Mcafee Epo 4.0 Documentation
-
Upload
vineeth-barath -
Category
Documents
-
view
230 -
download
0
Transcript of Mcafee Epo 4.0 Documentation
-
8/3/2019 Mcafee Epo 4.0 Documentation
1/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
McAfee ePolicy Orchestrator 4.0 Documentation
Customer Honda Motors and Scooters India Ltd
Title Mcafee epolicy orchestratoe 4.0
Document Name Mcafee EPO 4.0 Document
Preparation
Action NamePrepared By Deepak Chauhan
Reviewed by Gurvinder Singh
-
8/3/2019 Mcafee Epo 4.0 Documentation
2/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
Table of Content
Overview of EPO 4.032. Installation Process 4
3. Login Process ..................................................................................................... 104. How to add software Packages .............................................................................. 11
5. Create schedule Update Task ................................................................................ 13
6. Create and modify Policy...................................................................................... 16
7. Configuring the Deployment task to install products on a managed system ................. 188. Modify policy on a Single System .......................................................................... 21
9. Modify Tasks on a Single System........................................................................... 25
10. Disaster Recovery ............................................................................................ 34
-
8/3/2019 Mcafee Epo 4.0 Documentation
3/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
Overview of EPO 4.0
ePolicy Orchestrator 4.0 components and what they do
The ePolicy Orchestrator software is comprised of these components:
ePO server The center of your managed environment. The server delivers security policyand tasks, controls updates, and processes events for all managed systems.
Master repository The central location for all McAfee updates and signatures, residing onthe ePO server. Master repository retrieves user-specified updates and signatures from
McAfee or user-defined source sites.
Distributed repositories placed strategically throughout your environment to provideaccess
for managed systems to receive signatures, product updates, and product installations with
Minimal bandwidth impact. Depending on how your network is set up, you can set upSuper Agent, HTTP, FTP, or UNC share distributed repositories.
McAfee Agent A vehicle of information and enforcement between the ePO server andeach managed system. The agent retrieves updates, ensures task implementation, enforces
policies and forwards events for each managed system.
The ePO serverThe ePO server provides management, reporting, and enforcement capabilities and
includes:
A robust database that accrues information about product operation on the client
systemsin your network.
A querying system that lets you monitor the security status in your company, andquickly
act on gathered data.
A software repository that stores the products and product updates (for example, DAT
files)
that you deploy to your network.
The ePolicy Orchestrator server can segment the user population into discrete groups for
customized policy management. Each server can manage up to 250,000 systems.
The McAfee Agent
The agent is installed on the systems you intend to manage with ePolicy Orchestrator.While running silently in the background, the agent:
Gathers information and events from managed systems and sends them to the ePolicy
Orchestrator server.
-
8/3/2019 Mcafee Epo 4.0 Documentation
4/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
Installs products and updates on managed systems. Enforces policies and tasks on managed systems and sends events back to the ePO server.You can deploy the agent from the console (to Windows systems) or copy the agent installation
package onto removable media or into a network share for manual or login script installation
on your systems. Agents must be installed manually on UNIX systems.
2. Installation P rocess
NOTE: The installation process may require you to restart the system.
TaskI. Log on to the desired computer using an account with local administrator permissions.
II. If you are using Microsoft SQL Server 2000 as the ePolicy Orchestrator database, verify
that the SQL Server 2000 service is running.
iii.Run SETUP.EXE. From the product CD, select the desired language in the ePolicy Orchestrator autorun
Window, then select Install ePolicy Orchestrator 4.0.
From software downloaded from the McAfee website, go to the location containing the
Extracted files and double-click SETUP.EXE.
-
8/3/2019 Mcafee Epo 4.0 Documentation
5/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
NOTE: If any prerequisite software is missing from the installation target computer, alist of those items appears. Click Install. The installation process for each software
item not listed as Optional begins automatically. For optional items, a dialog boxappears where you can allow installation or reject it.
NOTE: You must install the SQL 2005 Backwards Compatibility package before upgrading
an ePolicy Orchestrator installation if your are using a remote database server or a local
SQL 2005 server that does not already have it installed.
vi . After completing prerequisite installations, the Welcome window of the ePolicy Orchestrator
Installation wizard appears. Click Next to review the license.
-
8/3/2019 Mcafee Epo 4.0 Documentation
6/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
v. In the End User License Agreement dialog box, select the appropriate license type and thelocation where you purchased the software. The license type you select must match the license
you purchased. If you are unsure which license you purchased, contact your account manager.
vi . Accept the agreement and click OK to continue. A warning message notifies you whichproducts are no longer supported with this version of the software. These products are not
migrated to the ePolicy Orchestrator 4.0 Repository when you click Next.
-
8/3/2019 Mcafee Epo 4.0 Documentation
7/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
vi i In the Choose Destination Location dialog box, accept the default installation path or click
Browse to select a different location, then click Next.
viii.If installing on a cluster server, the Set Database and Virtual Server Settings dialog box
appears. Otherwise the Set Administrator Information dialog box appears.
ix . In the Set Administrator I nformation dialog box, type and verify the password for
logging on to this ePolicy Orchestrator server for the first time, then click Next. For securityreasons, ePolicy Orchestrator does not allow accounts with blank passwords.
-
8/3/2019 Mcafee Epo 4.0 Documentation
8/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
x. In the Set Database I nformation dialog box, identify the type of account and
authentication details that the ePolicy Orchestrator server will use to access the database.Indicate whether ePolicy Orchestrator will use a Windows NT user account or a SQL Server user
account. McAfee recommends using Windows NT authentication.
xi. Click Next to display the HTTP Configuration dialog box. The values that were set during
the original installation cannot be changed here.
Configure the Port..
-
8/3/2019 Mcafee Epo 4.0 Documentation
9/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
xii. Click Next. In the Default Notification Email Address dialog box, type the email address
for the recipient of messages from ePolicy Orchestrator Notifications, or keep the defaultaddress. Changing the address is not required at this time.
xiii. In the Start Copying Fi les dialog box, click Install to begin the installation.
-
8/3/2019 Mcafee Epo 4.0 Documentation
10/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
xiv. In the Installation Complete dialog box, click Finish to complete the installation.
3. Login P rocess
Logging on to ePO serversUse this task to log on to the ePO server. You must have valid credentials to do this. You can log
on to multiple ePO servers by opening a new browser session for each ePO server.
Taski. Open an Internet browser and go to the URL of the server. The Log On to ePolicy
Orchestrator dialog box appears. Configuring ePolicy Orchestrator Servers
MyAVERT Security Threats
ii. Type the User name and Password of a valid account.
NOTE: Passwords are case-sensitive.
iii. Select the Language you want the software to display.
iv . Click Log On.
-
8/3/2019 Mcafee Epo 4.0 Documentation
11/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
4. How to add software Packages
Checking in packages manually
Use this task to manually check in the deployment packages to the master repository so that
ePolicy Orchestrator can deploy them.Before you begin
You must have the appropriate permissions to perform this task.NOTE: You cannot check in packages while pull or replication tasks are running.
TaskDeploying Software and Updates Checking in packages manually
i. Go to Software | Master Repository, then click Check In Package.
-
8/3/2019 Mcafee Epo 4.0 Documentation
12/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
The Check In Package wizard appears.
ii. Select the package type, then browse to and select the desired package file.
iii. Click Next. The Package Options page appears.
-
8/3/2019 Mcafee Epo 4.0 Documentation
13/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
iv. Click Save to begin checking in the package. Wait while the package checks in.
The new package appears in the Packages in Master Repository list on the MasterRepository tab.
5. Create schedule Update Task
-
8/3/2019 Mcafee Epo 4.0 Documentation
14/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
i. Click Edit
ii. Select Unable and click next
-
8/3/2019 Mcafee Epo 4.0 Documentation
15/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
iii. Select THHP and FTP mcafee site and click next
iv. Set the time and save the configuration
-
8/3/2019 Mcafee Epo 4.0 Documentation
16/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
6. Create and modify Po licy
i. Go to Systems > Policy Select Product
ii. Click Edit Assignment
-
8/3/2019 Mcafee Epo 4.0 Documentation
17/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
iii. Click New Policy
iv. Enter the poli cy Name
-
8/3/2019 Mcafee Epo 4.0 Documentation
18/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
v. Now you can modify the policy
7. Configuring the Deployment task to install products on a managed system
i. Go to system > Client Task > click new task
-
8/3/2019 Mcafee Epo 4.0 Documentation
19/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
ii. Enter the task name >select the product
iii. Choose products and components which you need deploy > click next
-
8/3/2019 Mcafee Epo 4.0 Documentation
20/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
iv. Select schedule type and time > click next
V. Now click to save
-
8/3/2019 Mcafee Epo 4.0 Documentation
21/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
8. Modify po licy on a Single System
i. On quick Systems search > enter the system name > click Go
ii. Click on the system name
-
8/3/2019 Mcafee Epo 4.0 Documentation
22/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
iii. Click More action and select the >modify policy on single system
iv. Select the product
-
8/3/2019 Mcafee Epo 4.0 Documentation
23/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
v. Click on edit
vi . Choose the second option in the inherit from: > select the policy
-
8/3/2019 Mcafee Epo 4.0 Documentation
24/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
vi i. Click save
Policy has been modify
-
8/3/2019 Mcafee Epo 4.0 Documentation
25/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
9. Modify Tasks on a Single System
i. On quick Systems search > enter the system name > click Go
ii. Click on the system name
-
8/3/2019 Mcafee Epo 4.0 Documentation
26/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
iii. Click More action and select the >modify policy on single system
iv. Click on edit
-
8/3/2019 Mcafee Epo 4.0 Documentation
27/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
v. Uncheck the task and schedule setting
VI. Select the product and next if you want to change time schedule > or click to save
-
8/3/2019 Mcafee Epo 4.0 Documentation
28/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
Introducing Host Intrusion
Prevention
McAfee Host Intrusion Prevention is a host-based intrusion detection and prevention system that protectssystem resources and applications from external and internal attacks.
Host Intrusion Prevention protects against unauthorized viewing, copying, modifying, and deleting ofinformation and the compromising of system and network resources and applications that store and deliverinformation. It accomplishes this through an innovative combination of host intrusion prevention systemsignatures (HIPS), network intrusion prevention system signatures (NIPS), behavioral rules, and firewall rules.Host Intrusion Prevention is fully integrated with ePolicy Orchestrator and uses the ePolicy Orchestratorframework for delivering and enforcing policies. The division of Host Intrusion Prevention functionality into IPS,Firewall, Application Blocking, and General features provides greater control in delivering policy protectionsand protection levels to the users.Protection is provided as soon as Host Intrusion Prevention is installed. The default protection settings requirelittle or no tuning and allow for a rapid, large-scale deployment. For greater protection, edit and add policies totune the deployment.
IPS feature
-
8/3/2019 Mcafee Epo 4.0 Documentation
29/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
The IPS (Intrusion Prevention System) feature monitors all system and API calls and blocks those that mightresult in malicious activity. Host Intrusion Prevention determines which process is using a call, the securitycontext in which the process runs, and the resource being accessed. A kernel-level driver, which receivesredirected entries in the user-mode system call table, monitors the system call chain. When calls are made, thedriver compares the call request against a database of combined signatures and behavioral rules to determine
whether to allow, block, or log an action.
Signature rulesSignature rules are patterns of characters than can be matched against a traffic stream. For example, asignature rule might look for a specific string in an HTTP request. If the string matches one in a known attack,
action is taken. These rules provide protectionagainst known attacks.
-
8/3/2019 Mcafee Epo 4.0 Documentation
30/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
A reaction is what a client does when it recognizes a signature of a specific severity. A client reacts in one ofthree ways: Ignore No reaction; the event is not logged and the process is not prevented. Log The event is logged but the process is not prevented. Prevent The event is logged and the process is prevented.A security policy may state, for example, that when a client recognizes an Information level signature, it logs theoccurrence of that signature and allows the process to behandled by the operating system; and when itrecognizes a High level signature, itprevents the process.
-
8/3/2019 Mcafee Epo 4.0 Documentation
31/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
-
8/3/2019 Mcafee Epo 4.0 Documentation
32/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
Exception rulesAn exception is a rule for overriding blocked activity. In some cases, behavior that a signature defines as anattack may be part of a users normal work routine or an activity that is legal for a protected application. Tooverride the signature, you can create an exceptionthat allows legitimate activity. For example, an exceptionmight state that for a particular client, a process is ignored. You can create these exceptions manually, or placeclients in Adaptive mode and allow them to create client exception rules. To ensure that some signatures are
never overridden, edit the signature and disable theAllow Client Rules options. You can track the clientexceptions in the ePolicy Orchestrator console, viewing them in a regular and aggregated view. Use theseclient rules to create new policies or add them to existing policies that you can apply to other clients.
Firewall featureThe Host Intrusion Prevention Firewall feature acts as a filter between a computer and the network or Internetit is connected to. The Firewall Rules policy uses static packet filtering with top-down rule matching. When apacket is analyzed and matched to a firewall rule, with criteria such as IP address, port number, and packettype, the packet is allowed or blocked. If no matching rule is found, the packet is dropped. The current versionFirewall Rules policy uses both stateful packet filtering and stateful packet inspection.Other features include:
A Quarantine Mode into which client computers can be placed and to which you can apply a strict set offirewall rules that defines with whom quarantined clients can and cannot communicate. Connection Aware Groups that let you create specialized rule groups based on a specific connection type foeach network adapter.
-
8/3/2019 Mcafee Epo 4.0 Documentation
33/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
Firewall rulesYou can create firewall rules as simple or complex as you need. Host Intrusion Prevention supports rulesbased on: Connection type (network or wireless). IP and non-IP protocols. Direction of the network traffic (incoming, outgoing, or both). Applications that generated the traffic. Service or port used by a computer (as the recipient or the sender). Service or port used by a remote computer (as the sender or the recipient).
Source and destination IP addresses. Time of day or week that the packet was sent or received.
-
8/3/2019 Mcafee Epo 4.0 Documentation
34/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
10. Disaster Recovery
-------------------------------------------------------------------------------------------------------------------------------
Backup ProcedureThe standard backup / restore method is commonly used as a simple method of allowing for
disaster Recovery in ePolicy Orchestrator and database files.
1 Stop the McAfee ePolicy Orchestrator 4.0 Server service and ensure that the SQL Server
(MSSQLSERVER) service is running.
2 Close all ePolicy Orchestrator consoles and remote console
This tool cannot change the database location.
3 Double-click DBBAK.EXE. If you are upgrading from version 4.0.x,
4 Type the Database Server Name.
5 Select NT Authentications or SQL Account.
-
8/3/2019 Mcafee Epo 4.0 Documentation
35/36
Confidential Taarak India Pvt. Ltd
A-22 Green Prak New Delhi 110016
Phone:- 01146105555 Fax 011-26561953 5/14/2009
If you select SQL Account, type a user Name and Password for this database.
6 Type the Backup File path, then click Backup.
7 Click OK when the backup process is done.
8 Start the McAfee ePolicy Orchestrator 4.0 Server service and ensure that the MSSQLSERVER
service is running.
Restore Procedure
1 Stop the McAfee ePolicy Orchestrator 4.0 Server service and ensure that the SQL Server
(MSSQLSERVER) service is running.
2 Close all ePolicy Orchestrator consoles and remote consoles.ote
This tool cannot change the database location.
3 Double-click DBBAK.EXE. If you are upgrading from version 3.0.x, the default location is:
C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3.0.X
4 Type the Database Server Name.
5 Select NT Authentications or SQL Account.If you select SQL Account, type a user Name and Password for this database.
6 Type the Restore File path, and then click Restore.
7 Click OK when the backup process is done.
8 Start the McAfee ePolicy Orchestrator 4.0 Server service and ensure that the MSSQLSERVER
service is running.
-
8/3/2019 Mcafee Epo 4.0 Documentation
36/36
Common Tasks
Some of the common task information is available at below given URLs.
Mcafee Support Center:http://www.mcafee.com/us/enterprise/support/index.html
Query about Mcafee Products :http://knowledge.mcafee.com/
Mcafee online Support can be accessed at:http://mysupport.mcafee.com/eservice_enu
McAfee Super-Dat can be downloaded fromhttp://www.mcafee.com/us/enterprise/downloads/index.html