Cox McAfee User Manual

McAfee Total Protection Service

Product Guide

McAfee Total Protection Service Product Guide

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONS

AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

License Attributions

Refer to the product Release Notes.

McAfee Total Protection Service Product Guide

Contents

Introducing Total Protection Service ....................................................................... 8

Using the Client Software ....................................................................................... 20

Using the SecurityCenter ........................................................................................ 30

How Total Protection Service works ............................................................................................................. 9

Types of protection .................................................................................................................................... 9

Core product strengths ............................................................................................................................. 10

New features for this release .................................................................................................................... 11

The role of the client software .................................................................................................................. 11

Updates to the client software .................................................................................................................. 12

Overview of update methods .......................................................................................................... 13

Simple updates through direct connections ...................................................................................... 14

Updates using Rumor technology .................................................................................................... 14

Updates through relay servers ........................................................................................................ 14

Management with the SecurityCenter ........................................................................................................ 15

Create user groups......................................................................................................................... 16

Customize policies .......................................................................................................................... 17

Check reports ................................................................................................................................ 19

How to access the client software. ............................................................................................................ 20

About the icon ............................................................................................................................... 21

About the console .......................................................................................................................... 22

Types of client software updates ............................................................................................................... 22

Terminal server support .................................................................................................................. 24

Specifying when computers check for updates ................................................................................. 24

Updating client computers manually ................................................................................................ 24

Disabling updates for non-logged on users ...................................................................................... 25

Performing setup and maintenance tasks ................................................................................................... 25

Testing virus protection .................................................................................................................. 25

Changing the language for the software .......................................................................................... 26

Logging on as a site administrator ................................................................................................... 26

Configuring notifications ................................................................................................................. 26

Configuring what users see ............................................................................................................ 27

Uninstalling the client software ....................................................................................................... 27

Frequently asked questions ...................................................................................................................... 28

Error messages ........................................................................................................................................ 28

The SecurityCenter .................................................................................................................................. 30

Logging on to the SecurityCenter .................................................................................................... 31

Accessing data on SecurityCenter pages .......................................................................................... 32

McAfee Total Protection Service Product Guide

Protection status at a glance ..................................................................................................................... 33

Viewing protection at a glance ........................................................................................................ 34

Working with widgets ..................................................................................................................... 35

Management of client computers .............................................................................................................. 36

Working with computers ................................................................................................................. 37

Working with an individual computer ............................................................................................... 38

Management of computer groups ............................................................................................................. 39

Working with groups ...................................................................................................................... 40

Management of Active Directory groups ..................................................................................................... 41

Downloading the Active Directory Synchronization utility ................................................................... 41

Importing Active Directory groups ................................................................................................... 41

Installing on Active Directory groups ................................................................................................ 42

Synchronizing Active Directory groups ............................................................................................. 43

Viewing the synchronization status .................................................................................................. 43

Viewing the Active Directory tree in the SecurityCenter ..................................................................... 43

Management of group administrators ........................................................................................................ 44

Working with group administrators .................................................................................................. 45

Management of security policies ............................................................................................................... 46

McAfee Default policy ..................................................................................................................... 47

Working with policies ..................................................................................................................... 51

Generation of security reports ................................................................................................................... 51

Scheduling reports ......................................................................................................................... 53

Adding your logo to reports ............................................................................................................ 54

Computer Profiles report................................................................................................................. 54

Duplicate Computers report ............................................................................................................ 55

Managing your account ............................................................................................................................ 56

Configuring your account profile ...................................................................................................... 56

Signing up for email notifications .................................................................................................... 57

Viewing and updating subscription information ................................................................................ 57

Buying and renewing subscriptions and licenses ............................................................................... 58

Locating or creating keys for your account ....................................................................................... 58

Merging accounts ........................................................................................................................... 59

Downloading tools and utilities .................................................................................................................. 59

Getting assistance .................................................................................................................................... 60

Frequently asked questions about the SecurityCenter ................................................................................. 61

Questions about reporting .............................................................................................................. 61

Questions about adding, renewing, and moving licenses ................................................................... 62

Using Virus and Spyware Protection ...................................................................... 63

How detections are handled ..................................................................................................................... 64

McAfee Total Protection Service Product Guide

Spyware protection mode and detections ................................................................................................... 64

Use learn mode to discover programs .............................................................................................. 65

Types of scans ......................................................................................................................................... 65

On-access (automatic) scans .......................................................................................................... 65

On-demand scans .......................................................................................................................... 66

Email scans ................................................................................................................................... 67

Spyware scans ............................................................................................................................... 67

Scanning on client computers ................................................................................................................... 68

Scanning on demand from the console ............................................................................................ 68

Scanning on demand from Windows Explorer ................................................................................... 68

Scanning email on client computers................................................................................................. 69

Viewing the progress of scheduled scans ......................................................................................... 69

Enabling and disabling on-access scanning ...................................................................................... 69

Configuring scanning policy options .......................................................................................................... 70

Scheduling a scan .......................................................................................................................... 70

Enabling optional types of virus scans ............................................................................................. 70

Excluding files and folders from virus scans ...................................................................................... 71

Selecting spyware scanning options ................................................................................................ 72

Approving and unapproving programs in a policy .............................................................................. 72

Managing detections ................................................................................................................................ 73

Viewing scan results on client computers ......................................................................................... 73

Managing potentially unwanted programs on client computers ........................................................... 74

Viewing quarantined files on client computers .................................................................................. 74

Viewing user-approved programs and applications ............................................................................ 75

Viewing threats detected on the account ......................................................................................... 76

Viewing unrecognized programs detected on the account .................................................................. 77

Reports for virus and spyware protection ................................................................................................... 77

Detections report ........................................................................................................................... 78

Unrecognized Programs report ........................................................................................................ 79

Detection History report ................................................................................................................. 79

Best practices (virus and spyware protection) ............................................................................................. 80

Frequently asked questions ...................................................................................................................... 80

Error messages ........................................................................................................................................ 81

Using Firewall Protection ....................................................................................... 82

Connection type and detections of incoming communications ...................................................................... 83

Custom connections ....................................................................................................................... 83

Firewall protection mode and detections of unknown applications ................................................................ 85

Use learn mode to discover Internet applications .............................................................................. 86

The role of IP addresses ........................................................................................................................... 86

McAfee Total Protection Service Product Guide

The role of system service ports ............................................................................................................... 86

Standard assignments for system service ports ................................................................................ 87

Firewall configuration ............................................................................................................................... 87

Interaction between user and administrator policy settings. ............................................................... 89

Configuring policy options ........................................................................................................................ 89

Selecting general firewall settings .................................................................................................... 89

Configuring options for Internet applications .................................................................................... 90

Tracking blocked communications ................................................................................................... 91

Configuring custom connections ............................................................................................................... 91

Configuring system services and port assignments ........................................................................... 91

Configuring IP addresses ................................................................................................................ 92

Installing and enabling firewall protection at the policy level ........................................................................ 93

Installing firewall protection during policy updates ............................................................................ 94

Enabling and disabling firewall protection ......................................................................................... 94

Managing detections ................................................................................................................................ 95

Viewing unrecognized programs detected on the account .................................................................. 95

Viewing user-approved programs and applications ............................................................................ 95

Viewing blocked communications .................................................................................................... 96

Reports for firewall protection ................................................................................................................... 97

Unrecognized Programs report ........................................................................................................ 97

Inbound Events Blocked by Firewall report ....................................................................................... 97

Best practices (firewall protection) ............................................................................................................. 98

Frequently asked questions ...................................................................................................................... 99

Questions about policies ................................................................................................................. 99

Questions about general firewall protection .................................................................................... 100

Using Browser Protection and Web Filtering ........................................................ 101

Browser protection features .................................................................................................................... 101

How safety ratings are compiled ............................................................................................................. 102

Safety icons and balloons protect during searches .................................................................................... 103

Using site safety balloons ............................................................................................................. 103

Testing communication problems .................................................................................................. 103

SiteAdvisor menu protects while browsing ............................................................................................... 104

Using the SiteAdvisor menu .......................................................................................................... 105

Safety reports provide details .................................................................................................................. 105

Viewing safety reports .................................................................................................................. 107

Information that browser protection sends to McAfee ................................................................................ 107

Installing browser protection during policy updates ................................................................................... 108

Web filtering features ............................................................................................................................. 108

Enabling and disabling browser protection via policy ................................................................................. 108

McAfee Total Protection Service Product Guide

Enabling and disabling protection at the client computer ........................................................................... 109

Block and warn sites by safety ratings ..................................................................................................... 109

Blocking or warning site access based on safety ratings ................................................................... 111

Blocking or warning file downloads based on safety ratings ............................................................. 111

Blocking phishing pages ............................................................................................................... 112

Block and warn sites by content .............................................................................................................. 112

Blocking or warning site access based on content ........................................................................... 113

Authorize and prohibit sites by URL or domain .......................................................................................... 113

How site patterns work................................................................................................................. 114

Adding authorized and prohibited sites .......................................................................................... 115

Customizing messages for users ............................................................................................................. 115

Viewing browsing acitivity ....................................................................................................................... 116

Web Filtering report ............................................................................................................................... 117

Best practices (browser protection) ......................................................................................................... 117

Frequently asked questions..................................................................................................................... 118

McAfee Total Protection Service Product Guide

▲ ▲ ▲ ▲ ▲ ▲ ▲

Introducing Total Protection Service

Total Protection Service provides a “hands-off” solution to safeguard the computers on your network automatically by keeping itself up-to-date and checking for threats contained in files and programs, in email messages, in communications from inside and outside the network, and on websites.

When you purchase a subscription to Total Protection Service, an account is created for you, and you become the account administrator (referred to as the you install the Total Protection Service client software on computers, they are added to your account. A weekly email alerts you to any problems detected for computers on your account.

NOTE: In some organizations, another person, such as a purchasing department

representative, purchases the subscription and then designates you to be the site administrator.

For a more “hands-on” approach, use the SecurityCenter to view and manage computers and detections on your network. Your service provider sends you a unique URL and login credentials for your account, which you can use to access the SecurityCenter. This is a preconfigured website that provides a simple-to-use management console for monitoring the protection status of computers on your account. Use the SecurityCenter to view reports on detections and activities and to configure security settings that address the specific needs of your account.

This section provides an overview of the product and its features.

Contents

How Total Protection Service works Types of protection Core product strengths New features for this release The role of the client software Updates to the client software Management with the SecurityCenter

site administrator

). When

McAfee Total Protection Service Product Guide

Introducing Total Protection Service How Total Protection Service works

Client software runs on each computer where it is installed.

The client software up dates itself — automatically and silently — by downloading the latest detection definition

(DAT) files from your account’s administrative website, the McAfee Security Center. DAT files define the threats

that the client software detects.

The client software uploads security information about each computer to the Security Center

for use in administrative reports.

As your account’s administrator, you can use a web browser to visit the Security Center, where you can access

reports that detail the status of client computers and use tools for customizing and managing security.

How Total Protection Service works

Total Protection Service delivers comprehensive security as a service for all the computers on your account. It automatically checks for threats, intercepts them, takes the appropriate action to keep your data and your network safe, and tracks detections and security status for reports.

Types of protection

The core features in Total Protection Service safeguard against a broad range of threats.

McAfee Total Protection Service Product Guide

Introducing Total Protection Service Core product strengths

Feature

Description

Virus and spyware protection

Checks for viruses, spyware, unwanted programs, and other potential threats

borne on removable media or brought in from your network, including via email.

Every time a file on your computer is accessed, virus and spyware protection

scans the file to make sure it is free of viruses and spyware.

Firewall protection

Establishes a barrier between each computer and the Internet or other

computers on your local network. It silently monitors communications traffic

for suspicious activity and takes appropriate action, such as blocking.

Browser protection

Displays information to safeguard client computer users against web-based

threats. Users can view website safety ratings and safety reports as they browse

or search with Microsoft Internet Explorer or Mozilla Firefox.

McAfee SecurityCenter

Provides centralized access to status information and management tasks for

your account.

Core product strengths

Total Protection Service safeguards your computers with:

• Continuous protection — From the time a client computer is turned on until it is turned

off, Total Protection Service silently monitors all file input and output, downloads, program executions, inbound and outbound communications, and other system-related activities.

• Instant discovery for virus threats — When Total Protection Service detects a virus

threat, it attempts to clean the item containing the threat before further damage can occur. If an item cannot be cleaned, a copy of it is placed in a quarantine folder and the original item is deleted.

• Customized threat response for program detections — By default, Total Protection

Service provides a high degree of protection against threats. You can also configure the response to detections of potentially unwanted programs and suspicious activity to suit your needs: take immediate action to clean, quarantine, or block the detection; prompt users for a response; or only log the detection for administrative reports.

• Preemptive safety notificationsfor web-based threats — Threats reported on

websites are communicated to users through color-coded icons and safety reports, enabling them to minimize exposure to dangerous websites.

• Automatic updates — Total Protection Service checks for product updates at regular

intervals throughout the day, comparing security components against the latest releases. When a computer needs a newer version, the client software retrieves it automatically.

• Avert Early Warning system and outbreak response — Total Protection Service

uses the latest information about threats and outbreaks as soon as they are discovered by McAfee Avert® Labs, a research division of McAfee. Whenever Avert Labs releases an outbreak detection definition (DAT) file, computers on your account receives it promptly.

McAfee Total Protection Service Product Guide

Introducing Total Protection Service New features for this release

Now you can do this...

Details

Customize the SecurityCenter home page

Select the summary and activity reports (known as

widgets

) that appear

on the Dashboard page. Click and drag to reposition and resize widgets.

Get real-time evaluation for unrecognized

Artemis technology sends unrecognized detections to McAfee Avert

threat detections

Labs for evaluation.

Schedule reports

Customize the data that appears in reports, then automatically generate

and email these reports at regular intervals.

Designate a default policy for your account

Select a customized policy as the default assigned to computers in your

account.

Display computers by policy

Organize the computer listing for your account by policy as well as by

groups.

Access more account data on the

Look up your company key, grant number, installation URL, and group

SecurityCenter

IDs more easily.

Now you can do this... Details

Control access to websites based on their Web filtering works within browser protection to add policy and reporting safety ratings and content options. You can block user access to websites and file downloads or

warn them about reported threats, customize messaging that displays for blocked sites, create lists of authorized and prohibited websites based on their domain or URL, or view a report of web browsing activity on your network.

Scan websites for vulnerabilities Vulnerability scanning enables you to register IP addresses, then scan

them for vulnerabilities and report scan results to the SecurityCenter in alerts.

Access protection portals without separate The single sign-on feature lets you open the email protection or login credentials vulnerability scanning portal directly from the SecurityCenter, without

entering additional login credentials.

New features for this release

Core features

All versions of Total Protection Service include these new features to facilitate account management.

Additional types of protection

Some versions of Total Protection Service offer additional types of protection that extend coverage to other network assets.

The role of the client software

The Total Protection Service software installed on client computers implements a three-prong approach to security by:

1 Silently monitoring all file input and output, downloads, program executions, inbound and

outbound communications, and other system-related activities on client computers. As a result of this monitoring, the client software automatically:

McAfee Total Protection Service Product Guide

Introducing Total Protection Service Updates to the client software

• Deletes or quarantines detected viruses.

• Removes potentially unwanted programs, such as spyware or adware, unless you select

a different response.

• Blocks suspicious activity unless you specify a different response.

• Indicates unsafe websites with a color-coded button or icon in the browser window or

search results page. These indicators provide access to safety reports that detail sitespecific threats.

2 Regularly updating detection definition (DAT) files and software components to ensure that

you are always protected against the latest threats.

3 Uploading security information for each client computer to the SecurityCenter, then using

this information to send emails and create reports that keep you informed about your account’s status.

Updates to the client software

Regular updates are the cornerstone of Total Protection Service. The client software periodically checks a site on the Internet for newer versions of these software components.

• Regular DAT files, which contain the latest definitions for viruses, potentially unwanted

programs, and cookies and registry keys that might indicate spyware. These are updated regularly to add protection against new threats.

• Outbreak DAT files, which are high-priority detection definition files released in an

emergency situation in response to a specific new threat.

• Upgrades to the software.

• Policy updates.

• Updates of its software components running on client computers.

• Updates to the security data maintained on the SecurityCenter website and used in

administrative reports.

At the same time, the client software sends information about its detections and protection status, to update the security data maintained on the SecurityCenter website and used in administrative reports.

McAfee Total Protection Service Product Guide

Introducing Total Protection Service Updates to the client software

Overview of update methods

Five minutes after a client computer connects to the network, and at regular intervals throughout the day, the Total Protection Service client software checks for updates. If updates are available, the client computer retrieves them.

In addition, users can check for updates manually at any time by clicking the Total Protection Service icon in the system tray, then selecting Update Now.

Updates can occur in three ways. You can implement one method or a combination of methods, which enables you to tune the impact updates have on network resources.

1 For simple updates, each client computer on your account has a direct connection to the

Internet and checks for new updates.

2 Rumor technology enables all computers in a workgroup to share downloaded files, which

controls Internet traffic and minimizes expensive downloads.

3 Internet Independent Updating (IIU) enables any computer on the network to get

information from the update site, even if that computer does not have an Internet connection, by communicating with the update site through a network computer that is configured as a relay server.

McAfee Total Protection Service Product Guide

Introducing Total Protection Service Updates to the client software

Simple updates through direct connections

Each client computer that has a direct Internet connection can check for updates and download them from the update site on the Internet. This is the simplest method of retrieving updates.

Updates using Rumor technology

When one computer shares updates with other computers on the local area network (LAN), rather than requiring each computer to retrieve updates from the update website individually, the Internet traffic load on the network is reduced. This process of sharing updates is called Rumor.

1 Each client computer checks the version of the most recent catalog file on the Internet site.

This catalog file contains information for every component in the Total Protection Service client software, and is stored in a digitally signed, compressed .cab file format.

• If the version is the same as the catalog file on the client computer, the process

stops here.

• If the version is different from the catalog file on the client computer, the client

computer attempts to retrieve the latest catalog file from its peers. It queries if other computers on the LAN have already downloaded the new catalog file.

2 The client computer retrieves the required catalog file (directly from the Internet site or

from one of its peers) and uses it to determine if new components are available for Total Protection Service.

3 If new components are available, the client computer attempts to retrieve them from

its peers. It queries whether computers on the LAN have already downloaded the new components.

• If so, the client computer retrieves the update from a peer. (Digital signatures are

checked to verify that the computer is valid.)

• If not, the client computer retrieves the update directly from the update site.

4 On the client computer, the catalog file is extracted and new components are installed.

Updates through relay servers

Internet Independent Updating (IIU) enables computers to update Total Protection Service client software when they are not connected to the Internet. At least one computer on the subnet must have an Internet connection to be able to communicate with the update site. That computer is configured to act as a relay server, and computers without an Internet connection use this computer to connect with the Internet and retrieve updates directly from the McAfee update site.

1 When a computer without Internet access fails to connect directly to the update

site, requests a response from a relay server on the LAN and uses that computer to communicate with the update site.

2 The computer without an Internet connection downloads updates directly from the update

site through the relay server.

You can specify which computers function as relay servers when you install the client software or at a later time. See the installation guide for more information.

McAfee Total Protection Service Product Guide

Introducing Total Protection Service Management with the SecurityCenter

Management with the SecurityCenter

Your service provider sends you a unique URL and login credentials for your account, which you can use to log on to the SecurityCenter. From the SecurityCenter, you can access management tools to monitor the status of computers on your account and configure security settings that address the specific needs of your account.

The Dashboard page is the “home page” of the SecurityCenter. It shows summary information for your account at-a-glance.

• Alerts and action items — Indicate whether any action is required to address security

issues, and links you to instructions for resolving them.

• Product coverage and activity summaries — Modular reports (known as

illustrate the current status of your account. These include reports on protection coverage (such as computers where protection is installed and enabled) and activity (such as the number of detections, emails, and website visits). The type, size, and placement of widgets can be customized.

widgets

)

McAfee Total Protection Service Product Guide

Introducing Total Protection Service Management with the SecurityCenter

• Subscription tracking — Widgets are available to show subscription and licensing

information for your account. Click a button to install protection, create a trial subscription, renew or purchase a subscription, or buy additional licenses.

• Links to related portals — Some widgets contain a link to a portal used for managing

non-client-based protection, such as email protection and vulnerability scanning.

The SecurityCenter offers two powerful tools for protecting and monitoring displaying your computers and fine-tuning their security settings.

• User groups: Create groups for computers that have one or more common characteristics.

This enables you to view and manage them as a single entity when needed.

• Customized policies: Select settings for protection features, save them in a policy, and

assign the policy to computers or groups of computers. This enables you to configure settings targeted specifically for each computer’s environment and risk factors.

From the SecurityCenter, access important information and additional management tools.

• Installation wizard and links to remote installation methods.

• Detailed identification, activity, and detection data for the groups and computers on

your account.

• Administrative reports.

• Policy configuration tools.

• Account configuration, reference information, and subscription status.

• Helpful utilities.

• Product documentation and links to product support and demos.

Create user groups

A group consists of one or more computers that share a particular feature. Each computer running the client software belongs to a group. By default, computers are placed in the Default Group.

In large accounts, groups are an essential tool for managing computers because they let you manage different types of computers more easily. You can view all the computers in a group, view detections and reports for the group, and assign security settings (called group as a single entity rather than individually. You can base groups on geographic location, department, computer type, user tasks, or anything meaningful to your organization.

For example, you might place all laptops used by traveling sales representatives into a single group called Sales Team. You can then view details about this group of computers separately from other computers in your account. You can easily check detections for these computers or customize their security settings to protect them from the risks specific to users of public networks.

To create groups, use the Computers tab on the SecurityCenter website.

The following example shows how an administrator might configure policies for client computers in three different groups. You should configure policies for your users to meet your own company’s needs.

policies

) to a

McAfee Total Protection Service Product Guide

Introducing Total Protection Service Management with the SecurityCenter

Policy setting

Home Office Group

On-site client computers

Sales Team Group

Laptops

Administrative Group

Site and group administrators

On-Demand Scan Weekly Daily Daily

Enable outbreak response Enabled Enabled Enabled

Scan within archives during No on-access scans

Check for updates every 12 hours

Spyware Protection Mode Prompt Protect Prompt

Approved Programs None None Nmap remote admin tool

Firewall Protection Mode Protect Protect Prompt

Use Smart Recommendations to automatically approve common Internet applications

Connection Type

Allowed Internet Applications

Access to Sites, Access to Downloads (Web Filtering)

Block phishing pages (Web Filtering)

Enabled No Enabled

Trusted network

AOL Instant Messenger None

• Red — Block • Red — Block • Red — Warn

• Yellow — Warn • Yellow — Block • Yellow — Allow

• Unrated — Warn

Enabled Enabled Enabled

Enabled Enabled

4 hours

Untrusted network

• Unrated — Warn

4 hours

Trusted network

• AOL Instant

Messenger

• GoogleTalk

• Unrated — Allow

Customize policies

After installation, Total Protection Service protects client computers from threats immediately by using the security settings configured in the McAfee Default policy. However, you might want to change the way some features are implemented for some or all of the computers on your account. For example, you might want to set up a list of programs you consider safe or have computers check for updates every four hours.

Policies are made up of security settings that define how the client software operates on client computers. Policy management allows you to assign different levels and types of protection to different users. If you have created groups, you can assign a unique policy to each group or one policy to all groups.

McAfee Total Protection Service Product Guide

Introducing Total Protection Service Management with the SecurityCenter

Create a Sales Team group and a Sales policy.

Assign the Sales policy to the computers in the Sales Team group.

Client software running on computers in the Sales Team group performs the tasks defined in the Sales

policy:

• Check for updates to software components and DAT files every 4 hours.

• Check for an outbreak DAT file every hour.

• Scan for viruses and potentially unwanted programs daily.

• Block communication from computers on the local network (untrusted network).

Client software sends security data for each client computer to the SecurityCenter.

Administrator checks the security status for the Sales Team group in reports on the SecurityCenter.

The administrator adjusts the Sales policy. The modified policy is downloaded automatically to client

computers in the Sales Team group the next time they check for updates.

For example, you can assign a Sales policy to your mobile Sales Team group, with security settings that protect against threats in unsecured networks such as airports and hotels.

McAfee Total Protection Service Product Guide

Introducing Total Protection Service Management with the SecurityCenter

Check reports

Whenever client computers check for updates, they upload information about their security status to the SecurityCenter. This information includes the number and type of detections, the functional status of the client software, and any applications or communications that were approved by users or blocked. The method used to upload information is the same method used to retrieve updates (i.e., through a direct connection, Rumor technology, or a relay server).

A summary of this information is sent to you in a weekly status email (unless you or your service provider has disabled this feature). You can also retrieve detailed information in reports available on the SecurityCenter. Reports show the types of detections and activities occurring for computers on your account. Use them to evaluate the current policy options for your account and adjust them as needed.

You can also schedule these reports to run at regular intervals and be delivered to you or other specified persons as an email attachment.

McAfee Total Protection Service Product Guide

▲ ▲ ▲ ▲ ▲

Using the Client Software

Total Protection Service client software is installed on each computer you want to protect. When installation is complete, the computer is added to your Total Protection Service account automatically. The software then runs in the background to download updates to the computer, protect the computer from threats, and send detection data to the SecurityCenter for use in administrative reports.

Typically, users have little interaction with the client software unless they want to manually scan for threats. User tasks are documented in the online user help on client computers.

As an administrator, you can use the SecurityCenter website to configure settings and monitor detections for the client computers on your account. Occasionally, you might work directly on a client computer by using the tasks described in this section.

Contents

How to access the client software Types of client software updates Performing setup and maintenance tasks Frequently asked questions Error messages

How to access the client software

Total Protection Service has two visual components through which users interact with the client software:

An icon that appears in the Windows system tray.

• A console that displays the current protection status and provides access to features.

You, the administrator, determine which components appear by configuring policy options on the SecurityCenter website and assigning them to client computers. The options are:

• Icon only, which enables users to access only a limited set of features. They can view the

status of the software (for example, when downloads are occurring) and perform manual updates.

• Icon and protection status summary, which allows access to a limited set of features.

• Icon and full console, which allows access to all features. This is the default setting.

McAfee Total Protection Service Product Guide

Using the Client Software How to access the client software

This icon... ...indicates:

Total Protection Service is active and there are no issues to be aware of.

An update is in progress. Do not interrupt your Internet or LAN connection; do not log off your computer.

One of these conditions exists:

• Your Total Protection Service subscription is expired. Renew it or contact

your administrator.

• Your pre-installed or trial subscription is not activated.

• Firewall protection is disabled.

Access these policy options on the Policies page under Client Settings.

About the icon

The Total Protection Service icon appears in the Windows system tray. It provides access to the product’s console and to some of the basic tasks you might need to perform.

Use the icon to:

• Check for product updates.

• Open the console, to check the protection status and access features. (Available if the

administrator has configured this option.)

• Activate your copy of the software.

• Renew the subscription or buy more licenses.

How the icon indicates the status of the client software

The appearance of the icon changes to indicate the status of the client software. Hold your cursor over the icon to display a message describing the current condition.

McAfee Total Protection Service Product Guide

Using the Client Software Types of client software updates

This icon... ...indicates:

About the console

Check the protection status and access the features of the client software through the console. To display the console, use one of these methods:

• Double-click the Total Protection Service icon in the system tray.

• Click the icon, then select Open Console.

Click Start | Programs | McAfee | Managed Services | Total Protection Service. The basic console displays the status of the protection features installed on the computer.

• Detected risks are highlighted in red. Click Fix to resolve the risk.

• To access product features and perform tasks, click Action Menu, then select from

the options:

• Product Details — Display the full console with links to features and tasks.

• Scan Computer — Select a scan target and begin scanning for threats.

• Set Connection Type — Specify the type of network the computer connects to. This

determines which communications firewall protection allows to access the computer.

• View Application List — Specify applications that are allowed to access the Internet

or blocked.

• Admin Login — Log on as an administrator to access administrative features. Requires

site administrator credentials.

• View Help — Display online help.

NOTE: The client features you can access are determined by policy options assigned to

the computer.

• The last update failed to complete. Check your Internet or LAN connection

and perform a manual update (click the icon, then select Update Now).

• On-access scanning is disabled.

Types of client software updates

Regular updates are the cornerstone of Total Protection Service. To perform updates, the client software connects directly to a site on the Internet and checks for:

• Updates to the detection definition (DAT) files used to detect threats. DAT files contain

definitions for threats such as viruses and spyware, and these definitions are updated as new threats are discovered.

• Upgrades to software components. (To simplify product terminology, both updates and

upgrades are referred to as updates.)

Updates usually occur automatically in the background. Even computers without Internet access can retrieve updates through relay servers. In addition, users can perform on-demand (manual) updates at any time, and you can configure optional policy settings for updating tasks.

Client software is updated in these ways.

McAfee Total Protection Service Product Guide

Using the Client Software Types of client software updates

Type of update

Description

Automatic updates

The software on each client computer automatically connects to the Internet directly or through a relay server and checks for updated components. Total Protection Service checks for updates five minutes after a user logs on and at regular intervals thereafter. For example:

• If a computer is normally connected to the network all the time, it checks

for updates at regular intervals throughout the day.

• If a computer normally connects to the network each morning, it checks

for new updates five minutes after the user logs on each day, then at regular intervals throughout the day.

• If a computer uses a dial-up connection, the computer checks for new

updates five minutes after dialing in, then at regular intervals throughout the day.

By default, computers check for new updates every 12 hours. You can change this interval by configuring a policy setting.

NOTE: Automatic updates do not work:

• On computers where a CHAP or NTML proxy is set up in Internet Explorer.

• When no user is logged on to a computer without an Internet connection

that receives updates using a relay server.

Pre-installed and CD-based versions of Total Protection Service need to be activated before automatic updates occur. See the online user help for more information.

Manual updates

At times, users might want to check for updates manually. For example, when

a computer appears to be out-of-date in your administrative reports, users might

need to update manually as part of the troubleshooting process.

Outbreak updates

When an outbreak is identified by McAfee Avert Labs, they issue an outbreak DAT, which is a special detection definition (DAT) file marked as Medium or High importance. It is specially encoded to inform the first computer receiving it to share the update immediately with other client computers on the network.

NOTE: In rare cases, McAfee might send an EXTRA.DAT file with instructions for

manually installing it.

For maximum protection, configure your policies to check for an outbreak DAT file every hour. This feature is enabled by default.

Updates when no user is logged on

In most scenarios, Total Protection Service supports terminal servers and the Windows fast user switching feature. When an update occurs, one session is designated as the primary update session. A pseudo user is defined, which enables automatic updates to occur on computers where no user is logged on.

For certain configurations, automatic updates cannot occur. Total Protection Service cannot create the pseudo user when:

• The computer is a domain controller.

• Local security policies, including password restrictions, prevent the user’s

creation.

• The computer receives updates through a relay server and no one is logged

on.

When the pseudo user cannot be created, automatic updates do not occur. The pseudo user also cannot update if the computer is behind an authenticating proxy server or on computers where a CHAP or NTML proxy is set up in Internet Explorer.

McAfee Total Protection Service Product Guide

Using the Client Software Types of client software updates

Terminal server support

Total Protection Service supports updates for terminal servers and the Windows fast user switching feature in most scenarios, with these limitations:

• When an update occurs on a terminal server, one session is designated as the primary

update session for restrictions that apply to automatic updates.

• For all user sessions, the Total Protection Service icon is removed from the system tray

during the installation or update. The icon is restarted only for the user logged on to the primary update session. All user sessions are protected, and other users can manually redisplay their icons by clicking Start | Programs | McAfee | Managed Services | Total Protection Service.

• Detection notifications are not displayed on the desktop of all computer users if the fast

user switching feature is enabled.

Specifying when computers check for updates

For virus and spyware scans to detect all the latest threats, the detection definition (DAT) files must be kept up-to-date. DAT files are updated by McAfee Avert Labs whenever new threats are discovered.

Use this task to select how often client computers check for updates to software components and DAT files. By default, they check every 12 hours.

Task

For option definitions, click ? in the interface.

1 In the SecurityCenter, click the Policies tab, then click Add Policy (or click Edit to modify

an existing policy).

2 Click Client Settings. 3 On the Client Settings tab, under Update Settings, select a frequency from the Check for

updates every list.

4 Click Save. (For a new policy, click Next, select additional options for the policy, then click

Save.)

Updating client computers manually

Use this task to check for and download updates to detection definition (DAT) files and software components. Manual updates are also called on-demand updates.

Task

• Click the Total Protection Service icon in the system tray, then select Update Now.

• A panel shows the progress of the update.

• When the update is completed, the panel displays the date of the last update and a list

of files that were downloaded.

• The panel closes automatically after the update is completed.

McAfee Total Protection Service Product Guide

Using the Client Software Performing setup and maintenance tasks

▲ ▲ ▲ ▲ ▲ ▲

Disabling updates for non-logged on users

Use this task to prevent failed automatic updates from being reported as errors when requirements cannot be met for updating computers where no user is logged on.

Task

For option definitions, click ? in the interface.

1 In the SecurityCenter, click the Policies tab, then click Add Policy (or click Edit to modify

an existing policy).

2 Click Client Settings. 3 On the Client Settings tab, under Update Settings, deselect Update client computers

where users are not logged on.

4 Click Save. (For a new policy, click Next, select additional options for the policy, then click

Save.)

Performing setup and maintenance tasks

Use these tasks to set up and monitor the general features of the Total Protection Service client software.

Tasks

Testing virus protection Changing the language for the software Logging on as a site administrator Configuring notifications Configuring what users see Uninstalling the client software

Testing virus protection

Use this task to test the virus-detection feature of virus and spyware protection by downloading the EICAR Standard AntiVirus Test File at the client computer. Although it is designed to be detected as a virus, the EICAR test file is not a virus.

Task

1 Download the EICAR file from the following location:

http://www.eicar.org/download/eicar.com

If installed properly, virus and spyware protection interrupts the download and displays a threat detection notification.

2 Click OK, then select Cancel.

NOTE: If installed incorrectly, virus and spyware protection does not detect the virus or

interrupt the download process. In this case, use Windows Explorer to delete the EICAR test file from the client computer, then reinstall Total Protection Service and test the new installation.

McAfee Total Protection Service Product Guide

Using the Client Software Performing setup and maintenance tasks

Changing the language for the software

By default, the client software uses the address that was submitted when the client software was purchased or activated to determine the language. (If that language is not supported on the computer, the one most closely matching is used.) Use this task at the client computer to change the language at any time.

Task

1 Click the Total Protection Service icon in the system tray, then select Open Console. 2 From the Action Menu, select Product Details. 3 In the SecurityCenter Communication area, click Select Console Language, select a

language, then click OK.

4 Select Use the specified custom language, then select a language from the drop-down

list.

5 Close the console, then re-open it (by repeating step 1). The console appears in the

selected language.

Logging on as a site administrator

Use this task to log in to a client computer as a site administrator, which makes the full console and these additional tasks available:

• Viewing the progress of scheduled scans that are in progress.

• Managing files in the Quarantine Viewer.

• Disabling and enabling on-access scanning.

• Logging on to the SecurityCenter.

Task

1 Click the Total Protection Service icon in the system tray, then select Admin Login. 2 Type your login credentials for the SecurityCenter. These were sent to you in a Welcome

email when you purchased Total Protection Service.

• Email address — The email address used to sign up for Total Protection Service.

• Password — In most cases, the password you created when signing up.

3 Click Submit.

Configuring notifications

Use this task to specify whether notifications display on client computers to let users know that support is ending for their operating system. By default, Total Protection Service displays notifications:

• When upgrades to product components, such as the scanning engine, are scheduled to end

or will end within 30 days.

• When updates to detection definition (DAT) files have ended or will end within 30 days.

Task

For option definitions, click ? in the interface.

McAfee Total Protection Service Product Guide

Using the Client Software Performing setup and maintenance tasks

1 In the SecurityCenter, click the Policies tab, then click Add Policy (or click Edit to modify

an existing policy).

2 Click Client Settings. 3 On the Client Settings tab, under Display Settings, select or deselect Display support

notifications.

4 Click Save. (For a new policy, click Next, select additional options for the policy, then

click Save.)

Configuring what users see

Use this task to select which components of the client software are displayed on client computers.

Task

For option definitions, click ? in the interface.

1 In the SecurityCenter, click the Policies tab, then click Add Policy (or click Edit to modify

an existing policy).

2 Click Client Settings. 3 On the Client Settings tab, under Display Settings, select an option for Console display

on client computers.

• Show full console — All client software options are displayed.

• Show status summary only — The tray icon and menu are displayed, and users can

open the console to display only the status of protection features on their computer.

• Show the icon only — The tray icon is displayed, and the tray menu lists only the

Update Now option.

4 Click Save. (For a new policy, click Next, select additional options for the policy, then click

Save.)

Uninstalling the client software

Use this task at a client computer to remove the Total Protection Service software. You might need to do this for testing purposes or before reinstalling the client software. (Note that not all types of protection include a client software component.)

NOTE: If you uninstall the client software, the computer is no longer protected. We

recommend that you reinstall as soon as possible.

Task

1 Close the Microsoft Outlook and Internet Explorer applications. 2 In the Windows Control Panel, open Add/Remove Programs. 3 Select the types of protection you want to uninstall, then click Remove.

• McAfee Virus and Spyware Protection

• McAfee Firewall Protection

• McAfee Browser Protection

NOTE: On computers running the Windows firewall, the setting for the Windows firewall

is automatically restored to the setting that was in effect before Total Protection Service firewall protection was installed. If the Windows firewall was enabled then, it is re-enabled automatically now.

McAfee Total Protection Service Product Guide

Using the Client Software Frequently asked questions

Frequently asked questions

Why does the online help not display correctly?

If the built-in help system displays incorrectly on a client computer, its version of Microsoft Internet Explorer might not be using ActiveX controls properly. These controls are required to display the help file. Make sure that you install the latest version of Internet Explorer with its Internet security settings set to Medium or Medium-high.

I use Windows XP Service Pack 2, and I get a message that my computer may be at risk. What does this mean?

This is a known problem with Microsoft Security Center, because Microsoft cannot determine that Total Protection Service is installed and up-to-date. If you get this message when starting your computer, click the message balloon to open the Recommendation window, select I have

an antivirus program that I’ll monitor myself, then click OK.

Can computers using proxy servers receive updates?

If client computers are connected to the Internet by a proxy server, you might need to provide additional information for updates to work properly. Authentication support is limited to anonymous authentication or Windows domain challenge/response authentication. Basic authentication is not supported. Automatic updates do not occur when a CHAP or NTML proxy is set up in Internet Explorer.

Is it okay to delete the Temp folder in my program’s directory structure?

No. Updates might fail if the Temp folder does not exist. If you delete the folder inadvertently, restart the computer to re-create the folder automatically, or manually create a Temp folder in the Program Files\McAfee\Managed VirusScan folder.

During an update, I get a message that one or more Total Protection Service

windows are open, but I don’t see any windows open. What should I do?

This occurs when a task that cannot be stopped, such as a scheduled scan, is running in the background. Wait for the task to complete, or restart the computer to proceed with the update.

Error messages

This section describes error messages that are related to using the Total Protection Service client features.

Unable to connect to Total Protection Service update server. Failed to connect to server for updates.

This error can be caused by several problems, but the most common solutions are:

• Check your connection to the network server or Internet.

• Empty the Internet Explorer cache and adjust the security level settings to Medium or

Medium-high.

• Empty the Internet Explorer cache. (See your browser’s documentation for instructions.)

• Adjust your corporate firewall or proxy settings.

McAfee Total Protection Service Product Guide

Using the Client Software Error messages

Update failed.

There are several reasons that updates might fail.

• Check your connection to the network server or Internet.

• When using the Windows fast user switching feature, automatic updates cannot occur

when no user is logged on if the computer is a domain controller or local security policies prevent the creation of a pseudo user.

• Automatic updates cannot occur on computers that are behind an authenticating proxy

server or on computers where a CHAP or NTML proxy is set up in Internet Explorer.

• Automatic updates cannot occur where no user is logged on to computers that receive

updates through a relay server.

• Updates might fail if the Temp folder does not exist on the client computer. If you delete

the folder inadvertently, restart the computer to re-create the folder automatically, or manually create a Temp folder in the Program Files\McAfee\Managed VirusScan folder.

Activate your software.

You have not activated your copy of Total Protection Service. You cannot receive updates against the latest threats until you activate. To activate, click the Total Protection Service icon in the system tray, then select Activate.

Your software is not up-to-date. Please activate to receive the latest update.

Your subscription has expired. Your trial has expired. Renew your subscription to re-activate your software. Purchase a subscription to re-activate your software.

If you are using a pre-installed copy of Total Protection Service, your activated trial or your pre-installed subscription has expired. To activate, click the Total Protection Service icon in the system tray, then select Buy or Renew your subscription.

McAfee Total Protection Service Product Guide

▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲

Using the SecurityCenter

Total Protection Service is designed for hands-off management. After installing the software on client computers, you receive regular emails that summarize the security status of all client computers on your account, and notify you of actions required to address vulnerabilities. Status emails contain a link to your McAfee SecurityCenter website, where you can view detailed reports and instructions for resolving problems.

In small organizations, status emails might be all that is needed to assure you that your computers are safe. If you manage a large account or want more proactive, hands- on involvement, you can take advantage of the management console available on the SecurityCenter.

Use the SecurityCenter to centrally manage the client computers and information for your account.

Contents

The SecurityCenter Protection status at a glance Management of client computers Management of computer groups Management of Active Directory groups Management of group administrators Management of security policies Generation of security reports Managing your account Downloading tools and utilities Getting assistance Frequently asked questions about the SecurityCenter

The SecurityCenter

The SecurityCenter offers a management console for monitoring the protection status of computers on your account and assessing their security needs. Administrative features are divided among eight pages:

• Dashboard

• Computers

• Reports

• Policies

• My Account

+ 89 hidden pages

Cox McAfee User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual