McAfee MTP08EMB3RUA, Total Protection Service 5.1.5 Product Manual
Product Guide
McAfee Total Protection Service 5.1.5
COPYRIGHT
Copyright © 2010 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by
any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE),
MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered
trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of
McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A
FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
2
McAfee Total Protection Service 5.1.5 Product Guide
Contents
Preface 9
About this guide ..................................9
Finding product documentation ............................10
1 Introducing Total Protection Service 11
How Total Protection Service works .......................... 12
Types of protection .................................13
Additional features with specific versions ........................13
Core product strengths ...............................14
New features for this release .............................15
The role of the client software ............................ 17
Updates to the client software ............................ 17
Management with the SecurityCenter ......................... 19
Audience ..................................9
Conventions .................................9
Overview of update methods ..........................17
Simple updates through direct connections ....................18
Updates using Rumor technology ........................19
Updates through relay servers .........................19
Create user groups ..............................21
Customize policies ..............................22
Check reports ................................24
2 Using the Client Software 25
How to access the client software ...........................25
About the icon ................................26
About the console .............................. 27
Types of client software updates ............................28
Terminal server support ............................29
Specifying when computers check for updates ...................29
Updating client computers manually .......................30
Disabling updates for non-logged on users .................... 30
Performing setup and maintenance tasks ........................31
Testing virus protection ............................31
Changing the language for the software ..................... 31
Logging on as a site administrator ........................31
Configuring notifications ............................32
Configuring what users see ...........................32
Uninstalling the client software .........................33
Frequently asked questions ..............................34
Error messages ..................................34
3 Using the SecurityCenter 37
The SecurityCenter .................................37
Logging on to the SecurityCenter ........................38
McAfee Total Protection Service 5.1.5 Product Guide
3
Contents
Accessing data on SecurityCenter pages ..................... 39
Protection status at a glance .............................40
Viewing protection at a glance .........................42
Working with widgets .............................42
Management of client computers ........................... 43
Working with computers ............................45
Working with an individual computer .......................46
Management of computer groups ...........................47
Working with groups .............................48
Management of group administrators ..........................48
Working with group administrators ........................50
Management of security policies ............................51
McAfee Default policy .............................52
Working with policies .............................55
Generation of security reports ............................ 56
Scheduling reports ..............................58
Adding your logo to reports .......................... 58
Computer Profiles report ............................59
Duplicate Computers report .......................... 60
Managing your account ...............................61
Configuring your account profile .........................61
Signing up for email notifications ........................61
Viewing and updating subscription information ...................62
Buying and renewing subscriptions and licenses ..................62
Locating or creating keys for your account .................... 63
Merging accounts .............................. 64
Downloading tools and utilities ............................64
Getting assistance .................................65
Frequently asked questions about the SecurityCenter ...................66
Questions about reporting ...........................66
Questions about adding, renewing, and moving licenses ...............67
4 Using Virus and Spyware Protection 69
How detections are handled ............................. 70
Spyware protection mode and detections ........................70
Use learn mode to discover programs ...................... 71
Types of scans ...................................71
On-access (automatic) scans ..........................72
On-demand scans ..............................72
Email scans .................................73
Spyware scans ................................73
Scanning on client computers .............................74
Scanning on demand from the console ......................74
Scanning on demand from Windows Explorer ................... 75
Scanning email on client computers .......................75
Viewing the progress of scheduled scans .....................75
Enabling and disabling on-access scanning .................... 76
Configuring scanning policy options ..........................76
Scheduling a scan ..............................76
Enabling optional types of virus scans ......................76
Excluding files and folders from virus scans ....................77
Selecting spyware scanning options .......................78
Approving and unapproving programs in a policy ..................78
Managing detections ................................79
Viewing scan results on client computers .....................79
Managing potentially unwanted programs on client computers ............ 80
4
McAfee Total Protection Service 5.1.5 Product Guide
Contents
Viewing quarantined files on client computers ...................81
Viewing user-approved programs and applications .................81
Viewing threats detected on the account .....................82
Viewing unrecognized programs detected on the account ...............83
Reports for virus and spyware protection ........................83
Detections report ...............................83
Unrecognized Programs report .........................84
Detection History report ............................85
Best practices (virus and spyware protection) ......................85
Frequently asked questions ..............................87
Error messages ..................................87
5 Using Firewall Protection 89
Connection type and detections of incoming communications ................90
Custom connections ............................. 91
Firewall protection mode and detections of unknown applications ..............92
Use learn mode to discover Internet applications ..................93
The role of IP addresses ...............................93
The role of system service ports ............................94
Standard assignments for system service ports .................. 94
Firewall configuration ................................95
Interaction between user and administrator policy settings ..............97
Configuring policy options ..............................97
Selecting general firewall settings ........................97
Configuring options for Internet applications ....................98
Tracking blocked communications ........................98
Configuring custom connections ............................99
Configuring system services and port assignments .................99
Configuring IP addresses ...........................100
Installing and enabling firewall protection at the policy level ................101
Installing firewall protection during policy updates .................101
Enabling and disabling firewall protection ....................102
Managing detections ................................102
Viewing unrecognized programs detected on the account ..............102
Viewing user-approved programs and applications .................103
Viewing blocked communications ........................103
Reports for firewall protection ............................104
Unrecognized Programs report .........................104
Inbound Events Blocked by Firewall report ....................105
Best practices (firewall protection) ..........................105
Frequently asked questions .............................106
Questions about policies ...........................107
Questions about general firewall protection ....................107
6 Using Browser Protection and Web Filtering 109
Browser protection features .............................109
How safety ratings are compiled ...........................110
Safety icons and balloons protect during searches ....................111
Using site safety balloons ...........................111
Testing communication problems ........................111
SiteAdvisor menu protects while browsing .......................112
Using the SiteAdvisor menu ..........................113
Safety reports provide details ............................113
Viewing safety reports ............................115
Information that browser protection sends to McAfee ...................115
Installing browser protection during policy updates ...................116
McAfee Total Protection Service 5.1.5 Product Guide
5
Contents
Web filtering features ...............................116
Enabling and disabling browser protection via policy ...................117
Enabling and disabling browser protection at the client computer ..............117
Block and warn sites by safety ratings .........................118
Blocking or warning site access based on safety ratings ..............119
Blocking or warning file downloads based on safety ratings .............119
Blocking phishing pages ...........................120
Block and warn sites by content ...........................120
Blocking or warning site access based on content .................121
Authorize and prohibit sites by URL or domain .....................121
How site patterns work ............................122
Adding authorized and prohibited sites .....................123
Customizing messages for users ...........................123
Viewing browsing activity ..............................124
Web Filtering report ................................125
Best practices (browser protection) ..........................126
Frequently asked questions .............................127
7 Using SaaS Email Protection 129
Core SaaS email protection features .........................129
Additional SaaS email protection services .......................130
The SaaS email protection widget and portal ......................131
Account activation and setup ............................132
Activating and setting up your account .....................133
Accessing the SaaS email protection portal ....................133
Configuring policy settings for SaaS email protection ................134
Checking quarantined messages ........................134
Reports and statistics for email protection .......................135
Viewing email activity for the week .......................135
Viewing reports ...............................135
Getting more information ..............................135
8 Using Email Server Protection 137
Email server protection features ...........................137
The installation and setup process ..........................139
Installing email server protection ........................139
The email server protection widget and management console ...............140
Management of email server protection ........................141
Checking notifications and action items .....................141
Viewing detection and status information ....................142
Accessing the management console on the server .................143
Where to find more information ...........................144
9 Using Vulnerability Scanning 145
Vulnerability scanning features ............................145
The vulnerability scanning widget and portal ......................146
Accessing the vulnerability scanning portal ....................147
Overview of scanning process ............................148
Types of devices to scan ..............................148
Types of scans ..................................149
Managing scan devices ...............................150
Discovering IP addresses in a domain ......................150
Discovering IP addresses in a network ......................150
Adding devices to scan ............................151
Configuring devices to accept scans .......................152
Creating device groups ............................153
6
McAfee Total Protection Service 5.1.5 Product Guide
Contents
Changing device groups ...........................153
Deleting devices ..............................154
Performing scans .................................154
Starting a scan ...............................154
Scheduling scans for devices .........................155
How detections are reported .............................156
Viewing scan results ................................156
Viewing results for audit scans .........................157
Viewing results for DNS discovery on domains ..................157
Viewing results for network discovery scans ...................158
Frequently asked questions .............................158
Error messages ..................................160
Index 161
McAfee Total Protection Service 5.1.5 Product Guide
7
Contents
8
McAfee Total Protection Service 5.1.5 Product Guide
Preface
This guide provides the information you need to configure, use, and maintain your McAfee product.
About this guide
This information describes the guide's target audience, the typographical conventions and icons used
in this guide, and how the guide is organized.
Audience
McAfee documentation is carefully researched and written for the target audience.
The information in this guide is intended primarily for:
• Administrators — People who implement and enforce the company's security program.
Conventions
This guide uses the following typographical conventions and icons.
Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis.
Bold Text that is strongly emphasized.
User input or Path Commands and other text that the user types; the path of a folder or program.
Code
User interface
Hypertext blue A live link to a topic or to a website.
A code sample.
Words in the user interface including options, menus, buttons, and dialog
boxes.
Note: Additional information, like an alternate method of accessing an option.
Tip: Suggestions and recommendations.
Important/Caution: Valuable advice to protect your computer system,
software installation, network, business, or data.
Warning: Critical advice to prevent bodily harm when using a hardware
product.
McAfee Total Protection Service 5.1.5 Product Guide
9
Preface
Finding product documentation
Finding product documentation
McAfee provides the information you need during each phase of product implementation, from
installation to daily use and troubleshooting. After a product is released, information about the product
is entered into the McAfee online KnowledgeBase.
Task
1
Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.
2
Under Self Service, access the type of information you need:
To access... Do this...
User documentation
1
2
3
Click Product Documentation.
Select a Product, then select a Version.
Select a product document.
KnowledgeBase
• Click Search the KnowledgeBase for answers to your product
questions.
• Click Browse the KnowledgeBase for articles listed by product and
version.
10
McAfee Total Protection Service 5.1.5 Product Guide
1
1
Introducing Total Protection Service
Total Protection Service provides a "hands-off" solution to safeguard the computers on your network
automatically by keeping itself up-to-date and checking for threats contained in files and programs, in
email messages, in communications from inside and outside the network, and on websites.
When you purchase a subscription to Total Protection Service, an account is created for you, and you
become the account administrator (referred to as the site administrator). When you install the Total
Protection Service client software on computers, they are added to your account. A weekly email
alerts you to any problems detected for computers on your account.
In some organizations, another person, such as a purchasing
department representative, purchases the subscription and then
designates you to be the site administrator.
For a more "hands-on" approach, use the SecurityCenter to view and manage computers and
detections on your network. Your service provider sends you a unique URL and login credentials for
your account, which you can use to access the SecurityCenter. This is a pre-configured website that
provides a simple-to-use management console for monitoring the protection status of computers on
your account. Use the SecurityCenter to view reports on detections and activities and to configure
security settings that address the specific needs of your account.
This section provides an overview of the product and its features.
Contents
How Total Protection Service works
Types of protection
Additional features with specific versions
Core product strengths
New features for this release
The role of the client software
Updates to the client software
Management with the SecurityCenter
McAfee Total Protection Service 5.1.5 Product Guide
11
Introducing Total Protection Service
1
How Total Protection Service works
How Total Protection Service works
Total Protection Service delivers comprehensive security as a service for all the computers on your
account.
It automatically checks for threats, intercepts them, takes the appropriate action to keep your data
and your network safe, and tracks detections and security status for reports.
1 Client software runs on each computer where it is installed.
2 The client software updates itself — automatically and silently — by downloading the latest
detection definition (DAT) files from your account’s administrative website, the McAfee
SecurityCenter. DAT files define the threats that the client software detects.
3 The client software uploads security information about each computer to the SecurityCenter
for use in administrative reports.
4 As your account’s administrator, you can use a web browser to visit the SecurityCenter,
where you can access reports that detail the status of client computers and use tools for
customizing and managing security.
12
McAfee Total Protection Service 5.1.5 Product Guide
®
Types of protection
The core features in Total Protection Service safeguard against a broad range of threats.
Feature Description
Virus and spyware
protection
Firewall protection Establishes a barrier between each computer and the Internet or other
Browser protection Displays information to safeguard client computer users against web-based
SecurityCenter Provides centralized, web-based access to status information and management
Introducing Total Protection Service
Types of protection
Checks for viruses, spyware, unwanted programs, and other potential threats
borne on removable media or brought in from your network, including via
email. Every time a file on your computer is accessed, virus and spyware
protection scans the file to make sure it is free of viruses and spyware.
computers on your local network. It silently monitors communications traffic
for suspicious activity and takes appropriate action, such as blocking.
threats. Users can view website safety ratings and safety reports as they
browse or search with Microsoft Internet Explorer or Mozilla Firefox.
tasks for your account.
1
Additional features with specific versions
Some versions of Total Protection Service include additional protection features.
Feature Description
Hosted on
client
computers
Web filtering Works within browser protection to expand the policy and reporting options
available. Enables administrators to control access to websites based on their
safety rating or category of content. Based on SiteAdvisor® Enterprise Plus.
Web-based
Vulnerability
scanning
Analyzes your domains and IP addresses, then reports vulnerability detections and
recommends steps for correcting them. Based on SECURE™.
McAfee Total Protection Service 5.1.5 Product Guide
13
1
Introducing Total Protection Service
Core product strengths
Feature Description
SaaS email
protection
(NEW)
Protects against email threats by scanning messages before they reach your
network. Blocks or quarantines detections of directory harvest attacks, spam,
phishing scams, viruses, and other email-borne threats in messages and
attachments. Based on SaaS Email Protection and can be enhanced with these
additional services:
• SaaS Email Archiving — Stores email messages in a centralized, secure location.
• SaaS Email Continuity — Enables web-based email access during outages.
• SaaS Email Intelligent Routing — Routes filtered email to distributed email
systems.
If you have subscribed to email protection previously, your account will be migrated
to SaaS email protection. McAfee will notify you when this occurs and provide
instructions for setting up the new account.
Email server
protection
Provides comprehensive virus and spam protection for the email and other content
entering and leaving your environment. Proactive anti-virus scanning and an
automatic outbreak manager prevent malicious code from disrupting the system,
while advanced content filtering allows administrators to set up rules for
inappropriate content, sensitive information, and adding disclaimers to messages.
• Security Service for Exchange protects your Microsoft Exchange Server
2003/2007 environment and includes Anti-Spam for Mail Servers. Documentation
is bundled with the downloaded software.
• McAfee GroupShield® for Lotus Domino protects your Lotus Domino Windows
edition version 6.0.2/7.0.2/8.0 environment and includes Anti-Spam for Mail
Servers. Documentation is available on the CD or in the downloadable installer
accessible from the McAfee download center.
Core product strengths
Total Protection Service safeguards your computers with a robust set of core features.
• Continuous protection — From the time a client computer is turned on until it is turned off, Total
Protection Service silently monitors all file input and output, downloads, program executions,
inbound and outbound communications, and other system-related activities.
• Instant discovery for virus threats — When Total Protection Service detects a virus threat, it
attempts to clean the item containing the threat before further damage can occur. If an item
cannot be cleaned, a copy of it is placed in a quarantine folder and the original item is deleted.
• Customized threat response for program detections — By default, Total Protection Service
provides a high degree of protection against threats. You can also configure the response to
detections of potentially unwanted programs and suspicious activity to suit your needs: take
immediate action to clean, quarantine, or block the detection; prompt users for a response; or only
log the detection for administrative reports.
• Preemptive safety notifications for web-based threats — Threats reported on websites are
communicated to users through color-coded icons and safety reports, enabling them to minimize
exposure to dangerous websites.
14
McAfee Total Protection Service 5.1.5 Product Guide
• Automatic updates — Total Protection Service checks for product updates at regular intervals
throughout the day, comparing security components against the latest releases. When a computer
needs a newer version, the client software retrieves it automatically.
• Early Warning system and outbreak response — Total Protection Service uses the latest
information about threats and outbreaks as soon as they are discovered by McAfee® Labs, a
research division of McAfee. Whenever McAfee Labs releases an outbreak detection definition (DAT)
file, computers on your account receive it promptly.
New features for this release
This release of Total Protection Service includes these new features.
Core features
All versions of Total Protection Service include these new features to facilitate account management.
Now you can do this... Details
Customize the SecurityCenter
home page
Get real-time evaluation for
unrecognized threat detections
Schedule reports Customize the data that appears in reports, then automatically
Designate a default policy for your
account
Display computers by policy Organize the computer listing for your account by policy as well
Access more account data on the
SecurityCenter
Introducing Total Protection Service
New features for this release
Select the summary and activity reports (known as widgets)
that appear on the Dashboard page. Click and drag to
reposition and resize widgets.
Artemis technology sends unrecognized detections to McAfee
Labs for evaluation.
generate and email these reports at regular intervals.
Select a customized policy as the default assigned to computers
in your account.
as by groups.
Look up your company key, grant number, installation URL, and
group IDs more easily.
1
McAfee Total Protection Service 5.1.5 Product Guide
15
1
Introducing Total Protection Service
New features for this release
Additional types of protection
Some versions of Total Protection Service offer additional types of protection that extend coverage to
other network assets.
Now you can do this... Details
Use SaaS email
protection to add robust
security options and
failsafe access to
messages and
administrative features
Protects against email threats by scanning messages before they reach
your network. Blocks or quarantines detections of directory harvest attacks,
spam, phishing scams, viruses, and other email-borne threats in messages
and attachments. Based on SaaS Email Protection and can be enhanced
with these additional services:
• SaaS Email Archiving — Stores email messages in a centralized, secure
location.
• SaaS Email Continuity — Enables web-based email access during outages.
• SaaS Email Intelligent Routing — Routes filtered email to distributed
email systems.
If you have subscribed to email protection previously, your account will be
migrated to SaaS email protection. McAfee will notify you when this occurs
and provide instructions for setting up the new account.
Control access to
websites based on their
safety ratings and
content
Scan websites for
vulnerabilities
Access protection
portals without
separate login
credentials
Increase protection for
Microsoft Exchange mail
servers
Web filtering works within browser protection to add policy and reporting
options. You can block user access to websites and file downloads or warn
them about reported threats, customize messaging that displays for
blocked sites, create lists of authorized and prohibited websites based on
their domain or URL, or view a report of web browsing activity on your
network.
Vulnerability scanning enables you to register IP addresses, then scan them
for vulnerabilities and report scan results to the SecurityCenter in alerts.
The single sign-on feature lets you open the SaaS email protection or
vulnerability scanning portal directly from the SecurityCenter, without
entering additional login credentials.
Security Service for Exchange uses advanced heuristics to protect your
Microsoft Exchange server version 2003 or 2007 from viruses, unwanted
content, potentially unwanted programs, and banned file types and
messages. It also scans:
• Subject line and body of the email messages.
• Email attachments (based on file type, file name, and file size).
• Text within the email attachments.
Additionally, Security Service for Exchange includes the add-on component
Anti-Spam for Mail Servers, which protects your Exchange server from
spam and phishing emails.
16
McAfee Total Protection Service 5.1.5 Product Guide
The role of the client software
The Total Protection Service software installed on client computers implements a three-prong
approach to security
It does this by:
1
Silently monitoring all file input and output, downloads, program executions, inbound and outbound
communications, and other system-related activities on client computers. As a result of this
monitoring, the client software automatically:
• Deletes or quarantines detected viruses.
• Removes potentially unwanted programs, such as spyware or adware, unless you select a
different response.
• Blocks suspicious activity unless you specify a different response.
• Indicates unsafe websites with a color-coded button or icon in the browser window or search
results page. These indicators provide access to safety reports that detail site-specific threats.
2
Regularly updating detection definition (DAT) files and software components to ensure that you are
always protected against the latest threats.
Introducing Total Protection Service
The role of the client software
1
3
Uploading security information for each client computer to the SecurityCenter, then using this
information to send emails and create reports that keep you informed about your account’s status.
Updates to the client software
Regular updates are the cornerstone of Total Protection Service.
The client software periodically checks a site on the Internet for newer versions of these software
components.
• Regular DAT files, which contain the latest definitions for viruses, potentially unwanted programs,
and cookies and registry keys that might indicate spyware. These are updated regularly to add
protection against new threats.
• Outbreak DAT files, which are high-priority detection definition files released in an emergency
situation in response to a specific new threat.
• Software components running on client computers.
• Policy settings configured for your account.
At the same time, the client software sends information about its detections and protection status, to
update the security data maintained on the SecurityCenter website and used in administrative reports.
Overview of update methods
The client software uses several methods to check for and retrieve updates.
Five minutes after a client computer connects to the network, and at regular intervals throughout the
day, the Total Protection Service client software checks for updates. If updates are available, the client
computer retrieves them.
In addition, users can check for updates manually at any time by clicking the Total Protection Service
icon in the system tray, then selecting Update Now.
McAfee Total Protection Service 5.1.5 Product Guide
17
1
Introducing Total Protection Service
Updates to the client software
Updates can occur in three ways. You can implement one method or a combination of methods, which
enables you to control the impact updates have on network resources.
1
For simple updates, each client computer on your account has a direct connection to the Internet
and checks for new updates.
2
Rumor technology enables all computers in a workgroup to share downloaded files, which controls
Internet traffic and minimizes expensive downloads.
3
Internet Independent Updating (IIU) enables any computer on the network to get information from
the update site, even if that computer does not have an Internet connection, by communicating
with the update site through a network computer that is configured as a relay server.
Simple updates through direct connections
Each client computer that has a direct Internet connection can check for updates and download them
from the update site on the Internet. This is the simplest method of retrieving updates.
18
McAfee Total Protection Service 5.1.5 Product Guide
Introducing Total Protection Service
Management with the SecurityCenter
Updates using Rumor technology
When one computer shares updates with other computers on the local area network (LAN), rather
than requiring each computer to retrieve updates from the update website individually, the Internet
traffic load on the network is reduced. This process of sharing updates is called Rumor.
1
Each client computer checks the version of the most recent catalog file on the Internet site. This
catalog file contains information for every component in the Total Protection Service client
software, and is stored in a digitally signed, compressed .cab file format.
• If the version is the same as the catalog file on the client computer, the process stops here.
• If the version is different from the catalog file on the client computer, the client computer
attempts to retrieve the latest catalog file from its peers. It queries if other computers on the
LAN have already downloaded the new catalog file.
2
The client computer retrieves the required catalog file (directly from the Internet site or from one
of its peers) and uses it to determine if new components are available for Total Protection Service.
3
If new components are available, the client computer attempts to retrieve them from its peers. It
queries whether computers on the LAN have already downloaded the new components.
• If so, the client computer retrieves the update from a peer. (Digital signatures are checked to
verify that the computer is valid.)
1
• If not, the client computer retrieves the update directly from the update site.
4
On the client computer, the catalog file is extracted and new components are installed.
Updates through relay servers
Internet Independent Updating (IIU) enables computers to update Total Protection Service client
software when they are not connected to the Internet.
At least one computer on the subnet must have an Internet connection to be able to communicate
with the update site. That computer is configured to act as a relay server, and computers without an
Internet connection use this computer to connect with the Internet and retrieve updates directly from
the McAfee update site.
1
When a computer without Internet access fails to connect directly to the update site, it requests a
response from a relay server on the LAN and uses that computer to communicate with the update
site.
2
The computer without an Internet connection downloads updates directly from the update site
through the relay server.
You can specify which computers function as relay servers when you install the client software or at a
later time. See the installation guide for more information.
Management with the SecurityCenter
Your service provider sends you a unique URL and login credentials for your account, which you can
use to log on to the SecurityCenter, a pre-configured, web-based management console for your account.
From the SecurityCenter, you can access tools to monitor the status of computers on your account,
view reports on detections and activities, and configure security settings that address the specific
needs of your account.
McAfee Total Protection Service 5.1.5 Product Guide
19
1
Introducing Total Protection Service
Management with the SecurityCenter
The Dashboard page is the "home page" of the SecurityCenter. It shows summary information for your
account at-a-glance.
• Alerts and action items — Indicate whether any action is required to address security issues, and
links you to instructions for resolving them.
• Product coverage and activity summaries — Modular reports (known as widgets) illustrate the
current status of your account. These include reports on protection coverage (such as computers
where protection is installed and enabled) and activity (such as the number of detections, emails,
and website visits). The type, size, and placement of widgets can be customized.
• Subscription tracking — Widgets are available to show subscription and licensing information for
your account. Click a button to install protection, create a trial subscription, renew or purchase a
subscription, or buy additional licenses.
• Links to related portals — Some widgets contain a link to a portal used for managing
non-client-based protection, such as SaaS email protection and vulnerability scanning.
The SecurityCenter offers two powerful tools for protecting and monitoring displaying your computers
and fine-tuning their security settings.
20
McAfee Total Protection Service 5.1.5 Product Guide
Introducing Total Protection Service
Management with the SecurityCenter
• User groups — Create groups for computers that have one or more common characteristics. This
enables you to view and manage them as a single entity when needed.
• Customized policies — Select settings for protection features, save them in a policy, and assign
the policy to computers or groups of computers. This enables you to configure settings targeted
specifically for each computer's environment and risk factors.
From the SecurityCenter, access important information and additional management tools.
• Installation wizard and links to remote installation methods.
• Detailed identification, activity, and detection data for the groups and computers on your account.
• Administrative reports.
• Policy configuration tools.
• Account configuration data, reference information, subscription status, and tools for managing your
accounts and subscriptions.
• Helpful utilities.
• Product documentation and links to product support and demos.
1
Create user groups
A group consists of one or more computers that share a particular feature.
Each computer running the client software belongs to a group. By default, computers are placed in the
Default Group.
In large accounts, groups are an essential tool for managing computers because they let you manage
different types of computers more easily. You can view all the computers in a group, view detections
and reports for the group, and assign security settings (called policies) to a group as a single entity
rather than individually. You can base groups on geographic location, department, computer type, user
tasks, or anything meaningful to your organization.
For example, you might place all laptops used by traveling sales representatives into a single group
called Sales Team. You can then view details about this group of computers separately from other
computers in your account. You can easily check detections for these computers or customize their
security settings to protect them from the risks specific to users of public networks.
To create groups, use the Computers tab on the SecurityCenter website.
The following example shows how an administrator might configure policies for client computers in
three different groups. You should configure policies for your users to meet your own company’s needs.
Policy setting
On-Demand Scan Weekly Daily Daily
Enable outbreak response Enabled Enabled Enabled
Scan within archives during
on-access scans
No Enabled Enabled
McAfee Total Protection Service 5.1.5 Product Guide
21
1
Introducing Total Protection Service
Management with the SecurityCenter
Policy setting
Check for updates every 12 hours 4 hours 4 hours
Spyware Protection Mode Prompt Protect Prompt
Approved Programs None None Nmap remote admin tool
Firewall Protection Mode Protect Protect Prompt
Use Smart Recommendations to automatically
approve common Internet
applications
Connection Type Trusted network Untrusted network Trusted network
Allowed Internet Applications AOL Instant Messenger None
Enabled No Enabled
• AOL Instant Messenger
• GoogleTalk
Access to Sites, Access to
Downloads (Web Filtering)
Block phishing pages (Web
Filtering)
• Red — Block
• Yellow — Warn
• Unrated — Warn
Enabled Enabled Enabled
• Red — Block
• Yellow — Block
• Unrated — Warn
• Red — Warn
• Yellow — Allow
• Unrated — Allow
Customize policies
After installation, Total Protection Service protects client computers from threats immediately by using
the security settings configured in the McAfee Default policy.
You might want to change the way some settings are configured for some or all of the computers on
your account. For example, you might want to set up a list of programs you consider safe or have
computers check for updates every four hours.
Policies are made up of security settings that define how the client software operates on client
computers. Policy management allows you to assign different levels and types of protection to
different users. If you have created groups, you can assign a unique policy to each group or one policy
to all groups.
For example, you can assign a Sales policy to your mobile Sales Team group, with security settings
that protect against threats in unsecured networks such as airports and hotels.
22
McAfee Total Protection Service 5.1.5 Product Guide
Introducing Total Protection Service
Management with the SecurityCenter
1
1 Create a Sales Team group and a Sales policy.
2 Assign the Sales policy to the computers in the Sales Team group.
3 Client software running on computers in the Sales Team group performs the tasks
defined in the Sales policy:
• Check for updates to software components and DAT files every 4 hours.
• Check for an outbreak DAT file every hour.
• Scan for viruses and potentially unwanted programs daily.
• Block communication from computers on the local network (untrusted network).
4 Client software sends security data for each client computer to the SecurityCenter.
5 Administrator checks the security status for the Sales Team group in reports on the
SecurityCenter.
6 The administrator adjusts the Sales policy. The modified policy is downloaded
automatically to client computers in the Sales Team group the next time they check for
updates.
McAfee Total Protection Service 5.1.5 Product Guide
23
1
Introducing Total Protection Service
Management with the SecurityCenter
Check reports
Whenever client computers check for updates, they upload information about their security status to
the SecurityCenter.
This information includes the number and type of detections, the functional status of the client
software, and any applications or communications that were approved by users or blocked. The
method used to upload information is the same method used to retrieve updates (i.e., through a direct
connection, Rumor technology, or a relay server).
A summary of this information is sent to you in a weekly status email (unless you or your service
provider has disabled this feature). You can also retrieve detailed information in reports available on
the SecurityCenter. Reports show the types of detections and activities occurring for computers on
your account. Use them to evaluate the current policy options for your account and adjust them as
needed.
You can also schedule these reports to run at regular intervals and be delivered to you or other
specified persons as an email attachment.
24
McAfee Total Protection Service 5.1.5 Product Guide
2
2
Using the Client Software
Total Protection Service client software is installed on each computer you want to protect.
When installation is complete, the computer is added to your Total Protection Service account
automatically. The software then runs in the background to download updates to the computer, protect
the computer from threats, and send detection data to the SecurityCenter for use in administrative
reports.
Typically, users have little interaction with the client software unless they want to manually scan for
threats. User tasks are documented in the online user help on client computers.
As an administrator, you can use the SecurityCenter website to configure settings and monitor
detections for the client computers on your account. Occasionally, you might work directly on a client
computer by using the tasks described in this section.
Contents
How to access the client software
Types of client software updates
Performing setup and maintenance tasks
Frequently asked questions
Error messages
How to access the client software
Total Protection Service has two visual components through which users interact with the client software.
• An icon that appears in the Windows system tray.
• A console that displays the current protection status and provides access to features.
You, the administrator, determine which components appear by configuring policy options on the
SecurityCenter website and assigning them to client computers. The options are:
• Icon only, which allows users to access only the menu options. They can view the status of the
software (for example, when downloads are occurring) and perform manual updates.
• Icon and protection status summary, which allows users to access a limited set of features.
• Icon and full console, which allows users to access all features. This is the default setting.
McAfee Total Protection Service 5.1.5 Product Guide
25
2
Using the Client Software
How to access the client software
Access these policy options on the Policies page under Client Settings.
About the icon
The Total Protection Service icon appears in the Windows system tray. It provides access to the
product's console and to some of the basic tasks you might need to perform.
Use the icon to:
• Check for product updates.
• Open the console, to check the protection status and access features. (Available if the
administrator has configured this option.)
26
McAfee Total Protection Service 5.1.5 Product Guide
Using the Client Software
How to access the client software
• Activate your copy of the software.
• Renew the subscription or buy more licenses.
2
How the icon indicates the status of the client software
The appearance of the icon changes to indicate the status of the client software. Hold your cursor over
the icon to display a message describing the current condition.
This icon... ...indicates:
Total Protection Service is active and there are no issues to be aware of.
An update is in progress. Do not interrupt your Internet or LAN
connection; do not log off your computer.
One of these conditions exists:
• Your Total Protection Service subscription is expired. Renew it or
contact your administrator.
• Your pre-installed or trial subscription is not activated.
• Firewall protection is disabled.
• The last update failed to complete. Check your Internet or LAN
connection and perform a manual update (click the icon, then select
Update Now).
• On-access scanning is disabled.
About the console
Check the protection status and access the features of the client software through the console.
To display the console, use one of these methods:
• Double-click the Total Protection Service icon in the system tray.
• Click the icon, then select Open Console.
• Click Start | Programs | McAfee | Managed Services | Total Protection Service.
The basic console displays the status of the protection features installed on the computer.
• Detected risks are highlighted in red. Click Fix to resolve the risk.
• To access product features and perform tasks, click Action Menu, then select from the options:
• Product Details — Display the full console with links to features and tasks.
• Scan Computer — Select a scan target and begin scanning for threats.
• Set Connection Type — Specify the type of network the computer connects to. This determines
which communications firewall protection allows to access the computer.
• View Application List — Specify applications that are allowed to access the Internet or blocked.
• Admin Login — Log on as an administrator to access administrative features. Requires site
administrator credentials.
• View Help — Display online help.
The client features you can access are determined by policy options
assigned to the computer.
McAfee Total Protection Service 5.1.5 Product Guide
27
Using the Client Software
2
Types of client software updates
Types of client software updates
Regular updates enable Total Protection Service to ensure client computers are always protected from
the latest threats.
To perform updates, the client software connects directly to a site on the Internet and checks for:
• Updates to the detection definition (DAT) files used to detect threats. DAT files contain definitions
for threats such as viruses and spyware, and these definitions are updated as new threats are
discovered.
• Upgrades to software components. (To simplify product terminology, both updates and upgrades
are referred to as updates.)
Updates usually occur automatically in the background. Even computers without Internet access can
retrieve updates through relay servers. In addition, users can perform on-demand (manual) updates
at any time, and you can configure optional policy settings for updating tasks.
Client software is updated in these ways.
Type of update Description
Automatic updates
The software on each client computer automatically connects to the
Internet directly or through a relay server and checks for updated
components. Total Protection Service checks for updates five minutes
after a user logs on and at regular intervals thereafter. For example:
• If a computer is normally connected to the network all the time, it
checks for updates at regular intervals throughout the day.
Manual updates
• If a computer normally connects to the network each morning, it
checks for new updates five minutes after the user logs on each
day, then at regular intervals throughout the day.
• If a computer uses a dial-up connection, the computer checks for
new updates five minutes after dialing in, then at regular intervals
throughout the day.
By default, computers check for new updates every 12 hours. You can
change this interval by configuring a policy setting.
Automatic updates do not occur:
• On computers where a CHAP or NTML proxy is set up in
Internet Explorer.
• When no user is logged on to a computer without an
Internet connection that receives updates using a relay
server.
Pre-installed and CD-based versions of Total Protection Service need
to be activated before automatic updates occur. See the online user
help for more information.
At times, users might want to check for updates manually. For
example, when a computer appears to be out-of-date in your
administrative reports, users might need to update manually as part
of the troubleshooting process.
28
McAfee Total Protection Service 5.1.5 Product Guide
Type of update Description
Outbreak updates
When an outbreak is identified by McAfee Labs, they issue an
outbreak DAT, which is a special detection definition (DAT) file marked
as Medium or High importance. It is specially encoded to inform the
first computer receiving it to share the update immediately with other
client computers on the network.
In rare cases, McAfee might send an EXTRA.DAT file with instructions
for manually installing it.
For maximum protection, configure your policies to check for an
outbreak DAT file every hour. This feature is enabled by default.
Using the Client Software
Types of client software updates
2
Updates when no user is
logged on
In most scenarios, Total Protection Service supports terminal servers
and the Windows fast user switching feature. When an update occurs,
one session is designated as the primary update session. A pseudo
user is defined, which enables automatic updates to occur on
computers where no user is logged on.
For certain configurations, automatic updates cannot occur. Total
Protection Service cannot create the pseudo user when:
• The computer is a domain controller.
• Local security policies, including password restrictions, prevent the
user’s creation.
• The computer receives updates through a relay server and no one is
logged on.
When the pseudo user cannot be created, automatic updates do not
occur. The pseudo user also cannot update if the computer is behind
an authenticating proxy server or on computers where a CHAP or
NTML proxy is set up in Internet Explorer.
Terminal server support
Total Protection Service supports updates for terminal servers and the Windows fast user switching
feature.
These updates are supported in most scenarios, with these limitations:
• When an update occurs on a terminal server, one session is designated as the primary update
session for restrictions that apply to automatic updates.
• For all user sessions, the Total Protection Service icon is removed from the system tray during the
installation or update. The icon is restarted only for the user logged on to the primary update
session. All user sessions are protected, and other users can manually redisplay their icons by
clicking Start | Programs | McAfee | Managed Services | Total Protection Service.
• Detection notifications are not displayed on the desktop of all computer users if the fast user
switching feature is enabled.
Specifying when computers check for updates
Use this task to select how often client computers check for updates to software components and DAT
files. By default, they check every 12 hours.
For virus and spyware scans to detect all the latest threats, the detection definition (DAT) files must
be kept up-to-date. DAT files are updated by McAfee Labs whenever new threats are discovered.
McAfee Total Protection Service 5.1.5 Product Guide
29
2
Using the Client Software
Types of client software updates
Task
For option definitions, click ? in the interface.
1
In the SecurityCenter, click the Policies tab, then click Add Policy (or click Edit to modify an existing
policy).
2
Click Client Settings.
3
On the Client Settings tab, under Update Settings, select a frequency from the Check for updates every
list.
4
Click Save.
(For a new policy, click Next, select additional options for the policy, then click Save.)
Updating client computers manually
Use this task to check for and download updates to detection definition (DAT) files and software
components.
Manual updates are also called on-demand updates.
Task
•
Click the Total Protection Service icon in the system tray, then select Update Now.
• A panel shows the progress of the update.
• When the update is completed, the panel displays the date of the last update and a list of files
that were downloaded.
• The panel closes automatically after the update is completed.
Disabling updates for non-logged on users
Use this task to prevent failed automatic updates from being reported as errors when requirements
cannot be met for updating computers where no user is logged on.
Task
For option definitions, click ? in the interface.
1
In the SecurityCenter, click the Policies tab, then click Add Policy (or click Edit to modify an existing
policy).
2
Click Client Settings.
3
On the Client Settings tab, under Update Settings, deselect Update client computers where users are not
logged on.
4
Click Save. (For a new policy, click Next, select additional options for the policy, then click Save.)
30
McAfee Total Protection Service 5.1.5 Product Guide
Loading...