McAfee NAPCKE-AB-AA, VirusScan for NetApp Configuration Manual

VirusScan® for NetApp

for use with ePolicy Orchestrator™ 3.0 Service Pack 1

version 7.1.0

Configuration Guide

Revision 1.0

Copyright © 2003 Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or affiliate companies. To obtain this permission, write to the attention of the Network Associates legal department at: 5000 Headquarters Drive, Plano, Texas 75024, or call +1-972-963-8000.

TRADEMARK ATTRIBUTIONS

Active Firewall, Active Security, Active Security (in Katakana), ActiveHelp, ActiveShield, AntiVirus Anyware and design, Appera, AVERT, Bomb Shelter, Certified Network Expert, Clean-Up, CleanUp Wizard, ClickNet, CNX, CNX Certification Certified Network Expert and design, Covert, Design (stylized N), Disk Minder, Distributed Sniffer System, Distributed Sniffer System (in Katakana), Dr Solomon’s, Dr Solomon’s label, E and Design, Entercept, Enterprise SecureCast, Enterprise SecureCast (in Katakana), ePolicy Orchestrator, Event Orchestrator (in Katakana), EZ SetUp, First Aid, ForceField, GMT, GroupShield, GroupShield (in Katakana), Guard Dog, HelpDesk, HelpDesk IQ, HomeGuard, Hunter, Impermia, InfiniStream, Intrusion Prevention Through Innovation, IntruShield, IntruVert Networks, LANGuru, LANGuru (in Katakana), M and design, Magic Solutions, Magic Solutions (in Katakana), Magic University, MagicSpy, MagicTree, McAfee, McAfee (in Katakana), McAfee and design, McAfee.com, MultiMedia Cloaking, NA Network Associates, Net Tools, Net Tools (in Katakana), NetAsyst, NetCrypto, NetOctopus, NetScan, NetShield, NetStalker, Network Associates, Network Performance Orchestrator, NetXray, NotesGuard, nPO, Nuts & Bolts, Oil Change, PC Medic, PCNotary, PortalShield, Powered by SpamAssassin, PrimeSupport, Recoverkey, Recoverkey – International, Registry Wizard, Remote Desktop, ReportMagic, RingFence, Router PM, Safe & Sound, SalesMagic, SecureCast, SecureSelect, SecurityShield, Service Level Manager, ServiceMagic, SmartDesk, Sniffer, Sniffer (in Hangul), SpamKiller, SpamAssassin, Stalker, SupportMagic, ThreatScan, TIS, TMEG, Total Network Security, Total Network Visibility, Total Network Visibility (in Katakan a), Total Service Desk, Total Virus D efense, Trusted Mail , UnInstal ler, VIDS, Virex, Virus Forum, ViruScan, VirusScan, WebScan, WebShield, WebShield (in Katakana), WebSniffer, WebStalker, WebWall, What's The State Of Your IDS?, Who’s Watching Your Network, WinGauge, Your E-Business Defender, ZAC 2000, Zip Manager are registered trademarks or trademarks of Network Associates, Inc. and/or its affiliates in the US and/or other countries. Sniffer®

brand products are made only by Network Associates, Inc. All other registered and unregistered trademarks herein are the sole property of their re spectiv e o wne rs.

LICENSE INFORMATION License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO NETWORK ASSOCIATES OR THE PLACE OF PURCHASE FOR A FULL REFUND.

Attributions

This product includes or may include:

Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).



Cryptographic software written by Eric A. Young and software written by Tim J. Hudson.



Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses which, among other



rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access t o the source code. The GPL requires that f or any software covered under the GPL which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that Network Associates provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein.



Software written by Douglas W. Sauder.



Software developed by the Apache Software Foundation (http://www.apache.org/).



FEAD® Optimizer® technology, Copyright Netopsystems AG, Berlin, Germany.



Software copyrighted by Expat maintainers.



Software copyrighted by Gunnar Ritter.



Software copyrighted by Sun Microsystems®, Inc.



Issued DECEMBER 2003 / VirusScan® for NetApp® software version 7.1.0

DOCUMENT BUILD 003-EN

Contents

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Getting information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Contacting McAfee Security & Network Associates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

1 Configuring VirusScan for NetApp 7.1.0 . . . . . . . . . . . . . . . . . . . . 9

Adding the VirusScan for NetApp .NAP file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Accessing the VirusScan for NetApp policy pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Setting policies for the product . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Setting general policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

General tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Messages tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Reports tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Setting policies for default processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Processes tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Detection tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Advanced tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Actions tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Setting policies for low-risk processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Use different settings for low-risk processes . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Processes tab for low-risk processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Detection tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Advanced tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Actions tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Setting policies for high-risk processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Use different settings for high-risk processes . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Processes tab for high-risk processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Detection tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Advanced tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Actions tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Setting user interface policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Configuration Guide iii

Contents

Display Options tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Password Options tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Setting policies for Alert Manager Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Alert Manager Alerts tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Setting NetApp policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Enforcing policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Creating and configuring tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

On-demand scan tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Creating a new on-demand scan task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Configuring the on-demand scan task settings . . . . . . . . . . . . . . . . . . . . . . . . . 42

Where tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Detection tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Advanced tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Actions tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Reports tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Task tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Update tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Creating a new update task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Configuring the update task settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Mirror tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Creating a new mirror task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Configuring the mirror task settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Scheduling tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Task tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Schedule tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

iv VirusScan® for NetApp® software version 7.1.0

Preface

Audience

This guide provides you with the information that you need to configure McAfee® VirusScan version 3.0 Service Pack 1.

VirusScan for NetApp 7.1.0 installs on scanner-servers. We do not support deploying the product using ePolicy Orchestrator.

The following information is provided in this guide:

 Installing the VirusScan for NetApp 7.1.0 Network Associates Package (.NAP)

files.

 Configuring VirusScan for NetApp policies.  Creating, configuring, and scheduling tasks from the ePolicy Orchestrator

console.

This information is intended primarily for network administrators who are responsible for their company’s anti-virus and security program in an environment that includes one or more NetApp

for NetApp® software version 7.1.0 with ePolicy Orchestrator™

filers.

Configuration Guide 5

Preface

Conventions

This guide uses the following conventions:

Bold

All words from the user interface, including options, menus, buttons, and dialog box names.

Example

Type the User name and Password of the desired account.

Courier

The path of a folder or program; a web address (URL); text that represents something the user types exactly (for example, a command at the system prompt).

Examples

The default location for the program is:

C:\Program Files\Network Associates\VirusScan

Visit the Network Associates web site at:

http://www.networkassociates.com

Run this command on the client computer:

C:\SETUP.EXE

Italic For emphasis or when introducing a new term; for names of

product manuals and topics (headings) within the manuals.

Example

Refer to the VirusScan Enterprise Product Guide for more information.

TERM> Angle brackets enclose a generic term.

Example

In the console tree under ePolicy Orchestrator, right-click

SERVER>.

NOTE Supplemental information; for example, an alternate method of

executing the same command.

WARNING

Important advice to protect a user, computer system, enterprise, software installation, or data.

6 VirusScan® for NetApp® software version 7.1.0

Getting information

Installation Guide *^

Product Guide *

Help §

Release Guide * Configuration Guide *

Implementation Guide * Release Notes ‡

System requirements and instructions for installing and starting the software.

VirusScan for NetApp 7.1.0 Installation Guide ePolicy Orchestrator 3.0. Installation Guide

Product introduction and features, detailed instructions for configuring the software, information on deployment, recurring tasks, and operating procedures.

VirusScan for NetApp 7.1.0 Product Guide ePolicy Orchestrator 3.0. Product Guide

Alert Manager

™

Product Guide

High-level and detailed information on configuring and using the software. What’s This? field-level help.

High-level description of new a nd changed features f or this versio n of th e product. For use with ePolicy Orchestrator™. Procedures for configuring, deploying, and

managing your McAfee Security product through ePolicy Orchestrator management software.

Supplemental information for product features, tools, and components. ReadMe. Product information, resolved issues, any known issues, and

last-minute additions or changes to the product or its documentation.

Contacts ‡

Contact information for McAfee Security and Network Associates services and resources: technical support, customer service, AVERT (Anti-Virus Emergency Response Team), beta program, and training. This file also includes phone numbers, street addresses, web addresses, and fax numbers for Network Associates offices in the United States and around the world.

* An Adobe Acrobat .PDF file on the product CD or the McAfee Security download site. ^ A printed manual that accompanies the product CD. Note: Some language manuals may be available only as a .PDF file. ‡ Text files included with the software application and on the product CD.

§ Help accessed from the software application: Help menu and/or Help button for page-level help; right-click option for What’s

This? help.

Configuration Guide 7

Preface

Contacting McAfee Security & Network Associates

Technical Support

Home Page http://www.networkassociates.com/us/support/ KnowledgeBase Search https://knowledgemap.nai.com/phpclient/homepage.aspx PrimeSupport Service Portal * https://mysupport.nai.com

McAfee Security Beta Program http://www.networkassociates.com/us/downloads/beta/ Security Headquarters — AVERT (Anti-Virus Emergency Response Team)

Home Page http://www.networkassociates.com/us/security/home.asp Virus Information Library http://vil.nai.com Submit a Sample —

AVERT WebImmune AVERT DAT Notification

Service

Download Site

Home Page http://www.networkassociates.com/us/downloads/ DAT File and Engine Updates http://www.networkassociates.com/us/downloads/updates/

Product Upgrades * https://secure.nai.com/us/forms/downloads/upgrades/login.asp

Training

McAfee Security University http://www.networkassociates.com/us/services/education/mcafee/univer

Network Associates Customer Service

E-mail services_corporate_division@nai.com Web http://www.networkassociates.com/us/index.asp US, Canada, and Latin America toll-free:

https://www.webimmune.net/default.asp

http://vil.nai.com/vil/join-DAT-list.asp

ftp://ftp.nai.com/pub/antivirus/datfiles/4.x

sity.htm

Phone +1-888-VIRUS NO or +1-888-847-8766

For additional information on contacting Network Associates and McAfee Security— including toll-free numbers for other geographic areas — see the Contact file that accompanies this product release.

Logon credentials required.

8 VirusScan® for NetApp® software version 7.1.0

Monday – Friday, 8 a.m. – 8 p.m., Central Time

Configuring VirusScan for NetApp 7.1.0

You can configure VirusScan for NetApp policies, create tasks, and schedule tasks from the ePolicy Orchestrator console.

These topics are included in this section:

 Adding the VirusScan for NetApp .NAP file on page 10.  Accessing the VirusScan for NetApp policy pages on page 12.  Setting policies for the product on page 13.  Enforcing policies on page 40.  Creating and configuring tasks on page 40.  Scheduling tasks on page 52.

Configuration Guide 9

Configuring VirusScan for NetApp 7.1.0

Adding the VirusScan for NetApp .NAP file

Before configuring VirusScan for NetApp, you must add the VirusScan for NetApp .

1 Log on to the ePolicy Orchestrator server with administrator rights. 2 Open the Configuration Wizard using one of these methods:

NAP file to the Repository.

 In the console tree under ePolicy Orchestrator, right-click Repository, then

select

Configure Repository.

 In the right pane under AutoUpdate Tasks, select Check in NAP.

Figure 1-1. Configure Repository

10 VirusScan® for NetApp® software version 7.1.0

Adding the VirusScan for NetApp .NAP file

The Software Repository Configura tio n W izar d dialog box appears.

Figure 1-2. Configure Software Repository

3 Select Add new software to be managed, then click Next to open the Select a

Software Package

4 Locate and select the VNA710.NAP file. 5 Click Open to add the file to the Repository. 6 Click OK when complete.

dialog box.

Configuration Guide 11

Configuring VirusScan for NetApp 7.1.0

Accessing the VirusScan for NetApp policy pages

To locate policies for VirusScan for NetApp:

1 Log on to the ePolicy Orchestrator server with administrator rights. 2 In the console tree under ePolicy Orchestrator | Directory, select the site, group,

single computer, or the entire

Directory.

Figure 1-3. VirusScan for NetApp — Policies tab

Policies, Properties, and Tasks tabs appear in the upper details pane.

The

3 Select the Policies tab in the upper details pane, then expand VirusScan for

NetApp 7.1

4 Select an item under VirusScan for NetApp 7.1 to display its policy pages.

12 VirusScan® for NetApp® software version 7.1.0

Setting policies for the product

Configuring VirusScan for NetApp policies from the ePolicy Orchestrator console allows you to enforce, across groups of computers, the options that define how all tasks and permissions are configured.

For information regarding policies and how they are enforced, see the ePolicy Orchestrator 3.0 product documentation.

Before configuring any policies, select the group of computers in the console tree for which you want to set policies.

The VirusScan for NetApp 7.1.0 policy tabs, on which you can set VirusScan for NetApp policies, are nearly identical to the dialog boxes and their tabs in the

VirusScan Console. For complete information about the options that you can set for

VirusScan for NetApp, refer to the VirusScan for NetApp 7.1.0 Product Guide. Once you have configured and saved the desired policy options, you must enforce

the policies to make them available to the ePolicy Orchestrator agent. For more information, see Enforcing policies on page 40.

Setting policies for the product

These topics are included in this section:

 Setting general policies on page 14.  Setting policies for default processes on page 18.  Setting policies for low-risk processes on page 23.  Setting policies for high-risk processes on page 28.  Setting user interface policies on page 33.  Setting policies for Alert Manager Alerts on page 37.  Setting NetApp policies on page 38.

Configuration Guide 13

Configuring VirusScan for NetApp 7.1.0

Setting general policies

The options on the General Policies tabs apply to default, low-risk, and high-risk processes for on-access scanning. See the VirusScan for NetApp 7.1.0 Product Guide for more information about low-risk and high-risk processes.

Policies can be configured on these tabs:

 General tab on page 15.  Messages tab on page 16.  Reports tab on page 17.

14 VirusScan® for NetApp® software version 7.1.0

Setting policies for the product

General tab

Specify the general policies.

1 Select Genera l Po lic ie s under VirusScan for NetApp 7.1 in the upper details

pane.

2 In the lower details pane, select the General tab.

Figure 1-4. General Policies — General tab

3 Deselect Inherit. 4 Configure these policy options:

a Under Scan, choose whether to scan boot sectors and/or floppy disks

during shutdown.

b Under General, choose whether to enable or disable on-access scanning at

startup.

c Under Scan time, type the maximum scan time in seconds for archives and

the maximum scan time for all files. You can also enforce the scan time limit for all files.

5 Click Apply to save these settings.

Configuration Guide 15

Configuring VirusScan for NetApp 7.1.0

Messages tab

Specify the user message policies.

1 In the lower details pane, select the Messages tab.

Figure 1-5. General Policies — Messages tab

2 Deselect Inherit. 3 Configure which messages are sent to local and network users:

a Under Messages for local users, choose whether to display the On-Access

Scan Messages

dialog box for local users, and which actions local users

without administrator rights can take on infected files.

b Under Response to network users, choose whether to send network users

a message in the event of an outbreak, and whether to disconnect remote users and deny access to the network share in the event of an outbreak.

4 Click Apply to save these se tt ings.

16 VirusScan® for NetApp® software version 7.1.0

Setting policies for the product

Reports tab

Configure logging activity and specify what information to log.

1 In the lower details pane, select the Reports tab.

Figure 1-6. General Policies — Reports tab

2 Deselect Inherit. 3 Configure the logging policies:

a Under Log file, choose whether to log virus activity data to a log file,

whether to limit the size of the log file, and specify the location of the log file.

b Under What to log in addition to virus activity, choose what types of

information you want logged.

4 Click Apply to save these settings.

Configuration Guide 17

+ 37 hidden pages

McAfee NAPCKE-AB-AA, VirusScan for NetApp Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual