbeta program, contacting, 8
Ccontacting McAfee Security, 8conventions used in this manual, 6customer service, contacting, 8
DDAT file updates, web site, 8DAT files, 17deployment tasks, 17documentation for the product, 7download web site, 8
Ggetting information, 7
KKnowledgeBase search, 8
Mmanuals, 7McAfee Security University, contacting, 8
N.NAP file, 9
Ppackage file, NAP, 9pkgcatalog.z, 11, 22policies, 13
enforcing, 15PrimeSupport, 8product documentation, 7product training, contacting, 8
Rrepository, 9
Sschedules, 24security headquarters, contacting AVERT, 8SecurityShield.nap, 11service portal, PrimeSupport, 8submitting a sample virus, 8
Ttasks
creating, 17deployment, 22update, 19
technical support, 8training web site, 8
Uupdate tasks, 17upgrade web site, 8
Vvirus definition files, 17Virus Information Library, 8virus, submitting a sample, 8
Configuration Guide 27
Index
28 SecurityShield™ software version 1.0
