Setup guide
McAfee ePO
Advanced Suite Installer Product Guide
Page 26 McAfee ePO
Advanced Suite Installer
ePolicy Orchestrator in a production environment, you should revisit the setting of those task
assignments at some point. Whether you choose a specific time of day for installations or leave the
schedule as
Run Immediately
, you should add a window of Randomization to stagger the installations
over a period of several minutes or hours, to avoid a flurry of simultaneous requests across the network.
The randomization window chosen is dependent on several factors, but primarily the number of systems
to which you are deploying and whether the installations are at local or remote sites.
Quick Tip: As opposed to performing a large number of remote installations to systems in different
sites, ePolicy Orchestrator allows you replicate the files necessary for installations and updates to
“distributed repositories” at strategic locations across your network. See the Quick Tip video
Why and
How to Create Distributed Repositories. One preferred type of distributed Repository is the Super Agent.
Also see the Quick Tip video
The Use of Super Agents. If applicable, an Agent Handler may be used.
Use dashboards and queries
Dashboards and queries provide various types of status information about your environment. Each
product in the Endpoint Protection suites has predefined queries that you can run individually. Often the
queries cover recent events, such as detections in the last 24 hours or 7 days, or they might provide
trending information over time. ePolicy Orchestrator also includes several predefined dashboards.
Dashboards are comprised of multiple queries or other objects. You can also create custom dashboards
and queries. By default, there are several active dashboards available for viewing. You can also create
custom dashboards by using default queries or ones that you create. In the sections below, we will
examine some of the default dashboards and queries, create a custom query, and create a custom
dashboard.
Dashboard Overview
While there may not yet be much event data to report, this is a good opportunity to examine some of the
default dashboards and understand how they are created.
1 Click the Dashboards button on the favorites bar.
2 From the Dashboard drop-down, choose VSE: Current Detections.
This dashboard breaks down various types of detections made by VirusScan Enterprise, specifically
viruses, spyware, and other unwanted programs for the last 24 hours and last 7 days. You likely don’t
have any detections showing yet, but now you know where to find that data. (You can use the well
known anti-virus test string EICAR.COM file from
http://www.eicar.org for testing and generating
immediate detections.)
3 From the Dashboard drop-down, choose Host IPS: Signatures Triggered.
Elements of this dashboard will be helpful when tuning Host IPS. It provides a breakdown of triggered
signatures by severity for both workstations and servers.
4 From the Dashboard drop-down, under Public Dashboards, choose ePO Summary.
Query Overview
In this section we will run a predefined query and view the results.
1 Click the Queries & Reports button on the favorites bar.
2 Expand the Shared Groups on the left. Each group contains a number of predefined queries.
3 Highlight the VirusScan Enterprise group.
4 Scroll down the alphabetical list of queries, locate VSE: DAT Deployment, and click Run at the far
right. Assuming VirusScan has been installed and has performed its initial DAT (signature) update, you