Page 1
Product Guide
McAfee Total Protection Service 5.1.5
Page 2
COPYRIGHT
Copyright © 2010 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by
any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE),
MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered
trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of
McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A
FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
2
McAfee Total Protection Service 5.1.5 Product Guide
Page 3
Contents
Preface 9
About this guide ..................................9
Finding product documentation ............................10
1 Introducing Total Protection Service 11
How Total Protection Service works .......................... 12
Types of protection .................................13
Additional features with specific versions ........................13
Core product strengths ...............................14
New features for this release .............................15
The role of the client software ............................ 17
Updates to the client software ............................ 17
Management with the SecurityCenter ......................... 19
Audience ..................................9
Conventions .................................9
Overview of update methods ..........................17
Simple updates through direct connections ....................18
Updates using Rumor technology ........................19
Updates through relay servers .........................19
Create user groups ..............................21
Customize policies ..............................22
Check reports ................................24
2 Using the Client Software 25
How to access the client software ...........................25
About the icon ................................26
About the console .............................. 27
Types of client software updates ............................28
Terminal server support ............................29
Specifying when computers check for updates ...................29
Updating client computers manually .......................30
Disabling updates for non-logged on users .................... 30
Performing setup and maintenance tasks ........................31
Testing virus protection ............................31
Changing the language for the software ..................... 31
Logging on as a site administrator ........................31
Configuring notifications ............................32
Configuring what users see ...........................32
Uninstalling the client software .........................33
Frequently asked questions ..............................34
Error messages ..................................34
3 Using the SecurityCenter 37
The SecurityCenter .................................37
Logging on to the SecurityCenter ........................38
McAfee Total Protection Service 5.1.5 Product Guide
3
Page 4
Contents
Accessing data on SecurityCenter pages ..................... 39
Protection status at a glance .............................40
Viewing protection at a glance .........................42
Working with widgets .............................42
Management of client computers ........................... 43
Working with computers ............................45
Working with an individual computer .......................46
Management of computer groups ...........................47
Working with groups .............................48
Management of group administrators ..........................48
Working with group administrators ........................50
Management of security policies ............................51
McAfee Default policy .............................52
Working with policies .............................55
Generation of security reports ............................ 56
Scheduling reports ..............................58
Adding your logo to reports .......................... 58
Computer Profiles report ............................59
Duplicate Computers report .......................... 60
Managing your account ...............................61
Configuring your account profile .........................61
Signing up for email notifications ........................61
Viewing and updating subscription information ...................62
Buying and renewing subscriptions and licenses ..................62
Locating or creating keys for your account .................... 63
Merging accounts .............................. 64
Downloading tools and utilities ............................64
Getting assistance .................................65
Frequently asked questions about the SecurityCenter ...................66
Questions about reporting ...........................66
Questions about adding, renewing, and moving licenses ...............67
4 Using Virus and Spyware Protection 69
How detections are handled ............................. 70
Spyware protection mode and detections ........................70
Use learn mode to discover programs ...................... 71
Types of scans ...................................71
On-access (automatic) scans ..........................72
On-demand scans ..............................72
Email scans .................................73
Spyware scans ................................73
Scanning on client computers .............................74
Scanning on demand from the console ......................74
Scanning on demand from Windows Explorer ................... 75
Scanning email on client computers .......................75
Viewing the progress of scheduled scans .....................75
Enabling and disabling on-access scanning .................... 76
Configuring scanning policy options ..........................76
Scheduling a scan ..............................76
Enabling optional types of virus scans ......................76
Excluding files and folders from virus scans ....................77
Selecting spyware scanning options .......................78
Approving and unapproving programs in a policy ..................78
Managing detections ................................79
Viewing scan results on client computers .....................79
Managing potentially unwanted programs on client computers ............ 80
4
McAfee Total Protection Service 5.1.5 Product Guide
Page 5
Contents
Viewing quarantined files on client computers ...................81
Viewing user-approved programs and applications .................81
Viewing threats detected on the account .....................82
Viewing unrecognized programs detected on the account ...............83
Reports for virus and spyware protection ........................83
Detections report ...............................83
Unrecognized Programs report .........................84
Detection History report ............................85
Best practices (virus and spyware protection) ......................85
Frequently asked questions ..............................87
Error messages ..................................87
5 Using Firewall Protection 89
Connection type and detections of incoming communications ................90
Custom connections ............................. 91
Firewall protection mode and detections of unknown applications ..............92
Use learn mode to discover Internet applications ..................93
The role of IP addresses ...............................93
The role of system service ports ............................94
Standard assignments for system service ports .................. 94
Firewall configuration ................................95
Interaction between user and administrator policy settings ..............97
Configuring policy options ..............................97
Selecting general firewall settings ........................97
Configuring options for Internet applications ....................98
Tracking blocked communications ........................98
Configuring custom connections ............................99
Configuring system services and port assignments .................99
Configuring IP addresses ...........................100
Installing and enabling firewall protection at the policy level ................101
Installing firewall protection during policy updates .................101
Enabling and disabling firewall protection ....................102
Managing detections ................................102
Viewing unrecognized programs detected on the account ..............102
Viewing user-approved programs and applications .................103
Viewing blocked communications ........................103
Reports for firewall protection ............................104
Unrecognized Programs report .........................104
Inbound Events Blocked by Firewall report ....................105
Best practices (firewall protection) ..........................105
Frequently asked questions .............................106
Questions about policies ...........................107
Questions about general firewall protection ....................107
6 Using Browser Protection and Web Filtering 109
Browser protection features .............................109
How safety ratings are compiled ...........................110
Safety icons and balloons protect during searches ....................111
Using site safety balloons ...........................111
Testing communication problems ........................111
SiteAdvisor menu protects while browsing .......................112
Using the SiteAdvisor menu ..........................113
Safety reports provide details ............................113
Viewing safety reports ............................115
Information that browser protection sends to McAfee ...................115
Installing browser protection during policy updates ...................116
McAfee Total Protection Service 5.1.5 Product Guide
5
Page 6
Contents
Web filtering features ...............................116
Enabling and disabling browser protection via policy ...................117
Enabling and disabling browser protection at the client computer ..............117
Block and warn sites by safety ratings .........................118
Blocking or warning site access based on safety ratings ..............119
Blocking or warning file downloads based on safety ratings .............119
Blocking phishing pages ...........................120
Block and warn sites by content ...........................120
Blocking or warning site access based on content .................121
Authorize and prohibit sites by URL or domain .....................121
How site patterns work ............................122
Adding authorized and prohibited sites .....................123
Customizing messages for users ...........................123
Viewing browsing activity ..............................124
Web Filtering report ................................125
Best practices (browser protection) ..........................126
Frequently asked questions .............................127
7 Using SaaS Email Protection 129
Core SaaS email protection features .........................129
Additional SaaS email protection services .......................130
The SaaS email protection widget and portal ......................131
Account activation and setup ............................132
Activating and setting up your account .....................133
Accessing the SaaS email protection portal ....................133
Configuring policy settings for SaaS email protection ................134
Checking quarantined messages ........................134
Reports and statistics for email protection .......................135
Viewing email activity for the week .......................135
Viewing reports ...............................135
Getting more information ..............................135
8 Using Email Server Protection 137
Email server protection features ...........................137
The installation and setup process ..........................139
Installing email server protection ........................139
The email server protection widget and management console ...............140
Management of email server protection ........................141
Checking notifications and action items .....................141
Viewing detection and status information ....................142
Accessing the management console on the server .................143
Where to find more information ...........................144
9 Using Vulnerability Scanning 145
Vulnerability scanning features ............................145
The vulnerability scanning widget and portal ......................146
Accessing the vulnerability scanning portal ....................147
Overview of scanning process ............................148
Types of devices to scan ..............................148
Types of scans ..................................149
Managing scan devices ...............................150
Discovering IP addresses in a domain ......................150
Discovering IP addresses in a network ......................150
Adding devices to scan ............................151
Configuring devices to accept scans .......................152
Creating device groups ............................153
6
McAfee Total Protection Service 5.1.5 Product Guide
Page 7
Contents
Changing device groups ...........................153
Deleting devices ..............................154
Performing scans .................................154
Starting a scan ...............................154
Scheduling scans for devices .........................155
How detections are reported .............................156
Viewing scan results ................................156
Viewing results for audit scans .........................157
Viewing results for DNS discovery on domains ..................157
Viewing results for network discovery scans ...................158
Frequently asked questions .............................158
Error messages ..................................160
Index 161
McAfee Total Protection Service 5.1.5 Product Guide
7
Page 8
Contents
8
McAfee Total Protection Service 5.1.5 Product Guide
Page 9
Preface
This guide provides the information you need to configure, use, and maintain your McAfee product.
About this guide
This information describes the guide's target audience, the typographical conventions and icons used
in this guide, and how the guide is organized.
Audience
McAfee documentation is carefully researched and written for the target audience.
The information in this guide is intended primarily for:
• Administrators — People who implement and enforce the company's security program.
Conventions
This guide uses the following typographical conventions and icons.
Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis.
Bold Text that is strongly emphasized.
User input or Path Commands and other text that the user types; the path of a folder or program.
Code
User interface
Hypertext blue A live link to a topic or to a website.
A code sample.
Words in the user interface including options, menus, buttons, and dialog
boxes.
Note: Additional information, like an alternate method of accessing an option.
Tip: Suggestions and recommendations.
Important/Caution: Valuable advice to protect your computer system,
software installation, network, business, or data.
Warning: Critical advice to prevent bodily harm when using a hardware
product.
McAfee Total Protection Service 5.1.5 Product Guide
9
Page 10
Preface
Finding product documentation
Finding product documentation
McAfee provides the information you need during each phase of product implementation, from
installation to daily use and troubleshooting. After a product is released, information about the product
is entered into the McAfee online KnowledgeBase.
Task
1
Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.
2
Under Self Service, access the type of information you need:
To access... Do this...
User documentation
1
2
3
Click Product Documentation.
Select a Product, then select a Version.
Select a product document.
KnowledgeBase
• Click Search the KnowledgeBase for answers to your product
questions.
• Click Browse the KnowledgeBase for articles listed by product and
version.
10
McAfee Total Protection Service 5.1.5 Product Guide
Page 11
1
1
Introducing Total Protection Service
Total Protection Service provides a "hands-off" solution to safeguard the computers on your network
automatically by keeping itself up-to-date and checking for threats contained in files and programs, in
email messages, in communications from inside and outside the network, and on websites.
When you purchase a subscription to Total Protection Service, an account is created for you, and you
become the account administrator (referred to as the site administrator). When you install the Total
Protection Service client software on computers, they are added to your account. A weekly email
alerts you to any problems detected for computers on your account.
In some organizations, another person, such as a purchasing
department representative, purchases the subscription and then
designates you to be the site administrator.
For a more "hands-on" approach, use the SecurityCenter to view and manage computers and
detections on your network. Your service provider sends you a unique URL and login credentials for
your account, which you can use to access the SecurityCenter. This is a pre-configured website that
provides a simple-to-use management console for monitoring the protection status of computers on
your account. Use the SecurityCenter to view reports on detections and activities and to configure
security settings that address the specific needs of your account.
This section provides an overview of the product and its features.
Contents
How Total Protection Service works
Types of protection
Additional features with specific versions
Core product strengths
New features for this release
The role of the client software
Updates to the client software
Management with the SecurityCenter
McAfee Total Protection Service 5.1.5 Product Guide
11
Page 12
Introducing Total Protection Service
1
How Total Protection Service works
How Total Protection Service works
Total Protection Service delivers comprehensive security as a service for all the computers on your
account.
It automatically checks for threats, intercepts them, takes the appropriate action to keep your data
and your network safe, and tracks detections and security status for reports.
1 Client software runs on each computer where it is installed.
2 The client software updates itself — automatically and silently — by downloading the latest
detection definition (DAT) files from your account’s administrative website, the McAfee
SecurityCenter. DAT files define the threats that the client software detects.
3 The client software uploads security information about each computer to the SecurityCenter
for use in administrative reports.
4 As your account’s administrator, you can use a web browser to visit the SecurityCenter,
where you can access reports that detail the status of client computers and use tools for
customizing and managing security.
12
McAfee Total Protection Service 5.1.5 Product Guide
®
Page 13
Types of protection
The core features in Total Protection Service safeguard against a broad range of threats.
Feature Description
Virus and spyware
protection
Firewall protection Establishes a barrier between each computer and the Internet or other
Browser protection Displays information to safeguard client computer users against web-based
SecurityCenter Provides centralized, web-based access to status information and management
Introducing Total Protection Service
Types of protection
Checks for viruses, spyware, unwanted programs, and other potential threats
borne on removable media or brought in from your network, including via
email. Every time a file on your computer is accessed, virus and spyware
protection scans the file to make sure it is free of viruses and spyware.
computers on your local network. It silently monitors communications traffic
for suspicious activity and takes appropriate action, such as blocking.
threats. Users can view website safety ratings and safety reports as they
browse or search with Microsoft Internet Explorer or Mozilla Firefox.
tasks for your account.
1
Additional features with specific versions
Some versions of Total Protection Service include additional protection features.
Feature Description
Hosted on
client
computers
Web filtering Works within browser protection to expand the policy and reporting options
available. Enables administrators to control access to websites based on their
safety rating or category of content. Based on SiteAdvisor® Enterprise Plus.
Web-based
Vulnerability
scanning
Analyzes your domains and IP addresses, then reports vulnerability detections and
recommends steps for correcting them. Based on SECURE™.
McAfee Total Protection Service 5.1.5 Product Guide
13
Page 14
1
Introducing Total Protection Service
Core product strengths
Feature Description
SaaS email
protection
(NEW)
Protects against email threats by scanning messages before they reach your
network. Blocks or quarantines detections of directory harvest attacks, spam,
phishing scams, viruses, and other email-borne threats in messages and
attachments. Based on SaaS Email Protection and can be enhanced with these
additional services:
• SaaS Email Archiving — Stores email messages in a centralized, secure location.
• SaaS Email Continuity — Enables web-based email access during outages.
• SaaS Email Intelligent Routing — Routes filtered email to distributed email
systems.
If you have subscribed to email protection previously, your account will be migrated
to SaaS email protection. McAfee will notify you when this occurs and provide
instructions for setting up the new account.
Email server
protection
Provides comprehensive virus and spam protection for the email and other content
entering and leaving your environment. Proactive anti-virus scanning and an
automatic outbreak manager prevent malicious code from disrupting the system,
while advanced content filtering allows administrators to set up rules for
inappropriate content, sensitive information, and adding disclaimers to messages.
• Security Service for Exchange protects your Microsoft Exchange Server
2003/2007 environment and includes Anti-Spam for Mail Servers. Documentation
is bundled with the downloaded software.
• McAfee GroupShield® for Lotus Domino protects your Lotus Domino Windows
edition version 6.0.2/7.0.2/8.0 environment and includes Anti-Spam for Mail
Servers. Documentation is available on the CD or in the downloadable installer
accessible from the McAfee download center.
Core product strengths
Total Protection Service safeguards your computers with a robust set of core features.
• Continuous protection — From the time a client computer is turned on until it is turned off, Total
Protection Service silently monitors all file input and output, downloads, program executions,
inbound and outbound communications, and other system-related activities.
• Instant discovery for virus threats — When Total Protection Service detects a virus threat, it
attempts to clean the item containing the threat before further damage can occur. If an item
cannot be cleaned, a copy of it is placed in a quarantine folder and the original item is deleted.
• Customized threat response for program detections — By default, Total Protection Service
provides a high degree of protection against threats. You can also configure the response to
detections of potentially unwanted programs and suspicious activity to suit your needs: take
immediate action to clean, quarantine, or block the detection; prompt users for a response; or only
log the detection for administrative reports.
• Preemptive safety notifications for web-based threats — Threats reported on websites are
communicated to users through color-coded icons and safety reports, enabling them to minimize
exposure to dangerous websites.
14
McAfee Total Protection Service 5.1.5 Product Guide
Page 15
• Automatic updates — Total Protection Service checks for product updates at regular intervals
throughout the day, comparing security components against the latest releases. When a computer
needs a newer version, the client software retrieves it automatically.
• Early Warning system and outbreak response — Total Protection Service uses the latest
information about threats and outbreaks as soon as they are discovered by McAfee® Labs, a
research division of McAfee. Whenever McAfee Labs releases an outbreak detection definition (DAT)
file, computers on your account receive it promptly.
New features for this release
This release of Total Protection Service includes these new features.
Core features
All versions of Total Protection Service include these new features to facilitate account management.
Now you can do this... Details
Customize the SecurityCenter
home page
Get real-time evaluation for
unrecognized threat detections
Schedule reports Customize the data that appears in reports, then automatically
Designate a default policy for your
account
Display computers by policy Organize the computer listing for your account by policy as well
Access more account data on the
SecurityCenter
Introducing Total Protection Service
New features for this release
Select the summary and activity reports (known as widgets)
that appear on the Dashboard page. Click and drag to
reposition and resize widgets.
Artemis technology sends unrecognized detections to McAfee
Labs for evaluation.
generate and email these reports at regular intervals.
Select a customized policy as the default assigned to computers
in your account.
as by groups.
Look up your company key, grant number, installation URL, and
group IDs more easily.
1
McAfee Total Protection Service 5.1.5 Product Guide
15
Page 16
1
Introducing Total Protection Service
New features for this release
Additional types of protection
Some versions of Total Protection Service offer additional types of protection that extend coverage to
other network assets.
Now you can do this... Details
Use SaaS email
protection to add robust
security options and
failsafe access to
messages and
administrative features
Protects against email threats by scanning messages before they reach
your network. Blocks or quarantines detections of directory harvest attacks,
spam, phishing scams, viruses, and other email-borne threats in messages
and attachments. Based on SaaS Email Protection and can be enhanced
with these additional services:
• SaaS Email Archiving — Stores email messages in a centralized, secure
location.
• SaaS Email Continuity — Enables web-based email access during outages.
• SaaS Email Intelligent Routing — Routes filtered email to distributed
email systems.
If you have subscribed to email protection previously, your account will be
migrated to SaaS email protection. McAfee will notify you when this occurs
and provide instructions for setting up the new account.
Control access to
websites based on their
safety ratings and
content
Scan websites for
vulnerabilities
Access protection
portals without
separate login
credentials
Increase protection for
Microsoft Exchange mail
servers
Web filtering works within browser protection to add policy and reporting
options. You can block user access to websites and file downloads or warn
them about reported threats, customize messaging that displays for
blocked sites, create lists of authorized and prohibited websites based on
their domain or URL, or view a report of web browsing activity on your
network.
Vulnerability scanning enables you to register IP addresses, then scan them
for vulnerabilities and report scan results to the SecurityCenter in alerts.
The single sign-on feature lets you open the SaaS email protection or
vulnerability scanning portal directly from the SecurityCenter, without
entering additional login credentials.
Security Service for Exchange uses advanced heuristics to protect your
Microsoft Exchange server version 2003 or 2007 from viruses, unwanted
content, potentially unwanted programs, and banned file types and
messages. It also scans:
• Subject line and body of the email messages.
• Email attachments (based on file type, file name, and file size).
• Text within the email attachments.
Additionally, Security Service for Exchange includes the add-on component
Anti-Spam for Mail Servers, which protects your Exchange server from
spam and phishing emails.
16
McAfee Total Protection Service 5.1.5 Product Guide
Page 17
The role of the client software
The Total Protection Service software installed on client computers implements a three-prong
approach to security
It does this by:
1
Silently monitoring all file input and output, downloads, program executions, inbound and outbound
communications, and other system-related activities on client computers. As a result of this
monitoring, the client software automatically:
• Deletes or quarantines detected viruses.
• Removes potentially unwanted programs, such as spyware or adware, unless you select a
different response.
• Blocks suspicious activity unless you specify a different response.
• Indicates unsafe websites with a color-coded button or icon in the browser window or search
results page. These indicators provide access to safety reports that detail site-specific threats.
2
Regularly updating detection definition (DAT) files and software components to ensure that you are
always protected against the latest threats.
Introducing Total Protection Service
The role of the client software
1
3
Uploading security information for each client computer to the SecurityCenter, then using this
information to send emails and create reports that keep you informed about your account’s status.
Updates to the client software
Regular updates are the cornerstone of Total Protection Service.
The client software periodically checks a site on the Internet for newer versions of these software
components.
• Regular DAT files, which contain the latest definitions for viruses, potentially unwanted programs,
and cookies and registry keys that might indicate spyware. These are updated regularly to add
protection against new threats.
• Outbreak DAT files, which are high-priority detection definition files released in an emergency
situation in response to a specific new threat.
• Software components running on client computers.
• Policy settings configured for your account.
At the same time, the client software sends information about its detections and protection status, to
update the security data maintained on the SecurityCenter website and used in administrative reports.
Overview of update methods
The client software uses several methods to check for and retrieve updates.
Five minutes after a client computer connects to the network, and at regular intervals throughout the
day, the Total Protection Service client software checks for updates. If updates are available, the client
computer retrieves them.
In addition, users can check for updates manually at any time by clicking the Total Protection Service
icon in the system tray, then selecting Update Now.
McAfee Total Protection Service 5.1.5 Product Guide
17
Page 18
1
Introducing Total Protection Service
Updates to the client software
Updates can occur in three ways. You can implement one method or a combination of methods, which
enables you to control the impact updates have on network resources.
1
For simple updates, each client computer on your account has a direct connection to the Internet
and checks for new updates.
2
Rumor technology enables all computers in a workgroup to share downloaded files, which controls
Internet traffic and minimizes expensive downloads.
3
Internet Independent Updating (IIU) enables any computer on the network to get information from
the update site, even if that computer does not have an Internet connection, by communicating
with the update site through a network computer that is configured as a relay server.
Simple updates through direct connections
Each client computer that has a direct Internet connection can check for updates and download them
from the update site on the Internet. This is the simplest method of retrieving updates.
18
McAfee Total Protection Service 5.1.5 Product Guide
Page 19
Introducing Total Protection Service
Management with the SecurityCenter
Updates using Rumor technology
When one computer shares updates with other computers on the local area network (LAN), rather
than requiring each computer to retrieve updates from the update website individually, the Internet
traffic load on the network is reduced. This process of sharing updates is called Rumor.
1
Each client computer checks the version of the most recent catalog file on the Internet site. This
catalog file contains information for every component in the Total Protection Service client
software, and is stored in a digitally signed, compressed .cab file format.
• If the version is the same as the catalog file on the client computer, the process stops here.
• If the version is different from the catalog file on the client computer, the client computer
attempts to retrieve the latest catalog file from its peers. It queries if other computers on the
LAN have already downloaded the new catalog file.
2
The client computer retrieves the required catalog file (directly from the Internet site or from one
of its peers) and uses it to determine if new components are available for Total Protection Service.
3
If new components are available, the client computer attempts to retrieve them from its peers. It
queries whether computers on the LAN have already downloaded the new components.
• If so, the client computer retrieves the update from a peer. (Digital signatures are checked to
verify that the computer is valid.)
1
• If not, the client computer retrieves the update directly from the update site.
4
On the client computer, the catalog file is extracted and new components are installed.
Updates through relay servers
Internet Independent Updating (IIU) enables computers to update Total Protection Service client
software when they are not connected to the Internet.
At least one computer on the subnet must have an Internet connection to be able to communicate
with the update site. That computer is configured to act as a relay server, and computers without an
Internet connection use this computer to connect with the Internet and retrieve updates directly from
the McAfee update site.
1
When a computer without Internet access fails to connect directly to the update site, it requests a
response from a relay server on the LAN and uses that computer to communicate with the update
site.
2
The computer without an Internet connection downloads updates directly from the update site
through the relay server.
You can specify which computers function as relay servers when you install the client software or at a
later time. See the installation guide for more information.
Management with the SecurityCenter
Your service provider sends you a unique URL and login credentials for your account, which you can
use to log on to the SecurityCenter, a pre-configured, web-based management console for your account.
From the SecurityCenter, you can access tools to monitor the status of computers on your account,
view reports on detections and activities, and configure security settings that address the specific
needs of your account.
McAfee Total Protection Service 5.1.5 Product Guide
19
Page 20
1
Introducing Total Protection Service
Management with the SecurityCenter
The Dashboard page is the "home page" of the SecurityCenter. It shows summary information for your
account at-a-glance.
• Alerts and action items — Indicate whether any action is required to address security issues, and
links you to instructions for resolving them.
• Product coverage and activity summaries — Modular reports (known as widgets) illustrate the
current status of your account. These include reports on protection coverage (such as computers
where protection is installed and enabled) and activity (such as the number of detections, emails,
and website visits). The type, size, and placement of widgets can be customized.
• Subscription tracking — Widgets are available to show subscription and licensing information for
your account. Click a button to install protection, create a trial subscription, renew or purchase a
subscription, or buy additional licenses.
• Links to related portals — Some widgets contain a link to a portal used for managing
non-client-based protection, such as SaaS email protection and vulnerability scanning.
The SecurityCenter offers two powerful tools for protecting and monitoring displaying your computers
and fine-tuning their security settings.
20
McAfee Total Protection Service 5.1.5 Product Guide
Page 21
Introducing Total Protection Service
Management with the SecurityCenter
• User groups — Create groups for computers that have one or more common characteristics. This
enables you to view and manage them as a single entity when needed.
• Customized policies — Select settings for protection features, save them in a policy, and assign
the policy to computers or groups of computers. This enables you to configure settings targeted
specifically for each computer's environment and risk factors.
From the SecurityCenter, access important information and additional management tools.
• Installation wizard and links to remote installation methods.
• Detailed identification, activity, and detection data for the groups and computers on your account.
• Administrative reports.
• Policy configuration tools.
• Account configuration data, reference information, subscription status, and tools for managing your
accounts and subscriptions.
• Helpful utilities.
• Product documentation and links to product support and demos.
1
Create user groups
A group consists of one or more computers that share a particular feature.
Each computer running the client software belongs to a group. By default, computers are placed in the
Default Group.
In large accounts, groups are an essential tool for managing computers because they let you manage
different types of computers more easily. You can view all the computers in a group, view detections
and reports for the group, and assign security settings (called policies) to a group as a single entity
rather than individually. You can base groups on geographic location, department, computer type, user
tasks, or anything meaningful to your organization.
For example, you might place all laptops used by traveling sales representatives into a single group
called Sales Team. You can then view details about this group of computers separately from other
computers in your account. You can easily check detections for these computers or customize their
security settings to protect them from the risks specific to users of public networks.
To create groups, use the Computers tab on the SecurityCenter website.
The following example shows how an administrator might configure policies for client computers in
three different groups. You should configure policies for your users to meet your own company’s needs.
Policy setting
On-Demand Scan Weekly Daily Daily
Enable outbreak response Enabled Enabled Enabled
Scan within archives during
on-access scans
No Enabled Enabled
McAfee Total Protection Service 5.1.5 Product Guide
21
Page 22
1
Introducing Total Protection Service
Management with the SecurityCenter
Policy setting
Check for updates every 12 hours 4 hours 4 hours
Spyware Protection Mode Prompt Protect Prompt
Approved Programs None None Nmap remote admin tool
Firewall Protection Mode Protect Protect Prompt
Use Smart Recommendations to automatically
approve common Internet
applications
Connection Type Trusted network Untrusted network Trusted network
Allowed Internet Applications AOL Instant Messenger None
Enabled No Enabled
• AOL Instant Messenger
• GoogleTalk
Access to Sites, Access to
Downloads (Web Filtering)
Block phishing pages (Web
Filtering)
• Red — Block
• Yellow — Warn
• Unrated — Warn
Enabled Enabled Enabled
• Red — Block
• Yellow — Block
• Unrated — Warn
• Red — Warn
• Yellow — Allow
• Unrated — Allow
Customize policies
After installation, Total Protection Service protects client computers from threats immediately by using
the security settings configured in the McAfee Default policy.
You might want to change the way some settings are configured for some or all of the computers on
your account. For example, you might want to set up a list of programs you consider safe or have
computers check for updates every four hours.
Policies are made up of security settings that define how the client software operates on client
computers. Policy management allows you to assign different levels and types of protection to
different users. If you have created groups, you can assign a unique policy to each group or one policy
to all groups.
For example, you can assign a Sales policy to your mobile Sales Team group, with security settings
that protect against threats in unsecured networks such as airports and hotels.
22
McAfee Total Protection Service 5.1.5 Product Guide
Page 23
Introducing Total Protection Service
Management with the SecurityCenter
1
1 Create a Sales Team group and a Sales policy.
2 Assign the Sales policy to the computers in the Sales Team group.
3 Client software running on computers in the Sales Team group performs the tasks
defined in the Sales policy:
• Check for updates to software components and DAT files every 4 hours.
• Check for an outbreak DAT file every hour.
• Scan for viruses and potentially unwanted programs daily.
• Block communication from computers on the local network (untrusted network).
4 Client software sends security data for each client computer to the SecurityCenter.
5 Administrator checks the security status for the Sales Team group in reports on the
SecurityCenter.
6 The administrator adjusts the Sales policy. The modified policy is downloaded
automatically to client computers in the Sales Team group the next time they check for
updates.
McAfee Total Protection Service 5.1.5 Product Guide
23
Page 24
1
Introducing Total Protection Service
Management with the SecurityCenter
Check reports
Whenever client computers check for updates, they upload information about their security status to
the SecurityCenter.
This information includes the number and type of detections, the functional status of the client
software, and any applications or communications that were approved by users or blocked. The
method used to upload information is the same method used to retrieve updates (i.e., through a direct
connection, Rumor technology, or a relay server).
A summary of this information is sent to you in a weekly status email (unless you or your service
provider has disabled this feature). You can also retrieve detailed information in reports available on
the SecurityCenter. Reports show the types of detections and activities occurring for computers on
your account. Use them to evaluate the current policy options for your account and adjust them as
needed.
You can also schedule these reports to run at regular intervals and be delivered to you or other
specified persons as an email attachment.
24
McAfee Total Protection Service 5.1.5 Product Guide
Page 25
2
2
Using the Client Software
Total Protection Service client software is installed on each computer you want to protect.
When installation is complete, the computer is added to your Total Protection Service account
automatically. The software then runs in the background to download updates to the computer, protect
the computer from threats, and send detection data to the SecurityCenter for use in administrative
reports.
Typically, users have little interaction with the client software unless they want to manually scan for
threats. User tasks are documented in the online user help on client computers.
As an administrator, you can use the SecurityCenter website to configure settings and monitor
detections for the client computers on your account. Occasionally, you might work directly on a client
computer by using the tasks described in this section.
Contents
How to access the client software
Types of client software updates
Performing setup and maintenance tasks
Frequently asked questions
Error messages
How to access the client software
Total Protection Service has two visual components through which users interact with the client software.
• An icon that appears in the Windows system tray.
• A console that displays the current protection status and provides access to features.
You, the administrator, determine which components appear by configuring policy options on the
SecurityCenter website and assigning them to client computers. The options are:
• Icon only, which allows users to access only the menu options. They can view the status of the
software (for example, when downloads are occurring) and perform manual updates.
• Icon and protection status summary, which allows users to access a limited set of features.
• Icon and full console, which allows users to access all features. This is the default setting.
McAfee Total Protection Service 5.1.5 Product Guide
25
Page 26
2
Using the Client Software
How to access the client software
Access these policy options on the Policies page under Client Settings.
About the icon
The Total Protection Service icon appears in the Windows system tray. It provides access to the
product's console and to some of the basic tasks you might need to perform.
Use the icon to:
• Check for product updates.
• Open the console, to check the protection status and access features. (Available if the
administrator has configured this option.)
26
McAfee Total Protection Service 5.1.5 Product Guide
Page 27
Using the Client Software
How to access the client software
• Activate your copy of the software.
• Renew the subscription or buy more licenses.
2
How the icon indicates the status of the client software
The appearance of the icon changes to indicate the status of the client software. Hold your cursor over
the icon to display a message describing the current condition.
This icon... ...indicates:
Total Protection Service is active and there are no issues to be aware of.
An update is in progress. Do not interrupt your Internet or LAN
connection; do not log off your computer.
One of these conditions exists:
• Your Total Protection Service subscription is expired. Renew it or
contact your administrator.
• Your pre-installed or trial subscription is not activated.
• Firewall protection is disabled.
• The last update failed to complete. Check your Internet or LAN
connection and perform a manual update (click the icon, then select
Update Now).
• On-access scanning is disabled.
About the console
Check the protection status and access the features of the client software through the console.
To display the console, use one of these methods:
• Double-click the Total Protection Service icon in the system tray.
• Click the icon, then select Open Console.
• Click Start | Programs | McAfee | Managed Services | Total Protection Service.
The basic console displays the status of the protection features installed on the computer.
• Detected risks are highlighted in red. Click Fix to resolve the risk.
• To access product features and perform tasks, click Action Menu, then select from the options:
• Product Details — Display the full console with links to features and tasks.
• Scan Computer — Select a scan target and begin scanning for threats.
• Set Connection Type — Specify the type of network the computer connects to. This determines
which communications firewall protection allows to access the computer.
• View Application List — Specify applications that are allowed to access the Internet or blocked.
• Admin Login — Log on as an administrator to access administrative features. Requires site
administrator credentials.
• View Help — Display online help.
The client features you can access are determined by policy options
assigned to the computer.
McAfee Total Protection Service 5.1.5 Product Guide
27
Page 28
Using the Client Software
2
Types of client software updates
Types of client software updates
Regular updates enable Total Protection Service to ensure client computers are always protected from
the latest threats.
To perform updates, the client software connects directly to a site on the Internet and checks for:
• Updates to the detection definition (DAT) files used to detect threats. DAT files contain definitions
for threats such as viruses and spyware, and these definitions are updated as new threats are
discovered.
• Upgrades to software components. (To simplify product terminology, both updates and upgrades
are referred to as updates.)
Updates usually occur automatically in the background. Even computers without Internet access can
retrieve updates through relay servers. In addition, users can perform on-demand (manual) updates
at any time, and you can configure optional policy settings for updating tasks.
Client software is updated in these ways.
Type of update Description
Automatic updates
The software on each client computer automatically connects to the
Internet directly or through a relay server and checks for updated
components. Total Protection Service checks for updates five minutes
after a user logs on and at regular intervals thereafter. For example:
• If a computer is normally connected to the network all the time, it
checks for updates at regular intervals throughout the day.
Manual updates
• If a computer normally connects to the network each morning, it
checks for new updates five minutes after the user logs on each
day, then at regular intervals throughout the day.
• If a computer uses a dial-up connection, the computer checks for
new updates five minutes after dialing in, then at regular intervals
throughout the day.
By default, computers check for new updates every 12 hours. You can
change this interval by configuring a policy setting.
Automatic updates do not occur:
• On computers where a CHAP or NTML proxy is set up in
Internet Explorer.
• When no user is logged on to a computer without an
Internet connection that receives updates using a relay
server.
Pre-installed and CD-based versions of Total Protection Service need
to be activated before automatic updates occur. See the online user
help for more information.
At times, users might want to check for updates manually. For
example, when a computer appears to be out-of-date in your
administrative reports, users might need to update manually as part
of the troubleshooting process.
28
McAfee Total Protection Service 5.1.5 Product Guide
Page 29
Type of update Description
Outbreak updates
When an outbreak is identified by McAfee Labs, they issue an
outbreak DAT, which is a special detection definition (DAT) file marked
as Medium or High importance. It is specially encoded to inform the
first computer receiving it to share the update immediately with other
client computers on the network.
In rare cases, McAfee might send an EXTRA.DAT file with instructions
for manually installing it.
For maximum protection, configure your policies to check for an
outbreak DAT file every hour. This feature is enabled by default.
Using the Client Software
Types of client software updates
2
Updates when no user is
logged on
In most scenarios, Total Protection Service supports terminal servers
and the Windows fast user switching feature. When an update occurs,
one session is designated as the primary update session. A pseudo
user is defined, which enables automatic updates to occur on
computers where no user is logged on.
For certain configurations, automatic updates cannot occur. Total
Protection Service cannot create the pseudo user when:
• The computer is a domain controller.
• Local security policies, including password restrictions, prevent the
user’s creation.
• The computer receives updates through a relay server and no one is
logged on.
When the pseudo user cannot be created, automatic updates do not
occur. The pseudo user also cannot update if the computer is behind
an authenticating proxy server or on computers where a CHAP or
NTML proxy is set up in Internet Explorer.
Terminal server support
Total Protection Service supports updates for terminal servers and the Windows fast user switching
feature.
These updates are supported in most scenarios, with these limitations:
• When an update occurs on a terminal server, one session is designated as the primary update
session for restrictions that apply to automatic updates.
• For all user sessions, the Total Protection Service icon is removed from the system tray during the
installation or update. The icon is restarted only for the user logged on to the primary update
session. All user sessions are protected, and other users can manually redisplay their icons by
clicking Start | Programs | McAfee | Managed Services | Total Protection Service.
• Detection notifications are not displayed on the desktop of all computer users if the fast user
switching feature is enabled.
Specifying when computers check for updates
Use this task to select how often client computers check for updates to software components and DAT
files. By default, they check every 12 hours.
For virus and spyware scans to detect all the latest threats, the detection definition (DAT) files must
be kept up-to-date. DAT files are updated by McAfee Labs whenever new threats are discovered.
McAfee Total Protection Service 5.1.5 Product Guide
29
Page 30
2
Using the Client Software
Types of client software updates
Task
For option definitions, click ? in the interface.
1
In the SecurityCenter, click the Policies tab, then click Add Policy (or click Edit to modify an existing
policy).
2
Click Client Settings.
3
On the Client Settings tab, under Update Settings, select a frequency from the Check for updates every
list.
4
Click Save.
(For a new policy, click Next, select additional options for the policy, then click Save.)
Updating client computers manually
Use this task to check for and download updates to detection definition (DAT) files and software
components.
Manual updates are also called on-demand updates.
Task
•
Click the Total Protection Service icon in the system tray, then select Update Now.
• A panel shows the progress of the update.
• When the update is completed, the panel displays the date of the last update and a list of files
that were downloaded.
• The panel closes automatically after the update is completed.
Disabling updates for non-logged on users
Use this task to prevent failed automatic updates from being reported as errors when requirements
cannot be met for updating computers where no user is logged on.
Task
For option definitions, click ? in the interface.
1
In the SecurityCenter, click the Policies tab, then click Add Policy (or click Edit to modify an existing
policy).
2
Click Client Settings.
3
On the Client Settings tab, under Update Settings, deselect Update client computers where users are not
logged on.
4
Click Save. (For a new policy, click Next, select additional options for the policy, then click Save.)
30
McAfee Total Protection Service 5.1.5 Product Guide
Page 31
Performing setup and maintenance tasks
Performing setup and maintenance tasks
Use these tasks to set up and monitor the general features of the Total Protection Service client software.
Testing virus protection
Use this task to test the virus-detection feature of virus and spyware protection by downloading the
EICAR Standard AntiVirus Test File at the client computer.
Although it is designed to be detected as a virus, the EICAR test file is not a virus.
Task
1
Download the EICAR file from the following location:
http://www.eicar.org/download/eicar.com
If installed properly, virus and spyware protection interrupts the download and displays a threat
detection notification.
2
Click OK, then select Cancel.
If installed incorrectly, virus and spyware protection does not detect the
virus or interrupt the download process. In this case, use Windows
Explorer to delete the EICAR test file from the client computer, then
reinstall Total Protection Service and test the new installation.
Using the Client Software
2
Changing the language for the software
Use this task at the client computer to change the language at any time.
By default, the client software uses the address that was submitted when the client software was
purchased or activated to determine the language. (If that language is not supported on the computer,
the one most closely matching is used.)
Task
1
Click the Total Protection Service icon in the system tray, then select Open Console.
2
From the Action Menu, select Product Details.
3
In the SecurityCenter Communication area, click Select Console Language, select a language, then click
OK.
4
Select Use the specified custom language, then select a language from the drop-down list.
5
Close the console, then re-open it (by repeating step 1). The console appears in the selected
language.
Logging on as a site administrator
Use this task to log in to a client computer as a site administrator, which makes the full console and
some additional tasks available.
• Viewing the progress of scheduled scans that are in progress.
• Managing files in the Quarantine Viewer.
• Disabling and enabling on-access scanning.
• Logging on to the SecurityCenter.
McAfee Total Protection Service 5.1.5 Product Guide
31
Page 32
2
Using the Client Software
Performing setup and maintenance tasks
Task
1
Click the Total Protection Service icon in the system tray, then select Admin Login.
2
Type your login credentials for the SecurityCenter. These were sent to you in a Welcome email
when you purchased Total Protection Service.
• Email address — The email address used to sign up for Total Protection Service.
• Password — In most cases, the password you created when signing up.
3
Click Submit.
Configuring notifications
Use this task to specify whether notifications display on client computers to let users know that
support is ending for their operating system.
By default, Total Protection Service displays notifications:
• When upgrades to product components, such as the scanning engine, are scheduled to end or will
end within 30 days.
• When updates to detection definition (DAT) files have ended or will end within 30 days.
Task
For option definitions, click ? in the interface.
1
In the SecurityCenter, click the Policies tab, then click Add Policy (or click Edit to modify an existing
policy).
2
Click Client Settings.
3
On the Client Settings tab, under Display Settings, select or deselect Display support notifications.
4
Click Save. (For a new policy, click Next, select additional options for the policy, then click Save.)
Configuring what users see
Use this task to select which components of the client software are displayed on client computers.
Task
For option definitions, click ? in the interface.
1
In the SecurityCenter, click the Policies tab, then click Add Policy (or click Edit to modify an existing
policy).
2
Click Client Settings.
3
On the Client Settings tab, under Display Settings, select an option for Console display on client computers.
• Show full console — All client software options are displayed.
• Show status summary only — The tray icon and menu are displayed, and users can open the console
to display only the status of protection features on their computer.
• Show the icon only — The tray icon is displayed, and the tray menu lists only the Update Now option.
4
Click Save. (For a new policy, click Next, select additional options for the policy, then click Save.)
32
McAfee Total Protection Service 5.1.5 Product Guide
Page 33
Performing setup and maintenance tasks
Using the Client Software
Uninstalling the client software
Use this task at a client computer to remove the Total Protection Service software.
You might need to do this for testing purposes or before reinstalling the client software. (Note that not
all types of protection include a client software component.)
If you uninstall the client software, the computer is no longer protected.
We recommend that you reinstall as soon as possible.
Task
1
Close the Microsoft Outlook and Internet Explorer applications.
2
In the Windows Control Panel, open Add/Remove Programs.
3
Select the types of protection you want to uninstall, then click Remove.
McAfee Virus and Spyware Protection
•
McAfee Firewall Protection
•
McAfee Browser Protection
•
2
On computers running the Windows firewall, the setting for the Windows
firewall is automatically restored to the setting that was in effect before
Total Protection Service firewall protection was installed. If the Windows
firewall was enabled then, it is re-enabled automatically now.
McAfee Total Protection Service 5.1.5 Product Guide
33
Page 34
Using the Client Software
2
Frequently asked questions
Frequently asked questions
This section includes questions asked by administrators and users related to using the Total Protection
Service client software.
Why does the online help not display correctly?
If the built-in help system displays incorrectly on a client computer, its version of Microsoft Internet
Explorer might not be using ActiveX controls properly. These controls are required to display the help
file. Make sure that you install the latest version of Internet Explorer with its Internet security settings
set to Medium or Medium-high.
I use Windows XP Service Pack 2, and I get a message that my computer may be
at risk. What does this mean?
This is a known problem with Microsoft Security Center, because Microsoft cannot determine that Total
Protection Service is installed and up-to-date. If you get this message when starting your computer,
click the message balloon to open the Recommendation window, select I have an antivirus program that I’ll
monitor myself, then click OK.
Can computers using proxy servers receive updates?
If client computers are connected to the Internet by a proxy server, you might need to provide
additional information for updates to work properly. Authentication support is limited to anonymous
authentication or Windows domain challenge/response authentication. Basic authentication is not
supported. Automatic updates do not occur when a CHAP or NTML proxy is set up in Internet Explorer.
Is it okay to delete the Temp folder in my program’s directory structure?
No. Updates might fail if the Temp folder does not exist. If you delete the folder inadvertently, restart
the computer to re-create the folder automatically, or manually create a Temp folder in the Program Files
\McAfee\Managed VirusScan folder.
During an update, I get a message that one or more Total Protection Service
windows are open, but I don’t see any windows open. What should I do?
This occurs when a task that cannot be stopped, such as a scheduled scan, is running in the
background. Wait for the task to complete, or restart the computer to proceed with the update.
Error messages
This section describes error messages that are related to using the Total Protection Service client
features.
Unable to connect to Total Protection Service update server. Failed to connect to
server for updates.
This error can be caused by several problems, but the most common solutions are:
• Check your connection to the network server or Internet.
• Empty the Internet Explorer cache and adjust the security level settings to Medium or Medium-high.
• Empty the Internet Explorer cache. (See your browser's documentation for instructions.)
• Adjust your corporate firewall or proxy settings.
34
McAfee Total Protection Service 5.1.5 Product Guide
Page 35
Using the Client Software
Error messages
2
Update failed.
There are several reasons that updates might fail.
• Check your connection to the network server or Internet.
• When using the Windows fast user switching feature, automatic updates cannot occur when no
user is logged on if the computer is a domain controller or local security policies prevent the
creation of a pseudo user.
• Automatic updates cannot occur on computers that are behind an authenticating proxy server or on
computers where a CHAP or NTML proxy is set up in Internet Explorer.
• Automatic updates cannot occur where no user is logged on to computers that receive updates
through a relay server.
• Updates might fail if the Temp folder does not exist on the client computer. If you delete the folder
inadvertently, restart the computer to re-create the folder automatically, or manually create a Temp
folder in the Program Files\McAfee\Managed VirusScan folder.
Activate your software.
You have not activated your copy of Total Protection Service. You cannot receive updates against the
latest threats until you activate. To activate, click the Total Protection Service icon in the system tray,
then select Activate.
Your software is not up-to-date. Please activate to receive the latest update.
You have not activated your copy of Total Protection Service. You cannot receive updates against the
latest threats until you activate. To activate, click the Total Protection Service icon in the system tray,
then select Activate.
Your subscription has expired. Your trial has expired. Renew your subscription to
re-activate your software. Purchase a subscription to re-activate your software.
If you are using a pre-installed copy of Total Protection Service, your activated trial or your
pre-installed subscription has expired. To activate, click the Total Protection Service icon in the system
tray, then select Buy or Renew your subscription.
McAfee Total Protection Service 5.1.5 Product Guide
35
Page 36
2
Using the Client Software
Error messages
36
McAfee Total Protection Service 5.1.5 Product Guide
Page 37
3
3
Using the SecurityCenter
Total Protection Service is designed for hands-off management.
After installing the software on client computers, you receive regular emails that summarize the
security status of all client computers on your account, and notify you of actions required to address
vulnerabilities. Status emails contain a link to your McAfee® SecurityCenter website, where you can
view detailed reports and instructions for resolving problems.
In small organizations, status emails might be all that is needed to assure you that your computers
are safe. If you manage a large account or want more proactive, hands-on involvement, you can take
advantage of the management console available on the SecurityCenter.
Use the SecurityCenter to centrally manage the client computers and information for your account.
Contents
The SecurityCenter
Protection status at a glance
Management of client computers
Management of computer groups
Management of group administrators
Management of security policies
Generation of security reports
Managing your account
Downloading tools and utilities
Getting assistance
Frequently asked questions about the SecurityCenter
The SecurityCenter
The SecurityCenter offers a management console for monitoring the protection status of computers on
your account and assessing their security needs.
Administrative features are divided among eight pages:
• Dashboard • My Account
• Computers • Utilities
McAfee Total Protection Service 5.1.5 Product Guide
37
Page 38
3
Using the SecurityCenter
The SecurityCenter
• Reports • Help
• Policies • Feedback
Logging on to the SecurityCenter
Use this task to log on to the SecurityCenter and access administrative features.
Task
1
Paste or type the URL into your browser.
2
Type your login credentials.
• Email address — The email address that you used to sign up for Total Protection Service.
• Password — In most cases, the password that you created when signing up. If you have forgotten
your password, click the link and it will be emailed to you at the login email address.
3
Click Log On.
38
McAfee Total Protection Service 5.1.5 Product Guide
Page 39
Using the SecurityCenter
The SecurityCenter
3
Accessing data on SecurityCenter pages
Each SecurityCenter page includes features for displaying the exact data you need and using it efficiently.
When you want to... Do this...
Send the current page as an
email attachment or scheduled
report
Print the current page Click the print icon (located along the upper-right margin of the
Save the current page as a file Click the save icon (located along the upper-right margin of the
Display context-sensitive help Click the help ( ? ) icon (located along the upper-right margin of the
Navigate in multiple-page
listings
Select computers to manage Select the checkbox for individual computers, or select the checkbox
Check your action items and
alerts
Click the email icon (located along the upper-right margin of the
page) to open the Scheduled Reports page, which contains a blank
email message to fill out and delivery options. You can configure the
message to be sent immediately or at regular intervals, then click
Save. (You must have a local email application installed to use this
feature.)
page) to open the page in a separate browser window, then select
Send to Printer to open the Windows Print dialog box.
page), then select the file format:
• Microsoft Excel
• Microsoft Word
• Adobe PDF
• Comma-separated text
page) to display help for the current page, with links to related topics.
Click the number of entries to display, or select a page number from
the Go to page drop-down list.
in the heading to select all computers.
Problems that require your attention appear in red. The method for
resolving them varies depending on the page.
• In an action item, click the button at the end of the text to display
instructions for resolving the problem.
Display details about a
computer
• In a computer listing, click the name of the computer to display
details about it, then click the action item.
Click a computer name in a listing.
McAfee Total Protection Service 5.1.5 Product Guide
39
Page 40
Using the SecurityCenter
3
Protection status at a glance
When you want to... Do this...
Send email to a computer Click an email address in the listing to open a blank, preaddressed
message. (You must have a local email application installed to use
this feature.)
Filter information on a page At the top of a page, select the information to display (such as group
name, period of time, or type of information).
Sort information in listings Click a column heading to sort by that column.
Click it again to switch the order in which it is displayed (ascending
order or descending order).
Protection status at a glance
The Dashboard page is your “home” page on the SecurityCenter website.
It provides a graphical overview of your coverage, with instant access to summary information about
the computers and subscriptions in your account. Access the Dashboard page at any time by clicking
the Dashboard tab.
For greater flexibility in managing large accounts, select whether to
display groups or individual computers.
• Install additional protection.
• View and resolve action items.
• View protection coverage and activity for all computers or specific groups with interactive reports
(known as widgets) containing clickable charts and links.
• Check and update your subscriptions and licenses.
40
McAfee Total Protection Service 5.1.5 Product Guide
Page 41
Using the SecurityCenter
Protection status at a glance
• Select, resize, and reposition the widgets that appear on the page.
• Access associated management portals or dashboards by clicking a link (available only when your
account includes SaaS email protection, vulnerability scanning, or email server protection).
3
McAfee Total Protection Service 5.1.5 Product Guide
41
Page 42
3
Using the SecurityCenter
Protection status at a glance
Viewing protection at a glance
Use this task to view details about your account and protection coverage, resolve action items, and
update protection.
Task
1
Click the Dashboard tab.
2
Select the group for which you want to display information. (Optional)
3
Do any of the following:
To... Do this...
View instructions to resolve an action item Click the button at the end of the text.
Action items are security issues that need your
immediate attention.
Install additional protection Click Install Protection to open a wizard that guides
you through the steps for installing protection
on new or existing computers.
Add clickable charts and graphs (widgets) to the
page
Redisplay the default page configuration Click Restore Defaults.
View details about protection coverage In a widget, click a color in the pie chart that
Click Add Widget, select a chart or graph, then
click Add to Dashboard.
shows the status of client computers in your
account.
• Red — Out-of-date or unprotected systems.
• Green — Up-to-date or protected systems.
• Gray — Computers where protection is not
installed.
Update protection In the Subscription Summary widget, click Buy,
Buy More, or Renew, then follow the instructions on
the Product Purchase page.
Create trial subscriptions Click the Try link in the Subscription Summary
widget, or in a widget for a type of protection
not included in your account.
Customize the appearance of the page
• To remove a widget, click its close box (in the
upper-right corner).
• To reposition a widget, click its title bar and
drag it to a new location.
• To resize a widget, click its border and drag to
a new size.
• To email the information in the widget, click
the email icon (in the upper-right corner). You
can also schedule it to be sent as an email
attachment at regular intervals.
Working with widgets
Use this task to view, manage, and access information in widgets.
Widgets are small, interactive reports that appear on the Dashboard page of the SecurityCenter. They
provide summary and overview information about your account's protection status, activity, and
subscriptions. Some widgets provide links to associated portals or subscription-related tasks.
42
McAfee Total Protection Service 5.1.5 Product Guide
Page 43
Using the SecurityCenter
Management of client computers
You can add new widgets, remove widgets, and customize the way widgets appear.
Task
1
Click the Dashboard tab.
2
Do any of the following:
To... Do this...
View details about protection coverage
View details about activity In a widget, click links that display more
Buy or renew subscriptions and licenses Click links in the Subscription Summary widget.
Create trial subscriptions Click the Try link in the Subscription Summary
Open a protection portal in a separate browser
window
Remove a widget Click its close box (in the upper-right corner).
Reposition a widget Click its title bar and drag it to a new location.
Resize a widget Click its border and drag to a new size. (Two
Email the information in the widget Click the email icon (in the upper-right corner),
Add widgets to the page
In a widget, click a color in the pie chart that
shows the status of client computers in your
account.
• Red — Out-of-date or unprotected systems.
• Green — Up-to-date or protected systems.
• Gray — Computers where protection is not
installed.
information about reported activity, such as the
computer names or the number of detections.
widget, or click a link in a widget for a type of
protection not included in your account.
Click the Click here to configure link in a SaaS email
protection or vulnerability scanning widget.
(Available only when your subscription includes
these types of protection.)
sizes are available.)
then select delivery options to send it now or
schedule it to be sent at regular intervals. (You
must have a local email application installed to
use this feature.)
Click Add Widget, locate the widget you want to
display in the gallery, then click Add to Dashboard.
3
Management of client computers
The Computers page provides a centralized location for working with all the computers in your account.
You can instantly view each computer’s group and email address, when it last connected to the
network, whether its detection definition (DAT) file is current, the number of detections, and the
number of Internet applications approved by its user. You can easily see which computers need your
attention, display additional information, and perform necessary management tasks.
McAfee Total Protection Service 5.1.5 Product Guide
43
Page 44
3
Using the SecurityCenter
Management of client computers
On the SecurityCenter, click the Computers tab to display the Computers page, which lists all the
computers or groups in your account or only the computers in a selected group.
The Computers page lists up to 5000 computers. For larger accounts, we
recommend organizing your computers into groups of no more than 100
computers to optimize SecurityCenter performance.
From the Computers page you can click a computer name to display details of the individual computer
on the Computer Details page.
44
McAfee Total Protection Service 5.1.5 Product Guide
Page 45
Using the SecurityCenter
Management of client computers
Working with computers
Use this task to manage client computers from the Computers page.
Task
1
Click the Computers tab.
2
Select information filters to determine what you want to appear at the bottom of the page:
• Report period — Specify the length of time for which to display information.
• View by — Display individual computers or groups.
• Group — Display only the computers in a group or display all computers. (Not available if you
selected View | Groups.)
• Status — Show all computers, out-of-date computers, computers with detections, or computers
you have blocked from receiving updates.
• Policy — Show all computers or only those assigned a particular policy.
3
On the Computers page, do any of the following:
To... Do this...
Find one or more
computers
Type the full or partial name of a computer in the Find Computers box
and click Search.
3
Add one or more
computers
View or edit details for a
computer
Send email to users about
their computer's problems
or tasks they need to
perform
Delete obsolete or
duplicate computers from
the listing
Block unauthorized
computers from receiving
updates
Unblock computers from
receiving updates
Move computers into a
group
Assign a policy to
computers
The computer search feature does not recognize wildcard characters,
so type letters or numbers only. Site administrators can search the
entire account; group administrators can search only the groups their
site administrator has assigned to them.
Click Install Protection to open the installation wizard, which guides you
through the steps for installing protection on new or existing computers.
Click a computer name to display the Computer Details page for that
computer.
Click an email address for a computer. Alternatively, select the
checkbox for multiple computers in the list, then click the Email button.
A blank preaddressed email message appears. (You must have a local
email application installed to use this feature.)
Select the checkbox for one or more computers in the list, then click
Delete.
Deleting a computer does not remove the Total Protection Service
client software. If you mistakenly delete a computer with enabled
client software from the listing, it automatically reappears the next
time its report data is uploaded; however, you can no longer view its
historical detection data.
Select the checkbox for one or more computers in the list, then click
Block.
Select Computer status | Blocked to list all blocked computers, then select
the checkbox for one or more computers and click Unblock.
Select the checkbox for one or more computers in the list, then select
an existing group from the Move to Group list.
Select the checkbox for one or more computers in the list, then select
an existing policy from the Policy list.
McAfee Total Protection Service 5.1.5 Product Guide
45
Page 46
3
Using the SecurityCenter
Management of client computers
To... Do this...
View detections for a
computer
Add user-approved
applications to one or
more policies
Click a quantity under Detections to open the Detections List, then click
a detection name to view detailed information from the McAfee Labs
Threat Library.
1
Click a quantity under User-Approved Applications.
2
In the User-Approved Applications List, click Allow, select the policies
to add the approved applications to, then click Save.
The User-Approved Applications List shows detected programs that
users have approved to run on the computer. To prevent users from
approving applications, configure policy options for Protect mode.
Working with an individual computer
Use this task to manage an individual computer on the Computer Details page.
This page displays information about the computer, its service components, and its detections.
Task
1
From a computer listing, such as the Computers page, click a computer name.
2
On the Computer Details page, do any of the following:
To... Do this...
Update the email address In the System email address box, type a new email
address, then click Save.
Move the computer to a new group In the Group list, select a group, then click Save.
Assign a new policy In the Policy list, select a new policy, then click
Save.
Install protection on an unprotected computer Select the Click here to install link to open the
installation wizard.
Display instructions for resolving an action item Under Action Items, click the action item.
Display details about detections In the Detections section, click a quantity under
Detections or User-Approved Applications to display a
detailed listing.
46
McAfee Total Protection Service 5.1.5 Product Guide
Page 47
Using the SecurityCenter
Management of computer groups
To... Do this...
Add user-approved applications to one or more
policies
1
In the Detections section, click a quantity
under User-Approved Applications.
2
In the User-Approved Applications List, click
Allow, select the policies to add the approved
applications to, then click Save.
The User-Approved Applications List shows
detected programs that users have approved
to run on the computer. To prevent users
from approving applications, configure policy
options for Protect mode.
View attempted visits to blocked websites In the Detections section, click a quantity under
Blocked Sites to open a page that lists details
about each attempted visit.
This feature is available only when web
browsing policy options are enabled in
versions of Total Protection Service that
include the web filtering module.
3
Management of computer groups
A group consists of one or more computers that share a particular feature.
You can base groups on geographic location, department, computer type, the tasks performed by the
users, or anything meaningful to your organization.
By default, every computer in your account is placed into a group called Default Group. You can create
other groups to place them in instead.
Why use groups?
Groups help you manage large numbers of computers or computers that use different security settings
(defined in policies). Groups are particularly helpful in larger organizations or companies that are
widely distributed geographically. Placing similar computers into a single group enables you to view
and manage security issues for the group separately from the other computers in your account.
For example, you might place all laptops used by traveling sales representatives into a single group
called Sales Team. Then you can configure special security settings for those computers to provide
greater protection against threats in unsecured networks such as airports and hotels. You can also
track the number of detections on those computers through more frequent reports and adjust the
security settings as needed.
McAfee Total Protection Service 5.1.5 Product Guide
47
Page 48
3
Using the SecurityCenter
Management of group administrators
Tips for large accounts
To more efficiently monitor large accounts and optimize SecurityCenter performance, we recommend
that you organize your computers into groups of no more than 100 computers. This enables you to
use the View filter to display reports and computer status by group, then drill down to see the
individual computers within a group as needed.
How can I manage groups?
The Manage Groups page displays the groups in your organization. Access the page by clicking the Manage
Groups button on the Computers page. If you have not created any groups or policies, only the Default
Group is displayed.
The Default Group
Until you create additional groups, all computers are assigned to the Default Group when the Total
Protection Service client software is installed. If you delete a group that contains computers, they are
moved into the Default Group. You cannot change the name of the Default Group.
After you create additional groups, you can assign computers to them during the installation process
or move computers into them at a later time.
Working with groups
Use this task to view and configure groups for your account.
Task
1
Click the Computers tab, then click Manage Groups.
2
On the Manage Groups page, do any of the following:
To... Do this...
Create a group
View computers in a group Under Computers, click a number to display the
Rename a group Under Action, select Rename, specify a new name
Delete a group Under Action, select Delete, then click OK.
1
Click Add Group.
2
Type a name for the group.
3
Select the computers to add to the group.
4
Click Save.
Computers page showing all the computers in
the group.
for the existing group, then click Save.
You cannot delete the Default Group. If you
delete a group that contains computers,
they will be moved into the Default Group.
Management of group administrators
Group administrators oversee and manage the groups that you, the site administrator, assign to them.
When creating group administrators, you specify which groups they manage, a password they use to
access the SecurityCenter, and their access level.
48
McAfee Total Protection Service 5.1.5 Product Guide
Page 49
Management of group administrators
Using the SecurityCenter
3
Why use group administrators?
Create group administrators to distribute security management in large organizations.
Group administrators have fewer access rights than the site administrator. While the site administrator
can access all security information for all client computers in the account, group administrators can
access information only for client computers in the groups they are assigned to.
1
The site administrator communicates directly with the SecurityCenter to create policies, check
reports, and maintain the SecurityCenter account.
2
The site administrator creates and manages group administrators.
3
Group administrators communicate directly with the SecurityCenter to access security data for the
groups they are assigned to.
4
Group administrators manage the client computers in their assigned groups. The management
tasks they can perform and the information they can access on the SecurityCenter depend on the
access level assigned to them.
5
The site administrator can manage all client computers in all groups.
McAfee Total Protection Service 5.1.5 Product Guide
49
Page 50
3
Using the SecurityCenter
Management of group administrators
What can group administrators do?
The access level you assign to group administrators determines which tasks they can perform for their
groups. Select from two access levels:
• Read Only
• Read and Modify Reports
Basic tasks for Read Only Additional tasks for Read and Modify Reports
• Access the SecurityCenter website.
No subscription information is visible. Only
the assigned groups are visible.
• Manage from client computers:
• Manage quarantined files.
• Disable on-access scanning.
• View the status of a scheduled scan in
progress.
• View computers from the SecurityCenter.
• Check data in reports.
• Install protection.
• View and manage computers from the
SecurityCenter.
• View policies.
• Rename groups.
• Modify the information in listings and reports:
• Send email to computers.
• Block computers from receiving updates.
• Delete computers from your reports.
• Move computers in and out of groups.
• Send email to users.
• Schedule and send reports to users in email.
Working with group administrators
Use this task to manage group administrators on the My Account page. Here you can view, edit, create,
or delete group administrators.
Up to six group administrators can be listed. If you have created more than six group administrator
accounts, click View all group administrators to display a complete listing.
50
McAfee Total Protection Service 5.1.5 Product Guide
Page 51
Task
1
Click the My Account tab.
2
Click the Group Administrators tab, then do any of the following:
To... Do this...
Add a group administrator
1
In the Group Administrators section, select Add.
2
On the Manage Group Administrators page, select
Create New.
3
Type the group administrator’s name, email address,
and password.
4
Select an access level.
5
For each group you want the administrator to manage,
select the group in the listing on the left, then click Add
Group.
6
Click Save.
Using the SecurityCenter
Management of security policies
3
Modify information for a group
administrator
Delete a group administrator Under Actions, select Delete for the group administrator
Email a new password to a group
administrator
Management of security policies
Policies are made up of security settings for all of your protection features. These settings define how
protection features operate on client computers.
Why use policies?
1
Under Actions, select Edit for the group administrator
you want to update.
2
On the Add Group Administrators page, modify
information, then click Save.
you want to delete, then click OK.
Under Actions, select Email Password. After your local
email application opens a preaddressed message
explaining how to log on to the SecurityCenter, assign
groups, and access information about their
responsibilities, send the email.
You must have a local email application installed to
use this feature.
Policies enable you to customize security settings for your entire organization or for different
computers in your organization. You can assign a unique policy to each computer or allow all
computers to share a single policy.
For example, you might place all laptops used by traveling sales representatives into a single group
called Sales Team. For each computer in the group, you can assign a policy with high security settings
that will provide greater protection against threats in unsecured networks such as airports and hotels.
Whenever you want to adjust those setting, simply change the policy. Your changes will be applied to
all the computers in the Sales Team group automatically. There is no need to update each computer’s
setting individually.
McAfee Total Protection Service 5.1.5 Product Guide
51
Page 52
3
Using the SecurityCenter
Management of security policies
How can I manage policies?
The Policies page displays all your policies. Use this page to create, copy, modify, and delete policies for
your account. If you have not created any policies, only the McAfee Default policy is displayed.
McAfee Default policy
Until you create additional policies, all computers are assigned the McAfee Default policy.
The McAfee Default policy is configured with settings recommended by McAfee to protect many
environments and ensure that all computers can access important websites and applications until you
have a chance to create a customized policy.
You cannot rename or modify the McAfee Default policy. When you add computers to your account,
the McAfee Default policy is assigned to them. When you delete a policy that is assigned to one or
more groups, the McAfee Default policy is assigned to those groups automatically.
The first time you create a new policy, the McAfee Default policy settings appear as a guideline. This
enables you to configure only the settings you want to change without having to configure them all.
After you create one or more new policies, you can select a different default policy for your account. In
the future, new policies will be prepopulated with these default settings, and the new default policy is
assigned to new computers (if no other policy is selected) and groups whose policy is deleted.
This section explains only the settings for the McAfee Default policy. See
the chapters for particular types of protection for a complete explanation
of all related policy options.
Client Settings
Client Settings Tab
Option Definition
Update Settings
Check for updates every
Update client computers where
users are not logged in
Display Settings
Console display on client
computers
Hide the splash screen
Display support notifications on
client computers
12 hours: Client computers check for updated detection definition (DAT)
files and product components every 12 hours.
Disabled: Automatic updates do not occur on computers where no user is
logged on (for example, terminal servers and computers where the fast
user switching feature is used). This prevents failed automatic updates
that would be reported as errors.
Show full console: Allow users to view the Total Protection Service console
and access all the client software features.
Disabled: The Total Protection Service splash screen is displayed when a
computer is powered on and the client software starts running.
Enabled: Notification dialog boxes warn client computer users when
software upgrades and DAT file updates are being discontinued for their
operating system.
52
McAfee Total Protection Service 5.1.5 Product Guide
Page 53
Using the SecurityCenter
Management of security policies
Virus and Spyware Protection
No excluded files and folders or approved programs are configured.
With the default advanced settings for virus and spyware protection, it is
possible for an on-demand scan to detect threats in archived files that
are not detected during an on-access scan. This is because on-access
scans do not look at compressed archives by default. If this is a concern
for your organization, you should create a new policy where this option
is enabled.
General Settings Tab
Option Definition
Scheduled Scan
Settings
Off: No on-demand scan is scheduled.
On-access scans still occur every time users run, open, or download files.
3
Spyware Protection
Mode
Prompt: Spyware scanning is enabled. When potentially unwanted programs are
detected, virus and spyware protection asks users how to respond.
To prevent prompts from displaying, create a new policy with a different setting. For
maximum protection, we recommend selecting Protect mode to automatically delete
potentially unwanted programs.
Advanced Settings Tab
Option Definition
Virus Protection Settings
Enable outbreak response
Enabled: Client computers check for an outbreak detection
definition (DAT) file every hour.
Enable buffer overflow protection
Enabled: Detect code starting to run from data in reserved
memory and prevent that code from running.
Enable script scanning
Enabled: Detect harmful code embedded in web pages that
would cause unauthorized programs to run on client
computers.
Scan email (before delivering to the Outlook
Inbox)
Scan all file types during on-access scans
Enabled: Look for threats in email before it is placed into the
user’s Inbox.
Enabled: Look for threats in all types of files, instead of only
default types, when they are downloaded, opened, or run.
(Default file types are defined in the DAT files.)
Scan within archives during on-access scans
(e.g., .zip, .rar, .tat, .tgz)
Scan within archives during on-demand scans
(e.g., .zip, .rar, .tat, .tgz)
Enable Artemis heuristic network check for
suspicious files
Scan mapped network drives during on-access
scans
Enable on-access scanning (if disabled) the next
time client computers check for an update
Maximum percentage of CPU time allocated for
on-demand and scheduled scans
Disabled: Do not look for threats in compressed archive files
when the files are accessed.
Enabled: Look for threats in compressed archive files when files
are scanned manually and during scheduled scans.
Enabled: Send information about unrecognized threat
detections to McAfee Labs for analysis.
Disabled: Do not look for threats in files on mapped network
drives when they are accessed.
Enabled: If on-access scanning is disabled on a client computer,
it is re-enabled when the computer checks for updates.
High: These scans are allowed to use a high percentage of CPU
time. (Scans should be requested during non-peak hours,
when users are not performing tasks on their computers.)
McAfee Total Protection Service 5.1.5 Product Guide
53
Page 54
3
Using the SecurityCenter
Management of security policies
Option Definition
Spyware Protection Settings
Detect ...
Enabled: Detect all types of spyware threats during scans.
Firewall Protection
No allowed applications are configured.
General Settings Tab
Option Definition
Firewall
Configuration
User configures firewall: Users must configure firewall protection for their computers.
When this option is selected, other firewall protection options do not appear on this
page.
It is important to educate users about threats and strategies for avoiding intrusions.
To ensure the highest level of security, we recommend that administrators create a
new policy and configure firewall protection.
Browser Protection
General Settings
Option Definition
Automatically install browser protection on
all computers using this policy
Disabled: Do not check whether browser protection is installed on
computers checking for updates. (This option is available for all
versions of Total Protection Service.)
Browser Protection & Web Filtering
No exceptions or content rules are configured.
Web Filtering options appear only in versions of Total Protection Service that include the web filtering
module.
General Settings
Option Definition
Automatically install browser
protection on all computers using
this policy
Access to Sites
Disabled: Do not check whether browser protection is installed on
computers checking for updates. (This option is available for all versions
of Total Protection Service.)
Regulate access to websites according to their safety ratings:
• Yellow: Warn
• Red: Block
Access to Downloads
54
McAfee Total Protection Service 5.1.5 Product Guide
• Unrated: Allow
Regulate access to file downloads according to their safety ratings:
• Yellow: Warn
• Red: Block
• Unrated: Allow
This feature is not supported on Firefox browsers.
Page 55
Using the SecurityCenter
Management of security policies
Option Definition
Block phishing pages
Enabled: Do not allow access to pages with phishing content, even if they
are located on a website with a green overall safety rating.
Enforcement Messaging
Display this message when users attempt to access blocked content:
• Language: The default language for your account.
• Message: The text of the message, An unacceptable security risk is posed by this
site.
Browser Protection Status
Disable browser protection on all
Disabled: Do not disable browser protection on computers using this policy.
computers using this policy
Allow users to enable or disable
browser protection
Disabled: Do not allow browser protection to be disabled at the client
computer.
Working with policies
Use this task to create and modify policies from the Policies page. You can also select a new default
policy for your account.
3
Task
1
Click the Policies tab.
2
On the Policies page, do any of the following:
To... Do this...
Specify a default policy Select an existing policy from the Default Policy list.
Create a policy
Edit a policy
1
Click Add Policy.
The new policy is prepopulated with settings from the McAfee
Default policy or another policy that you have selected as the
default for your account. To prepopulate a new policy with
settings from a different policy, locate the policy and select Copy.
2
Type a name for the policy.
3
Configure the settings on each tab.
4
Click Next.
5
Assign the policy to one or more computers or groups. (Optional)
6
Click Save.
1
Under Actions, select Edit for the policy.
2
Make changes to the policy, then click Save.
Delete a policy Under Actions, select Delete for the policy, then click Save.
If you delete a policy that is assigned to one or more groups, the
default policy you have selected for your account (or the McAfee
Default policy) is assigned to the groups in its place. You cannot
delete the McAfee Default policy.
McAfee Total Protection Service 5.1.5 Product Guide
55
Page 56
Using the SecurityCenter
3
Generation of security reports
Generation of security reports
Whenever a client computer checks for updates, it also sends information about itself
It sends its scanning history, update status, and detections to the SecurityCenter website in encrypted
XML files. It uploads the data directly through an Internet connection or via a relay server. Report data
is saved for one year.
To view this data, click the Reports tab to display the Reports page. You can display reports that include
all the computers on your account (using the same company key) or only computers in a particular
group.
Why use reports?
Reports provide valuable tools for monitoring detections and fine-tuning your protection strategy. Only
the reports available for the types of protection installed appear on this page.
Emailing and scheduling reports
You can run reports on demand or schedule them to at run regular intervals and then send them as
email attachments to one or more recipients.
For more information about reports for specific types of protection, see
the chapters for those types of protection. For versions of Total
Protection Service that include vulnerability scanning, reports are
available on the vulnerability scanning portal.
Use this report... To view...
Detections
The types of potentially malicious code or
unwanted programs that have been found on
your network.
Use this report to manage detections of viruses
and potentially unwanted programs.
Unrecognized Programs
Programs that spyware protection or firewall
protection detected on your network.
Use this report to manage your potentially
unwanted program detections and Internet
applications blocked by firewall protection. You
can add approved programs and allowed Internet
applications to policies directly from the report.
Inbound Events Blocked by Firewall
Computers where inbound or outbound
communications were blocked by firewall
protection.
Use this report to manage blocked
communications.
56
McAfee Total Protection Service 5.1.5 Product Guide
For blocked events to be reported, the Report
blocked events option must be enabled in the
Firewall Protection policy. Blocked events are
logged for all computers that are assigned a
policy where this option is enabled.
Page 57
Use this report... To view...
Duplicate Computers
Computers that appear more than once in
administrative reports.
Use this report to track down obsolete computers
and those where Total Protection Service has
been incorrectly reinstalled and tracked as
multiple installations.
Using the SecurityCenter
Generation of security reports
3
Computer Profiles
Detection History
Web Filtering
For each client computer, the version of the
Microsoft Windows operating system and
Microsoft Internet Explorer web browser running,
which group it belongs to, whether it is
configured as a relay server, and other details.
Use this report to locate computers where you
need to install software patches for a specific
browser or operating system, check the version of
the client software, identify relay servers, and
identify the group number for use in silent
installation.
A graphical summary of the number of detections
and the number of computers where detections
occurred on your network over the past year.
Use this report to evaluate the effectiveness of
your security strategy.
A summary of browsing activity on your account.
Shows the types of sites that client computers
attempted to access by content rating and
category. Includes successful, warned, and
blocked access attempts. (Available only when
web filtering policy options are enabled for
versions of Total Protection Service that include
the web filtering module.)
Use this report to evaluate the types of sites
being accessed by which computers and the
effectiveness of the content rules defined in
policies.
SaaS Email Protection
Email Server Protection
Data about email activity and detections for your
account, accessed on the SaaS email protection
portal. (Available only for versions of Total
Protection Service that include SaaS email
protection.)
Use these reports to monitor email activity and
detections.
Summary information for each email server
running email server protection. Shows the
version of Exchange Server, the DAT files, and the
spam rule, the Exchange server role, detections
on the Exchange server, and other details.
Use this report to monitor status and detections.
Click the IP address of an Exchange server to
open the email server protection dashboard on
the server, which enables you to view details
about detections and manage email server
protection.
McAfee Total Protection Service 5.1.5 Product Guide
57
Page 58
3
Using the SecurityCenter
Generation of security reports
Scheduling reports
Use this task to send information from the SecurityCenter as an email attachment at regular intervals.
This type of information can be scheduled:
• Reports
• Dashboard page
• Computers or Computer Details page
• Widgets on the Dashboard page
Task
For option definitions, click ? in the interface.
1
Display the page or widget that shows the information you want to send.
2
Click the email icon in the upper-right corner.
A blank email message appears.
3
Select delivery options.
• Immediately — Send the information once, as soon as you click Save.
• Weekly on — Send the information each week, on the selected day.
• Monthly on — Send the information each month, on the selected day.
4
Type one or more email addresses to receive the report. Separate multiple addressees with commas.
5
Type a subject and a message for the email.
6
Click Save.
Adding your logo to reports
Use this task to customize reports by adding or revising a logo.
You can upload a logo that appears in the upper-right corner of the SecurityCenter website and reports.
Logo files can be .gif, .jpeg, .jpg, or .png format. Logo dimensions must be 175 x 65 pixels with a file
size under 500 KB. Other dimensions will result in a stretched or shrunken logo.
58
McAfee Total Protection Service 5.1.5 Product Guide
Page 59
Using the SecurityCenter
Generation of security reports
Task
For option definitions, click ? in the interface.
1
On the My Account page, click the My Profile & Logo tab.
The My Logo section displays the current logo, or a placeholder if you have not uploaded a logo.
2
Click Edit.
3
On the Manage Logo page, perform a task.
To... Do this...
Add or replace a logo
1
Click Upload New Logo.
2
On the Upload Your Logo page, type the name of the file you
want to upload or browse to locate the file.
3
In the Verification Code box, type the characters displayed in
the black box. Alphabetic characters are not case-sensitive.
4
Click Upload Logo.
If your logo file is not the correct size, the SecurityCenter
resizes it to fit the allotted area and displays a preview of
how it will appear on reports.
3
• Click Approve to accept the resized logo.
• Click Delete and Resubmit to select a different file.
5
Click Close Window.
Delete a logo Click Delete Logo.
4
Click Done.
Computer Profiles report
Use this report to view the version of the Microsoft Windows operating system and the Microsoft
Internet Explorer web browser running on client computers.
This report helps you locate computers for maintenance, such as installing Microsoft software patches.
It also shows whether computers are configured as relay servers, group information, and the version
of software and DAT files.
Select the information that appears in this report
Select this option... To do this...
Operating system version
Browser version
Groups
Specify computers running all Windows operating systems or only those
running a selected version.
Specify computers running all versions of Internet Explorer or only those
running a selected version.
Display all the computers on your account or only those in the selected
group.
McAfee Total Protection Service 5.1.5 Product Guide
59
Page 60
3
Using the SecurityCenter
Generation of security reports
How to use this report
When you want to... Do this...
Identify computers running
an operating system that
needs an update or patch
installed
Identify computers running a
browser that needs to be
updated
Send email notifying users
about issues or maintenance
specific to their operating
system or browser
Locate group information for
computers
See which computers are
configured as relay servers
Check details about the files
running on computers
Filter the listing to display only computers running the specific
operating system.
Filter the listing to display only computers running the specific browser.
Select the checkbox for each applicable computer, then click Email to
open a blank message to fill in and send. (You must have a local email
application installed to use this feature.)
Check the name and number of the group for each computer. (The
group number is the group ID required when using the silent
installation method (VSSETUP) to install client software.)
Check the Relay Server column.
Check the version of the DAT file and the client computer software
(agent build number).
Duplicate Computers report
Use this report to locate computers that are listed more than once in your reports.
Duplicate listings usually result when the Total Protection Service client software has been installed
more than once on a single computer or when users install it on their new computers without
uninstalling it from their previous computers.
Select the information that appears in this report
Select this option... To do this...
Groups
How to use this report
When you want to... Do this...
Delete duplicate computers Select the checkbox for each duplicate computer listed, then click
View details about a
computer
Display all the computers on your account or only those in a single group.
Delete.
Deleting a computer does not remove the Total Protection Service
client software. If you mistakenly delete a computer with enabled
client software from the listing, it automatically reappears the next
time its report data is uploaded; however, you can no longer view its
historical detection data.
Click a computer name to display the Computer Details page, which
displays information about the computer, its service components, and
its detections.
60
McAfee Total Protection Service 5.1.5 Product Guide
Page 61
Managing your account
Use these tasks to manage your Total Protection Service account from the My Account page.
Management tasks are divided among four tabs.
• My Profile & Logo — Update the contact information for your account and add a customized logo
to appear in reports.
• Subscription & Notification — View details about your current and past subscriptions, buy or
renew a subscription, buy more licenses, request a trial subscription, and select the automatic
emails you want to receive.
• Group Administrators — Create and manage administrators for groups in your account.
• Accounts & Keys — View the company key, enrollment key, and license key for your account or
merge another account into your account.
Configuring your account profile
Use this task to update information in your customer profile when it changes.
Your profile contains the information your service provider needs to contact you about your account.
Initially, information supplied during your product purchase is placed into your profile. It is important
to keep this information up-to-date to prevent a disruption in your protection.
Using the SecurityCenter
Managing your account
3
Task
For option definitions, click ? in the interface.
1
On the My Account page, click the My Profile & Logo tab.
2
In the My Profile section, click Edit.
3
Type or select information as needed.
• Your password for logging on to the SecurityCenter.
• Your administrator email address.
• Contact information.
• Language for account correspondence and notifications.
4
Click Save.
Signing up for email notifications
Use this task to select the email notifications you want to receive from your service provider.
Task
For option definitions, click ? in the interface.
1
On the My Account page, click the Subscription & Notification tab.
2
In the Notification Preferences section, click Edit.
McAfee Total Protection Service 5.1.5 Product Guide
61
Page 62
3
Using the SecurityCenter
Managing your account
3
Sign up for email notifications for account status and subscription expiration.
The type of notifications available depends on your service provider.
Status emails keep you informed about detections and coverage for your
account. It is important to receive status emails at regular intervals that
are appropriate for your account, based on the frequency with which you
need to review detection information. By default, you receive status
emails weekly.
4
Click Save.
Viewing and updating subscription information
Use this task to view current and cancelled subscriptions and to update subscription information.
It is important to check the status of your subscriptions to ensure that protection remains active and
you have the right number of licenses to protect new computers as your organization grows.
Task
1
On the My Account page, click the Subscription & Notification tab.
The Subscription Summary section lists details about each subscription, including the number of
licenses and their expiration date.
2
Do any of the following.
To... Do this...
Purchase or extend coverage In the Subscription Summary section, check the
number of licenses available and their expiration
dates. If needed, click Buy, Buy More, or Renew.
View details of each subscription Click View subscription history.
Update information for a subscription
Display a list of subscriptions that are no longer
current
1
Click Edit.
2
On the Edit Subscription Information page,
type new information for any of the following:
• Email address
• Company name
• First name or Last name
3
Click Submit.
Select View cancelled subscriptions.
Buying and renewing subscriptions and licenses
Use this task to buy, add, or renew subscriptions and licenses.
Subscriptions entitle you to a certain type of protection (such as virus and spyware or web filtering)
and the number of licenses determine how many computers are protected.
You can configure your notification preferences to receive an email
whenever the expiration date for a subscription approaches.
62
McAfee Total Protection Service 5.1.5 Product Guide
Page 63
Using the SecurityCenter
Managing your account
To ensure that additional or renewed services remain on the same account with your existing services,
follow these guidelines:
• Submit your order through the same SecurityCenter account you use to maintain your original
subscriptions.
• Submit your order with the same email address you use to log on to the SecurityCenter.
By keeping all your subscriptions on the same account, all your client computers report to the same
SecurityCenter website, and your service provider sends all correspondence and notifications to one
email address.
If you do purchase subscriptions on multiple accounts, you can merge them into a single account.
Task
1
On the My Account page, click the Subscription & Notification tab.
The Subscription Summary section lists details about each subscription, including the number of
licences and their expiration date.
2
In the Add Protection column, click Buy, Buy More, or Renew, as needed.
3
To try a new type of protection free-of-charge for 30 days, request a trial
subscription by clicking Try. Before it expires, you will have an
opportunity to purchase the full subscription and continue using it with
no interruption.
3
Follow the instructions on the Product Purchase page.
Locating or creating keys for your account
Use this task to reference important keys for your account.
• Company key — Required for URL-based or silent installation of client software.
• Account enrollment key — Required to activate pre-installed versions of client software and place
them under your account. If no valid enrollment key exists, create a new one.
A license key is required to activate CD-based versions of the client
software. Locate the license key on the CD label. See the installation
guide or user help for activation instructions.
Task
For option definitions, click ? in the interface.
1
On the My Account page, click the Accounts & Keys tab.
2
Do any of the following.
To... Do this...
Access your company key Locate the company key for your account in the
Install protection on new computers
Company Key section.
1
Click standard URL installation to open the
installation wizard.
2
Click VSSETUP to download the silent
installation utility.
See the installation guide for more information.
McAfee Total Protection Service 5.1.5 Product Guide
63
Page 64
3
Using the SecurityCenter
Downloading tools and utilities
To... Do this...
Access your account enrollment key Locate the enrollment key for your account in
the Account Enrollment Key section
Create a new account enrollment key Click Create a new key.
Account enrollment keys are valid for seven days.
Merging accounts
Use this feature to merge other installations of Total Protection Service into your account.
Merging other installations of Total Protection Service into your account is useful when the client
software was installed using another license key or when licenses were purchased using another
administrator’s email address.
For example, if you set up Account 1, then order additional licenses and activate them with a different
email address than the one you originally used, the new licenses appear in Account 2. To view all the
computers and licenses under Account 1, you must merge Account 2 into Account 1.
Once they are merged, Account 2 no longer exists. All the computers and licenses formerly listed
under Account 2 are listed in the SecurityCenter for Account 1.
Task
1
On the My Account page, click the Accounts & Keys tab.
2
In the Manage Accounts section, select Merge another account.
3
On the Step 1 page, enter the email address and password activated for the account you want to
merge into your main account, then click Next.
4
On the Step 2 page, view details for the account you have selected. Verify that the licenses and
computers listed for the account are the ones you want to merge, then click Next.
5
On the Step 3 page, click Merge Account.
Downloading tools and utilities
Use this task to access helpful tools for managing your Total Protection Service account.
Information on using the utilities related to installation is provided in the
installation guide, available from the Help page.
64
McAfee Total Protection Service 5.1.5 Product Guide
Page 65
Using the SecurityCenter
Task
For option definitions, click ? in the interface.
1
Click the Utilities tab.
2
Click a link to select one of these utilities.
• URL installation — Opens the wizard, which guides you through the steps for selecting which
software to install on which computers. Select this option from a client computer.
• Silent installation — Downloads the silent installation package, which enables you to deploy
Total Protection Service on a client computer with no user interaction. Select this option from
either an administrative or client computer.
• Push Install utility — Runs an ActiveX control that enables you to deploy the client software
directly from the service provider’s server onto multiple client computers. Select this option
from an administrative computer.
• Uninstall utility — Downloads a cleanup utility that removes components left from a previous
installation of Total Protection Service or another vendor’s protection software. Select this option
from a client computer, then double-click to begin installation.
Getting assistance
3
• Standalone installation agent — Downloads software that you can install on client computers to
allow users without administrative rights to install the client software.
• McAfee ProtectionPilot™ Migration Assistant — Downloads a wizard that guides you through the
steps for migrating computers in a ProtectionPilot account to a Total Protection Service account.
A link to documentation is also provided.
• Welcome kit -- Opens a page where you can access instructions for activating and setting up a
SaaS email protection account and any optional features you have purchased.
Getting assistance
Use this task to get assistance in using Total Protection Service and the SecurityCenter.
Context-sensitive online help is available on any page of the SecurityCenter by clicking the help link
(?) in the upper-right corner.
Task
•
Click the Help tab, then do any of the following:
To... Do this...
View online
documents
View demos and
tutorials
Click a link for the Product Guide, Installation Guide, or Release Notes.
Click the icon for a multimedia presentation.
• View the Total Protection Service Demo — Describes how the product protects
computers on your account.
• View the Installation Tutorial — Describes how to install the product.
• View the SecurityCenter Demo — Describes how to use the features of the
administrative website to manage your account.
Your service provider determines which demos are available.
McAfee Total Protection Service 5.1.5 Product Guide
65
Page 66
Using the SecurityCenter
3
Frequently asked questions about the SecurityCenter
To... Do this...
Guides for SaaS
email protection
Contact product
support
Click the link to open a page on the SaaS email protection portal where you
can access detailed guides for using SaaS email protection features.
Click Online support — Opens a form where you can submit a description of your
problem to a product support representative.
Frequently asked questions about the SecurityCenter
This section includes questions asked by administrators that are related to using the features of the
SecurityCenter.
• Reporting
• Adding, renewing, and moving licenses
Questions about reporting
This section answers questions about working with reports on the SecurityCenter.
Why don't some of my computers show up on my reports?
If your company added more licenses, or upgraded from a trial to a full subscription, some computers
might not appear in your reports.
If you upgraded or purchased additional protection using a new email address, you received a new
company key and URL for a new account instead of adding licenses to your existing account. (The
company key appears after the characters CK= in the URL. It also appears on the Account & Keys tab
of the of the My Account page of the SecurityCenter.) Because you have two company keys, reports
appear in two places. Make sure all your trial users reinstall with the installation URL associated with
the new key. If you do need to merge multiple accounts, then use the Manage Accounts section of the
Accounts & Keys tab.
Why do my cloned systems all report as the same computer?
The client software generates a unique system identifier when it is installed. If a drive is imaged after
the software was installed, all the cloned systems have the same system identifier. To avoid this
problem, the software must be installed after the new systems are restarted. You can do this
automatically by using the silent installation method, described in the installation guide.
I just installed Total Protection Service and don’t have much information on my
SecurityCenter website. Can I view sample reports?
Yes. Sample reports are available at:
http://www..mcafeeasap.com/MarketingContent/Products/SampleReports.aspx
Sample reports are useful for new administrators who do not have many users or much detection data
and, therefore, cannot view some advanced reporting features.
Sample reports are available in all product languages. Select the
language from the Global Sites pull-down list in the upper right corner of
the page.
66
McAfee Total Protection Service 5.1.5 Product Guide
Page 67
Frequently asked questions about the SecurityCenter
Using the SecurityCenter
Questions about adding, renewing, and moving licenses
This section answers questions about working with licenses and subscriptions for Total Protection
Service on the SecurityCenter.
Can I move a license from one computer to another?
Yes. You can uninstall the client software from one computer and install it on a new computer without
affecting the total number of licenses you are using. The old computer is automatically subtracted
from your total license count on the Total Protection Service accounting system, and the new one
added, so that your license number remains constant. To do this:
1
Uninstall the software from the old computer.
2
From the SecurityCenter, click the Computers tab.
3
For Groups, select All, then select the old computer in the listing and click Delete.
4
Install the software on the new computer.
The new computer appears in your reports after it uploads its status to the SecurityCenter. This
usually takes about 20 minutes.
3
My computer crashed and I had to reinstall the operating system and start over.
Will this affect my license number?
No. The old computer is automatically subtracted from your total license count on the Total Protection
Service accounting system, and the new one added, so that your license number remains constant.
1
From the SecurityCenter, click the Computers tab.
2
For Groups, select All, then select the old computer in the listing and click Delete.
3
Install the software on the reformatted computer.
The new computer appears in your reports after it uploads its status to the SecurityCenter. This
usually takes about 20 minutes.
McAfee Total Protection Service 5.1.5 Product Guide
67
Page 68
3
Using the SecurityCenter
Frequently asked questions about the SecurityCenter
68
McAfee Total Protection Service 5.1.5 Product Guide
Page 69
4
4
Using Virus and Spyware Protection
Virus and spyware protection checks for viruses, spyware, unwanted programs, and other potential
threats by scanning files and programs each time they are accessed on client computers.
It checks removable media, email messages and attachments, and network files. Users can manually
request scans for any or all files, folders, and programs on their computers, and administrators can
schedule scans to occur at regular intervals.
Virus and spyware protection functions as a single component within Total Protection Service, but
includes policy options that let you configure some of the virus protection and spyware protection
features separately. Virus and spyware protection includes optional features that let you or client
computer users select the types of files and programs to scan and the types of threats to detect. You
or the users can also specify files to exclude from virus scans and programs that should not be
detected as spyware.
Contents
How detections are handled
Spyware protection mode and detections
Types of scans
Scanning on client computers
Configuring scanning policy options
Managing detections
Reports for virus and spyware protection
Best practices (virus and spyware protection)
Frequently asked questions
Error messages
McAfee Total Protection Service 5.1.5 Product Guide
69
Page 70
Using Virus and Spyware Protection
4
How detections are handled
How detections are handled
The type of threat and the policy settings determine how virus and spyware protection handles a
detection.
Items with
detections
Files and
programs
Registry keys
and cookies
How virus and spyware protection handles the detections
Virus detections: Virus and spyware protection attempts to clean the file. If it can
be cleaned, the user is not interrupted with an alert. If it cannot be cleaned, an
alert appears, and the detected file is deleted. A copy is placed in the quarantine
folder.
Potentially unwanted program detections: In Protect mode, detections are
cleaned or deleted. In Prompt mode, users must select the response.
In all cases, a backup copy of the original item is saved in a quarantine folder, in a
proprietary binary format. Data for all activity is uploaded to the SecurityCenter for
use in reports.
Files are placed into the quarantine folder in a format that is no longer a threat to
the client computer. It is not necessary to view or delete them, but you might
occasionally want to do so. In these situations, you must view files on the client
computer by using the Quarantine Viewer. Only users logged on as an administrator
can access the Quarantine Viewer. After 30 days, these files are deleted.
Detections initially appear as Detected. Cleaning detected files also cleans their
associated registry keys and cookies. Their status is then reported as Cleaned.
Spyware protection mode and detections
Spyware protection monitors programs that attempt to install or run on client computers. When it
detects an unrecognized program, it either allows or blocks it. The response is based on the spyware
protection mode selected in the policy assigned to the client computer.
In this
mode...
Protect Checks the list of allowed and blocked programs created by the administrator for
Prompt Checks the list of approved and blocked programs created by the administrator for
Report Checks the list of approved and blocked programs created by the administrator for
For all modes, detections are reported to the SecurityCenter, where you can view information about
them in reports.
Spyware protection does this...
computers using the policy. If the program is not on the list, spyware protection blocks
the potentially unwanted program.
computers using the policy. Checks the list of programs the user has approved. If the
program is not on either list, spyware protection displays a prompt with information
about the detection and allows the user to select a response. This setting is the default.
computers using the policy. If the program is not on the list, it sends information about
the potentially unwanted program to the SecurityCenter and takes no additional action.
To prevent popup prompts from appearing on client computers when
potentially unwanted programs are detected, and for highest security,
we recommend using Protect mode.
70
McAfee Total Protection Service 5.1.5 Product Guide
Page 71
Using Virus and Spyware Protection
Types of scans
How policy options are implemented in the three protection modes
Mode Behavior of virus and spyware protection
Report
• Users are not prompted about detections.
• Detections are reported to the SecurityCenter.
• Administrator can select approved programs, which are not reported as detections.
• Can be used as a "learn" mode to discover which programs to approve and block.
4
Prompt
Protect
• Users are prompted about detections.
• Detections are reported to the SecurityCenter.
• Administrator can select approved programs. These programs are not reported as
detections, and users are not prompted for a response to them.
• Users can approve additional programs in response to prompts. These are reported to the
SecurityCenter.
• Users are not prompted about detections.
• Users are notified about deleted or quarantined programs.
• Detections are reported to the SecurityCenter.
• Administrator can select approved programs, which are not reported as detections.
Use learn mode to discover programs
Report mode can be used as a “learn mode” to help you determine which programs to approve.
In Report mode, spyware protection tracks but does not block potentially unwanted programs. You can
review detected programs in the Unrecognized Programs report and approve those that are
appropriate for your policy. When you no longer see unapproved programs you want to approve in the
report, change the policy setting for spyware protection mode to Prompt or Protect.
Types of scans
Virus and spyware protection scans files automatically for viruses and spyware.
At any time, users can perform manual scans of files, folders, or email, and administrators can set up
scheduled scans. Policy options let you configure whether optional email and spyware scans occur.
• Automatic (on-access) scans
• Manual on-demand scans
• Scheduled on-demand scans
• Email scans
• Spyware scans
The behavior of the scanning features on client computers is defined in the policies configured in the
SecurityCenter. Policy settings determine the types of files, programs, and other items detected;
whether users can manage their detections; how frequently computers check for updates; and when
scheduled scans occur.
McAfee Total Protection Service 5.1.5 Product Guide
71
Page 72
4
Using Virus and Spyware Protection
Types of scans
On-access (automatic) scans
On-access scans are those that occur on client computers whenever users access files (for example,
open a file or run a program).
Virus and spyware protection policy options let you configure these on-access scanning features:
• The types of files scanned and whether files on network drives are scanned.
• Whether email and attachments are scanned.
• Whether files in archives (compressed files, such as .zip files) are scanned.
• Whether files are scanned for spyware.
• The types of virus and spyware threats to detect.
• Whether unrecognized detections are sent to McAfee Labs for investigation.
• Whether to enable on-access scanning (if it is disabled) whenever computers check for updates.
• Files and folders excluded from scans.
• Approved programs that should not be detected as threats.
The default settings for on-access scanning are:
• Scan all types of local files when opened, and again when closed (if they were modified). Do not
scan files on network drives.
• Scan all email attachments when accessed and when saved to the hard drive, protecting the
computer from email infections.
• Do not scan files in archives.
• Scan programs for spyware identifiers, to detect if a spyware program attempts to run or a
program attempts to install spyware.
• Scan for all types of virus and spyware threats.
• Send unrecognized detections to McAfee Labs.
• Enable on-access scanning when computers check for updates.
On-demand scans
On-demand scans are those that occur whenever administrators or users request them. Users can
request on-demand scans to occur immediately, and administrators can schedule them to occur at
regular intervals.
On-demand scans use many of the same policy options as on-access scans. In addition, virus and
spyware protection policy options let you configure these on-demand scanning features:
• Whether files in archives (compressed files, such as .zip files) are scanned.
• A schedule for performing an on-demand scan at regular intervals.
The default settings for on-demand scans are:
• Scan all local files, including those in archives.
• Scan all critical registry keys.
• Scan all processes running in memory.
• Do not perform a scheduled scan.
72
McAfee Total Protection Service 5.1.5 Product Guide
Page 73
Using Virus and Spyware Protection
In addition, during an on-demand scan of the My Computer folder, the drive where Windows is
installed, or the Windows folder:
• Scan all cookies.
• Scan all registry keys.
At the start of an on-demand scan, all previous detections of potentially
unwanted programs are cleared from the Potentially Unwanted Program
Viewer.
Types of scans
4
Scheduled scans
Schedule an on-demand scan to occur at a specific date and time, either once or on a recurring basis.
For example, you might want to scan client computers at 11:00 P.M. each Saturday, when it is unlikely
to interfere with other processes running on client computers.
Configure scheduled scans by selecting policy options for virus and spyware protection. Scheduled
scans run on all computers using the policy.
Email scans
Email scans occur during on-access and on-demand scans.
A virus and spyware protection policy option lets you configure whether email is scanned before it
reaches a users' Inbox.
The default settings for email scanning are:
• Scan all email attachments when accessed and when saved to the hard drive, protecting the
computer from email infections.
• Scan email before placing it in a user's Inbox.
Spyware scans
Spyware scanning is a feature within virus and spyware protection that looks for and identifies
spyware indicators. Spyware scanning occurs:
• Whenever programs are installed or run, as part of on-access scans.
• During on-demand scans.
Virus and spyware protection policy options let you configure these spyware scanning features:
• Whether files are scanned for spyware.
• The types of spyware threats to detect.
• Approved programs that should not be detected as threats.
The default spyware-related settings are:
McAfee Total Protection Service 5.1.5 Product Guide
73
Page 74
4
Using Virus and Spyware Protection
Scanning on client computers
• Look for spyware identifiers during on-access and on-demand scans, to detect if a spyware
program attempts to run or a program attempts to install spyware.
• Scan for all types of spyware threats.
The response to detections depends on the spyware protection mode configured in the client
computer’s policy. Three responses are possible:
• Attempt to clean the program (Protect mode).
• Prompt the user for a response (Prompt mode). This is the default setting.
• Report the detection and take no further action (Report mode).
Cookies and registry keys that indicate spyware are also detected. Deleting a potentially unwanted
program deletes any associated cookies and registry keys.
All detections are listed in administrative reports available from the SecurityCenter. On client
computers, users can view and manage detections by using the Potentially Unwanted Program Viewer.
At the start of an on-demand scan, all previous detections of potentially
unwanted programs are cleared from the Potentially Unwanted Program
Viewer. For on-access scans, previous detections remain in the
Potentially Unwanted Program Viewer.
Scanning on client computers
Use these tasks from a client computer to scan for threats on the computer and to temporarily disable
the scanning feature for testing.
Scanning on demand from the console
Use this task to perform a manual scan from the Total Protection Service console on a client computer.
Task
1
Click the Total Protection Service icon in the system tray, then select Open Console.
2
From the Action Menu, select Scan Computer.
3
Select the scan target.
• Scan my entire computer — Scan all drives, folders, and files.
• Scan a specific drive or folder — Type the full path and name of the scan target or browse to locate it.
4
Click Start Scan.
Virus and spyware protection displays the progress of the scan.
5
If needed, click Pause Scan to temporarily interrupt the scan or Cancel Scan to end the scan. (Optional)
6
Click View detailed report to open a browser window and display the results of the scan.
74
McAfee Total Protection Service 5.1.5 Product Guide
Page 75
Using Virus and Spyware Protection
Scanning on client computers
Scanning on demand from Windows Explorer
Use this task to perform a manual scan from Microsoft Windows Explorer on a client computer.
Task
1
In Windows Explorer, right-click any drive or folder, then select Scan Now.
4
2
Close the Scan Completed panel or click View detailed report to display the Scan Statistics report.
Scanning email on client computers
Use this task to scan an email message manually on a client computer.
Task
1
In the Microsoft Outlook Inbox, highlight one or more messages in the right pane.
2
Under Tools, select Scan for Threats.
The On-Demand Email Scan window displays any detections. If the window is empty, no threats
were detected.
Viewing the progress of scheduled scans
Use this task to view a scheduled scan that is in progress on a client computer.
Task
1
Click the Total Protection Service icon in the system tray, then select Open Console.
2
From the Action Menu, select Product Details.
3
In the Virus and Spyware Protection section, select View Scheduled Scan. Virus and spyware protection
displays the progress of the scan.
This option is available only when a scheduled scan is in progress.
McAfee Total Protection Service 5.1.5 Product Guide
75
Page 76
4
Using Virus and Spyware Protection
Configuring scanning policy options
4
If needed, click Pause Scan to temporarily interrupt the scan or Cancel Scan to end the scan. (Optional)
5
Click View detailed report to open a browser window and display the results of the scan.
Enabling and disabling on-access scanning
Use this task at the client computer to disable the on-access scanner temporarily, which is useful when
working with product support to troubleshoot issues with scanning and cleaning files. Use the same
task to re-enable on-access scanning.
If you do not re-enable on-access scanning, it is enabled the next time the computer checks for
updates (unless you have disabled the policy option).
This task disables only on-access scanning. Buffer overflow protection
continues to function. To disable buffer overflow protection, you must
update the policy.
Task
1
Click the Total Protection Service icon in the system tray, then select Open Console.
2
From the Action Menu, select Product Details.
3
Under Virus and Spyware Protection, for On-access scanning, select the Disable option.
If you disable on-access scanning, files are no longer checked for threats
when they are accessed. We recommend that you re-enable this feature
as soon as possible.
4
Under Virus and Spyware Protection, for On-access scanning, select the Enable option to re-enable
the feature.
Configuring scanning policy options
Use these SecurityCenter tasks to configure policy options for virus and spyware scans performed on
client computers.
Scheduling a scan
Use this SecurityCenter task to schedule an on-demand scan.
Task
For option definitions, click ? in the interface.
1
On the Policies page, click Add Policy (or click Edit to modify an existing policy).
2
Click Virus & Spyware Protection, then click the General Settings tab.
3
Under Scheduled Scan Settings, select On.
4
Select a frequency, day, and time for the scan to run, then click Save.
(For a new policy, click Next, select additional options for the policy, then click Save.)
Enabling optional types of virus scans
Use this SecurityCenter task to specify optional scans and features for virus protection. If none of
these features is selected, virus protection still detects viruses.
76
McAfee Total Protection Service 5.1.5 Product Guide
Page 77
Using Virus and Spyware Protection
Configuring scanning policy options
Task
For option definitions, click ? in the interface.
1
On the Policies page, click Add Policy (or click Edit to modify an existing policy).
2
Click Virus & Spyware Protection, then click the Advanced Settings tab.
3
Under Virus Protection Settings, select each scan you want to enable.
Select this option... To do this...
Enable outbreak response
Enable buffer overflow protection
Check for an outbreak detection definition (DAT) file every hour.
Detect code starting to run from data in reserved memory and
prevent that code from running. Virus and spyware protection
protects against buffer overflow in more than 30 most commonly
used Windows-based programs. McAfee updates this list as it
adds buffer overflow protection for additional programs.
Buffer overflow protection does not stop data from being
written. Do not rely on the exploited application remaining
stable after being compromised, even if buffer overflow
protection stops the corrupted code from running.
4
Enable script scanning
Scan email (before delivering to the
Outlook Inbox)
Scan all file types during on-access scans
Scan within archives during on-access
scans (e.g., .zip, .rar, .tat, .tgz )
Scan within archives during on-demand
scans (e.g., .zip, .rar, .tat, .tgz )
Enable Artemis hueristic network check
for suspicious files
Scan mapped network drives during
on-access scans
Enable on-access scanning (if disabled)
the next time client computers check for
an update
Maximum percentage of CPU time
allocated for on-demand and scheduled
scans
Detect harmful code embedded in web pages that would cause
unauthorized programs to run on client computers.
Script scanning is always enabled for on-access and
on-demand scans.
Look for threats in email before it is placed into the user’s Inbox.
(Email is always scanned when it is accessed.)
Inspect all types of files, instead of only default types, when
they are downloaded, opened, or run. (Default file types are
defined in the DAT files.)
Look for threats in compressed archive files when the files are
accessed.
Look for threats in compressed archive files during manual or
scheduled scans.
Send unrecognized threats to McAfee Labs for investigation.
(This occurs in the background with no user notification.)
Look for threats in files located on mapped network drives when
the files are accessed.
If on-access scanning has been disabled on a client computer,
re-enable it the next time that computer checks for updates.
Use up to the selected percentage of CPU resources when
performing on-demand scans. When set to High, we recommend
scheduling scans to occur during off-peak hours.
4
Click Save.
(For a new policy, click Next, select additional options for the policy, then click Save.)
Excluding files and folders from virus scans
Use this SecurityCenter task to define and manage items that are not scanned for viruses. You can
add files, folders, or file extensions to the list of exclusions or remove them from the list.
McAfee Total Protection Service 5.1.5 Product Guide
77
Page 78
4
Using Virus and Spyware Protection
Configuring scanning policy options
Task
For option definitions, click ? in the interface.
1
On the Policies page, click Add Policy (or click Edit to modify an existing policy).
2
Click Virus & Spyware Protection, then click the Excluded Files and Folders tab.
3
Select the type of exclusion you want to create.
4
Specify the value (browse for a file or folder, or type a file extension).
5
Click Add Exclusion. The new exclusion appears in a list.
6
To remove an entry from the list of exclusions, click Block.
7
Click Save. (For a new policy, click Next, select additional options for the policy, then click Save.)
Selecting spyware scanning options
Use this task to configure policy options for spyware scanning features.
Task
For option definitions, click ? in the interface.
1
On the Policies page, click Add Policy (or click Edit to modify an existing policy).
2
Click Virus & Spyware Protection, then click the General Settings tab.
3
For Spyware Protection Status, select a protection mode to enable spyware protection, or select Off
to disable spyware protection.
4
Click the Advanced Settings tab.
5
Under Spyware Protection Settings, select each type of program you want to detect.
6
Click Save.
(For a new policy, click Next, select additional options for the policy, then click Save.)
Approving and unapproving programs in a policy
Use this SecurityCenter task to add approved programs to a policy or remove approved programs from
a policy. Approved programs are not detected as potentially unwanted programs.
You can also use the Unrecognized Programs report to view a complete
listing of all programs detected on client computers and add them to
policies.
Task
For option definitions, click ? in the interface.
1
On the Policies page, click Add Policy (or click Edit to modify an existing policy).
2
Click Virus & Spyware Protection, then click the Approved Programs tab.
78
McAfee Total Protection Service 5.1.5 Product Guide
Page 79
3
Locate the program you want to approve in the listing of all programs detected on client
computers, then select an option.
Select this... To do this...
Approve
Approve All
Block
Block All
4
Click Save.
(For a new policy, click Next, select additional options for the policy, then click Save.)
Managing detections
Use these tasks to view and manage threats detected during virus and spyware scans.
• For an individual client computer, perform tasks at the computer (users and administrators).
Using Virus and Spyware Protection
Approve the selected program.
Approve all the programs listed.
Block the selected program.
Block all the programs listed.
Managing detections
4
• For multiple computers, groups, or an entire account, access administrative reports from the
SecurityCenter.
Viewing scan results on client computers
Users and administrators can use this task from a client computer to view the Scan Statistics report on
a client computer after completing an on-demand scan.
Client computers also send information about threats detected during
scans to the SecurityCenter in encrypted XML files. Administrators can
access three reports containing information about detected virus and
spyware threats and potentially unwanted programs from the Reports
page on the SecurityCenter.
Task
•
Select View detailed report in the Scan Completed panel. A browser window opens and displays the
Scan Statistics report, which includes this information:
• Date and time the scan was started.
• Elapsed time for the scan.
• Version of the scanning engine software and DAT file.
• Date of the last update.
• Completion status of the scan.
• Location of the scanned items.
• Status for scanned files, registry keys, and cookies.
Status What it means...
Scanned
Detected
Number of items scanned.
The item is still a threat and still resides on the system. For files, they are most likely
contained within a compressed archive (for example, a .ZIP archive) or on
write-protected media. For registry keys and cookies, the file they are associated with
has a status of Detected.
McAfee Total Protection Service 5.1.5 Product Guide
79
Page 80
4
Using Virus and Spyware Protection
Managing detections
Status What it means...
Cleaned
The item was cleaned of the threat. A backup copy of the original item was saved in a
quarantine folder, in a proprietary binary format, where it can be accessed only with the
Quarantine Viewer.
Deleted
The item could not be cleaned; it was deleted instead. A copy was saved in a quarantine
folder, in a proprietary binary format, where it can be accessed only with the Quarantine
Viewer.
Managing potentially unwanted programs on client computers
Users and administrators can use this task from a client computer to view and manage detections of
potentially unwanted programs in the Potentially Unwanted Programs Viewer
The Potentially Unwanted Programs Viewer lists all items detected by spyware protection, which might
include program files, registry keys, and cookies.
Task
1
Click the Total Protection Service icon in the system tray, then select Open Console.
2
In the Virus and Spyware Protection section, select View Potentially Unwanted Programs.
3
From the list of detections, select one or more items, then click an action.
• Clean — Place an original copy of each selected item in a quarantine folder, in a proprietary
binary format, then attempt to clean it. If it cannot be cleaned, delete the item.
• Approve — Add selected items to the list of approved programs so they will not be detected as
spyware.
Clicking Approved displays a list of all currently approved programs on
your computer.
4
Check the status of each item.
• Action Required — You have not performed any action on this item since it was detected.
• Approved — The item was added to the list of user-approved programs and will no longer be
detected as spyware.
• Cleaned — The item was cleaned successfully and can be used safely. A backup copy of the
original item was placed in a quarantine folder, in a proprietary binary format.
• Quarantined — The item could not be cleaned. The original item was deleted and a copy was
placed in a quarantine folder, in a proprietary binary format. If the item was a program, all
associated cookies and registry keys were also deleted.
Items are placed into the quarantine folder in a format that is no longer
a threat to your computer. These items are deleted after 30 days. Users
with administrator rights can manage these items using the Quarantine
Viewer.
5
Click Back to return to the console.
80
McAfee Total Protection Service 5.1.5 Product Guide
Page 81
Using Virus and Spyware Protection
Managing detections
Viewing quarantined files on client computers
Use this task from a client computer to view and manage quarantined items in the Quarantine Viewer.
You must be logged on as an administrator to access this task.
When virus and spyware protection detects a threat, it places a copy of the item containing the threat
in a quarantine folder before cleaning or deleting the original item. The copy is stored in a proprietary
binary format and cannot harm the computer. By default, items in the quarantine folder are deleted
after 30 days.
Task
1
Click the Total Protection Service icon in the system tray, then select Open Console.
2
From the Action Menu, select Product Details.
3
In the Virus and Spyware Protection section, select View Quarantined Files.
The Quarantine Viewer lists all the items in the quarantine folder and their status.
4
Select one or more items, then click an action.
• Rescan — Scan each selected item again. This option is useful when new detection definition
(DAT) files include a method of cleaning a detection that could not be cleaned previously. In this
case, rescanning the file cleans it and allows you to restore it for normal use.
4
• Restore — Place each selected item back in its original location on your computer. The restored
item will overwrite any other items with the same name in that location.
Virus and spyware protection detected this item because it considers the
item to be a threat. Do not restore the item unless you are sure it is safe.
• Delete — Remove each selected item from the quarantine folder, along with all associated registry
keys and cookies. No copy will remain on your computer.
5
Check the status of each item:
• Cleaned — The item was cleaned successfully and can be used safely. A backup copy of the
original item was placed in a quarantine folder, in a proprietary binary format.
• Clean failed — The item cannot be cleaned.
• Delete failed — The item cannot be cleaned or deleted. If it is in use, close it and attempt the clean
again. If it resides on read-only media, such as CD, no further action is required. Virus and
spyware protection has prevented the original item from accessing your computer, but it cannot
delete the item. Any items copied to your system have been cleaned.
If you are not sure why the item could not be cleaned, a risk might still
exist.
• Quarantined — You have not performed any action on this item since it was placed in the
quarantine folder.
6
Select Get more information on the threats detected to open a browser window and visit the McAfee Labs
Threat Library.
7
Click Back to close the Quarantine Viewer and return to the console.
Viewing user-approved programs and applications
Use this SecurityCenter task to see which applications users have approved to run on their computers.
You can also add the applications to one or more policies so they will not be detected as unrecognized
programs on computers using the policies.
McAfee Total Protection Service 5.1.5 Product Guide
81
Page 82
4
Using Virus and Spyware Protection
Managing detections
Task
For option definitions, click ? in the interface.
1
From the SecurityCenter, do any of the following:
• Click the Computers tab, then click a number in the User-Approved Applications column to view
applications for the associated computer.
• Click the Computers tab, then click the name of a computer. In the Computer Details page, under
Detections, click a number in the User-Approved Applications column to view applications.
2
To add the application to one or more policies, in the User-Approved Applications list, under Actions
click Allow.
3
In the Add Approved Application page, select each policy where you want to add the application,
then click Save.
Viewing threats detected on the account
Use this SecurityCenter task to view the Detections report.
The Detections report lists these types of threats detected on all the client computers on your account:
• virus and malware threats
• potentially unwanted programs
• buffer overflow processes
• cookies
Task
For option definitions, click ? in the interface.
1
Click the Reports tab, then click Detections.
2
In the Detections report, view detailed information about detections and the computers where
detections occurred by using one of these methods.
When you want
to...
Display computers or
detections
View details about
detections
Do this...
Click the triangle icon next to a name.
• Under a computer name, show which detections were found.
• Under a detection name, show the computers where it was found.
Click a group name to display computers in that group.
If detections are listed for a computer, click a quantity to display details.
• Click a quantity for Detected Objects to display a list of detected threats
and their status.
View details about a
computer where a
detection occurred
82
McAfee Total Protection Service 5.1.5 Product Guide
• From the Detections List, click the name of a detection to display detailed
information from the McAfee Labs Threat Library.
Click a computer name to display the Computer Details page, which
displays information about the computer, its service components, and its
detections.
Page 83
Using Virus and Spyware Protection
Reports for virus and spyware protection
Viewing unrecognized programs detected on the account
Use this SecurityCenter task to view the Unrecognized Programs report, which lists potentially
unwanted programs detected on all the client computers on your account.
Task
For option definitions, click ? in the interface.
1
Click the Reports tab, then click Unrecognized Programs.
2
In the Unrecognized Programs report, view detailed information about unrecognized programs and
the computers where they were detected by using one of these methods.
When you want to... Do this...
Display computers or
detections
Click the triangle icon next to a name.
• Under a computer name, show which programs were detected.
• Under a program name, show the computers where it was detected.
Click a group name to display computers in that group.
4
View details about
detections
View details about a
computer where a
detection occurred
Approve a program
Click the name of a potentially unwanted program to display detailed
information from the McAfee Labs Threat Library.
Click a computer name to display the Computer Details page, which
displays information about the computer, its service components, and its
detections.
Click Allow, select one or more programs, select one or more policies
where the programs will be approved, then click Save. The selected
programs will no longer be detected as threats on computers using the
selected policies.
Reports for virus and spyware protection
View information about virus and spyware detections in administrative reports available from the
SecurityCenter. Reports provide details about the specific threats detected and the history of
detections over the past year.
• Detections report — Lists the malware threats, potentially unwanted programs, buffer overflow
processes, and cookies that virus and spyware protection detected on client computers.
• Unrecognized Programs report — Lists programs detected on client computers that are not
recognized by spyware protection and firewall protection. Allows you to approve programs from
within the report.
• Detection History report — Graphs detections on client computers over the past year.
Detections report
Use the Detections report to view and manage the types of potentially malicious code or unwanted
programs that have been found on the network.
Select the information that appears in this report
McAfee Total Protection Service 5.1.5 Product Guide
83
Page 84
4
Using Virus and Spyware Protection
Reports for virus and spyware protection
Select this
option...
Report period
Detection type
View
Groups
How to use this report
When you want to... Do this...
Display computers or
detections
To do this...
Specify the period of time for which to display information. Select from the last week
or one of the last 12 months.
Show all threat detections or a particular type.
• Malware Infections — Known threats that would infect the computer if they were not
caught.
• Potentially Unwanted Programs — Programs that you have not approved to run on client
computers.
• Buffer Overflow Processes — Unwanted code that attempted to run in reserved memory
but was stopped.
• Cookies — Data files containing personal information that are created by a web
server and stored on your computer. Cookies allow web servers to recognize you
and track your preferences when you visit Internet sites.
List the computers where detections occurred, the names of detections, or the groups
containing computers where detections occurred.
Display all the computers on your account or only those in a single group.
Click the triangle icon next to a name.
• Under a computer name, show which detections were found.
• Under a detection name, show the computers where it was found.
Click a group name to display computers in that group.
View details about
detections
View details about a
computer where a
detection occurred
If detections are listed for a computer, click a quantity to display details.
• Click a quantity for Detected Objects to display a list of detected threats
and their status.
• From the Detections List, click the name of a detection to display detailed
information from the McAfee Labs Threat Library.
Click a computer name to display the Computer Details page, which displays
information about the computer, its service components, and its detections.
Unrecognized Programs report
Use the Unrecognized Programs report to view a list of unapproved programs that spyware protection
detected on the network.
This list is cumulative — previously detected programs remain in the list, and new detections are
added each time you access the report.
Select the information that appears in this report
Select this
option...
Report period
Detection type
To do this...
Specify the period of time for which to display information. Select from the last
week or one of the last 12 months.
Show all unrecognized programs, only programs blocked by firewall protection,
only potentially unwanted programs, or only cookies.
84
McAfee Total Protection Service 5.1.5 Product Guide
Page 85
Using Virus and Spyware Protection
Best practices (virus and spyware protection)
4
Select this
option...
View
Groups
How to use this report
When you want to... Do this...
Display computers or
detections
View details about
detections
View details about a
computer where a
detection occurred
Approve a program Click Allow, select one or more programs, select one or more policies where
To do this...
List the computers where unrecognized programs were detected, the name of the
programs, or the groups containing computers where unrecognized programs
were detected.
Display all the computers on your account or only those in a single group.
Click the triangle icon next to a name.
• Under a computer name, show which programs were detected.
• Under a program name, show the computers where it was detected.
Click a group name to display computers in that group.
Click the name of a potentially unwanted program to display detailed
information from the McAfee Labs Threat Library.
Click a computer name to display the Computer Details page, which displays
information about the computer, its service components, and its detections.
the programs will be approved, then click Save. The selected programs will
no longer be detected as threats on computers using the selected policies.
Detection History report
Check the Detection History report for a graphical overview of the number of detections and the
number of computers where detections occurred over the past year on your network.
This information can help you determine how successfully your protection features have performed,
and whether strategies you have implemented, such as user education or policy adjustments, have
been effective.
Select the information that appears in this report
Select this option... To do this...
Display by
Groups
Display information for the last year in monthly or quarterly increments.
Display all the computers on your account or only those in a single group.
Best practices (virus and spyware protection)
To develop an effective strategy for guarding against virus and spyware threats, we recommend that
you proactively track the types of threats being detected on your network and where they are occurring.
1
Check your status emails or the SecurityCenter website for an overview of your account’s status.
• Ensure that computers in your account are up-to-date.
• Ensure that protection is installed on all computers.
2
Check the Detections report regularly to see what is being detected.
3
Check the Unrecognized Programs report frequently to monitor the programs that users are
approving on client computers. If you know some of the programs are safe and do not want them
to be detected as potentially unwanted, add them to policies as approved programs.
McAfee Total Protection Service 5.1.5 Product Guide
85
Page 86
4
Using Virus and Spyware Protection
Best practices (virus and spyware protection)
4
To centralize management and more easily monitor the types of programs allowed on client
computers, define client security settings in a policy.
5
If particular types of detections are occurring frequently or certain computers appear vulnerable,
update the policy to resolve these issues.
• Schedule scans or add exclusions.
• Enable advanced scanning options.
• Ensure that spyware protection is enabled.
• For maximum protection, set your spyware protection mode to Protect to automatically clean
potentially unwanted programs.
Protect mode is not the default setting. For maximum protection, create
a policy that includes Protect mode.
• Enable all advanced spyware options.
6
Use “learn” mode to identify which programs to add to the Approved Programs list. This ensures
that no required programs are deleted before you have the opportunity to authorize their use. Then
change your spyware protection mode to Protect.
7
View the Detection History report periodically to discover trends specific to your network, and
verify your strategy’s success in reducing detections.
86
McAfee Total Protection Service 5.1.5 Product Guide
Page 87
Frequently asked questions
This section includes questions asked by administrators that are related to using policy options for
virus and spyware protection.
How can I prevent popup prompts from appearing when unrecognized programs
are detected?
Virus and spyware protection prompts users for a response to a potentially unwanted program
detection when set to Prompt mode. To prevent popups, select Protect or Report mode. For highest
protection, select Protect to automatically delete unrecognized programs.
Why would I want to specify excluded files and folders or approved programs?
Specifying excluded files and folders from scanning can be useful if you know a particular type of file is
not vulnerable to attack, or a particular folder is safe. If you use a program to conduct your business,
adding it to a list of approved programs keeps it from being detected as unrecognized and deleted. If
you are unsure, it is best not to specify exclusions.
Can I add approved programs to the McAfee Default policy?
Using Virus and Spyware Protection
Frequently asked questions
4
No. However, you can create a new policy and add them. When you click Add Policy on the Policies page
of the SecurityCenter, the new policy is prepopulated with the McAfee Default policy settings. Specify
a name for the new policy, save it, and then add approved programs as needed. You can also
designate the new policy as your default policy.
Error messages
This section includes error messages that are related to using the features of virus and spyware
protection.
File does not exist.
This error verifies that the computer is protected from threats. When you clicked to open an infected
file from Windows Explorer, the on-access scanner immediately detected and deleted the file, so that
Windows could not open it.
On-access scan is currently disabled.
This error can be caused by several problems, but the most common solutions are:
• Check your connection to the network server or Internet.
• This feature has been disabled. From the client computer, log on as an administrator (using the
Admin Login feature), then enable it from the Total Protection Service console on the client computer.
To prevent this problem, force the computer to re-enable on-access
scanning automatically whenever it checks for updates by enabling the
associated virus and spyware policy option.
McAfee Total Protection Service 5.1.5 Product Guide
87
Page 88
4
Using Virus and Spyware Protection
Error messages
88
McAfee Total Protection Service 5.1.5 Product Guide
Page 89
5
5
Using Firewall Protection
Firewall protection checks for suspicious activity in communications sent between client computers and
network resources or the Internet.
As the administrator, you can define what constitutes suspicious activity and how firewall protection
responds to:
• IP addresses and communication ports that attempt to communicate with your computer. You can
specify whether to allow or block communications from other IP addresses on your network or
outside your network, or you can identify specific IP addresses and ports to allow or block.
• Applications that attempt to access the Internet. You can use McAfee's recommendations for safe
Internet applications, or you can identify specific applications to allow or block. You can also select
firewall protection's response to detections of unrecognized applications.
Firewall protection has two primary modes: users configure firewall settings and an administrator
configures firewall settings. The McAfee default policy is configured to let client computer users decide
which communications and applications firewall protection allows. The administrator setting puts all or
partial control with the administrator.
To ensure the highest level of protection for your network, McAfee
recommends that an administrator configure the firewall protection
settings in one or more policies, which are then assigned to client
computers. When an administrator sets firewall protection, it is
important that the applications and communications that are important
to your users are allowed before deploying the policy. This ensures that
no important communications are blocked.
Contents
Connection type and detections of incoming communications
Firewall protection mode and detections of unknown applications
The role of IP addresses
The role of system service ports
Firewall configuration
Configuring policy options
Configuring custom connections
Installing and enabling firewall protection at the policy level
Managing detections
Reports for firewall protection
Best practices (firewall protection)
Frequently asked questions
McAfee Total Protection Service 5.1.5 Product Guide
89
Page 90
Using Firewall Protection
5
Connection type and detections of incoming communications
Connection type and detections of incoming communications
Firewall protection monitors communications coming into the network (known as inbound events) to
determine whether they meet criteria specified for safe communications. If an event does not meet
the criteria, it is blocked from reaching computers on the network.
Specify criteria by selecting the type of connection client computers are using. A policy option setting
determines whether the administrator or the user selects the connection type.
Types of connections
The connection type defines the environment where client computers are used, It determines what
firewall protection considers to be suspicious activity and, therefore, which IP addresses and ports are
allowed to communicate with the network computers.
Select from three connection environments.
Select
this...
Untrusted
network
Trusted
network
Custom Should communicate only through specific
When the computer... Then firewall protection...
Is connected directly to the Internet.
For example: through a dial-up connection, a
DSL line, or a cable modem; through any
type of connection in a coffee shop, hotel, or
airport.
Is connected indirectly to a network that is
separated from the Internet by a hardware
router or firewall.
For example: in a home or office network.
ports or with a specific range of IP
addresses, or the computer is a server
providing system services.
Blocks communications with all other
computers, including those on the same
subnet.
This is the default setting.
Allows communications with other
computers on the same subnet, but
blocks all other network communications.
Allows communications with the ports and
IP addresses you specify, blocks all other
communications.
When you select this option, an Edit
button becomes available that enables
you to configure options.
Additional information about connection types
It is important to update the connection type whenever the working environment changes. For
example, mobile users who connect to both secured (trusted) and unsecured (untrusted) networks
must be able to change their setting accordingly.
A policy option specifies whether firewall protection tracks blocked events for reporting purposes.
When the option is enabled, you can see a listing of all blocked events in the report entitled Inbound
Events Blocked by Firewall.
The connection type does not affect the way that firewall protection handles detections of Internet
applications running on client computers.
90
McAfee Total Protection Service 5.1.5 Product Guide
Page 91
Connection type and detections of incoming communications
Using Firewall Protection
5
Custom connections
Trusted and untrusted connection types let you specify whether to allow or block communications
originating within a network.
Configure a custom connection type when you want to be more specific about where communications
originate. When you set up a custom connection, you can designate:
• Open and blocked ports, through which a computer can and cannot receive communications. This is
required to set up a computer as a server that provides system services. The server will accept
communications through any open port from any computer. Conversely, it will not accept
communications through any blocked port.
• IP addresses from which a computer can receive communications. This allows you to limit
communications to specific IP addresses.
Configure settings for custom connections on the General tab of the Firewall Protection policy page.
McAfee Total Protection Service 5.1.5 Product Guide
91
Page 92
Using Firewall Protection
5
Firewall protection mode and detections of unknown applications
Once configured, custom connection settings are saved until you reconfigure them. If you temporarily
select a Trusted network or Untrusted network connection type, the custom settings will still be there
the next time you want to configure a custom connection.
Custom settings configured on the SecurityCenter are ignored on client
computers if firewall protection mode is set to Prompt. In Prompt mode,
settings configured by users override administrator settings.
Firewall protection mode and detections of unknown
applications
The firewall protection mode determines whether firewall protection allows unrecognized applications
to access the Internet.
Firewall protection monitors communications with Internet applications, which connect to the Internet
and communicate with client computers. When it detects an Internet application running on a
computer, it either allows the application to connect to the Internet or blocks the connection,
depending on the firewall protection mode selected in the policy assigned to the client computer.
In this mode... Firewall protection does this...
Protect Blocks the suspicious activity.
Prompt Displays a dialog box with information about the detection, and allows the user to
select a response. This setting is the default.
Report Sends information about suspicious activity to the SecurityCenter and takes no
additional action.
For all modes, detections are reported to the SecurityCenter, where you can view information about
them in reports.
To prevent popup prompts from appearing on client computers when
applications are detected, and for highest security, we recommend using
Protect mode.
92
McAfee Total Protection Service 5.1.5 Product Guide
Page 93
Using Firewall Protection
The role of IP addresses
How policy options are implemented in the three protection modes
Use the following table to determine how policy options are implemented in the different protection
modes.
Mode Behavior of firewall protection
Report
• Users are not prompted about detections.
• Detections are reported to the SecurityCenter.
• Administrator can select allowed applications, which are not reported as detections.
• Can be used as a "learn" mode to discover which applications to allow and block.
5
Prompt
Protect
• Users are prompted about detections.
• Detections are reported to the SecurityCenter.
• Administrator can select allowed applications. These applications are not reported as
detections, and users are not prompted for a response to them.
• Users can approve additional applications in response to prompts. These are reported to
the SecurityCenter.
• Users are not prompted about detections.
• Users are notified about blocked applications.
• Detections are reported to the SecurityCenter.
• Administrator can select allowed applications, which are not reported as detections.
If the policy is changed from Prompt mode to Protect mode or Report
mode, firewall protection saves user settings for allowed applications. If
the policy is then changed back to Prompt mode, these settings are
reinstated.
Use learn mode to discover Internet applications
Report mode can be used as a “learn mode” to help you determine which applications to allow.
In Report mode, firewall protection tracks but does not block unrecognized Internet applications. You
can review detected applications in the Unrecognized Programs report and approve those that are
appropriate for your policy. When you no longer see applications you want to allow in the report,
change the policy setting to Prompt or Protect mode.
The role of IP addresses
An IP address is used to identify any device that originates or receives a request or a message over
networks and the Internet (which comprises a very large group of networks).
Each IP address uses a unique set of hexadecimal characters to identify a network, a subnetwork (if
applicable), and a device within the network.
An IP address enables:
• The request or message to be delivered to the correct destination.
• The receiving device to know where the request or message originated and where to send a
response if one is required.
McAfee Total Protection Service 5.1.5 Product Guide
93
Page 94
Using Firewall Protection
5
The role of system service ports
Total Protection Service allows you to configure a custom connection to accept only communications
that originate from designated IP addresses. You can specify IP addresses that conform to either of
these standards:
• IPv4 (Internet Protocol Version 4) — The most common Internet addressing scheme. Supports
32-bit IP addresses consisting of four groups of four numbers between 0 and 255.
• IPv6 (Internet Protocol Version 6) — Supports 128-bit IP addresses consisting of eight groups of
four hexadecimal characters.
The role of system service ports
System services communicate through ports, which are logical network connections.
Common Windows system services are typically associated with particular service ports, and your
computer’s operating system or other system applications might attempt to open them. Because these
ports represent a potential source of intrusions into a client computer, you must open them before the
computer can communicate through them.
Certain applications, including web servers and file-sharing server programs, must accept unsolicited
connections from other computers through designated system service ports. When configuring a
custom connection, you can:
• Allow applications to act as servers on the local network or the Internet.
• Add or edit a port for a system service.
• Disable or remove a port for a system service.
Select a port for system services only if you are certain it must be open.
You will rarely need to open a port. We recommend that you disable
unused system services.
Examples of system services that typically require ports to be opened are:
• Email server — You do not need to open a mail server port to receive email. You need to open a
port only if the computer running firewall protection acts as an email server.
• Web server — You do not need to open a web server port to run a web browser. You need to open
a port only if the computer running firewall protection acts as a web server.
An opened service port that does not have an application running on it
poses no security threat. However, we recommend that you close unused
ports.
Standard assignments for system service ports
These commonly used standard service ports are listed by default, where you can open or close them:
• File and Print Sharing
• Remote Desktop
• Remote Assistance
You can add other service ports as needed. Standard service ports for typical system services are:
94
McAfee Total Protection Service 5.1.5 Product Guide
Page 95
Using Firewall Protection
Firewall configuration
System Service Port(s)
File Transfer Protocol (FTP) 20-21
Mail Server (IMAP) 143
Mail Server (POP3) 110
Mail Server (SMTP) 25
Microsoft Directory Server (MSFT DS) 445
Microsoft SQL Server (MSFT SQL) 1433
Network Time Protocol Port 123
Remote Assistance / Terminal Server (RDP) 3389 (same as Remote Assistance and Remote Desktop)
Remote Procedure Calls (RPC) 135
Secure Web Server (HTTPS) 443
Universal Plug and Play (UPNP) 5000
Web Server (HTTP) 80
Windows File Sharing (NETBIOS) 137-139 (same as File and Print Sharing)
5
Firewall configuration
Protecting computers from suspicious activity with a firewall involves monitoring network activity to
identify applications, IP addresses, and ports, and blocking those that could cause harm.
There are two methods of establishing firewall protection:
• The administrator configures firewall settings in a Total Protection Service policy.
• Client computer users configure firewall settings for their computers.
McAfee Total Protection Service 5.1.5 Product Guide
95
Page 96
5
Using Firewall Protection
Firewall configuration
For the highest level of security, McAfee recommends that administrators configure firewall settings. If
you allow users to configure the settings, it is important to educate them about threats and strategies
for avoiding risk.
Configuring firewall features enables you, the administrator, to control which applications and
communications are allowed on your network. It provides the means for you to ensure the highest
level of security.
You can also allow users to configure their own firewall protection settings. In this case, no other
firewall policy options are available for you to select. This is the default setting.
96
McAfee Total Protection Service 5.1.5 Product Guide
Page 97
Using Firewall Protection
Configuring policy options
Interaction between user and administrator policy settings
Firewall protection handles the settings that you and users configure in a special way. This enables
settings to be controlled by either you or the users at different times.
Settings that users select are never discarded, but whether they are used depends on the policy
settings assigned to their computers. These also determine whether options for configuring firewall
protection settings are displayed in the client console.
If you configure... User settings are... Configuration options
display in the console?
No policy settings Active Yes
5
Firewall protection mode as
either:
• Protect
• Report
Firewall protection mode as
Prompt
Configuring policy options
Use these tasks to select policy options for firewall behavior on client computers.
Selecting general firewall settings
Use this task to configure the general settings for firewall protection.
• Who configures the firewall
• Connection type
To ensure the highest level of security, we recommend that
administrators configure firewall settings. If you allow users to configure
the settings, it is important to educate them about threats and strategies
for avoiding risk.
Inactive No
Merged with administrator settings. When
they differ, user settings take precedence.
For example, if a user approves a program,
it is allowed even if the administrator has
not approved it.
Yes
Task
For option definitions, click ? in the interface.
1
On the Policies page, click Add Policy (or click Edit to modify an existing policy).
2
Select Firewall Protection, then click the General Settings tab.
3
Under Firewall Configuration, select Administrator configures firewall or User configures firewall.
If you select the administrator option, additional policy options are displayed for you to configure.
4
Under Connection Type, select an option.
McAfee Total Protection Service 5.1.5 Product Guide
97
Page 98
5
Using Firewall Protection
Configuring policy options
5
If you selected Custom, click Edit to configure related options.
These are described in another section of this document.
6
Click Save.
(For a new policy, click Next, select additional options for the policy, then click Save.)
Configuring options for Internet applications
Use this SecurityCenter task to configure the way firewall protection responds to detections of Internet
application
These policy option settings determine:
• Whether firewall protection checks the list of Internet applications that McAfee has determined to
be safe at the www.hackerwatch.org website.
• Whether firewall protection blocks an unrecognized application, prompts users for a response, or
simply reports it to the SecurityCenter.
• Specific applications to allow or block
Task
For option definitions, click ? in the interface.
1
On the Policies page, click Add Policy (or click Edit to modify an existing policy).
2
Select Firewall Protection, then click the General Settings tab.
3
Under Firewall Configuration, select or deselect the Use Smart Recommendations to automatically approve
common Internet applications option.
4
Under Firewall Protection Mode, select an option.
5
Click the Allowed Internet Applications tab. This tab lists all the Internet applications detected on the
computers in your account.
6
Select options as needed.
Select this... To do this...
Allow
Allow All
Block
Block All
7
Click Save.
(For a new policy, click Next, select additional options for the policy, then click Save.)
Allow the application.
Allow all the applications listed.
Block the application.
Block all the applications listed.
Tracking blocked communications
Use this SecurityCenter task to track communication attempts (known as events) between client
computers and network resources that firewall protection blocks.
View information about these events in the report entitled Inbound Events Blocked by the Firewall.
98
McAfee Total Protection Service 5.1.5 Product Guide
Page 99
Task
For option definitions, click ? in the interface.
1
On the Policies page, click Add Policy (or click Edit to modify an existing policy).
2
Select Firewall Protection, then click the General Settings tab.
3
Under Firewall Reporting Configuration, select Report blocked events.
4
Click Save.
(For a new policy, click Next, select additional options for the policy, then click Save.)
Configuring custom connections
Use these tasks to configure system service ports and IP addresses for custom connections.
Configuring system services and port assignments
Use this SecurityCenter task to configure system service port assignments for a custom connection.
Using Firewall Protection
Configuring custom connections
5
This task allows you to add, remove, or modify a service by specifying its name and the ports through
which it communicates with client computers using the policy.
Opening a system service port on a client computer allows it to act as a server on the local network or
Internet. Closing a port blocks all communications through the ports with client computers using the
policy.
Task
For option definitions, click ? in the interface.
1
On the Policies page, click Add Policy (or click Edit to modify an existing policy).
2
Select Firewall Protection, then click the General Settings tab.
3
Under Connection Type, select Custom settings, then click edit.
4
On the Firewall Custom Settings panel, under Allowed Incoming Connections, configure a service
by using one of these methods.
To do this... Perform these steps...
Allow an existing
service by opening
its ports
1
Select the checkbox for a service listed in the table.
2
Click OK.
Computers using this policy will accept communications through the ports
assigned to the service.
Add a new service
and open its ports
1
Click Add Connection.
2
In the Add or Edit Incoming Connection panel, type a name for the service,
type the ports through which the service will communicate with computers
using this policy, then click OK.
McAfee Total Protection Service 5.1.5 Product Guide
99
Page 100
5
Using Firewall Protection
Configuring custom connections
To do this... Perform these steps...
Modify an existing
service
1
For a service listed in the table, click edit.
2
In the Add or Edit Incoming Connection panel, modify the name for the
service and/or the ports through which the service will communicate with
computers using this policy, then click OK.
Block an existing
service and close
its ports
5
Click Save.
(For a new policy, click Next, select additional options for the policy, then click Save.)
1
For a service listed in the table, click Block.
2
Click OK.
The service is removed from the list, and computers using this policy will not
accept communications through the ports assigned to the blocked service.
Configuring IP addresses
Use this SecurityCenter task to add or remove a range of IP addresses in a custom connection.
Client computers using this policy will accept communications originating only from the IP addresses
you add.
Specify IP addresses and system service ports through which to
communicate by using separate tasks.
Task
For option definitions, click ? in the interface.
1
On the Policies page, click Add Policy (or click Edit to modify an existing policy).
2
Select Firewall Protection, then click the General Settings tab.
3
Under Connection Type, select Custom settings, then click edit.
4
On the Firewall Custom Settings panel, under Allowed Incoming Addresses, configure a range of IP
addresses for computers using this policy by using one of these methods.
To do this... Perform these steps...
Accept communications from
any IP address
Accept communications from
IP addresses on the subnet
where the computers are
located
1
Select Any computer.
2
Click OK.
1
Select My network (the subnet only).
2
Click OK.
100
McAfee Total Protection Service 5.1.5 Product Guide
Loading...