McAfee EPOLICY ORCHESTRATOR 4.0.2 - Betriebsanweisung

McAfee ePolicy Orchestrator 4.0.2Product Guide

Registering ePO servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Crea

If needed, you can export the repository list to external files (SITELIST.XML or SITEMGR.XML).Use an exported SITELIST.XML file to:• Import to an agen

Ensuring access to the source siteUse these tasks to ensure the master repository and managed systems can access the Internetwhen using the McAfeeHttp

6 Type proxy information into the appropriate fields. To use the default source and fallbacksites, enter the information for HTTP and FTP.7 Select Use

If your server does not need a proxy to access the Internet, select Don’t use proxysettings, then click OK.3 Next to Proxy authentication, configure t

1 Go to Software | Source sites. A list of all sites that can be used as the source or fallbackappear.Figure 20: Source Sites tab2 Locate the site in

Editing source and fallback sitesUse this task to edit the settings of source or fallback sites, such as URL address, port number,and download authent

Deleting SuperAgent distributed repositoriesCreating SuperAgent repositoriesUse this task to create a SuperAgent repository. The desired system must h

1 Go to Software | Distributed Repositories. A list of all distributed repositories appears.2 Locate the desired SuperAgent repository, then click Edi

Creating a folder location on an FTP, HTTP server or UNC shareUse this task to create the folder that hosts repository contents on the distributed rep

If credentials are incorrect, check the:• User name and password.• URL or path on the previous panel of the wizard.• The HTTP, FTP or UNC site on the

How the Rogue System Sensor works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Pa

Editing distributed repositoriesUse this task to edit a distributed repository.TaskFor option definitions, click ? on the page displaying the options.

Before you beginYou must have appropriate permissions to perform this task.TaskFor option definitions, click ? on the page displaying the options.1 Go

Before you beginYou must have appropriate permissions to perform this task.TaskFor option definitions, click ? on the page displaying the options.1 Go

2 Select the type of distributed repository for which you want to change credentials, thenclick Next. The Repository Selection page appears.3 Select t

Managing Products with Policies and ClientTasksManaging products from a single location is a central feature of ePolicy Orchestrator and isaccomplishe

• Policy pages.• Server tasks.• Client tasks.• Default queries.• New result types, chart types, and properties to select with the Query Builder wizard

Setting policy enforcementFor each managed product or component, choose whether the agent enforces all or none ofits policy selections for that produc

When you assign a new policy to a particular group of the System Tree, all child groups andsystems that are set to inherit the policy from this assign

Bringing products under managementUse this task to install an extension (ZIP) file. A product’s extension must be installed beforeePolicy Orchestrator

1 Go to Systems | Policy Catalog, then select the desired Product and Category. Allcreated policies for that category appear in the details pane.Figur

Removing sensors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209W

2 Click the blue text next to Product enforcement status, which indicates the number ofassignments where enforcement is disabled, if any. The Enforcem

1 Go to Systems | System Tree | Policies. All assigned policies, organized by product,are appear in the details pane.2 The desired policy row, under B

2 Click New Policy at the bottom of the page. The Create New Policy dialog box appears.3 Select the policy you want to duplicate from the Create a pol

1 Go to Systems | Policy Catalog, then select the Product and Category from thedrop-down lists. All created policies for that category appear in the d

1 Go to Systems | Policy Catalog, then select the Product and Category. All createdpolicies for that category appear in the details pane.2 Locate the

Importing policiesUse this task to import a policy XML file. Regardless of whether you exported a single policy,or all named policies, the import proc

4 Locate the desired policy category, then click Edit Assignment.5 If the policy is inherited, select Break inheritance and assign the policy and sett

TaskFor option definitions, click ? on the page displaying the options.1 Go to Systems | System Tree | Systems, then select the group under System Tre

2 Select the desired system, then click Modify Policies on a Single System.3 Click Copy Assignments, then select the desired products or features for

Creating and scheduling client tasksUse this task to create and schedule a client task. The process is similar for all client tasks.TaskFor option def

Introducing ePolicy Orchestrator 4.0.2ePolicy Orchestrator 4.0.2 provides a scalable platform for centralized policy management andenforcement of your

Frequently asked questionsWhat is a policy?A policy is a customized subset of product settings corresponding to a policy category. You cancreate, modi

Deploying Software and UpdatesIn addition to managing security products, ePolicy Orchestrator can deploy products to yournetwork systems. Use ePolicy

Each McAfee product that ePolicy Orchestrator can deploy provides a product deploymentpackage ZIP file. ePolicy Orchestrator can deploy these packages

OriginationDescriptionPackage typepackages into the master repositorymanually.Package signing and securityAll packages created and distributed by McAf

Update packagesProduct deployment packagesIf not implementing global updating for product updating,an update client task must be configured and schedu

If you are using global updating, this task is unnecessary, although you can create a daily taskfor redundancy.Considerations when creating update cli

RequirementsThese requirements must be met to implement global updating:• A SuperAgent must use the same agent-server secure communication key as the

Replication tasksUse replication tasks to copy the contents of the master repository to distributed repositories.Unless you have replicated master rep

How agents select repositoriesBy default, agents can attempt to update from any repository in the repository list file. Theagent can use a network ICM

1 Go to Software | Master Repository, then click Check In Package. The Check InPackage wizard appears.Figure 24: Master Repository tab2 Select the pac

The ePolicy Orchestrator server can segment the user population into discrete groups forcustomized policy management. Each server can manage up to 250

TasksConfiguring the Deployment task for groups of managed systemsConfiguring the Deployment task to install products on a managed systemConfiguring t

1 Go to Systems | System Tree | Systems, then select the group in the System Treewhich contains the desired system.2 Select the checkbox next to the d

TaskFor option definitions, click ? on the page displaying the options.1 Go to Configuration | Server Settings, select Global Updating, then click Edi

TasksUsing pull tasks to update the master repositoryReplicating packages from the master repository to distributed repositoriesUsing pull tasks to up

Select Evaluation to test the packages in a lab environment first.Select Current to use the packages without testing them first.7 Select whether to pu

3 Select the repository branch that receives the packages.Select Evaluation, to test the packages in a lab environment first.Select Current to use the

4 Select Repository Replication from the drop-down list.Figure 28: Repository Replication server task action5 Select Incremental or Full from the Repl

3 Select Incremental replication or Full replication, then click Next.NOTE: If this is the first time you are replicating to a distributed repository,

2 Paste the copied files and subfolders in your repository folder on the distributed repositorysystem.3 Configure an agent policy for managed systems

4 Next to Branch, select the desired branch.If your environment requires testing new packages before deploying them, McAfeerecommends using the Evalua

6 Deploy software and updates — Once your update repositories and policy settings arecreated and configured, deploy the products, components, and upda

TaskFor option definitions, click ? on the page displaying the options.• Go to Reporting | Queries, select VSE: DAT Deployment in the Queries list, th

TaskFor option definitions, click ? on the page displaying the options.1 Go to Software | Master Repository. The Packages in Master Repository tableap

Sending NotificationsThe ePolicy Orchestrator Notifications feature alerts you to events that occur on your managedsystems or on the ePolicy Orchestra

Notifications and how it worksBefore you plan the implementation of Notifications, you should understand how this featureworks with ePolicy Orchestrat

rule is named VirusDetected_<groupname>, where <groupname> is the name of thegroup as it appears in the System Tree (for example, VirusDet

Default rulesePolicy Orchestrator provides six default rules that you can enable for immediate use while youlearn more about the feature.NOTE: Once en

• The types of events (product and server) that trigger notification messages in yourenvironment.• Who should receive which notification messages. For

5 To regulate traffic size, type the Maximum number of events per upload.6 Click Save.Determining which events are forwardedUse this task to determine

3 Next to Notifications, click Edit.4 Select the desired Notifications permission:• No permissions• View notification rules and Notification LogNOTE:

2 Provide the name and address of the SNMP server, then click Save.The added SNMP Server appears in the SNMP Servers list.Duplicating SNMP serversUse

Configuring ePolicy Orchestrator ServersThe ePO server is the center of your managed environment, providing a single location fromwhich to administer

Working with registered executables and external commandsUse these tasks to configure external commands by adding registered executables and assigning

Editing registered executablesUse this task to edit an existing registered executable entry.Before you beginYou must have appropriate permissions to p

TaskFor option definitions click ? on the page displaying the options.1 Go to Automation | External Commands, then click New External Command at thebo

Creating and editing Notification rulesUse these tasks to create and edit Notification rules. These allow you to define when, how, andto whom, notific

5 Set the priority of the rule to High, Medium, or Low.NOTE: The priority of the rule is used to set a flag on an email message in the recipient’sInbo

2 If you selected Send a notification if multiple events occur within, you can chooseto send a notification when the specified conditions are met. The

• Selected categories • Selected threat or rule name• Event IDs• First event time• Event descriptions • Actual number of systems• Actual products• Act

TaskFor option definitions, click ? on the page displaying the options.1 Go to Reporting | Notification Log.2 Select the desired period of time for wh

TaskFor option definitions, click ? on the page displaying the options.1 Go to Reporting | Notification Log, then click Purge at the bottom of the pag

• Any external tool installed on the ePolicy Orchestrator server.Sending NotificationsFrequently asked questions169McAfee ePolicy Orchestrator 4.0.2 P

Working with the Event LogWorking with MyAvert Security ThreatsExporting tables and charts to other formatsAllowed Cron syntax when scheduling a serve

Querying the DatabaseePolicy Orchestrator 4.0.2 ships with its own querying and reporting capabilities. These arehighly customizable and provide flexi

Queries as dashboard monitorsUse almost any query (except those using a table to display the initial results) as a dashboardmonitor. Dashboard monitor

as well as the ability to make any personal query available to anyone with access to publicqueries.NOTE: To run some queries, you also need permission

• Grouped summary table• Line chart• Pie chart• Summary table• TableTable columnsSpecify columns for the table. If you select Table as the primary dis

Preparing for roll-up queryingUse these tasks to ensure the eporollup_ tables on the reporting server are populated and readyfor using queries based o

3 Select the desired Data Roll Up actions, and select the desired registered server to whichit applies.NOTE: McAfee recommends creating one server tas

7 Click Next. The Filter page appears.8 Select properties to narrow the search results. Selected properties appear in the contentpane with operators t

5 Select the language in which to display the results.Figure 31: Run Query server task actions6 Select an action to take on the results. Available act

• Deploy Agents — Deploys agents, according to the configuration on this page, tosystems in the query results. This option is only valid for queries t

Sharing a query between ePO serversUse these tasks to import and export a query for use among multiple servers.TasksExporting queries for use by anoth

What happens when I install new products?When a new product extension is installed it may add one or more groups of permissions tothe permission sets.

4 Select the format of the exported file. If exporting to a PDF file, select the page size andorientation.5 Select whether the files are emailed as at

ePO: Compliance History queryUse this query, with its default settings, to view the percentage of systems (over time) in yourenvironment that are non-

Comparable report in ePolicy Orchestrator 3.6This query replaces all or part of:• DAT-Definition Deployment Summary• DAT Engine CoverageePO: Distribut

Comparable report in ePolicy Orchestrator 3.6This query replaces all or part of:• DAT-Definition Deployment Summary• DAT Engine CoverageePO: Systems p

Assessing Your Environment With DashboardsDashboards allow you to keep a constant eye on your environment. Dashboards are collectionsof monitors. Moni

• McAfee Links — Hyperlinks to McAfee sites, including ePolicy Orchestrator Support, AvertLabs WebImmune, and Avert Labs Threat Library.Setting up das

Working with DashboardsUse these tasks to create and manage dashboards.TasksCreating dashboardsMaking a dashboard activeSelecting all active dashboard

TaskFor option definitions, click ? on the page displaying them.1 Go to Dashboards, click Options, then select Manage Dashboards. The ManageDashboards

TaskFor option definitions, click ? on the page displaying the options.1 Go to Dashboards, then select Manage Dashboards from the Options drop-down li

Detecting Rogue SystemsUnprotected systems are often the weak spot of any security strategy, creating entry pointsthrough which viruses and other pote

• Repository Packages — Specifies whether any package can be checked in to any branch.Only agents later then version 3.6 can retrieve packages other t

On systems that have multiple NICs, each resulting interface can be detected as a separatesystem. When these interfaces are detected, they can appear

• The sensor implements aging on the MAC filter. After a specified time, MAC addresses forsystems that have already been detected are removed from the

a mixed environment. A sensor installed on a DHCP server will not report on systems coveredby that server if the system uses a static IP address.How d

The Detected Systems homepage displays information on each of these states via correspondingstatus monitors. This page also displays the 25 subnets wi

are most likely systems that are shut down or disconnected from the network, for example, alaptop or retired system. The default time period for marki

Subnet statusSubnet status is the measure of how many detected subnets on your network are covered.Coverage is determined by the ratio of covered subn

Rogue System Detection policy settingsRogue System Detection policy settings allow you to configure and manage the instances ofthe Rogue System Sensor

Detection settingsDetection settings determine whether:• Active Probing is enabled.• DHCP monitoring is enabled.If you use DHCP servers on your networ

RightsPermission set• View Rogue System information.Rogue System Sensor • No permissions.• View and change settings.• View settings.Setting up Rogue S

Configuring server settings for Rogue SystemDetectionUse these tasks to configure server settings for Rogue System Detection. These settingsdetermine

COPYRIGHTCopyright © 2008 McAfee, Inc. All Rights Reserved.No part of this publication may be reproduced, transmitted, transcribed, stored in a retrie

The Audit LogUse the Audit Log to maintain and access a record of all ePO user actions. The Audit Log entriesdisplay in a sortable table. For added fl

• They specify which ports to check for a McAfee Agent.TaskFor option definitions, click ? on the page displaying the options.1 Go to Configuration |

Setting up automatic responses to Rogue SystemDetection eventsUse this task to set up automatic responses to Rogue System Detection events using theRe

ResultActionSends an email to user-configured recipients with a customized subject andmessage.Send Email6 In the Summary page review the response deta

Getting thereThis task can be performed from:Go to Network | Detected Systems, click any subnetcategory in the Subnet Status monitor, then select anys

Importing systems to the Exceptions listUse this task to import systems to your network’s Exceptions list.TaskFor option definitions, click ? on the p

1 Select the systems you want to remove from the Detected Systems list.From the Systems Details page and the Detected Systems Details page, you can on

2 Click Rogue Sensor Blacklist Remove.If the button is not visible, click More Actions and select Rogue Sensor BlacklistRemove.Viewing detected system

3 Under the General tab change the Sensor-to-Server Communication Port to thedesired port number, then click Save.Installing sensorsUse any of these t

2 On the Result Type page, select Managed Systems and click Next.3 On the Chart page, from the Display Results As, click Table, then click Next.4 From

TaskFor option definitions, click ? on the page displaying the options.1 Select the system whose description you want to edit, and click Edit Descript

• Engine Version — Version number of the detecting product’s engine (if applicable).• Event Category — Category of the event. Possible categories depe

TaskFor option definitions, click ? on the page displaying the options.1 Go to Systems | System Tree | Client Tasks, then select the desired group in

TaskFor option definitions, click ? on the page displaying the options.1 Select the subnets you want to delete and click Delete.2 In the Action pane,

TaskFor option definitions, click ? on the page displaying the options.1 Select the subnet you want to rename and click Rename.2 In the Action pane, t

Default Rogue System Detection queriesRogue System Detection provides default queries that you can use to retrieve specific informationfrom your netwo

Appendix: Maintaining ePolicy OrchestratordatabasesRegardless of whether you use an MSDE or SQL database with ePolicy Orchestrator, yourdatabases requ

Run this utility at least once a week. You can use SQLMAINT.EXE command-prompt utility toperform routine database maintenance activities. It can be us

Backing up ePolicy Orchestrator databases regularlyMcAfee recommends that you back up ePolicy Orchestrator databases regularly to protect yourdata and

8 Click Backup.9 Click OK when the backup process is done.10 Start the McAfee ePolicy Orchestrator 4.0 Server service and ensure that theMSSQLSERVER s

Restoring a SQL database--see your SQL documentationIf you are using Microsoft SQL Server or SQL 2005 Express as the database, see the SQL Serverprodu

IndexAaccount credentials for agent installation package 73accounts (See user accounts) 17actions, Rogue System Detectionevents and 200events and auto

MyAVERT Security ThreatsThe MyAvert Security Threats page informs you of the top ten medium-to-high-risk threatsfor corporate users. You no longer nee

best practices(continued)login scripts and agent installation 76policy assignment locking 117product deployment 134SuperAgent wake-up calls 67System T

devicesdetected by Rogue System Sensor 190DHCP serversRogue System Sensor and 191, 196system and subnet reporting 190Directory (See System Tree) 57dis

groups(continued)pasting poilcy assignments to 128policies, inheritance of 40policy enforcement for a product 126queries about 183sorting criteria 55s

notification rules(continued)defaults 155Description page 163for products and components 168importing .MIB files 159setting filters for 164setting thr

product installationconfiguring deployment tasks 140extensions and permission sets 18installing extension files 118Locale ID settings 94product update

Rogue System Detection(continued)sensor blacklist 195sensor settings 200sensor-to-server communication port 196setting up 198status and states 192work

status monitorsdetected systems 192subgroupsand policy management 59criteria-based 47subnetsactive RSD sensors, configuring duration 200events and aut

updates(continued)packages and dependencies 133running tasks manually 86, 87scheduling an update task 149source sites and 97upgrading agents 80updatin

McAfee ePolicy Orchestrator 4.0.2 Product Guide228Index

2 Type the User name and Password of a valid account.NOTE: Passwords are case-sensitive.3 Select the Language you want the software to display.4 Click

4 Select whether to enable or disable the logon status of this account. If this account is forsomeone who is not yet a part of the organization you ma

Editing permission setsDeleting permission setsCreating permission sets for user accountsUse this task to create a permission set.Before you beginYou

Editing permission setsUse this task to edit a permission set. Only global administrators can edit permission sets.TaskFor option definitions, click ?

1 Go to Configuration | Contacts, then click New Contact.Figure 2: New Contact page2 Type a first name, last name, and email address for the contact.3

Specifying an email serverUse this task to specify an email server that ePolicy Orchestrator usea to send email messages.TaskFor option definitions, c

Before you beginYou must be a global administrator to perform this task.TaskFor option definitions, click ? on the page displaying the options.1 Go to

ContentsIntroducing ePolicy Orchestrator 4.0.2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13ePolic

Filtering the Server Task LogPurging the Server Task LogViewing the Server Task LogUse this task to review the status of server tasks and long-running

2 Select the desired filter from the Filter drop-down list.Purging the Server Task LogAs the Server Task Log grows, you can purge items older than a u

2 Click any of the column titles to sort the table by that column (alphabetically).3 From the Filter drop-down list, select an option to narrow the am

3 Select Purge Audit Log from the drop-down list.4 Select whether to purge by age or from a queries results. If you purge by query, you mustpick a que

4 Click OK.Records older than the specified age are deleted permanently.Purging the Event Log on a scheduleUse this task to purge the Event Log with a

Configuring MyAvert update frequency and proxy settingsUse this task to configure proxy settings adn the update frequency for MyAvert Security Threats

Exporting tables and charts to other formatsUse this task to export data for other purposes. You can export to HTML and PDF finals forviewing formats,

Allowed Special CharactersAllowed ValuesField Name, - * /0 - 23Hours, - * ? / L W C1 - 31Day of Month, - * /1 - 12, or JAN - DECMonth, - * ? / L C #1

Organizing Systems for ManagementePolicy Orchestrator 4.0.2 provides some new features and improvements to existing featuresto organize and manage you

ContentsThe System TreeConsiderations when planning your System TreeTags and how they workActive Directory and NT domain synchronizationCriteria-based

Working with contacts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

• When a system is sorted into Lost&Found, it is placed in a subgroup named for the system’sdomain. If no such group exists, one is created.NOTE:

These questions impact both the System Tree organization, and the permission sets you createand apply to user accounts.Environmental borders and their

If possible, consider using sorting criteria based on IP address information to automate SystemTree creation and maintenance. Set IP subnet masks or I

• Apply and remove existing tags to systems in the groups to which they have access.• Exclude systems from receiving specific tags.• Use queries to vi

• Delete systems from the System Tree when they are deleted from Active Directory.• Allow or disallow duplicate entries of systems that already exist

When to use this synchronization typeUse this synchronization type when you use Active Directory as a regular source of systems forePolicy Orchestrato

(even ones with sorting disabled) clicking Move Systems places those systems in the locationidentified.How settings affect sortingYou can choose three

Tag-based sorting criteriaIn addition to using IP address information to sort systems into the appropriate group, you candefine sorting criteria based

4 The server applies all criteria-based tags to the system if the server is configured to runsorting criteria at each agent-server communication.5 Wha

Creating tags with the Tag BuilderUse this task to create a tag with the Tag Builder wizard. Tags can use criteria that’s evaluatedagainst every syste

Active Directory synchronization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43NT domai

b Next to Systems with tag in the details pane, click the link for the number of systemsexcluded from automatic tagging. The Systems Excluded from the

Go to Systems | Tag Catalog, then select the desired tag in the list of tags.ab Next to Systems with tag in the details pane, click the link for the n

does not make sense for security management, you can create your System Tree in a text fileand import it into your System Tree. If you have a smaller

TaskFor option definitions, click ? on the page displaying the options.1 Go to Systems | System Tree | Group, then select the desired group in the Sys

Select the agent version to deploy.ab Select whether to suppress the agent installation user interface on the system. Selectthis if you do not want th

TaskFor option definitions, click ? on the page displaying the options.1 Go to Systems | System Tree, then click New Systems. The New Systems pageappe

Enabling System Tree sorting on the serverUse this task to enable System Tree sorting on the server. System Tree sorting must be enabledon the server

TaskFor option definitions, click ? on the page displaying the options.1 Go to Systems | System Tree | Systems, then select the group that contains th

1 Go to Systems | System Tree | Group, then select the desired group in the SystemTree. This should be the group to which you want to map an Active Di

10 Select whether to deploy agents automatically to new systems. If you do, be sure toconfigure the deployment settings.TIP: McAfee recommends that yo

Deploying the agent with ePolicy Orchestrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Installing the ag

TaskFor option definitions, click ? on the page displaying the options.1 Go to Systems | System Tree | Group, then select or create a group in the Sys

8 To synchronize the group with the domain immediately, click Synchronize Now, thenwait while the systems in the domain are added to the group.NOTE: C

2 Name the task and choose whether it is enabled once it is created, then click Next. TheActions page appears.3 From the drop-down list, select NT Dom

2 Click Move Systems. The Select New Group page appears.NOTE: You may need to click More Actions to access this action.3 Select whether to enable or d

Distributing Agents to Manage SystemsManaging your network systems effectively is dependent on each system running an active,up-to-date agent.There ar

Agents and SuperAgentsThe agent is the distributed component of ePolicy Orchestrator that must be installed on eachsystem in your network that you wan

The agent installation packageThe FRAMEPKG.EXE file is created when you install the server. It is a customized installationpackage for agents that rep

Recommended ASCINetwork Size150 minutesWireless LANNOTE: For complete information on balancing bandwidth, server hardware, and ASCIdetermination, see

networks where ePolicy Orchestrator may manage agents in remote sites over lower-speedWAN or VPN connections.Figure 15: SuperAgent and Broadcast Wake-

Agent activity logsThe agent log files are useful for determining agent status or troubleshooting. Two log filesrecord agent activity, both are locate

Creating source sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104Ed

use Notifications, enabling immediate uploading of higher severity events is necessary for thosefeatures to function as intended.You can enable immedi

Agent policy and distributed repositoriesBy default, the agent can update from any repository in its repository list (SITELIST.XML) file.The agent can

Master repository key pairThe master repository private key signs all unsigned content in the master repository. Thesekeys are in anticipation of the

DisadvantagesAdvantagesMethodIf you do not use images consistently, thismethod would not be efficient to ensurecoverage.Prevents the bandwidth impact

Including the agent on an imageUsing other deployment productsDistributing the agent to WebShield appliances and Novell NetWare serversDeploying the a

• Ensure network access is enabled on Windows XP Home systems. Deploy the agent fromePolicy Orchestrator or install a custom agent installation packag

Installing the agent with login scriptsUse this task to set up and use network login scripts to install the agent on systems logging onto the network.

Below is a sample batch file that checks whether the agent is installed and, if it is not, runsthe FRAMEPKG.EXE to install the agent.IF EXIST “C:\Wind

Enabling the agent on unmanaged McAfee productsUse this task to enable agents on existing McAfee products in your environment.Before purchasing ePolic

For instructions, see the documentation for your preferred image-creation product.Using other deployment productsYou may already use other network dep

Editing a policy’s settings from the Policy Catalog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122Renaming a policy

If you have been using an older version of ePolicy Orchestrator and have previous agent versionsin your environment, you can upgrade those agents once

5 Select the agent version from the drop-down list.6 Select Install from the Action drop-down list.7 Add any command-line options.8 Select whether to

Removing agents when deleting groups from the System TreeUse this task to remove agents from all systems in a group, which you are deleting from theSy

Sending manual wake-up calls to systemsUse this task to manually send an agent or SuperAgent wake-up call to systems in the SystemTree. This is useful

Before you beginBefore sending the agent wake-up call to such a group, make sure that wake-up support forthe group is enabled and applied on the Gener

Viewing the agent activity logUse these tasks to view the agent activity log. The agent activity log records an agent’s activity.The amount of detail

TaskFor option definitions, click ? on the page displaying the options.1 Go to Systems | System Tree | Systems, then select the system.2 Click the sys

Task1 Right-click the McAfee tray icon at the managed system, then select McAfee Agent |Status Monitor. The Agent Status Monitor appears.2 Click Colle

Viewing agent and product version numbersUse this procedure to look up the agent and product version numbers from the managed system.This is useful fo

1 Export the desired ASSC keys from the desired ePO server.2 Import the ASSC keys to all other servers.3 Make the imported key the master on all serve

Checking in engine, DAT and EXTRA.DAT update packages manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148Updating managed systems

1 Go to Configuration | Server Settings, then select Security Keys in the SettingCategories list.2 In the details pane, click Edit.3 In the Agent-serv

4 Back up all keys.Deleting ASSC keysUse this task to delete unused ASSC keys in the Agent-server secure communication keyslist.CAUTION: Do not delete

2 Next to Local master repository key pair, click Export Key Pair. The Export MasterRepository Key Pair dialog box appears.3 Click OK. The File Downlo

Backing up and restoring security keysUse these tasks to back up and restore the security keys. McAfee recommends periodicallybacking up all of the se

Agent command-line optionsUse the Command Agent (CMDAGENT.EXE) tool to perform selected agent tasks from themanaged system. CMDAGENT.EXE is installed

DescriptionCommandSample: FRAMEPKG /INSTALL=AGENT /FORCEINSTALL/INSTDIR=c:newagentdirectoryInstalls and enables the agent.Sample: FRAMEPKG /INSTALL=AG

Creating RepositoriesSecurity software is only as effective as the latest installed updates. For example, if your DATfiles are out-of-date, even the b

The master repository is configured when installed. However, you must ensure that proxy serversettings are configured correctly. By default, ePolicy O

If managed systems use a proxy server to access the Internet, you must configure agent policysettings for those systems to use proxy servers when acce

Once the distributed repository is created, use ePolicy Orchestrator to configure managedsystems of a specific System Tree group to update from it.TIP