Post on 13-Nov-2014
McAfee
McAfee
AT
NATIONAL INSURANCE COMPANY LIMITED
BY
HCL COMNET LIMITED
- 1 -
McAfee
Architecture :
The ePO Server is located in Kolkata.There are 960 branch offices ( Operational Offices ) with an average of 6 systems per branch and these branches are connected to 20 Regional Offices.Since the branches have 128KBPS links, the repository deployment should be considered on RO’s regional wiseePO server in Kolkata .The ePO server takes update from internet. It replicate the update to the all RO’s . The client machines of different RO’s take update from RO’s. The machines can also take update from HO. RO and HO have 2 MBPS links. All the RO’s and HO are connected with each other thorough MPLS .The first preference for taking updates of an operating office should be the respected RO of that particular operating office. If any client machine of that operating office can’t take update from its RO then it will go to the another repository of it’s region.
- 2 -
McAfee
Contents:-
1. Console Login ( page 3 – 4 ) 2. McAfee Server Task ( page 5 – 16 )
3. McAfee Agent Task ( page 17 – 39 )4. Assign Policies For All Operating Office’s Machines and Servers ( page 40 – 90 )5. Assign Policy For Laptops ( page 91 – 96 )6. Daily Maintenance ePO Console ( page 97 – 114 )7. Installation Process of New Packages ( page 115 – 123 )8. Manual Server Update ( page 124 – 125 )9. Replication from Server ( page 126 – 130 )
10. Checking Repository Status ( page 131 – 132 ) 11. Checking Reports Logs ( page 133 – 137 ) 12. Database Maintenance ( page 138 – 150 )
- 3 -
McAfee
Console login:
Fig -1
Click on the ePolicy Orchestrator 3.6.1 Console.
- 4 -
McAfee
Fig-2
Click on the Log on the server. Type console log in password.
- 5 -
McAfee
The McAfee Server Task
Fig-3
Click on Scheduled tasks. The following Tasks are :-
Active Directory . DAT Update . DR Replication . InActive Agents . Purging Task (disabled) .
Select Active Directory and click on modify tasks..
- 6 -
McAfeeThe Active Directory modified settings as defined below (Fig-4 and Fig-5) :-
Fig-4
The settings for Active Directory task is like this as per NIC architecture. Click on next option.
- 7 -
McAfee
Fig-5
Click on finish.
- 8 -
McAfeeThe DAT Update modified settings as defined below (Fig-6 and Fig-7) :-
Fig-6
The settings for DAT Update task is like this as per NIC architecture. Click on next .
- 9 -
McAfee
Fig-7
Click on finish.
- 10 -
McAfee
DR Replication modified settings as defined below (Fig-8 and Fig-9) :-
Fig-8
The settings of DR Replication task is like this as per NIC architecture. Click on next.
- 11 -
McAfee
Fig-9
Click on finish.
Incremental replication is selected over here, because only the latest update will be replicated to the clients from the server.
- 12 -
McAfeeInActive Agents modified settings as defined as below (Fig-10 and Fig-11 ) :-
Fig-10
The settings of Inactive Agents task is like this as per NIC architecture. Click on next.
- 13 -
McAfee
Fig-11
Create a new site “Inactive agent” from directory. Period of inactivity will be change as per requirement. Action to perform will be “Move” to the created site “Inactive Agent”. Select the particular new created site for “Move computers with inactive agents to this site”. Click on finish.
- 14 -
McAfeeDifferent communication ports:-
Fig-12
The port settings will be like this as per NIC architecture.
- 15 -
McAfee
New Task Creation Method ( Fig-13 and Fig-14 ) :-
Fig-13 Click on create task.
- 16 -
McAfee
Fig-14
Expand the task type. Select particular task that you want to create. Write the task name. Enable the task. Set the schedule as per requirement.
- 17 -
McAfee
The McAfee Agent Task
New Task Creation ( Fig-15 to Fig-19 ) :-
Fig-15
Expand ePolicy Orchestrator and NIC-800000-EPO1 . Right click on Directory and click on scheduled task option.
- 18 -
McAfee
Fig-16
Write new task name . Select the task type that you want.
- 19 -
McAfee
Fig-17
Select Enable (schedule task runs at specific time). Click on settings.
This type of task is normally scheduled for daily updates. The client machine will take updates everyday at a particular scheduled time.
- 20 -
McAfee
Fig-18
Setting will be like this. Click ok.
- 21 -
McAfee
Fig-19
Click on Schedule. Uncheck Inherit. Schedule time Daily Start time 11:05:00AM Select Local time. Enable randomization as 30 minutes. Schedule task daily every 1 day(s). Click ok.
- 22 -
McAfee
Different Task Settings For all the NIC Operating Office’s Servers and Machines as shown below ( Fig-20 to 37) :-
Fig-20
Different tasks are: Deployment Update Daily DAT and Patches On Demand Scan for VSE8.0 On Demand Scan fro VSE8.5 Agent Wakeup Call Immediate Update of DAT and Patches
Click on Deployment Task.
- 23 -
McAfee
Deployment Task settings as defined below ( fig-21 to 23):-
Fig-21
Click on settings.
- 24 -
McAfee
Fig-22
Click ok.
- 25 -
McAfee
Fig-23
Click on schedule. The modified schedule has been made as per NIC architecture. Click ok.
- 26 -
McAfee
Agent Wakeup Call Task settings as defined below (fig 24 to 26):-
Fig-24
Click on Agent Wakeup Call . Click on Settings.
- 27 -
McAfee
Fig-25
- 28 -
McAfee
Fig-26
Click on schedule. The schedule is defined as per NIC architecture. Click ok.
Immediate Update of DAT and Patches settings as defined below (fig-27 to 28) :-
- 29 -
McAfee
Fig-27
- 30 -
McAfee
Fig-28
Above settings has been define as per NIC architecture.Click ok.
OnDemandScan for VSE8.5i settings as defined below ( fig-29 to 37) :-
- 31 -
McAfee
Fig-29
Click on settings.
- 32 -
McAfee
Fig-30
Click on detection.
- 33 -
McAfee
Fig-31
Click on Advanced.
- 34 -
McAfee
Fig-32
Click on Actions.
- 35 -
McAfee
Fig-33
Click on Unwanted Programs.
- 36 -
McAfee
Fig-34
Click on reports.
- 37 -
McAfee
Fig-35
Click on task.
- 38 -
McAfee
Fig-36
Click ok.
- 39 -
McAfee
Fig-37
Modified settings has been defined as per NIC architecture. Click ok.
- 40 -
McAfee
Assign Policies For All Operating Office’s Machines and Servers
Policy settings as defined below :-
Fig-38
Expand ePolicy Orchestrator > NIC-800000-EPO1 > Directory Select HO. Click on Policies on the right side. Click on HO Agent Policy.
- 41 -
McAfee
Fig-39
The above settings are modified as per NIC architecture. Click on events.
- 42 -
McAfee
Fig-40
The above settings are modified as per NIC architecture. Click on Logging.
- 43 -
McAfee
Fig-41
The above settings are modified as per NIC architecture. Click on Repositories.
- 44 -
McAfee
Fig-42 The above settings are modified as per NIC architecture. The repositories will be different for each and every sites as per NIC Architecture. Click on updates.
Normally we have selected four repositories for each RO’S . Here for HO we have selected four repository. The first preference will be that particular RO. In HO the first repository is ePO_NIC-800000-EPO1 . Other selected repositories are from East region. By this way the first repository will be the particular RO office and rest of the repositories will be from that region.
- 45 -
McAfee
Fig-43
The above settings are modified as per NIC architecture. Click on Proxy.
- 46 -
McAfee
Fig-44
The above settings are modified as per NIC architecture. Click apply to all. Click ok.
- 47 -
McAfee
Virus Scan Enterprise 8.5.0 policies as shown below:-
Fig-45
In above screenshots few policy owner is showing Global administrators. We didn’t change anything in these policies. Rest of the policy owner is showing admin. This policy are modified. Modified policy settings as shown below. Click on On-Access General Policies.
- 48 -
McAfee
On Access General Policiey Settings:-
Fig-46
Click on scriptscan. The above settings are modified as per NIC architecture.
- 49 -
McAfee
Fig-47
Click on blocking. The above settings are modified as per NIC architecture.
- 50 -
McAfee
Fig-48
Click on Messages. The above settings are modified as per NIC architecture.
- 51 -
McAfee
Fig-49
Click on Reports. The above settings are modified as per NIC architecture. Click on apply. Click close.
- 52 -
McAfee
Fig-50
Click on On-AccessLow-Risk Process.
- 53 -
McAfee
On–Access Low–Risk Process Settings:-
Fig-51
The above settings are modified as per NIC architecture. Click on detection.
- 54 -
McAfee
Fig-52
The above settings are modified as per NIC architecture. Click on Advanced.
- 55 -
McAfee
Fig-53
The above settings are modified as per NIC architecture. Click on Actions.
- 56 -
McAfee
Fig-54
The above settings are modified as per NIC architecture. Click on unwanted programs.
- 57 -
McAfee
Fig-55
The above settings are modified as per NIC architecture. Click on apply. Close the window. Open On-Access High Risk Process policy as shown in Fig45.
- 58 -
McAfee
On- Access High Risk Process Settings:-
Fig-56
The above settings are modified as per NIC architecture. Click on Detection.
- 59 -
McAfee
Fig-57
The above settings are modified as per NIC architecture. Click on advanced.
- 60 -
McAfee
Fig-58
The above settings are modified as per NIC architecture. Click on Actions.
- 61 -
McAfee
Fig-59 The above settings are modified as per NIC architecture. Click on Unwanted Programs.
- 62 -
McAfee
Fig-60
The above settings are modified as per NIC architecture. Click on apply. Close the window. Open User Interface Policy as shown in Fig-45.
- 63 -
McAfee
User Interface Policy Settings:-
Fig-61
The above settings are modified as per NIC architecture. Click on Password options.
- 64 -
McAfee
Fig-62
The above settings are modified as per NIC architecture. Click on apply. Close the window. Open Access protection Policy as shown in Fig-45.
- 65 -
McAfee
Access Protection Policy Settings:-
Fig-63
The above settings are modified as per NIC architecture. Click on Reports.
- 66 -
McAfee
Fig-64
The above settings are modified as per NIC architecture. Click on apply. Close the window. Rest of the VSE 8.5 policies settings are as Global Default. Open Rouge System Sensor Policy as shown in Fig-38.
- 67 -
McAfee
Rouge System Sensor 1.0.0 Policy Default Settings:-
Fig-65
The above settings are modified as per NIC architecture. Click on VSE8.0 and expand it.(Fig-38)
- 68 -
McAfee
Virus Scan Enterprise 8.0.0 Policy Settings:-
Fig-66
Click on Alert Manager policy.
- 69 -
McAfeeAlert Manager Policy Settings:-
Fig-67
The above settings are modified as per NIC architecture. Click on Additional Alerting options.
- 70 -
McAfee
Fig-68
The above settings are modified as per NIC architecture. Click on apply and close the window. Click on Access Protection Policy as shown in Fig-66.
- 71 -
McAfee
Access Protection Policy Settings:-
Fig-69
The above settings are modified as per NIC architecture. Click on file Share and Folder Protection.
- 72 -
McAfee
Fig-70
The above settings are modified as per NIC architecture. Click on reports.
- 73 -
McAfee
Fig-71
The above settings are modified as per NIC architecture. Click on apply and close the window. Open On-Access Process Policy as shown in fig-66.
- 74 -
McAfeeOn-Access Process Policy Settings:-
Fig-72
The above settings are modified as per NIC architecture. Click on Detection.
- 75 -
McAfee
Fig-73
The above settings are modified as per NIC architecture. Click on Advanced.
- 76 -
McAfee
Fig-74
The above settings are modified as per NIC architecture. Click on Actions.
- 77 -
McAfee
Fig-75
The above settings are modified as per NIC architecture. Click on Unwanted Programs.
- 78 -
McAfee
Fig-76
The above settings are modified as per NIC architecture. Click on apply and close the window. Open On-Access General Policy as shown Fig-66.
- 79 -
McAfeeOn-Access General Policy Settings:-
Fig-77
The above settings are modified as per NIC architecture. Click on Script Scan.
- 80 -
McAfee
Fig-78
The above settings are modified as per NIC architecture. Click on Blocking.
- 81 -
McAfee
Fig-79
The above settings are modified as per NIC architecture. Click on Messages.
- 82 -
McAfee
Fig-80 The above settings are modified as per NIC architecture. Click on Repots.
- 83 -
McAfee
Fig-81
The above settings are modified as per NIC architecture. Click on apply and close the window. Open User Interface Policy as shown in Fig-66.
- 84 -
McAfeeUser Interface Policy Settings:-
Fig-82 The above settings are modified as per NIC architecture. Click on password options.
- 85 -
McAfee
Fig-83
The above settings are modified as per NIC architecture. Click on apply and close the window. Open Unwanted Programs Policy as shown in Fig-66.
- 86 -
McAfeeUnwanted Programs Policy Settings:-
Fig-84
The above settings are modified as per NIC architecture. Click on User defined detection.
- 87 -
McAfee
Fig-85
The above settings are modified as per NIC architecture. Click on apply and close the window. Rest of the VSE 8.0 policies settings are set as global Default.
- 88 -
McAfee TASKS FOR THE LAPTOPS
Fig-86
Expand Directory. Expand HO. Click on Laptops and select Tasks. The Task’s names are also same like machines and servers. Only the schedule type is different. Open the Deployment tasks.
- 89 -
McAfee
Deployment Task Settings:-
Fig-87
The above settings are modified as per NIC architecture. Rest of the tasks settings are inherited .
- 90 -
McAfee
The Schedule of all Laptop’s Tasks are same like below.
Fig-88
The above settings are modified as per NIC architecture.
- 91 -
McAfee
Assigned Polices For Laptops
Fig-89
Expand Directory. Expand HO. Click on Laptops and select policies. Click on HO laptop agent.
Only Agent Policy setting for laptop is different from the all machines and servers ePO Agent Policy settings. We have taken HO laptop policy as for example.the ePO
- 92 -
McAfee
ePo Agent Policy Settings:-
Fig-90
The above settings are modified as per NIC architecture. Click on events.
- 93 -
McAfee
Fig-91
The above settings are modified as per NIC architecture. Click on Logging.
- 94 -
McAfee
Fig-92
The above settings are modified as per NIC architecture. Click on Repositories.
- 95 -
McAfee
Fig-93
The above settings are modified as per NIC architecture. The NAIFtp repository will be enabled for all laptops. Other 3 repositories will be from East region , because
HO is in East region. The same rule will be applicable for other RO’S laptops. Click on Updates.
- 96 -
McAfee
Fig-94
The above settings are modified as per NIC architecture. Click on apply and close the window.
- 97 -
McAfee
Daily Maintenance of ePo Console
Directory Search and Directory actions :
Fig-95
Expand NIC-800000-EPO1. Right click on Directory. Click on Search
- 98 -
McAfee
Fig-96
Select computers in a domain. Select Computer name as “starts with” . Select Domain Name as “not like” . Click on Search.
- 99 -
McAfee
Fig-97
We can find out particular machine details and all the machines of a particular site.
- 100 -
McAfee
Fig-98 Select Computers in specific group or site from “search for”. Select Group Name as “starts with”. Write any site name or group name in the “Value” column. Click on search. We can find out all the machines in a particular site or group by this method.
- 101 -
McAfee
Fig-99
Select computers with a specific DAT Version from “Search for”. We can find out particular machines with latest and older dat version by this method.
- 102 -
McAfee
Fig-100
By selecting duplicate computer names from “Search for” ,we can search the duplicate machines. Check the last connection time. Delete the older one.
- 103 -
McAfee
Fig-101
By Selecting Specific computers we can get any particular machine details. Click on the particular machine.
- 104 -
McAfee
Fig-102
We can get all the details of that particular machine by this method.
- 105 -
McAfee
Fig-103
Machine details has shown in the above screenshots.
- 106 -
McAfee
Move a Particular Client from One Site to Another Site :-
Fig- A
Expand NIC-800000-EPO1 . Right click on Directory and click on Search.
- 107 -
McAfee
Fig- B
Select “Computer in specific group or site” as search for.Select Operator as “Starts with”.Choose Value as “Inactive agent”.Click on Search.Select the client machine and right click on it. Click on “ move to”.
- 108 -
McAfee
Fig- C
Expand the Directory in Directory Browser. Expand ARO. Expand OO . Select Desktops. Click on ok .
Here the client was in Inactive Agents group. But normally it should be in ARO’s Desktops group.
- 109 -
McAfee
Send Agent Wakeup Call to a Particular Site:-
Fig-104
Expand the directory. Select particular directory. Right click on it and select Agent Wakeup Call.
- 110 -
McAfee
Fig-105
Set Agent randomization as 0 minutes. Select “Get full product properties”. Click ok.
- 111 -
McAfee
We can also send Agent Wakeup Call to any particular machine by this method.
Fig-106
Open the directory search. Search any machine from the directory. Right click on the search result. Select agent wakeup call. Send agent wakeup call.
- 112 -
McAfee
Send Agent Install Command From the Server:-
Fig-107
Expand NIC-800000-EPO1. Expand Directory. Select particular site . Right click on it and select Send Agent Install.
- 113 -
McAfee
Fig-108
Select “Only install on computers that do not have an agent” and “Force install over existing version” both. Type password.
- 114 -
McAfeeWe can do Send Agent Install by the same method.
Fig-109
Open directory search. Search particular computer. Select the computer from search results. Right click on it. Select send agent install. Finish the agent installation job as shown in Fig-108.
- 115 -
McAfee Installation process of New Packages
Fig-110 Expand NIC-800000-EPO1. Click on Repository. Click on Check in package.
- 116 -
McAfee
Fig-111
Click on next.
- 117 -
McAfee
Fig-112
Select Products and updates. Click on next.
- 118 -
McAfee
Fig-113
Browse the particular downloaded package form the server and enter the full path of that file. Click on next.
- 119 -
McAfee
Fig-114
Click on finish.
- 120 -
McAfee
Fig-115
Click on Check in NAP.
- 121 -
McAfee
Fig-116
Select Add new software to be managed. Click on next.
- 122 -
McAfee
Fig-117 Browse the .nap file from the same folder of the packager file. Select and open the file. Wait for few minutes .
- 123 -
McAfee
To Check the Patch is installed properly or not:-
Fig-118
Expand Repository. Expand Software Repositories Click on Master. Check the Version of the particular package.
- 124 -
McAfee
Manual Server Update :-
Fig-119
Expand NIC-800000-EPO1. Click on Repository. Click on Pull now in the right side. Select the NAIHttp. Click next.
- 125 -
McAfee
Fig-120
Select current. Select finish.
- 126 -
McAfeeReplicate the Latest Updates to The Particular site manually :-
Fig-121
Click on next.
- 127 -
McAfee
Fig-122
Select the repository. Click on next.
- 128 -
McAfee
Fig-123
Select Incremental replication. Click on finish.
- 129 -
McAfee
Fig-124
Click on close.
- 130 -
McAfee
Fig-125 Click on configure proxy . Select don’t use proxy. Click on ok.
- 131 -
McAfee Checking Repository Status from ePo Console :-
Fig-126 Expand Repository. Expand Software Repositories. Click on Distributed. Select any distributed repository. Click on edit.
- 132 -
McAfee
Fig-127 Click on option. Check the URL http://10.X.0.3/epo Port will be 80. Replicate UNC will be \\10.X.0.3\eposhare Domain will be nic-X0000-av1 Username will be the admin login username of the particular antivirus server. Type the password.
- 133 -
McAfee
Checking Report’s Logs :-
Fig-128
Expand Reporting. Expand ePO Databases. Right click on ePO NIC-800000-EPO1(NIC-800000-EPO1) Click on connect.
- 134 -
McAfee
Fig-129 User name will be console log in id. Type password. Authentication type must be ePO authentication. HTTPS port number willl be 8443. Click ok.
- 135 -
McAfee
Fig-130
Expand Reports. Expand Anti-Virus. Expand Detection. Click on Action Summary By Top 10 Threat. Check the Detection List. Select any detection and expand it.
- 136 -
McAfee
Fig-131
Click on any detection.
- 137 -
McAfee
Fig-132
Action summary of top 10 threats has shown in above figure.
- 138 -
McAfee
Database Maintenance Procedure :-
Fig-133
Expand Reporting. Expand ePO Database. Click on ePO_NIC-800000-EPO1(NIC-800000-EPO1). Login into ePO Database. Click ok.
- 139 -
McAfee
Fig-134 Click on Events. Select Removal option. Select days of “All events that occurred more than”. Click on start. Wait for few minutes.
- 140 -
McAfee
Fig-135
For repairing the database select repair. Clcik on start. Wait for few miniutes.
- 141 -
McAfee
Database Backup From SQL Server:-
Fig-136
Go to start > programs > Microsoft SQL Server > Enterprise Manager.
- 142 -
McAfee
Fig-137 Expand Microsoft SQL Server Group. Expand NIC-800000-EPO1. Expand Databases.
- 143 -
McAfee
Fig-138
Right click on ePO_NIC-800000-EPO1 . Select all tasks. Select Backup Database.
- 144 -
McAfee
Fig-139
The database will be ePO_NIC-800000-EPO1. The name will be Epo_nic-800000-EPO1 backup . The Backup will be as Database- complete. Set the Destination path where the backup will be stored. Overwrite as “Append to media”. Click on ok.
- 145 -
McAfee
Weekly Database Maintenance Plan :-
Fig-140 The above settings are modified as per NIC architecture. Plan name will be Weekly ePO Backup. Select these database and ePO_NIC-800000-EPO1 .
- 146 -
McAfee
Fig-141 The above settings are modified as per NIC architecture. Open Optimization. Select Update the statistics used by the query optimizer. Shrink database when it grows beyond will be as per requirement. Time Schedule will be weekly on Sunday.
- 147 -
McAfee
Fig-142 The above settings are modified as per NIC architecture. Open integrity. Select Check database integrity. Select perform these tests before backing up the database or transaction log.
- 148 -
McAfee
Fig-143 The above settings are modified as per NIC architecture. Set the directory path. Select subdirectory for each database. The time period of Remove file older than will be variable as per requirement.
- 149 -
McAfee
Fig-144
The above settings are modified as per NIC architecture.
- 150 -
McAfee
Fig-145
The above settings are modified as per NIC architecture. Click on ok. Close the SQL Server console.
END
- 151 -