Product Guide
Page 2
.... IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide All Rights Reserved. COPYRIGHT Copyright © 2011 McAfee, Inc. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE.
.... IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide All Rights Reserved. COPYRIGHT Copyright © 2011 McAfee, Inc. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE.
Product Guide
Page 3
... EEFF from managed nodes using Shell command 14 Uninstalling EEFF from managed nodes using MSI 14 Configuring EEFF policies using ePO 16 EEFF Policies 16 Creating a policy from Policy Catalog 20 Editing the EEFF policy settings from Policy Catalog 20 Assigning policies to a system or a system group 21 Assigning a policy to a managed node 21 Assigning a policy to a system group 21 Enforcing EEFF policies on a system 22 Enforcing EEFF policies on a system group 22 McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide 3
... EEFF from managed nodes using Shell command 14 Uninstalling EEFF from managed nodes using MSI 14 Configuring EEFF policies using ePO 16 EEFF Policies 16 Creating a policy from Policy Catalog 20 Editing the EEFF policy settings from Policy Catalog 20 Assigning policies to a system or a system group 21 Assigning a policy to a managed node 21 Assigning a policy to a system group 21 Enforcing EEFF policies on a system 22 Enforcing EEFF policies on a system group 22 McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide 3
Product Guide
Page 4
... Working with user personal keys 33 Managing EEFF Reports 35 Creating EEFF custom queries 35 Viewing the standard EEFF queries 36 Defining EEFF permission sets for ePO users 38 Creating permission sets for user accounts 38 Editing EEFF Policy Permissions 38 Editing EEFF Key Server permissions 39 Appendix A: Removable Media registry controls 40 Relaxing the Removable Media definition 40 Exempt local drives and network shares from encryption 40 Appendix B: Best Practices 42 4 McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide
... Working with user personal keys 33 Managing EEFF Reports 35 Creating EEFF custom queries 35 Viewing the standard EEFF queries 36 Defining EEFF permission sets for ePO users 38 Creating permission sets for user accounts 38 Editing EEFF Policy Permissions 38 Editing EEFF Key Server permissions 39 Appendix A: Removable Media registry controls 40 Relaxing the Removable Media definition 40 Exempt local drives and network shares from encryption 40 Appendix B: Best Practices 42 4 McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide
Product Guide
Page 5
... security to retrieve the correct policy in EEFF. Endpoint Encryption for Files and Folders version 4.0.0 Product Guide 5 EEFF integrates with ePO supports both registered domain users and local system users can be used for Files and Folders allows you to define and protect information in a way that only authorized users can access information. EEFF depends on Microsoft Windows user accounts and works in real-time to authenticate user to access encryption keys and to protect your data. McAfee Endpoint Encryption...
... security to retrieve the correct policy in EEFF. Endpoint Encryption for Files and Folders version 4.0.0 Product Guide 5 EEFF integrates with ePO supports both registered domain users and local system users can be used for Files and Folders allows you to define and protect information in a way that only authorized users can access information. EEFF depends on Microsoft Windows user accounts and works in real-time to authenticate user to access encryption keys and to protect your data. McAfee Endpoint Encryption...
Product Guide
Page 6
... server and acquires the user data. When a file is placed in policies for Files and Folders using ePO 4.5 and 4.6. • Windows authentication based policy enforcement - When a file is installed on Removable media - The client software is saved, EEFF filter executes the assigned encryption policies and encrypts the data, if applicable. Provides support for deploying and managing McAfee Endpoint Encryption for encryption. • Protect data on the client system. The EEFF client acts like a filter between the application creating or editing the files and the storage media...
... server and acquires the user data. When a file is placed in policies for Files and Folders using ePO 4.5 and 4.6. • Windows authentication based policy enforcement - When a file is installed on Removable media - The client software is saved, EEFF filter executes the assigned encryption policies and encrypts the data, if applicable. Provides support for deploying and managing McAfee Endpoint Encryption for encryption. • Protect data on the client system. The EEFF client acts like a filter between the application creating or editing the files and the storage media...
Product Guide
Page 8
...: This document does not provide detailed information about installing or using McAfee ePolicy Orchestrator management software version 4.5 and 4.6. It also provides comprehensive reporting and product deployment capabilities, all through a single point of your ePO computer. 2 Log on the managed nodes. The Check In Package wizard appears. 4 In the Package page, select the Package type as an administrator. 3 Click Menu | Software | Master Repository, then click Actions | Check In Package. Installing EEFF...
...: This document does not provide detailed information about installing or using McAfee ePolicy Orchestrator management software version 4.5 and 4.6. It also provides comprehensive reporting and product deployment capabilities, all through a single point of your ePO computer. 2 Log on the managed nodes. The Check In Package wizard appears. 4 In the Package page, select the Package type as an administrator. 3 Click Menu | Software | Master Repository, then click Actions | Check In Package. Installing EEFF...
Product Guide
Page 9
... location of your ePO computer. 2 Log on to the ePO server as an administrator. 3 Click Menu | Software | Extensions | Install Extension. Task For option definitions, click ? Before you begin Make sure you have a registered Active Directory to use Policy Assignment Rules, to install the EEFF extension. McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide 9 The Registered Server Builder wizard opens. 3 From the Server type drop-down list on to modify server settings, permission sets, users, and registered servers. Installing the ePO help...
... location of your ePO computer. 2 Log on to the ePO server as an administrator. 3 Click Menu | Software | Extensions | Install Extension. Task For option definitions, click ? Before you begin Make sure you have a registered Active Directory to use Policy Assignment Rules, to install the EEFF extension. McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide 9 The Registered Server Builder wizard opens. 3 From the Server type drop-down list on to modify server settings, permission sets, users, and registered servers. Installing the ePO help...
Product Guide
Page 10
... that the system is added to the list of client tasks for the selected group and any notes. 4 Select Target Platforms as Windows, Products and components as McAfee Endpoint Encryption for Files and Folders 4.0.0.0, Action as Install. While using ePO 4 Type the Domain name or the Server name. Task For option definitions, click ? The New Task dialog box appears. 2 Ensure that the connection to the server works, then click Save. Select an appropriate Language...
... that the system is added to the list of client tasks for the selected group and any notes. 4 Select Target Platforms as Windows, Products and components as McAfee Endpoint Encryption for Files and Folders 4.0.0.0, Action as Install. While using ePO 4 Type the Domain name or the Server name. Task For option definitions, click ? The New Task dialog box appears. 2 Ensure that the connection to the server works, then click Save. Select an appropriate Language...
Product Guide
Page 12
... Configuration page, select Target Platforms as Windows, Products and components as McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide Contents Uninstalling EEFF from managed nodes Uninstalling EEFF from managed nodes using ePO 4.6 Removing the EEFF extension Removing EEFF deployment package Uninstalling EEFF from managed nodes using command prompt Uninstalling EEFF from managed nodes using ePO 4.6 Use this task to the ePO server as Remove. in the System Tree, then click Actions | New Task. Uninstalling EEFF from managed...
... Configuration page, select Target Platforms as Windows, Products and components as McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide Contents Uninstalling EEFF from managed nodes Uninstalling EEFF from managed nodes using ePO 4.6 Removing the EEFF extension Removing EEFF deployment package Uninstalling EEFF from managed nodes using command prompt Uninstalling EEFF from managed nodes using ePO 4.6 Use this task to the ePO server as Remove. in the System Tree, then click Actions | New Task. Uninstalling EEFF from managed...
Product Guide
Page 13
... created for Files and Folders 4.0.0.0, Action as Client Task Types, then click Actions | New Task . The Extension page appears with the extension name and version details. 3 Select the Endpoint Encryption for Files and Folders version 4.0.0 Product Guide 13 Each assigned client task per selected category appears in the interface. 1 Click Menu | Policy | Client Task Catalog , select McAfee Agent | Product Deployment as Remove. in the System Tree. 7 Select the Preset filter as an administrator. 2 Click Menu | Software | Extensions. Task For option...
... created for Files and Folders 4.0.0.0, Action as Client Task Types, then click Actions | New Task . The Extension page appears with the extension name and version details. 3 Select the Endpoint Encryption for Files and Folders version 4.0.0 Product Guide 13 Each assigned client task per selected category appears in the interface. 1 Click Menu | Policy | Client Task Catalog , select McAfee Agent | Product Deployment as Remove. in the System Tree. 7 Select the Preset filter as an administrator. 2 Click Menu | Software | Extensions. Task For option...
Product Guide
Page 14
.... 14 McAfee Endpoint Encryption for Files and Folders 2 Run the following command MfeFfShell.com-force_uninstall. The Delete package confirmation page appears. 4 Click OK on to the ePO server as an administrator. 2 Click Menu | Software | Master Repository. Uninstalling EEFF Removing EEFF deployment package Removing EEFF deployment package Use this task to remove the EEFF deployment package from a managed node using MSI. Uninstalling EEFF from managed nodes using command prompt Use these tasks...
.... 14 McAfee Endpoint Encryption for Files and Folders 2 Run the following command MfeFfShell.com-force_uninstall. The Delete package confirmation page appears. 4 Click OK on to the ePO server as an administrator. 2 Click Menu | Software | Master Repository. Uninstalling EEFF Removing EEFF deployment package Removing EEFF deployment package Use this task to remove the EEFF deployment package from a managed node using MSI. Uninstalling EEFF from managed nodes using command prompt Use these tasks...
Product Guide
Page 16
... changes to enforce policies for that you create, configure, then enforce. Contents EEFF Policies Creating a policy from Policy Catalog Editing the EEFF policy settings from a central location. Policies are enforced. From the Assigned Policies page, choose whether to enforcement below the locked node. Each policy category refers to a user on the selected group. Specifies the context menu options available to a specific subset of policy settings. Default value is set For each managed product or component, choose whether the agent enforces all products...
... changes to enforce policies for that you create, configure, then enforce. Contents EEFF Policies Creating a policy from Policy Catalog Editing the EEFF policy settings from a central location. Policies are enforced. From the Assigned Policies page, choose whether to enforcement below the locked node. Each policy category refers to a user on the selected group. Specifies the context menu options available to a specific subset of policy settings. Default value is set For each managed product or component, choose whether the agent enforces all products...
Product Guide
Page 17
...the list or typing it in the text box. • Key - Specifies the context menu options available to recover the EERM encrypted removable media. Does not encrypt files on removable media with the specified key. Default value is 100%. • Recovery Methods - Browse to send encrypted email attachments, either for internal recipients (SBA attachment) or for Removable Media - Default value is disabled. McAfee Endpoint Encryption for client system users. Enables Search encrypted option for Files and Folders version 4.0.0 Product Guide 17 Enables managed node users to select the key...
...the list or typing it in the text box. • Key - Specifies the context menu options available to recover the EERM encrypted removable media. Does not encrypt files on removable media with the specified key. Default value is 100%. • Recovery Methods - Browse to send encrypted email attachments, either for internal recipients (SBA attachment) or for Removable Media - Default value is disabled. McAfee Endpoint Encryption for client system users. Enables Search encrypted option for Files and Folders version 4.0.0 Product Guide 17 Enables managed node users to select the key...
Product Guide
Page 18
... menu is not assigned to recover the encrypted removable media. • Allows user questions - User can be updated with the changes in encryption policies. • Add - Does not change the file modified and accessed time on encryption or decryption. • Require authentication for the removable media • Exclude devices larger than the specified value. Specifies the Regular or User Personal key that can encrypt or decrypt files or folders using ePO EEFF Policies Category CD/DVD Encryption Encryption Options Description • Use recovery key - Enables user...
... menu is not assigned to recover the encrypted removable media. • Allows user questions - User can be updated with the changes in encryption policies. • Add - Does not change the file modified and accessed time on encryption or decryption. • Require authentication for the removable media • Exclude devices larger than the specified value. Specifies the Regular or User Personal key that can encrypt or decrypt files or folders using ePO EEFF Policies Category CD/DVD Encryption Encryption Options Description • Use recovery key - Enables user...
Product Guide
Page 19
... user can not open or edit encrypted files. • Key Request Exclusion - Removes the process from encryption. • Add - Adds the file extension that will be excluded. • Available Keys - Specifies the keys which includes regular, and user personal keys. • Selected Keys - Does not encrypt files on slow connections - NOTE: This option is applicable only if the file is being encrypted through policy enforcement. • Maximum clients allowed to encrypt folders - Specifies the maximum number of files on network locations. • Enable network...
... user can not open or edit encrypted files. • Key Request Exclusion - Removes the process from encryption. • Add - Adds the file extension that will be excluded. • Available Keys - Specifies the keys which includes regular, and user personal keys. • Selected Keys - Does not encrypt files on slow connections - NOTE: This option is applicable only if the file is being encrypted through policy enforcement. • Maximum clients allowed to encrypt folders - Specifies the maximum number of files on network locations. • Enable network...
Product Guide
Page 20
... create policies before or after the EEFF software is deployed. Creates a default user local key when a new user logs on a client system using the Export and Import options in EEFF client. • Recovery Key - Editing the EEFF policy settings from Policy Catalog Use this task to create local keys on this existing policy drop-down list. 4 Type a name for Files and Folders 4.0.0.0 and a policy Category from the Product drop-down lists. Task For option definitions, click ? in the interface. 1 Click Menu | Policy | Policy Catalog, then select Endpoint Encryption for Files...
... create policies before or after the EEFF software is deployed. Creates a default user local key when a new user logs on a client system using the Export and Import options in EEFF client. • Recovery Key - Editing the EEFF policy settings from Policy Catalog Use this task to create local keys on this existing policy drop-down list. 4 Type a name for Files and Folders 4.0.0.0 and a policy Category from the Product drop-down lists. Task For option definitions, click ? in the interface. 1 Click Menu | Policy | Policy Catalog, then select Endpoint Encryption for Files...
Product Guide
Page 23
... included users unrestricted access to internet content. For example, consider the previous example where a user is enforced because it is applied to a user, all settings of your most secure policy. NOTE: When a user logs on . As a result, the user has unrestricted access to this scenario, rule A is included in that functionality allowed by excluding a user (or other assignments with different assigned priorities. McAfee Endpoint Encryption for the policy assignments specific to internet content.
... included users unrestricted access to internet content. For example, consider the previous example where a user is enforced because it is applied to a user, all settings of your most secure policy. NOTE: When a user logs on . As a result, the user has unrestricted access to this scenario, rule A is included in that functionality allowed by excluding a user (or other assignments with different assigned priorities. McAfee Endpoint Encryption for the policy assignments specific to internet content.
Product Guide
Page 30
... policy. Managing EEFF keys EEFF uses encryption keys to protect files and folders on which it was created. Encryption keys are limited to the user and client system on networks, removable media, CD or DVD, and user hard disks. The administrator can be loaded at every logon and unloaded every time user logs off. Regular keys are created by the user to encrypt or decrypt data on the same network using EEFF client software on a client system. The EEFF Key Management page appears. 30 McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide...
... policy. Managing EEFF keys EEFF uses encryption keys to protect files and folders on which it was created. Encryption keys are limited to the user and client system on networks, removable media, CD or DVD, and user hard disks. The administrator can be loaded at every logon and unloaded every time user logs off. Regular keys are created by the user to encrypt or decrypt data on the same network using EEFF client software on a client system. The EEFF Key Management page appears. 30 McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide...
Product Guide
Page 33
.... The Configure User Personal Keys page appears. 3 Select Enable User Personal Keys, then click Save. 4 Click Menu | Policy | Policy Catalog, then select Endpoint Encryption for Files and Folders from the Product drop-down list. 5 Select Grant Keys (UBP) as a single key, but creates individual user personal keys when assigned. The user Selection Criteria page opens. Managing EEFF keys How user personal keys work User personal key gives you ability to create user-specific encryption keys. These keys are assigned to Grant key policy as policy Category, then click Edit Settings next...
.... The Configure User Personal Keys page appears. 3 Select Enable User Personal Keys, then click Save. 4 Click Menu | Policy | Policy Catalog, then select Endpoint Encryption for Files and Folders from the Product drop-down list. 5 Select Grant Keys (UBP) as a single key, but creates individual user personal keys when assigned. The user Selection Criteria page opens. Managing EEFF keys How user personal keys work User personal key gives you ability to create user-specific encryption keys. These keys are assigned to Grant key policy as policy Category, then click Edit Settings next...
Product Guide
Page 35
... downloaded or sent as dashboard monitors. View the exported results as dashboard monitors. McAfee Endpoint Encryption for example, Microsoft Excel). • XML - For example, you can be exported to use. Dashboard monitors are available at the bottom of actions available for other monitors when used as a web page. • PDF - Transform the data for selected items in several formats: • CSV - These are configurable objects that retrieve and display data...
... downloaded or sent as dashboard monitors. View the exported results as dashboard monitors. McAfee Endpoint Encryption for example, Microsoft Excel). • XML - For example, you can be exported to use. Dashboard monitors are available at the bottom of actions available for other monitors when used as a web page. • PDF - Transform the data for selected items in several formats: • CSV - These are configurable objects that retrieve and display data...