Setup Guide McAfee ePO Advanced Suite Installer (eASI) For use with the McAfee Endpoint Protection Suites
McAfee ePO Advanced Suite Installer Product Guide COPYRIGHT Copyright © 2013 McAfee, Inc. Do not copy without permission.
McAfee ePO Advanced Suite Installer Product Guide Contents Before You Begin ………………………………………………………………….. 4 Install your McAfee Endpoint Suite…………………………...………………. 6 Configure the McAfee ePO Server …………………………………………….. 8 Systems and the System Tree ………………………………………………….. 9 Set Policies for endpoints ……………………………………………………….. 11 Create custom policies …………………………………………………………... 17 Set tasks for endpoints ………………………………………………………….. 19 Create client tasks …….……………………………………………….….……….
McAfee ePO Advanced Suite Installer Product Guide Before You Begin… Thank you for downloading the McAfee ePO Advanced Suite Installer. This guide is organized so you can evaluate McAfee Endpoint in a pilot environment consisting of a McAfee ePolicy Orchestrator® (McAfee ePO™) server and a number of client computers. The guide contains step-by-step instructions for many of the common configuration and policy options of the McAfee Endpoint Suites.
McAfee ePO Advanced Suite Installer Product Guide Virtualization Support The installer supports use of several types of virtual infrastructure software including: • • • • Citrix XenServer 5.5 Update 2 Microsoft Hyper-V Server 2008 R2 VMware ESX 3.5 Update 4 VMware ESX 4.
McAfee ePO Advanced Suite Installer Product Guide Install your McAfee Endpoint Suite This section provides a walkthrough of the basic installation process. Make sure you have downloaded or copied the appropriate installer (eASIv1.0_EPS.zip or eASIv1.0_EPA.zip) and unzipped to a folder on your server. Step # 1 Screenshot Instructions • • • • 2 Page 6 • Run eASI.exe. If UAC is enabled, right-click and Run as Administrator. Enter a password to use for the ePolicy Orchestrator Admin account.
McAfee ePO Advanced Suite Installer Product Guide 3 Choose the database type: • Install Microsoft SQL Express: Select this option to install the default SQL Server Express 2005 software bundled with ePolicy Orchestrator. • Use existing Microsoft SQL Server: Select this option to connect to an existing database server on your network. Also supply the following information: • Select a Database Server from the dropdown list. If not listed, enter it manually.
McAfee ePO Advanced Suite Installer Product Guide 5 Upon completion, you are presented with the login page for McAfee ePO. Configure the McAfee ePO Server Log in to ePolicy Orchestrator Log in with the User Name of Admin and the password that you designated during the installation. On first login, you are presented with the Guided Configuration dashboard.
McAfee ePO Advanced Suite Installer Product Guide The ePolicy Orchestrator software repository The McAfee ePO server is the central software repository for all McAfee product installations, updates, and other content. The modular design of ePolicy Orchestrator allows new products to be added as extensions. This includes new or updated versions of McAfee products, such as VirusScan Enterprise, and non-McAfee products from McAfee partners.
McAfee ePO Advanced Suite Installer Product Guide Systems and the System Tree The ePolicy Orchestrator System Tree organizes managed systems in units for monitoring, assigning policies, scheduling tasks, and taking actions. These units are called groups, which are created and administered by Global Administrators or users with the appropriate permissions, and can include both systems and other groups. As shown in the graphic below, the installer created a sample system tree during setup.
McAfee ePO Advanced Suite Installer Product Guide 5 Click OK. 6 As needed, repeat these steps to add any servers to your Laptops or Servers group or its subgroups. There are several methods of organizing and populating the System Tree: • Manually structure your System Tree by creating your own groups and adding individual systems. • Synchronize with Active Directory or NT domain as a source for systems.
McAfee ePO Advanced Suite Installer Product Guide One reason to modify the Agent to Server Connection Interval on a group of systems might be to lessen the impact on already taxed WAN connections to remote sites, or simply because you are managing several thousand systems. See more information on the McAfee Agent in the Quick Tips video Controlling Agent Communication.
McAfee ePO Advanced Suite Installer Product Guide 1 Click the System Tree button on the favorites bar. 2 Highlight the SQL Servers group. 3 Click the Assigned Policies tab. 4 From the Product drop-down menu, select VirusScan Enterprise 8.8.0. 5 On the line that lists On-Access Default Processes Policies, click Edit Assignment. 6 For Inherit from, select Break inheritance and assign the policy and settings below. 7 From the Assigned Policy drop-down menu, select EASI – Default: MS SQL Servers. 8 Click Save.
McAfee ePO Advanced Suite Installer Product Guide Perhaps you have shied away from Host IPS, feeling that it would be a complex or lengthy process to deploy, or had concern about blocking legitimate processes. By following a logical, systematic approach, you can quickly realize the benefits of deploying Host IPS in your environment.
McAfee ePO Advanced Suite Installer Product Guide • On the line that lists IPS Rules, click Edit Assignment. • For Inherit from, select Break inheritance and assign the policy and settings below. • From the Assigned Policy drop-down menu, select EASI - VMware exception policy. • Click Save. The policy is now assigned to that group and all its subgroups. 4 Repeat the above steps for your Laptops group.
McAfee ePO Advanced Suite Installer Product Guide SiteAdvisor Enterprise and Web Filtering for Endpoint policies McAfee SiteAdvisor Enterprise leverages McAfee Global Threat Intelligence to provide reputation ratings for web sites using a color-coded system — primarily Red, Yellow, and Green, based on the risk associated with a given site (for example, “Red sites” hosting malware).
McAfee ePO Advanced Suite Installer Product Guide Create custom policies So far, we have assigned best practices policies that were created for you. At some point, you will have to create policies to accommodate some requirements on your network. In this section, we will create and assign two policies from scratch. This will show you the process from start to finish, and provide a better understanding of policy creation and management in ePolicy Orchestrator.
McAfee ePO Advanced Suite Installer Product Guide Variation on a Theme for Policy Creation and Application In the previous example, you created the new policy in the Policy Catalog, then assigned it within the System Tree. In this example you will create and assign the new policy from the System Tree, achieving the same end result through an alternate workflow.
McAfee ePO Advanced Suite Installer Product Guide tests by duplicating any policy and then make changes to the copy, thus keeping the original policy intact. Set tasks for endpoints So far you have created a System Tree, added some client systems, and created and assigned several policies. Next, you will schedule the deployment of VirusScan Enterprise and other security products. Product deployment is accomplished using a client task that the McAfee Agent retrieves and executes.
McAfee ePO Advanced Suite Installer Product Guide 6 On the Schedule page, set the following options: • Schedule status Enabled • Schedule type Run Immediately 7 Click Next. 8 On the Summary page, click Save. 9 Repeat the above process for the Laptops group as well. Assigning the Server Deployment Task The installer provided a pre-built Deployment Task for your Servers group. The deployment includes VirusScan and SiteAdvisor. Follow these steps to assign the task to your Servers group.
McAfee ePO Advanced Suite Installer Product Guide You might subsequently create a similar task for the Laptops group, but provide additional flexibility, such as deferring scans while on battery power. One would typically establish separate schedules and exclusion configurations for scheduled scans of your various servers based on services they support (e.g., Exchange, SharePoint, SQL, Domain Controller, DHCP, etc.).
McAfee ePO Advanced Suite Installer Product Guide Policy and task inheritance in the System Tree Policies By now you have noticed a recurring phrase when assigning policies and tasks. Namely “The policy (or task) is now assigned to that group and all its subgroups.” In short, child objects (subgroups and individual systems) inherit settings from their parent container unless you break inheritance at a specific point in the tree. Recall the File Reputation policies for VirusScan that you applied earlier.
McAfee ePO Advanced Suite Installer Product Guide Before deploying the McAfee Agent, you should verify both communication between the server and systems, and access to the default Admin$ share directory on the client. If your test systems are not part of a domain, you can simply copy Framepkg.exe to your client systems and execute it locally when we reach that step. Framepkg.
McAfee ePO Advanced Suite Installer Product Guide Verifying agent communication with ePolicy Orchestrator Once the initial agent-server communication has occurred, the agent polls the server once every 60 minutes by default. This is known as the Agent to Server Communication Interval or ASCI. Earlier we applied a policy that changed that interval to 120 minutes. Every time this occurs, the Agent polls ePolicy Orchestrator to upload client events and retrieve any applicable policy or task changes.
McAfee ePO Advanced Suite Installer Product Guide Note: If sending a Wake Up Call fails to populate the client’s IP address and user name, other environmental factors might be preventing the initial agent deployment. If this happens, simply copy the agent installer, Framepkg.exe, located on the ePolicy Orchestrator server, and run it locally on your test systems. Verify that a host or network firewall is not blocking agent communication to the server.
McAfee ePO Advanced Suite Installer Product Guide ePolicy Orchestrator in a production environment, you should revisit the setting of those task assignments at some point. Whether you choose a specific time of day for installations or leave the schedule as Run Immediately, you should add a window of Randomization to stagger the installations over a period of several minutes or hours, to avoid a flurry of simultaneous requests across the network.
McAfee ePO Advanced Suite Installer Product Guide will see a pie chart. If all test systems are running the same DAT, the pie chart will display only one color. However, this is an important query to watch going forward, so you will know at a glance if all your clients are current on their virus signatures. 5 Click Close. We will revisit this query again. Creating a Custom Query ePolicy Orchestrator also provides a wizard that allows you to create custom queries, which can also be used in a dashboard.
McAfee ePO Advanced Suite Installer Product Guide give you an idea of the level of detail available for reporting. Note that it is not necessary to upgrade the version of ePolicy Orchestrator in order to upgrade client versions. Creating a Custom Dashboard In this section you will create a new dashboard utilizing the query just created along with some other useful default queries. 1 Click the Dashboards button on the favorites bar. 2 Click the Dashboard Actions drop-down and choose New.
McAfee ePO Advanced Suite Installer Product Guide Summary Congratulations! By completing this guide, you have completed many of the common tasks used in creating and maintaining a secure endpoint environment with ePolicy Orchestrator.
McAfee ePO Advanced Suite Installer Product Guide Appendix A: McAfee Device Control Note: In an Active Directory domain, you can leverage user based policies with Device Control. In Workgroup mode, only local user or machine-based policies are possible. Post-Installation Configuration The installer automatically checks McAfee Device Control into the ePolicy Orchestrator software repository; however, additional steps need to be taken to properly configure Device Control for use.
McAfee ePO Advanced Suite Installer Product Guide Configure the Share Names and Permissions Configuration of the folders on Windows 2008 Server for Device Control requires specific security settings. Configuring the Evidence folder 1 Right-click the evidence folder and select Properties. 2 Select the Sharing tab, then click Advanced Sharing. Select the Share this folder. 3 Modify the Share name to evidence$. NOTE: The $ ensures that the share is hidden. 4 Click Permissions.
McAfee ePO Advanced Suite Installer Product Guide 13 In the Allow column, select Create Files/Write Data and Create Folders/Append Data. Verify that the Apply to option says This folder, subfolders and files, then click OK. The Advanced Security Settings dialog box now includes Domain Admins. 14 Click OK, OK, and then Close on the remaining dialog boxes. Finalizing Configuration 1 In the ePolicy Orchestrator console, select Menu | Data Protection | DLP Policy.
McAfee ePO Advanced Suite Installer Product Guide Appendix B: List of included eASI best practice policies The installer has been bundled with many best practice policies for the McAfee Endpoint Protection suites. These starter policies include common best practice settings for VirusScan Enterprise, Desktop Firewall, McAfee Agent, and Device Control. As every environment is different, these policies should be thoroughly reviewed and modified to meet the needs of your specific environment.
McAfee ePO Advanced Suite Installer Product Guide On-Access General Policies While the Default for GTI is Medium, the policy for High could be applied to those systems most likely to encounter malware, such as laptops: • EASI - Enable GTI for On-Access (High) Host Intrusion Prevention 8.0: General Client UI (Windows) The Initial Testing policy below allows the local user to disable any FW & IPS functions. It would typically be used during a testing phase.
McAfee ePO Advanced Suite Installer Product Guide IPS Protection After all the required components for Host IPS are installed and communicating, you are ready to apply protection, monitor events, and update policies and content as needed. Similar to the default Enhanced Protection, this policy blocks High and Medium events and also logs Low severity events. Only block Medium events after first logging and reviewing them to see if any exceptions should be created.
McAfee ePO Advanced Suite Installer Product Guide DLP / Device Control 9.2 Device Rules Accessible from the DLP Policy page in ePolicy Orchestrator, this policy makes USB storage function as read-only unless they are McAfee Encrypted USB drives.
McAfee ePO Advanced Suite Installer Product Guide Appendix C: References Use the links in this section to access additional information.
McAfee ePO Advanced Suite Installer Product Guide McAfee Host Intrusion Prevention 8.0 • Host Intrusion Prevention 8.0 Installation Guide • Host Intrusion Prevention 8.0 for Product Guide • Host Intrusion Prevention 8.0 Release Notes • Host Intrusion Prevention 8.0 ClientControl.exe Utility Readme • Access Protection in McAfee VirusScan Enterprise and Host Intrusion Prevention – Whitepaper SiteAdvisor Enterprise 3.5 • SiteAdvisor Enterprise 3.5 Installation Guide • SiteAdvisor Enterprise 3.
