Product guide
• From the Intel
®
AMT systems, click McAfee Agent Status Monitor, then click Collect and Send Properties,
Check New Policies, and Enforce Policies.
• Click Actions | AMT Actions | Enforce AMT Policies, then click OK.
13
Verify the policy enforcement:
• View the policy enforcement status in Server Task Log.
• Navigate to the System Properties page, click the Deep Command tab, make sure that the value for
CIRA Agent Handler is Yes and the Agent Handler you selected is listed under CILA Agent Handler.
• Initiate a call from the Intel
®
AMT system using the Get Technical Help option in the Intel
®
Management and Security Status (IMSS) tool. The IMSS tool indicates whether the system is
connected. This is part of the environment detection indicator as defined by the Home Domains
setting. After this action, the Threat Event Log logs an entry for the Remote Fast Call for Help log with an
event ID 34351.
See also
Setting up your environment for Remote Access on page 4
Enforce Intel AMT policies on page 111
Create a KVM policy
McAfee KVM Viewer provides a console to access remote clients. It can be used to access an Intel
®
AMT system for troubleshooting any issues.
Before you begin
Correct Intel
®
AMT credentials must be set, and a trusted root certificate must be uploaded
in the Server Settings page for the Intel
®
AMT Credentials category.
You can configure this policy to enable or disable KVM feature, user's consent for the connection, opt
in timeout, session timeout and more.
Task
For option definitions, click ? in the interface.
1
In the McAfee ePO console, from Policy Catalog, select ePO Deep Command 2.1.0 as the product and AMT
Policies as the category, then click New Policy.
2
Type a name for the policy and any notes, then click OK.
3
Click the policy created, click the KVM Settings tab, then select Allow ePO to enforce these settings.
4
In KVM State and Ports Used, select Enable with TLS on Port 16995, then select Enable Opt-In to specify whether
user's consent is required for every connection (optional) and type the Opt-In timeout in seconds to
specify the time after which the passcode for the user's consent is expired if no connection is
established.
When you use the KVM Viewer for an Intel
®
AMT system that was configured using the host-based
configuration, the User Consent mode is enabled by default, even if the Opt-in option is disabled in
the policy enforced.
5
In Default Visible Monitor, select which monitor of the client system to display (if the client has multiple
monitors): Primary, Secondary, or Tertiary.
6
In TCP Session Timeout, type the number of minutes after which the session times out, then save the
policy.
8
Managing your Intel AMT systems
Using policies to manage Intel AMT systems
100
McAfee ePO Deep Command 2.1.0 Product Guide