Mcafee EPOLICY ORCHESTRATOR Walkthrough Guide
McAfee ePolicy Orchestrator 4.5
Product Guide
COPYRIGHT
Copyright © 2009 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form
or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE
EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN,
WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in
connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property
of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED,
WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH
TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS
THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET,
A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU
DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN
THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
License Attributions
Refer to the product Release Notes.
McAfee ePolicy Orchestrator 4.5 Product Guide2
Contents
Introducing ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Getting Started with ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Components and what they do. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Using this guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Finding documentation for McAfee enterprise products. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Logging on and off ePO servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Logging on to ePO servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Logging off ePO servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Viewing the server version number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
How to navigate the ePO interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
The Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
The navigation bar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Setting up ePolicy Orchestrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Configure your ePO server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Add systems to the System Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Distribute agents to your systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Create repositories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Configure your policies and client tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Deploy your products and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Configure advanced features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Configuring ePolicy Orchestrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
ePO user accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Global administrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Working with user accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
How permission sets work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Working with permission sets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Contacts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Working with contacts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Server settings and the behaviors they control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Working with server settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
3McAfee ePolicy Orchestrator 4.5 Product Guide
Contents
Managing ePolicy Orchestrator users with Active Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Configuring Windows authentication and authorization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Registering servers for use with ePolicy Orchestrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
What are registered servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Registering servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Security keys and how they work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Backing up and restoring keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Master repository key pair. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Agent-server secure communication (ASSC) keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
MyAvert Security Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Working with MyAvert Security Threats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Agent Handlers and what they do. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
How Agent Handlers work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Handler groups and priority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Working with Agent Handlers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Exporting tables and charts to other formats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Distributing Agents to Manage Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
About the McAfee Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Agent-server communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Wake-up calls and wake-up tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
SuperAgents and broadcast wake-up calls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
System requirements and supported operating systems and processors. . . . . . . . . . . . . . . . . . . . . . 63
Installing the McAfee Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Methods of agent deployment and installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Agent installation folder — Windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Agent installation folder — UNIX-based systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
The agent installation package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Agent installation command-line options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Assigning values to custom properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Upgrading and Restoring Agents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Upgrading agents using product deployment task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Upgrading agents manually or with login scripts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Restoring a previous version of the agent (Windows). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Restoring a previous version of the agent (UNIX). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Configuring Agent Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
About agent policy settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
McAfee ePolicy Orchestrator 4.5 Product Guide4
Contents
Proxy settings for the agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Retrieving system properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Scheduling a client task for a group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Creating a new scheduled client task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Configuring selected systems for updating. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Working with the agent from the ePO server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Viewing agent and product properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Viewing system information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Accessing settings to retrieve properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Windows system and product properties reported by the agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Sending manual wake-up calls to systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Sending manual wake-up calls to a group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Making the system tray icon visible. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Locating inactive agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Running agent tasks from the managed system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Running a manual update. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Enforcing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Updating policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Sending properties to the ePO server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Sending events to the ePO server immediately. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Using the icon option to update. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Forcing the agent to call in to the server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Viewing version numbers and settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Agent command-line options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Using the system tray icon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
What the system tray icon does. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Making the system tray icon visible. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Enabling user access to updating functionality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Removing the McAfee Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Running FrmInst.exe from the command line. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Removing agents when deleting systems from the System Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Removing agents when deleting groups from the System Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Removing agents from systems in query results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Uninstalling from non-Windows operating systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Agent Activity Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Viewing the agent activity log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
5McAfee ePolicy Orchestrator 4.5 Product Guide
Contents
Organizing the System Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
The System Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Considerations when planning your System Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Administrator access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Environmental borders and their impact on system organization. . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Subnets and IP address ranges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Tags and systems with similar characteristics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Operating systems and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Tags and how they work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Active Directory and NT domain synchronization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Active Directory synchronization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
NT domain synchronization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Criteria-based sorting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
How settings affect sorting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
IP address sorting criteria. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Tag-based sorting criteria. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Group order and sorting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Catch-all groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
How a system is first placed in the System Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Working with tags. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Creating tags with the Tag Builder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Excluding systems from automatic tagging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Applying tags to selected systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Applying criteria-based tags automatically to all matching systems. . . . . . . . . . . . . . . . . . . . . . . . . 115
Creating and populating groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Creating groups manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Adding systems manually to an existing group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Importing systems from a text file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Sorting systems into criteria-based groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Importing Active Directory containers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Importing NT domains to an existing group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Synchronizing the System Tree on a schedule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Updating the synchronized group with an NT domain manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Moving systems manually within the System Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Transferring systems between ePO servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Creating Repositories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Repository types and what they do. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
McAfee ePolicy Orchestrator 4.5 Product Guide6
Contents
Types of distributed repositories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Repository branches and their purposes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Repository list file and its uses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
How repositories work together. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Ensuring access to the source site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Configuring proxy settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Configuring proxy settings for the McAfee Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Configuring proxy settings for MyAvert Security Threats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Working with source and fallback sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Switching source and fallback sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Creating source sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Editing source and fallback sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Deleting source sites or disabling fallback sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Using SuperAgents as distributed repositories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Creating SuperAgent repositories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Selecting which packages are replicated to SuperAgent repositories. . . . . . . . . . . . . . . . . . . . . . . . 140
Deleting SuperAgent distributed repositories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Creating and configuring FTP, HTTP, and UNC repositories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Creating a folder location on an FTP, HTTP server or UNC share. . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Adding the distributed repository to ePolicy Orchestrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Avoiding replication of selected packages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Disabling replication of selected packages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Enabling folder sharing for UNC and HTTP repositories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Editing distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Deleting distributed repositories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Working with the repository list files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Exporting the repository list SiteList.xml file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Exporting the repository list SiteMgr.xml file for backup or use by other servers. . . . . . . . . . . . . . . 146
Importing distributed repositories from the SiteMgr.xml file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Importing source sites from the SiteMgr.xml file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Changing credentials on multiple distributed repositories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Managing your Network with Policies and Client Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Product extensions and what they do. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Policy management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Policy application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Creating Policy Management queries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Client tasks and what they do. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
7McAfee ePolicy Orchestrator 4.5 Product Guide
Contents
Bringing products under management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Viewing policy information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Viewing groups and systems where a policy is assigned. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Viewing the settings of a policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Viewing policy ownership. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Viewing assignments where policy enforcement is disabled. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Viewing policies assigned to a group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Viewing policies assigned to a specific system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Viewing a group’s policy inheritance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Viewing and resetting broken inheritance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Working with the Policy Catalog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Creating a policy from the Policy Catalog page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Duplicating a policy on the Policy Catalog page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Editing a policy’s settings from the Policy Catalog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Renaming a policy from the Policy Catalog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Deleting a policy from the Policy Catalog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Working with policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Changing the owners of a policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Moving policies between ePO servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Assigning a policy to a group of the System Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Assigning a policy to a managed system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Assigning a policy to multiple managed systems within a group. . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Enforcing policies for a product on a group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Enforcing policies for a product on a system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Copying and pasting assignments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Working with client tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Creating and scheduling client tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Editing client tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Deleting client tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Frequently asked questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Sharing policies among ePO servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Setting up policy sharing for multiple ePO servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
How policy assignment rules work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Policy assignment rule priority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Working with policy assignment rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Deploying Software and Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Deployment packages for products and updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
McAfee ePolicy Orchestrator 4.5 Product Guide8
Contents
Product and update deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Deployment tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Update tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Global updating. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Pull tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Replication tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Repository selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Server task log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Checking in packages manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Using the Product Deployment task to deploy products to managed systems. . . . . . . . . . . . . . . . . . . . . . . . 179
Configuring the Deployment task for groups of managed systems. . . . . . . . . . . . . . . . . . . . . . . . . . 179
Configuring the Deployment task to install products on a managed system. . . . . . . . . . . . . . . . . . 180
Deploying update packages automatically with global updating. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Deploying update packages with pull and replication tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Using pull tasks to update the master repository. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Replicating packages from the master repository to distributed repositories. . . . . . . . . . . . . . . . . . 185
Configuring agent policies to use a distributed repository. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Using local distributed repositories that are not managed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Checking in engine, DAT and ExtraDAT update packages manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Updating managed systems regularly with a scheduled update task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Confirming that clients are using the latest DAT files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Evaluating new DATs and engines before distribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Manually moving DAT and engine packages between branches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Deleting DAT or engine packages from the master repository. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Reporting On System Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Queries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Public and personal queries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Query permissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Query Builder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Working with queries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Creating custom queries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Running an existing query. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Running a query on a schedule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Making a personal query group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Making existing personal queries public. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Duplicating queries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Sharing a query between ePO servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
9McAfee ePolicy Orchestrator 4.5 Product Guide
Contents
Exporting query results to other formats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Multi-server rollup querying. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Preparing for rollup querying. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Creating a query to define compliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Generating compliance events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
The Audit Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Working with the Audit Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
The Server Task log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Working with the Server Task Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Allowed Cron syntax when scheduling a server task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
The Threat Event Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Working with the Threat Event Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Data exports from any table or chart. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Monitoring with Dashboards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Default dashboards and their monitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Queries as dashboard monitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Default dashboards and their monitors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Setting up dashboard access and behavior. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Giving users permissions to dashboards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Configuring the refresh frequency of dashboards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Working with Dashboards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Creating dashboards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Making a dashboard active. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Selecting all active dashboards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Making a dashboard public. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Detecting Rogue Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
What are rogue systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
How the Rogue System Sensor works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Passive listening to layer-2 traffic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Intelligent filtering of network traffic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Data gathering and communications to the server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Systems that host sensors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
How detected systems are matched and merged. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Rogue System Detection states. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Overall system status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Rogue System Sensor status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Subnet status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
McAfee ePolicy Orchestrator 4.5 Product Guide10
Contents
Top 25 Subnets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Rogue Sensor Blacklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Rogue System Detection policy settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Considerations for policy settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Rogue System Detection permission sets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Setting up Rogue System Detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Configuring Rogue System Detection policy settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Configuring server settings for Rogue System Detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Editing Detected System Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Editing Detected Systems Matching. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Editing Rogue System Sensor settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Editing Detected System Exception Categories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Editing Detected System OUIs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Working with detected systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Adding systems to the Exceptions list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Adding systems to the Rogue Sensor Blacklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Adding detected systems to the System Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Editing system comments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Exporting the Exceptions list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Importing systems to the Exceptions list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Merging detected systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Pinging a detected system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Querying detected system Agents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Removing systems from the Detected Systems list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Removing systems from the Exceptions list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Removing systems from the Rogue Sensor Blacklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Viewing detected systems and their details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Working with sensors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Changing the sensor-to-server port number. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Installing sensors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Editing sensor descriptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Removing sensors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Working with subnets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Adding subnets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Deleting subnets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Ignoring subnets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Including subnets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
11McAfee ePolicy Orchestrator 4.5 Product Guide
Contents
Renaming subnets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Viewing detected subnets and their details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Rogue System Detection command-line options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Default Rogue System Detection queries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Setting Up Automatic Responses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Automatic Responses and how it works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Throttling, aggregation, and grouping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Default rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Determining how events are forwarded. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Determining which events are forwarded immediately. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Determining which events are forwarded. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Configuring Automatic Responses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Assigning permission sets to access Automatic Responses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Working with SNMP servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Working with registered executables and external commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Creating and editing Automatic Response rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Describing the rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Setting filters for the rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Setting thresholds of the rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Configuring the action for Automatic Response rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Frequently asked questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Managing Issues and Tickets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Ways to manage issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Creating, configuring, and managing issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Creating basic issues manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Configuring responses to automatically create issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Managing issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Purging closed issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Purging closed issues manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Purging closed issues on a schedule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Tickets and how they work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Ways to add tickets to issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Assignment of ticketed issues to users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
How tickets and ticketed issues are closed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Benefits of adding comments to ticketed issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
How tickets are reopened. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
McAfee ePolicy Orchestrator 4.5 Product Guide12
Contents
Synchronization of ticketed issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Integration with ticketing servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Considerations when deleting a registered ticketing server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Required fields for mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Sample mappings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Working with tickets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Adding tickets to issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Synchronizing ticketed issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Synchronizing ticketed issues on a schedule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Working with ticketing servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Installing extensions for ticketing server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Registering and mapping a ticketing server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Configuring the field mappings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Upgrading a registered ticketing server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Appendix: Maintaining ePolicy Orchestrator Databases. . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Perform regular maintenance of SQL Server databases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Backup and restore ePolicy Orchestrator databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Changing SQL Server information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
13McAfee ePolicy Orchestrator 4.5 Product Guide
Introducing ePolicy Orchestrator 4.5
ePolicy Orchestrator 4.5 provides a scalable platform for centralized policy management and
enforcement of your security products and the systems on which they reside. It also provides
comprehensive reporting and product deployment capabilities, all through a single point of
control.
Contents
Components and what they do
Using this guide
Finding documentation for McAfee enterprise products
Components and what they do
The ePolicy Orchestrator software is comprised of these components:
• ePO server — The center of your managed environment. The server delivers security
policies and tasks, controls updates, and processes events for all managed systems. The
ePO server includes these subcomponents:
• Application server — Auto Response, Registered Servers, and user interface
• Agent Handler — Policies, tasks, and properties
• Event parser — Threat events and client events
• RSD server and data channel listener
• Registered servers — Used to register the ePO server with other servers. Registered
server types include:
• LDAP server — Used for Policy Assignment Rules and to enable automatic user account
creation.
• SNMP server — Used to receive an SNMP trap. You must add the SNMP server’s
information so that ePolicy Orchestrator knows where to send the trap.
• Ticketing server — Before tickets can be associated with issues, you must have a registered
Ticketing server configured. The system running the ticketing extension must be able to
resolve the address of the Service Desk system.
• Database — The central storage component for all data created and used by ePolicy
Orchestrator. You can choose whether to house the database on your ePO server or on a
separate system, depending on the specific needs of your organization.
• Master repository — The central location for all McAfee updates and signatures, residing
on the ePO server. Master repository retrieves user-specified updates and signatures from
McAfee or from user-defined source sites.
• Distributed repositories — Placed strategically throughout your environment to provide
managed systems access to receive signatures, product updates, and product installations
McAfee ePolicy Orchestrator 4.5 Product Guide14
Introducing ePolicy Orchestrator 4.5
Using this guide
with minimal bandwidth impact. Depending on how your network is configured, you can set
up SuperAgent, HTTP, FTP, or UNC share distributed repositories.
• McAfee Agent — A vehicle of information and enforcement between the ePO server and
each managed system. The agent retrieves updates, ensures task implementation, enforces
policies, and forwards events for each managed system. It uses a separate secure data
channel to transfer data to the ePO server. A McAfee Agent can also be configured as a
SuperAgent with the addition of a repository.
• Remote Agent Handlers — A server that you can install in various network locations to
help manage agent communication, load balancing, and product updates. Remote Agent
Handlers can help you manage the needs of large or complex network infrastructures by
allowing you more control over agent-server communication.
NOTE: Depending on the needs of your organization and the complexity of your network, you
might not need to use all of these components.
Using this guide
This guide provides information on configuring and using your product. For system requirements
and installation instructions, see the
This material is organized in the order that McAfee recommends you set up ePolicy Orchestrator
in a production environment for the first time, and is also accessible to anyone seeking specific
topics.
This guide serves as a tool to help administrators set up their ePolicy Orchestrator environment
for the first time, and as a reference tool for more experienced users.
ePolicy Orchestrator Installation Guide
.
Audience
This information is intended primarily for network administrators who are responsible for their
company’s security program, and assumes the customer has installed and used ePolicy
Orchestrator in a lab environment.
Finding documentation for McAfee enterprise products
To access the documentation for your McAfee products, use the McAfee ServicePortal.
1 Go to the McAfee ServicePortal (http://mysupport.mcafee.com) and, under Self Service,
click Read Product Documentation.
2 Select a Product.
3 Select a Version.
4 Select a product document
Product documentation by phase
McAfee documentation provides the information you need during each phase of product
implementation, from installing a new product to maintaining existing ones. Depending on the
product, additional documents might also be available. After a product is released, information
15McAfee ePolicy Orchestrator 4.5 Product Guide
Introducing ePolicy Orchestrator 4.5
Finding documentation for McAfee enterprise products
regarding the product is entered into the online KnowledgeBase, available through the McAfee
ServicePortal.
Installation phase — Before, during, and after installation
•
Release Notes
•
Installation Guide
Setup phase — Using the product
•
Product Guide
•
Online Help
Maintenance phase — Maintaining the software
•
KnowledgeBase
(http://mysupport.mcafee.com)
McAfee ePolicy Orchestrator 4.5 Product Guide16
Getting Started with ePolicy Orchestrator 4.5
This chapter provides a high-level overview of ePolicy Orchestrator and how it works. All of the
concepts included here, along with their associated tasks, are discussed in greater detail in the
chapters that comprise the rest of this guide.
Contents
Logging on and off ePO servers
Viewing the server version number
How to navigate the ePO interface
Setting up ePolicy Orchestrator
Logging on and off ePO servers
Use these tasks to log on to and off from ePO servers. Before using ePolicy Orchestrator, you
must be logged on to the ePO server with valid account credentials.
Tasks
Logging on to ePO servers
Logging off ePO servers
Logging on to ePO servers
Use this task to log on to the ePO server. You must have valid credentials to do this. You can
log on to multiple ePO servers by opening a new browser session for each ePO server.
Task
1 Open an Internet browser and go to the URL of the server to open the Log On to ePolicy
Orchestrator dialog box.
2 Type the User name and Password of a valid account.
NOTE: Passwords are case-sensitive.
3 Select the Language you want the software to display.
4 Click Log On.
Logging off ePO servers
Use this task to log off from ePO servers. Log off from the ePO server whenever you finish
using the software.
17McAfee ePolicy Orchestrator 4.5 Product Guide
Getting Started with ePolicy Orchestrator 4.5
Viewing the server version number
Task
• To log off from the server, click Log Off at the top of any page, or close the browser.
Viewing the server version number
You can view the version number, edition, and license information of the ePolicy Orchestrator
server.
• To view the version number and edition of an ePO server, log on to the desired ePolicy
Orchestrator server. This information appears in the title bar.
NOTE: For more specific information about the version of ePolicy Orchestrator:
1 Click Menu | Software | Extensions, then click Server in the McAfee category of
the Extensions list.
2 Scroll through the server extension to ePO Core.
• To view license information, go to the logon page.
• To view detailed information about the extensions installed on your ePO server, click Menu
| Software | Extension. Select a category from the Extensions list to view details.
How to navigate the ePO interface
Navigation in ePolicy Orchestrator 4.5 has been redesigned to make it faster and easier to find
the features and functionality you need. The interface now uses a single menu for all top-level
features of ePolicy Orchestrator, and a customizable navigation bar. Top-level features were
previously displayed as tabs when selecting a section.
For example, in ePolicy Orchestrator 4.0, when the Reporting section was selected, the top-level
features that were displayed included: Queries, Server Task Log, Audit Log, Event Log, and
MyAvert.
In version 4.5, all of these top-level features are accessed from the Menu. The following table
provides some examples of the change in navigation steps to arrive at a desired page.
in version 4.5in version 4.0To get to...
Click Menu | Audit Log tab.The Audit Log
The Menu
Click Menu and select User Management |
Audit Log.
Click Menu and select Policy | Policy Catalog.Click Menu | Policy Catalog page.The Policy Catalog
McAfee ePolicy Orchestrator 4.5 Product Guide18
Getting Started with ePolicy Orchestrator 4.5
Setting up ePolicy Orchestrator
The Menu is new in version 4.5 of ePolicy Orchestrator software. The Menu uses categories
that comprise the various ePO features and functionalities. Each category contains a list of
primary feature pages associated with a unique icon. The Menu and its categories replace static
group of section icons used to navigate the 4.0 version of the interface. For example, in the
4.5 version, the Reporting category includes all of the pages included in the 4.0 version Reporting
section, plus other commonly used reporting tools such as the Dashboards page. When an item
in the Menu is highlighted, its choices appear in the details pane of the interface.
The navigation bar
In ePolicy Orchestrator 4.5, the navigation bar is customizable. In the 4.0 version of the interface,
the navigation bar was comprised of a fixed group of section icons that organized functionality
into categories. Now you can decide which icons are displayed on the navigation bar by dragging
any Menu item on or off the navigation bar. When you navigate to a page in the Menu, or click
an icon in the navigation bar, the name of that page is displayed in the blue box next to the
Menu.
On systems with 1024x768 screen resolution, the navigation bar can display six icons. When
you place more than six icons on the navigation bar, an overflow menu is created on the right
side of the bar. Click > to access the Menu items not displayed in the navigation bar. The icons
displayed in the navigation bar are stored as user preferences, so each user's customized
navigation bar is displayed regardless of which console they log on to.
Setting up ePolicy Orchestrator
How you set up ePolicy Orchestrator depends on the unique needs of your environment. This
process overview highlights the major set up and configuration required to use ePolicy
Orchestrator. Each of the steps represents a chapter in this product guide, where you can find
the detailed information you need to understand the features and functionalities of ePolicy
Orchestrator, along with the tasks needed to implement and use them.
19McAfee ePolicy Orchestrator 4.5 Product Guide
Getting Started with ePolicy Orchestrator 4.5
Setting up ePolicy Orchestrator
Process overview
Configure your ePO server
Add systems to the System Tree
Distribute agents to your systems
Create repositories
Configure your policies and client tasks
Deploy your products and software
Configure advanced features
Configure your ePO server
To configure your ePO server, you'll need to:
• Set up user accounts
• Assign permission sets
• Configure ePO server settings
Set up user accounts
Set up user accounts for all of the users in your network who need to access and use the ePolicy
Orchestrator software. You need to set up these accounts before assigning permission sets.
For more information on setting up user accounts, see
Orchestrator
To set up user accounts, click Menu | User Management | Users.
.
Assign permission sets
Assign permission sets for your ePO users. Permission sets allow you to define what users are
allowed to do with the software. You can assign permission sets to individuals or to groups. For
more information on assigning permission sets, see
User Roles and Permissions
To assign permission sets, click Menu | User Management | Permissions Sets.
Configure server settings
Configure server settings for your specific environment. You can change the server settings at
any time. For more information on configuring server settings, see
behaviors they controlinManaging User Roles and Permissions
To configure server settings, click Menu | Configuration | Server Settings.
ePO user accountsinConfiguring ePolicy
How permission sets workinManaging
.
Server settings and the
.
Add systems to the System Tree
The System Tree allows you to organize and act on all systems you manage with ePolicy
Orchestrator. Before setting up other features, you must create your System Tree. There are
several ways you can add systems to the System Tree, including:
• Synchronize ePolicy Orchestrator with your Active Directory server.
• Browse to systems on your network individually.
McAfee ePolicy Orchestrator 4.5 Product Guide20
Getting Started with ePolicy Orchestrator 4.5
Setting up ePolicy Orchestrator
• Add individual and groups of systems by importing a text (.txt) file containing a list of systems.
For more information on all of the methods you can use to add systems, including detailed
steps for each method, see
To begin adding systems to the System Tree, click Menu | Systems | System Tree.
Organizing the System Tree
Distribute agents to your systems
Each system you want to manage must have the McAfee Agent installed. You can install agents
on Windows-based systems manually, or by using the ePO interface. You must install agents
on non-Windows systems manually.
Once agents are installed on all of your systems, you can use ePolicy Orchestrator to manage,
update, and report on these systems. For more information on distributing agents, see
Distributing Agents
To begin distributing agents to your systems, click Menu | Systems | System Tree.
.
Create repositories
.
Before deploying any products, components, or updates to your managed systems with ePolicy
Orchestrator, you must configure repositories. There are two types of repositories you can use
in your environment, master and distributed.
Master repository
The master repository is located on your ePO server. It is the location where products and
updates that are pulled from the Source Site are saved. For more information about the master
repository, see
To start working with the master repository, click Menu | Software | Master Repository.
Repository types and what they doinCreating Repositories
Distributed repositories
Distributed repositories are those that you place throughout your network. The placement and
type of distributed repositories you use depend on the unique needs of your organization and
environment. There are several ePO components and types you can use for distributed
repositories, including:
• SuperAgents
• FTP
• HTTP
• UNC share
• Unmanaged
The complexity and size of your network are determining factors in which type and how many
distributed repositories you use. For more information about distributed repositories, see
Repository types and what they doinCreating Repositories
To start working with distributed repositories, click Menu | Software | Distributed
Repository.
.
.
21McAfee ePolicy Orchestrator 4.5 Product Guide
Getting Started with ePolicy Orchestrator 4.5
Setting up ePolicy Orchestrator
Configure your policies and client tasks
McAfee recommends that you configure policy settings before deploying the respective product,
component, or update to your managed systems. By doing so you can ensure that products
and components have the desired settings as soon as possible.
Policies
A policy is a collection of settings that you create and configure. These policies are enforced
by McAfee products. Policies ensure that the managed security products are configured and
perform according to that collection of settings.
Once configured, policies can be enforced at any level of the System Tree, as well as on specific
groups of users. System policies are inherited from their parent group in the System Tree.
However, you can break inheritance at any location in the tree in order to enforce specific
policies at a particular location. For more information about policies, see
and
Policy applicationinConfiguring Policies and Client Tasks
To start configuring policies for systems in the System Tree, click Menu | Policy | Policy
Catalog, then select a product from the Product menu and click Actions | New Policy.
Policy management
.
Client tasks
Client tasks are scheduled actions that run on managed systems that host any client-side
software. You can define tasks for the entire System Tree, a specific group, or an individual
system. Like policy settings, client tasks are inherited from parent groups in the System Tree.
For more information about client tasks, see
and Client Tasks
To start scheduling client tasks, click Menu | Systems | System Tree | Client Tasks, then
click Actions | New Task.
.
Client tasks and what they doinConfiguring Policies
Deploy your products and software
Once your repositories, policy settings, and client tasks are created and configured, you can
deploy products, components, and updates to the desired systems with ePolicy Orchestrator.
You can perform these actions as needed, or you can schedule them using server tasks. For
more information, see
To schedule these actions, click Menu | Automation | Server Tasks, then click Actions |
New Task.
Deploying Software and Updates
Configure advanced features
Once your managed environment is up and running, you can configure and implement the
advanced features of ePolicy Orchestrator, including:
• Remote Agent Handlers
• Automatic Responses
• Issues and Ticketing
More information on these and all ePolicy Orchestrator features is available in the following
chapters of this guide.
.
McAfee ePolicy Orchestrator 4.5 Product Guide22
Configuring ePolicy Orchestrator
The ePO server is the center of your managed environment, providing a single location from
which to administer system security throughout your network.
If your organization is very large or divided into multiple large sites, ePolicy Orchestrator 4.5
is scalable to allow you to customize how you set up your managed environment. You can:
• Install a separate ePO server at each site.
• Install remote Agent Handlers at each site, provided an ePO server is installed that you want
to communicate with.
The option you choose depends on the needs of your environment. Using remote agent handlers
allows you to reduce network traffic when managing agents and sending updates. Agent handlers
can also serve as distributed repositories. Remote agent handlers help to load balance your
network and increase fallback security, while passing all agent-server communication back to
your ePO server and its database.
Using multiple ePO servers differs from using remote agent handlers because each ePO server
maintains a separate database from which you can roll up information to your main ePO server
and database. Both choices can help to limit the amount of network traffic created within a
local LAN. Network traffic has a larger impact on your resources when this communication takes
place across WAN, VPN, or other slower network connections typically found between remote
sites.
Are you configuring the ePO server for the first time?
When configuring the ePO server for the first time:
1 Decide how to implement the flexibility of permission sets.
2 Create user accounts and permission sets, and assign the permission sets to the user
accounts as needed.
3 Set up your contacts list and email server settings.
Contents
ePO user accounts
How permission sets work
Contacts
Server settings and the behaviors they control
Managing ePolicy Orchestrator users with Active Directory
Registering servers for use with ePolicy Orchestrator
Security keys and how they work
MyAvert Security Threats
Agent Handlers and what they do
IPv6
23McAfee ePolicy Orchestrator 4.5 Product Guide
Configuring ePolicy Orchestrator
ePO user accounts
Exporting tables and charts to other formats
ePO user accounts
User accounts provide a means for users to access and use the software. They are associated
with permission sets, which define what users are allowed to do with the software.
You must create user accounts and permission sets to accommodate the needs of each user
that logs on to the ePO server. You can create accounts for individual users, or you can create
a permission set that maps to users or groups in your Active Directory/NT server.
There are two types of users, global administrators and users with limited permissions.
Global administrators
Global administrators have read and write permissions and rights to all operations. When you
install the server, a global administrator account is created with the user name admin.
You can create additional global administrator accounts for people who require global
administrator rights.
Permissions exclusive to global administrators include:
• Create, edit, and delete source and fallback sites.
• Change server settings.
• Add and delete user accounts.
• Add, delete, and assign permission sets.
• Import events into ePolicy Orchestrator databases and limit events that are stored there.
Working with user accounts
Use these tasks to create and maintain user accounts.
Tasks
Creating user accounts
Editing user accounts
Deleting user accounts
Creating user accounts
Use this task to create a user account. You must be a global administrator to add, edit, or delete
user accounts.
Task
For option definitions, click ? in the interface.
1 Click Menu | User Management | Users, then click New User. The New User page
appears.
2 Type a user name.
McAfee ePolicy Orchestrator 4.5 Product Guide24
Configuring ePolicy Orchestrator
How permission sets work
3 Select whether to enable or disable the logon status of this account. If this account is for
someone who is not yet a part of the organization, you might want to disable it.
4 Select whether the new account uses ePO authentication or Windows authentication,
and provide the required credentials.
5 Optionally, provide the user’s full name, email address, phone number, and a description
in the Notes text box.
6 Choose to make the user a global administrator, or select the appropriate permission sets
for the user.
7 Click Save to save the current entries and return to the Users tab. The new user should
appear in the Users list.
Editing user accounts
Use this task to edit a user account. Global administrators can change passwords on any user
account. Other users can only change passwords on their own accounts.
Task
For option definitions, click ? in the interface.
1 Click Menu | User Management | Users.
2 From the Users list, select the user you want to edit, then click Actions | Edit.
3 Edit the account as needed.
4 Click Save.
Deleting user accounts
Use this task to delete a user account. You must be a global administrator to delete user
accounts.
NOTE: McAfee recommends disabling the Login status of an account instead of deleting it,
until you are sure all valuable information associated with the account has been moved to other
users.
Task
For option definitions, click ? in the interface.
1 Click Menu | User Management | Users.
2 From the Users list, select the user you want to delete, then click Actions | Delete.
3 Click OK.
How permission sets work
A permission set is a group of permissions that can be granted to users or Active Directory (AD)
groups by assigning it to those users’ accounts. One or more permission sets can be assigned
to users who are not global administrators (global administrators have all permissions to all
products and features).
Permission sets only grant rights and access — no permission ever removes rights or access.
When multiple permission sets are applied to a user account, they aggregate. For example, if
25McAfee ePolicy Orchestrator 4.5 Product Guide
Configuring ePolicy Orchestrator
How permission sets work
one permission set does not provide any permissions to server tasks, but another permission
set applied to the same account grants all permissions to server tasks, that account has all
permissions to server tasks. Consider this as you plan your strategy for granting permissions
to the users in your environment.
When are permission sets assigned?
Global administrators can assign existing permission sets when they create or edit user accounts
and when they create or edit permission sets.
What happens when I install new products?
When a new product extension is installed, it can add one or more groups of permissions to
the permission sets. For example, when you install a VirusScan Enterprise extension, a VirusScan
Enterprise section is added to each permission set. Initially, the newly added section is listed
in each permission set with no permissions yet granted. The global administrators can then
grant permissions to users through existing or new permission sets.
Default permission sets
ePolicy Orchestrator 4.5 ships with four default permission sets that provide permissions to
ePolicy Orchestrator functionality. These are:
• Executive Reviewer — Provides view permissions to dashboards, events, contacts, and
can view information that relates to the entire System Tree.
• Global Reviewer — Provides view access globally across functionality, products, and the
System Tree, except for extensions, multi-server roll-up data, registered servers, and software.
• Group Admin — Provides view and change permissions across ePolicy Orchestrator features.
Users that are assigned this permission set each need at least one more permission set that
grants access to needed products and groups of the System Tree.
• Group Reviewer — Provides view permissions across ePolicy Orchestrator features. Users
that are assigned this permission set each need at least one more permission set that grants
access to needed products and groups of the System Tree.
Working with permission sets
Use these tasks to create and maintain permission sets.
Tasks
Creating permission sets for user accounts
Duplicating permission sets
Editing permission sets
Deleting permission sets
Creating permission sets for user accounts
Use this task to create a permission set.
Before you begin
You must be a global administrator to perform this task.
McAfee ePolicy Orchestrator 4.5 Product Guide26
Configuring ePolicy Orchestrator
How permission sets work
Task
For option definitions, click ? in the interface.
1 Click Menu | User Management | Permission Sets, then click New Permission Set.
2 Type a name for the permission set and select the users to which the set is assigned.
3 Select a server name from the drop-down list, or click Add if the server name you need
does not appear in the server list.
4 Click Save. The Permission Sets page appears.
5 Select the new permission set from the Permission Sets list. Its details appear to the right.
6 Click Edit next to any section where you want to grant permissions.
7 On the Edit Permission Set page that appears, select the appropriate options, then click
Save.
8 Repeat for all appropriate sections of the permission set.
Duplicating permission sets
Use this task to duplicate a permission set. Duplicating a permission set is useful when you
want to change only a few of the settings for a new permission set. Only global administrators
can duplicate permission sets.
Task
For option definitions, click ? in the interface.
1 Click Menu | User Management | Permission Sets, then select the permission set
you want to edit in the Permission Sets list. Its details appear to the right.
2 Click Actions | Duplicate, type a New name in the Duplicate dialog box, then click OK.
3 Select the new duplicate in the Permission Sets list. Its details appear to the right.
4 Click edit next to any section where you want to change permissions.
5 On the Edit Permission Set page that appears, select the appropriate options, then click
Save.
6 Repeat for all sections of the permission set where you want to grant permissions.
Editing permission sets
Use this task to edit a permission set. Only global administrators can edit permission sets.
Task
For option definitions, click ? in the interface.
1 Click Menu | User Management | Permission Sets, then select the permission set
you want to edit in the Permission Sets list. Its details appear to the right.
2 Click Edit next to any section where you want to grant permissions.
3 On the Edit Permission Set page that appears, select the appropriate options, then click
Save.
4 Repeat for all appropriate sections of the permission set.
27McAfee ePolicy Orchestrator 4.5 Product Guide
Configuring ePolicy Orchestrator
Contacts
Deleting permission sets
Use this task to delete a permission set. Only global administrators can delete permission sets.
Task
For option definitions, click ? in the interface.
1 Click Menu | User Management | Permission Sets, then select the permission set
you want to delete in the Permission Sets list. Its details appear to the right.
2 Click Actions | Delete, then click OK in the Action pane. The permission set no longer
appears in the Permission Sets list.
Contacts
The ePolicy Orchestrator software maintains a list of email addresses that it uses to send email
messages to specified users in response to events. Currently this list is used by Automatic
Responses, Queries, and export functionality.
Working with contacts
Use these tasks to create and maintain email address information of individuals who might
receive email messages from ePolicy Orchestrator.
Tasks
Creating contacts
Editing contacts
Deleting contacts
Creating contacts
Use this task to add email addresses to Contacts.
Task
For option definitions, click ? in the interface.
1 Click Menu | User Management | Contacts, then click Actions | New Contact.
2 Type a first name, last name, and email address for the contact.
3 Click Save. The new contact appears on the Contacts page.
Editing contacts
Use this task to edit information in an existing entry on the Contacts page.
Task
For option definitions, click ? in the interface.
1 Click Menu | User Management | Contacts, then select a contact.
2 Click Actions | Edit. The Edit Contact page appears.
McAfee ePolicy Orchestrator 4.5 Product Guide28
Configuring ePolicy Orchestrator
Server settings and the behaviors they control
3 Edit the information as desired.
4 Click Save.
Deleting contacts
Use this task to delete entries from the Contacts page.
Task
For option definitions, click ? in the interface.
1 Click Menu | User Management | Contacts, then select a contact.
2 Click Actions | Delete, then click OK in the Action pane. The contact no longer appears
in the list.
Server settings and the behaviors they control
Various settings control how the ePO server behaves. You can change most settings at any
time. But, only global administrators can access the server settings.
Types of ePO server settings are:
• Dashboards — Specifies the default active dashboard that is assigned to new users’ accounts
at the time of account creation, if one has been defined.
• Detected System Compliance — Specifies the settings that affect how rogue systems in
your network are identified and treated.
• Detected System Exception Categories — Specifies the categories that can be used to
mark systems in your environment as exceptions.
• Detected System Matching — Specifies the settings used to match detected systems and
system interfaces.
• Detected System OUIs — Specifies how your OUI (Organizationally Unique Identifier) list
is updated, and when the last update occurred.
• Email Server — Specifies the email server that is used when ePolicy Orchestrator sends
email messages.
• Event Filtering — Specifies which events are forwarded by the agent.
• Event Notification — Specifies the interval at which you want ePO Notification Events to
be sent to Automatic Responses.
• Global Updating — Specifies whether and how global updating is enabled.
• License Key — Specifies the 25 digit license key you provide while installing ePolicy
Orchestrator, via the hyperlink from the Log On to ePO page to an Enter License Key page,
or via this Server Settings page. McAfee introduced license keys to help customers with
license usage tracking needs and to be compliant with McAfee licensing terms.
• MyAvert Security Threats — Specifies the update frequency for the MyAvert Security
Threats service. If proxy settings are entered in Proxy Settings, they are used while collecting
MyAvert security threats.
• Policy Maintenance — Specifies whether policies for unsupported products are visible or
hidden. This is needed only after ePolicy Orchestrator is upgraded to 4.5 from a previous
version.
29McAfee ePolicy Orchestrator 4.5 Product Guide
Configuring ePolicy Orchestrator
Server settings and the behaviors they control
• Ports — Specifies the ports used by the server when it communicates with agents and the
database.
• Printing and exporting — Specifies how information is exported to other formats, and
the template for PDF exports. It also specifies the default location where the exported files
are stored.
• Proxy Settings — Specifies the type of proxy settings configured for your ePO server.
• Repository Packages — Specifies whether any package can be checked in to any branch.
Only agents later then version 3.6 can retrieve packages other than updates from branches
other than Current.
• Rogue System Sensor — Specifies the settings that define behavior for Rogue System
Sensors in your network.
• Security Keys — Specifies and manages the agent-server secure communication keys, and
repository keys.
• Server Certificate — Specifies the server certificate that your ePO server uses for HTTPS
communication with browsers.
• System Tree Sorting — Specifies whether and how System Tree sorting is enabled in your
environment.
• User Auto Creation — Specifies whether ePO users are automatically created upon logon,
based on AD (Active Directory) user profiles.
• Windows Authentication — Specifies the domain name and Active Directory servers
configured. This is also used for user authentication. For example, Windows Authentication
is used to determine if the password entered should allow the user to log on to ePolicy
Orchestrator.
• Windows Authorization — Specifies the domain name and Active Directory servers
configured for use with this ePO server. This is used while dynamically assigning permissions
to the users who have logged on to ePolicy Orchestrator.
Working with server settings
Use these tasks to configure and maintain the server. Only general server settings are covered
here. Feature-specific server settings are covered in the sections for those features. For example,
System Tree sorting server settings are covered in
Tasks
Specifying an email server
Replacing the server certificate
Configuring the template and location for exported reports
Determining which events are forwarded to the server
Viewing and changing communication ports
Specifying an email server
Use this task to specify an email server that ePolicy Orchestrator uses to send email messages.
Task
For option definitions, click ? in the interface.
Organizing the Systems Tree
.
McAfee ePolicy Orchestrator 4.5 Product Guide30
Loading...