Product guide

6
Click Save.
7
In the System Tree, assign the policy to the required systems or group.
Systems — Select the systems, click Actions | Agent | Set Policies & Inheritance, select ePO Deep
Command 2.1 as the product, select AMT Policies as the category, select the modified policy, select
Break Inheritance, then save the policy assignment.
Groups — Select ePO Deep Command 2.1 as the product, click Edit Assignment next to AMT Policies,
select the modified policy under Assigned policy, then save the policy assignment.
8
Enforce the policy using one of these methods:
Wait for the next agent-server communication.
Send an agent wake-up call.
From the Intel
®
AMT systems, click McAfee Agent Status Monitor, then click Collect and Send Properties,
Check New Policies, and Enforce Policies.
Click Actions | AMT Actions | Enforce AMT Policies, then click OK.
9
Verify the policy enforcement:
View the policy enforcement status in Server Task Log.
Navigate to the System Properties page, click the Deep Command tab, and make sure that the value
for CILA Enabled is Yes and the Agent Handler you selected is listed under CILA Agent Handler.
Initiate a call from the Intel
®
AMT system using the Get Technical Help option in the Intel
®
Management and Security Status tool. The IMSS tool indicates whether the system is
connected. After this action, the Threat Event Log on McAfee ePO displays an entry for the Local Fast
Call for Help log with an event ID 34350.
See also
Enforce Intel AMT policies on page 111
Create a Remote Access policy
Initiate a secured connection from McAfee ePO to remote Intel
®
AMT systems through Gateway server.
Before you begin
McAfee ePO Agent Handler 4.6 Patch 4 must be installed on the ePO Deep Command
Gateway server DMZ and must be active.
The FQDN of the ePO Deep Command Gateway server must be resolvable from the
Internet.
The Remote Access configuration ports must be allowed through the DMZ firewall and
be accessible to the remote Intel
®
AMT system clients. Usually, this port is where stunnel
is configured.
Stunnel version 4.36 or later must be installed on the Agent Handler servers.
Remote Access is an advanced feature of Intel
®
AMT technology platforms that initiates a secured
connection from your server to the Intel
®
AMT systems through a gateway server residing in the
enterprise DMZ. Make sure that you provide the correct details of your Intel
®
AMT system environment
while configuring a Remote Access policy. If there's a mistake, especially while enforcing the Remote
Access policy to a larger environment, you might need to be physically present to unconfigure each
Intel
®
AMT system, then reconfigure them.
8
Managing your Intel AMT systems
Using policies to manage Intel AMT systems
98
McAfee ePO Deep Command 2.1.0 Product Guide