Evaluator Guide
Page 4
... of one ePolicy Orchestrator® (ePO™) server and a number of the products included in Total Protection for Endpoint are grouped into these categories: • Management solution • Endpoint protection • Email server protection Management solution Total Protection for Endpoint provides these McAfee products for client protection: • VirusScan® Enterprise 8.7i • AntiSpyware Enterprise 8.7 • Host Intrusion Prevention 7.0 • SiteAdvisor®...
... of one ePolicy Orchestrator® (ePO™) server and a number of the products included in Total Protection for Endpoint are grouped into these categories: • Management solution • Endpoint protection • Email server protection Management solution Total Protection for Endpoint provides these McAfee products for client protection: • VirusScan® Enterprise 8.7i • AntiSpyware Enterprise 8.7 • Host Intrusion Prevention 7.0 • SiteAdvisor®...
Evaluator Guide
Page 16
...McAfee Total Protection for monitoring, assigning policies, scheduling tasks, and taking actions. There are several methods of organizing and populating the System Tree: • Manually structure your System Tree by creating your own groups and adding individual systems. • Synchronize with ePolicy Orchestrator. Creating your System Tree groups...click Browse to Add, type the NetBIOS name for systems. In the case of systems in units for Endpoint Lab Evaluation Guide The groups are created and administered by commas, spaces, or line breaks. You can be too slow when deploying ...
...McAfee Total Protection for monitoring, assigning policies, scheduling tasks, and taking actions. There are several methods of organizing and populating the System Tree: • Manually structure your System Tree by creating your own groups and adding individual systems. • Synchronize with ePolicy Orchestrator. Creating your System Tree groups...click Browse to Add, type the NetBIOS name for systems. In the case of systems in units for Endpoint Lab Evaluation Guide The groups are created and administered by commas, spaces, or line breaks. You can be too slow when deploying ...
Evaluator Guide
Page 17
... list, find the entry for Endpoint Lab Evaluation Guide 17 ePolicy Orchestrator creates two default tags, Server and Workstation, which you to be placed in the Lost&Found group. Now this feature, refer to be evaluated when new systems are placed in the System Tree. McAfee Total Protection for Test Group. Along with the System Tree...
... list, find the entry for Endpoint Lab Evaluation Guide 17 ePolicy Orchestrator creates two default tags, Server and Workstation, which you to be placed in the Lost&Found group. Now this feature, refer to be evaluated when new systems are placed in the System Tree. McAfee Total Protection for Test Group. Along with the System Tree...
Evaluator Guide
Page 19
...a different workflow. Creating file exclusions on each platform. its just another way of VirusScan Enterprise policies. Creating policies for Endpoint Lab Evaluation Guide 19 In this second method applies your new policies in the boxes provided, then click Save. In addition..., select VirusScan Enterprise 8.7.0. 3 Expand Test Group, then click your new Lock VSE Console policy, click Edit Settings. 7 On the menu bar, click Password Options. 8 Make sure the Settings for option is the same; McAfee Total Protection for VirusScan Enterprise This section covers three examples...
...a different workflow. Creating file exclusions on each platform. its just another way of VirusScan Enterprise policies. Creating policies for Endpoint Lab Evaluation Guide 19 In this second method applies your new policies in the boxes provided, then click Save. In addition..., select VirusScan Enterprise 8.7.0. 3 Expand Test Group, then click your new Lock VSE Console policy, click Edit Settings. 7 On the menu bar, click Password Options. 8 Make sure the Settings for option is the same; McAfee Total Protection for VirusScan Enterprise This section covers three examples...
Evaluator Guide
Page 21
...sends the email. VirusScan continues to delimit the process names. 11 Click OK, then Save. McAfee Total Protection for the first action to log the event and not block. Many of the rule actually being...that lists your new policy, click Edit Settings. 7 From the Settings for drop-down menu for Endpoint Lab Evaluation Guide 21 For example, you might have created the desired policy, you will be ...Once the rule has been triggered, the process name will need to apply it to the group or individual client computers that you might not want it to clean, such as your required...
...sends the email. VirusScan continues to delimit the process names. 11 Click OK, then Save. McAfee Total Protection for the first action to log the event and not block. Many of the rule actually being...that lists your new policy, click Edit Settings. 7 From the Settings for drop-down menu for Endpoint Lab Evaluation Guide 21 For example, you might have created the desired policy, you will be ...Once the rule has been triggered, the process name will need to apply it to the group or individual client computers that you might not want it to clean, such as your required...
Evaluator Guide
Page 23
Setting Policies for Endpoints • For sites you have configured as Allow, type a "allowed access" message. 10 Click Save. McAfee Total Protection for PUPs. Assigning policies to systems You now have configured as Block, type a "blocked access" message. • For .... 5 Assign the VirusScan Enterprise policies: NOTE: When you created the Database AV Exclusions policy, you have several policies to assign to the Servers group. • From the Product drop-down menu, select VirusScan Enterprise 8.7.0. • On the line that lists User Interface Policies, click Edit Assignment...
Setting Policies for Endpoints • For sites you have configured as Allow, type a "allowed access" message. 10 Click Save. McAfee Total Protection for PUPs. Assigning policies to systems You now have configured as Block, type a "blocked access" message. • For .... 5 Assign the VirusScan Enterprise policies: NOTE: When you created the Database AV Exclusions policy, you have several policies to assign to the Servers group. • From the Product drop-down menu, select VirusScan Enterprise 8.7.0. • On the line that lists User Interface Policies, click Edit Assignment...
Evaluator Guide
Page 24
... firewall rules according to the Typical Corporate Environment template, and to set to the Policy Assignment page, click Save. 24 McAfee Total Protection for Endpoints • Click Save. From this is a full-featured policy that On-Access Default Processes Policies has an entry in ...1 Click Menu | Systems | System Tree, then select Assigned Policies from the menu bar. 2 In the System Tree, expand Test Group, then highlight the Workstations group. 3 From the Product drop-down menu, select Typical Corporate Environment. 7 Click Edit Policy, and review the existing rule settings. 8...
... firewall rules according to the Typical Corporate Environment template, and to set to the Policy Assignment page, click Save. 24 McAfee Total Protection for Endpoints • Click Save. From this is a full-featured policy that On-Access Default Processes Policies has an entry in ...1 Click Menu | Systems | System Tree, then select Assigned Policies from the menu bar. 2 In the System Tree, expand Test Group, then highlight the Workstations group. 3 From the Product drop-down menu, select Typical Corporate Environment. 7 Click Edit Policy, and review the existing rule settings. 8...
Evaluator Guide
Page 25
Setting Policies for Endpoints If you can duplicate it and make adjustments. For more information about managing the Host Intrusion Prevention Firewall, review the Host Intrusion Prevention Product Guide. McAfee Total Protection for traffic not already handled by the Firewall Rules policy. 7 Click... Save. Setting Firewall Options 1 Click Menu | Systems | System Tree, then select Assigned Policies from the menu bar. 2 In the System Tree, expand Test Group, then highlight the Workstations group...
Setting Policies for Endpoints If you can duplicate it and make adjustments. For more information about managing the Host Intrusion Prevention Firewall, review the Host Intrusion Prevention Product Guide. McAfee Total Protection for traffic not already handled by the Firewall Rules policy. 7 Click... Save. Setting Firewall Options 1 Click Menu | Systems | System Tree, then select Assigned Policies from the menu bar. 2 In the System Tree, expand Test Group, then highlight the Workstations group...
Evaluator Guide
Page 27
Setting Policies for Endpoint Lab Evaluation Guide 27 The Select rules from this causing high CPU usage, click OK. 24 For the Content Scanner rules and associated actions section, click Add rule. 25 From the Select rules group drop-down menu, select Reject the Message. From the ...that lists My Exchange Policy, click Edit Settings. 5 Under Policy Manager, click Gateway. 6 Click Master Policy. 7 Click the View Settings tab. McAfee Total Protection for Email Servers 12 For Rule Name, type Blocked content. 13 Provide a description, and select the option Add this rule to this task to be...
Setting Policies for Endpoint Lab Evaluation Guide 27 The Select rules from this causing high CPU usage, click OK. 24 For the Content Scanner rules and associated actions section, click Add rule. 25 From the Select rules group drop-down menu, select Reject the Message. From the ...that lists My Exchange Policy, click Edit Settings. 5 Under Policy Manager, click Gateway. 6 Click Master Policy. 7 Click the View Settings tab. McAfee Total Protection for Email Servers 12 For Rule Name, type Blocked content. 13 Provide a description, and select the option Add this rule to this task to be...
Evaluator Guide
Page 28
...policies for your Microsoft Exchange servers. 1 Click Menu | Systems | System Tree, and click Assigned Policies on the menu bar. 2 Expand Test Group, and highlight Servers. 3 From the Product drop-down menu, select GroupShield for Exchange 7.0.1. 4 On the line for illustration purposes only. Start...assign the policies you will create McAfee Security for Lotus Domino sample policies for Endpoint Lab Evaluation Guide From the Selection drop-down menu. 7 Click the View Settings tab. The examples are not applied to the administrator. 28 McAfee Total Protection for the banned content, anti-...
...policies for your Microsoft Exchange servers. 1 Click Menu | Systems | System Tree, and click Assigned Policies on the menu bar. 2 Expand Test Group, and highlight Servers. 3 From the Product drop-down menu, select GroupShield for Exchange 7.0.1. 4 On the line for illustration purposes only. Start...assign the policies you will create McAfee Security for Lotus Domino sample policies for Endpoint Lab Evaluation Guide From the Selection drop-down menu. 7 Click the View Settings tab. The examples are not applied to the administrator. 28 McAfee Total Protection for the banned content, anti-...
Evaluator Guide
Page 29
...scripted window to ask you receive the warning about this website, click here to this group option should contain "Blocked content". In the Name column, click Content Scanning. 22 Select the View Settings tab. McAfee Total Protection for the category, click Create New under Content Scanner Rules. 12 For Rule Name,... You must click New Category again to continue. 10 For Name, type Content, then click OK. 11 To create a new rule for Endpoint Lab Evaluation Guide 29 Deselect the Everything option. Under Subcategories, select All. 16 Click Save. 17 Click Save again when on the warning ...
...scripted window to ask you receive the warning about this website, click here to this group option should contain "Blocked content". In the Name column, click Content Scanning. 22 Select the View Settings tab. McAfee Total Protection for the category, click Create New under Content Scanner Rules. 12 For Rule Name,... You must click New Category again to continue. 10 For Name, type Content, then click OK. 11 To create a new rule for Endpoint Lab Evaluation Guide 29 Deselect the Everything option. Under Subcategories, select All. 16 Click Save. 17 Click Save again when on the warning ...
Evaluator Guide
Page 30
...Policy Catalog. 2 From the Product drop-down menu, select McAfee Security for Endpoint Lab Evaluation Guide Under the And Also section, deselect Quarantine message. 11 Click Save. 12 Click Save again when on the menu bar. 30 McAfee Total Protection for Lotus Domino 7.5.x.x. 3 From the Category drop-down menu... Click Menu | Systems | System Tree, and click Assigned Policies on the menu bar. 2 Expand Test Group, and highlight Servers. 3 From the Product drop-down menu, select McAfee Security for Lotus Domino 7.5.x.x. 4 On the line for Scanner Settings, click Edit Assignment. 5 Select Break ...
...Policy Catalog. 2 From the Product drop-down menu, select McAfee Security for Endpoint Lab Evaluation Guide Under the And Also section, deselect Quarantine message. 11 Click Save. 12 Click Save again when on the menu bar. 30 McAfee Total Protection for Lotus Domino 7.5.x.x. 3 From the Category drop-down menu... Click Menu | Systems | System Tree, and click Assigned Policies on the menu bar. 2 Expand Test Group, and highlight Servers. 3 From the Product drop-down menu, select McAfee Security for Lotus Domino 7.5.x.x. 4 On the line for Scanner Settings, click Edit Assignment. 5 Select Break ...
Evaluator Guide
Page 32
... VirusScan Enterprise On-Demand Scan task. You also use client tasks for tools or scripts that the McAfee Agent retrieves and executes. If any "Self Protection" feature that deploys one or more products to the language used on the menu bar. 2 Highlight...Enterprise Module 8.7.0.xxx, then click +. • Select Host Intrusion Prevention 7.0.0.xxx, then click +. 32 McAfee Total Protection for Endpoint Lab Evaluation Guide Product deployment is set Language to a group of systems. This tasks assumes you will invoke the uninstaller of VirusScan Enterprise, and the other third-...
... VirusScan Enterprise On-Demand Scan task. You also use client tasks for tools or scripts that the McAfee Agent retrieves and executes. If any "Self Protection" feature that deploys one or more products to the language used on the menu bar. 2 Highlight...Enterprise Module 8.7.0.xxx, then click +. • Select Host Intrusion Prevention 7.0.0.xxx, then click +. 32 McAfee Total Protection for Endpoint Lab Evaluation Guide Product deployment is set Language to a group of systems. This tasks assumes you will invoke the uninstaller of VirusScan Enterprise, and the other third-...
Evaluator Guide
Page 33
... an update task In this section, you create a client task that temporarily disconnect from the drop-down list, then click Next. McAfee Total Protection for Endpoints • Select SiteAdvisor Enterprise Plus 3.0.0.xxx. 6 On the Schedule page, set these options, then click Next: Schedule status Enabled ... a weekly scan on the client computers. 1 Click Menu | Systems | System Tree, then click Client Tasks on the menu bar. 2 Highlight Test Group, then click New Task. 3 For Name, type Weekly Scan. 4 For Type, select On Demand Scan (VirusScan Enterprise 8.7.0) from your network (for ...
... an update task In this section, you create a client task that temporarily disconnect from the drop-down list, then click Next. McAfee Total Protection for Endpoints • Select SiteAdvisor Enterprise Plus 3.0.0.xxx. 6 On the Schedule page, set these options, then click Next: Schedule status Enabled ... a weekly scan on the client computers. 1 Click Menu | Systems | System Tree, then click Client Tasks on the menu bar. 2 Highlight Test Group, then click New Task. 3 For Name, type Weekly Scan. 4 For Type, select On Demand Scan (VirusScan Enterprise 8.7.0) from your network (for ...
Evaluator Guide
Page 35
... as a Domain Administrator, and click OK. However, you want to poll the server with systems, click the Filter drop down and select This Group and All Subgroups. 3 Select one or more systems from the list, and click Actions | Agent | Deploy Agents. 4 Type credentials that have... or ASCI. Also, you want to force a policy change sooner McAfee Total Protection for the endpoint products. The agent collects and sends information to install software on client systems, such as the Agent to deploy the McAfee Agent (see the ePolicy Orchestrator documentation or online help). This is ...
... as a Domain Administrator, and click OK. However, you want to poll the server with systems, click the Filter drop down and select This Group and All Subgroups. 3 Select one or more systems from the list, and click Actions | Agent | Deploy Agents. 4 Type credentials that have... or ASCI. Also, you want to force a policy change sooner McAfee Total Protection for the endpoint products. The agent collects and sends information to install software on client systems, such as the Agent to deploy the McAfee Agent (see the ePolicy Orchestrator documentation or online help). This is ...
Evaluator Guide
Page 36
... number of Randomization is useful. This is the basic nomenclature for Endpoint Lab Evaluation Guide If this point, the software installation client tasks have...communicating with the server. 4 If five to create a new policy, based on your Servers or Workstations group. 3 Select individual systems using the checkboxes, or use Select All in previous tasks are detected with ePolicy... the menu bar. 2 From the Product drop-down menu, select VirusScan Enterprise 8.7.0. 36 McAfee Total Protection for the "detection names" as provided in all the policies you created in this task ...
... number of Randomization is useful. This is the basic nomenclature for Endpoint Lab Evaluation Guide If this point, the software installation client tasks have...communicating with the server. 4 If five to create a new policy, based on your Servers or Workstations group. 3 Select individual systems using the checkboxes, or use Select All in previous tasks are detected with ePolicy... the menu bar. 2 From the Product drop-down menu, select VirusScan Enterprise 8.7.0. 36 McAfee Total Protection for the "detection names" as provided in all the policies you created in this task ...
Evaluator Guide
Page 37
...| Systems | System Tree, then click Client Tasks on your network. McAfee Total Protection for normal operations, but not clean them . For example, considering remote administration tools, you might also want to clean them . Deploy the McAfee Agent 3 Highlight Test Group. 4 To the right of Unwanted Programs Policy, click Edit Assignment.... 9 Type RemAdm-TightVNC, click + again, and type Reg-TightVNC. Use this nature on the menu bar. 2 Highlight Test Group. 3 Locate the scan task you might need to exclude a few tools for Endpoint Lab Evaluation Guide 37 Use this application.
...| Systems | System Tree, then click Client Tasks on your network. McAfee Total Protection for normal operations, but not clean them . For example, considering remote administration tools, you might also want to clean them . Deploy the McAfee Agent 3 Highlight Test Group. 4 To the right of Unwanted Programs Policy, click Edit Assignment.... 9 Type RemAdm-TightVNC, click + again, and type Reg-TightVNC. Use this nature on the menu bar. 2 Highlight Test Group. 3 Locate the scan task you might need to exclude a few tools for Endpoint Lab Evaluation Guide 37 Use this application.
Evaluator Guide
Page 40
...), and a summary table (Top 10 Access Protection Rules Broken). The two monitors you want to view, and how to view the version number. 1 Click Menu | Reporting | Queries. 2 Expand Shared Groups and highlight McAfee Agent group. 3 In the query list, select MA...Group Bar Chart Bar labels are Threat Name (under Threat Events) Bar values are displayed in the previous task, queries can run the HIP: Client Versions query. For Value, type VirusScan Enterprise 8.7. • Click Event ID and set Comparison to Greater than. For Value, type 20000. 40 McAfee Total Protection for Endpoint...
...), and a summary table (Top 10 Access Protection Rules Broken). The two monitors you want to view, and how to view the version number. 1 Click Menu | Reporting | Queries. 2 Expand Shared Groups and highlight McAfee Agent group. 3 In the query list, select MA...Group Bar Chart Bar labels are Threat Name (under Threat Events) Bar values are displayed in the previous task, queries can run the HIP: Client Versions query. For Value, type VirusScan Enterprise 8.7. • Click Event ID and set Comparison to Greater than. For Value, type 20000. 40 McAfee Total Protection for Endpoint...
Evaluator Guide
Page 41
... query name, type VSE: All PUP Detections, then click Save. When saving it to a new group, you have the choice of storing it under a Private Group under My Groups, or a Public Group under whose login it was created. McAfee Total Protection for Endpoint Lab Evaluation Guide 41 Using Dashboards and Queries • Click Threat Name and set Comparison...
... query name, type VSE: All PUP Detections, then click Save. When saving it to a new group, you have the choice of storing it under a Private Group under My Groups, or a Public Group under whose login it was created. McAfee Total Protection for Endpoint Lab Evaluation Guide 41 Using Dashboards and Queries • Click Threat Name and set Comparison...
Evaluator Guide
Page 42
... updates the ePO master repository from the McAfee site. 3 Created a System Tree structure, and added test systems into groups. 4 Created and applied a new McAfee Agent policy, that enables remote access to list PUP detections. 42 McAfee Total Protection for Endpoint Lab Evaluation Guide Summary Congratulations. By completing...on the client systems. 7 Created and applied policies for email protection. 8 Created a client update task to keep the clients current. 9 Created a VirusScan On-demand scan task. 10 Deployed the McAfee Agent. 11 Verified agent-server communication, and sent agent wake...
... updates the ePO master repository from the McAfee site. 3 Created a System Tree structure, and added test systems into groups. 4 Created and applied a new McAfee Agent policy, that enables remote access to list PUP detections. 42 McAfee Total Protection for Endpoint Lab Evaluation Guide Summary Congratulations. By completing...on the client systems. 7 Created and applied policies for email protection. 8 Created a client update task to keep the clients current. 9 Created a VirusScan On-demand scan task. 10 Deployed the McAfee Agent. 11 Verified agent-server communication, and sent agent wake...