Setup guide

ManualsBrandsMcafee ManualsOtherQUICKCLEAN 1.0

McAfee ePO

Advanced Suite Installer Product Guide

Page 12 McAfee ePO

Advanced Suite Installer

One reason to modify the Agent to Server Connection Interval on a group of systems might be to lessen

the impact on already taxed WAN connections to remote sites, or simply because you are managing

several thousand systems. See more information on the McAfee Agent in the Quick Tips video

Controlling

Agent Communication.

NOTE: To view the Agent Log on a remote system, type the following your web-browser:

http://<computer_name_or_IP_address>:8081 where 8081 is the default port for the Agent Wake Up call. If

you changed this port number during ePolicy Orchestrator installation, then use the port you specified.

This can be very useful when you need to view the log for a system to which you do not have physical

access; for instance, the system is on the other side of the country. You will be able to take advantage

of this feature after we have deployed the Agent.

VirusScan Enterprise policies

Assigning a VirusScan policy to a group

Having assigned policies globally, the following applies policies to a specific group. Do you have one

group of systems that has a higher probability of being exposed to malware than others? You are likely

thinking of your laptop community and the common concerns around issues like non-standard images,

use of unsecured wireless networks, or who is using the laptop and where they are surfing when off the

corporate network. Setting GTI File reputation to High is used for systems or areas that have a greater

susceptibility to being attacked.

Follow these steps to set GTI File Reputation to High for the Laptops group.

1 Click the System Tree button on the favorites bar.

2 Highlight the Laptops group.

3 Click the Assigned Policies tab.

• From the Product drop-down menu, select VirusScan Enterprise 8.8.0.

• On the line that lists On-Access General Policies, click Edit Assignment.

• For Inherit from, select Break inheritance and assign the policy and settings below.

• From the Assigned Policy drop-down menu, select EASI - Enable GTI for On-Access (High).

• Click Save.

For additional information on this feature, see the

FAQs for Global Threat Intelligence File Reputation.

Assigning best practice VirusScan policies to the SQL Servers group

The installer includes many best practice server policies used by customers where the standard anti-virus

(AV) defaults are not applicable. For instance, it is common practice to create AV exclusions on database

servers, Microsoft Exchange servers, Domain Controllers, and so on. An extensive list of common

exclusions can be found here:

VirusScan Enterprise exclusions (Master Article). Details on available

syntax are found in the

VirusScan Enterprise 8.8 Product Guide.

Note also that McAfee VirusScan has the unique ability to vary scan settings based on the process in play

at any given time. In the example below,

Sqlserver.exe

and

Sqlwriter.exe

are considered “low-risk”

processes for spreading malware (unlike Explorer.exe, for example). Hence the policies are configured

such that

scan on read

and

scan on write

are not active for those two select low-risk processes. Real

customers combine this approach with traditional file and directory exclusions to provide the best server

performance possible while limiting the threat of malware infection at the file system level. As such, a

set of Low Risk and Default policies are used in concert.

Follow these steps to assign the Default Processes Policy to the SQL Servers group.