McAfee ePO deployment

Hello sherryfitzgroup,
>>How do I get the agents to talk to the new server? Do I need to re-deploy the agent?

Basically yes

ePO Installation

*****Before you start*****

1. You will need your NAI agreement number to log in and download.
2. Have the server built in the domain and happy. (No obvious event log errors).

*****Install ePO (v 4.0.0 and above)*****

1. Download ePO from https://secure.nai.com
2. While you are waiting you can download the packages you want to manage and deploy with ePO
  NOTE for AV 8.5i you will need to get the CMA (Common Management Agent version 3.6.0 or above)
3. Extract the ePO files and run setup.exe.

Note It may ask for XML Parser 6 to installed before it will install, this is a M$ Download
http://www.microsoft.com/downloads/details.aspx?FamilyID=993C0BCF-3BCF-4009-BE21-27E85E1857B1&displaylang=en
download msxml6.msi


4. If you are NOT going to use an existing SQL Server Tick "Install SQL 2005 Express" > Click Next.
5. Click Yes when Prompted.
6. SQL 2005 express will install (This Takes a while).
7. It will then ask if you want to install backward compatibility > Click Yes.
8. At the welcome page click Next > Change Licence Expiry to "Perpetual" > Tick "I accept..." > OK.
9. Select the install directory > Next.
10. Accept the default username of admin then enter and re-enter an admin password > Next.
11. Accept "Windows authentication" then enter the username and password of the account you want ePO to run under > Next.
12. Accept the default ports (unless you are already serving websites from this server - in which case you may need to change them accordingly) > Next.
13. Skip Email setup by clicking Next > Next > ePO will now install.
14. Finish.

*****Prepare the ePO Repository*****

1. On the server desktop launch the Launch McAfee ePolicy Orchestrator Console application.
2. Log in with the login details you created above.
3. Click the software icon and remove any foreign language packs you do not require.
4. To import the software you want to deploy extract the software you downloaded from McAfee and click "Check in Package"
5. Select the .zip option browse to the packages and follow the instructions.
6. Once all the Packages you require are in the repository. > Click Pull Now > Next > Next >Next > start Pull.
7. You might need to hit refresh a couple of times to see the progress.
8. If the process fails then repeat but change the setting from "McAfeeHttp" to "McAfeeFtp".

Note the initial "Pull" can take some time 40 mins to an hour depending on internet connection.
  After the first Pull - subsequent Pull are a lot faster.

9. You will notice after the repository Pull there are extra things in the software repository (Like Dat's, Engines and Anti Spam Rules).
10. Now you need to Schedule Pulls from McAfee - (At Time of Writing McAfee update the virus definitions Mon through Fri)
11. I Prefer to set up a Repository Pull Early morning before people get into the Office, Lunchtime and in the Evening 06:00, 12:00 and 18:00).
12. Its also good Practice to set them differently i.e set one for FTP and the others for HTTP.
13. Software > Schedule Pull > Give the job a name > Next > Change the Time > Next > Save.


*****Detect the Client Machines*****

1. On the server desktop launch the Launch McAfee ePolicy Orchestrator Console application.
2. Log in with the login details you created above.
3. Click the software icon > Schedule Pull > Give the job a name like "AD Discovery" > Next.
4. Change the drop down to "NT Domain/Active Directory Synchronisation" > Next > I run this Hourly Select every 2 hours > Next > Save.
5. Click Systems > New systems > Create and download Agent Installation Package > Enter the domain admin credentials > Next.
6. OK > Click the Framepkg.exe file and download it > Save it somewhere you can find it!
7. Close.
8. If you share the folder that package is in you can call it in a login script like so...

:EPO4
IF EXIST C:\EPO4 THEN GOTO EOF
MD c:\EPO4
xcopy \\ePO\agent\framepkg.exe c:\EPO4
cd c:\EPO4
framepkg.exe /FORCEINSTALL /INSTALL=AGENT /SILENT
:EOF

9. OR Select ?Deploy Agents and add systems to the current (My Organisation)". Tick "Suppress Agent installation user interface".

10. Click Browse > Select your domain > Select your Machine(s) OK >Enter some domain Credentials for the install.> OK


*****Additional Tasks

1. On the server desktop launch the Launch McAfee ePolicy Orchestrator Console application.
2. Log in with the login details you created above.
3. Click the Automation icon.
4. Schedule each task as required


*****Applying Policies*****

McAfee has a habit of blocking port 25 which upsets mail server - you need to change this via policy.

First Create the Policy

1. On the server desktop launch the Launch McAfee ePolicy Orchestrator Console application.
2. Log in with the login details you created above.
3. Click the Systems icon > Policies Tab > Change Product to Virus scan Enterprise 8.0.0
4. Access Protection Policies > Edit Assignment > Tick "Break Inheritance..." > New Policy.
5. Give it a name like "No Mail Scanning" > OK >  Select "Prevent mass mailing worms from sending mail" > Delete.
6. Note set it for WORKSTATION AND SERVER accordingly> Save >
7. Change it to "Break Inheritance  and assign policy below" Save.

Note The policy for allowing remote Admin (i.e VNC etc is under Unwanted Program Policies)


*****Then Apply the Policy*****

1. On the server desktop launch the Launch McAfee ePolicy Orchestrator Console application.
2. Log in with the login details you created above.
3. Click the Systems icon > Select your Mail Server > Select Assign Policy > Change Product to Virus scan 8.0 > Access Protection Policies
4. Change to The Policy you created above. > Save.
5. Repeat as necessary for all other Mail Servers.


Note: If your Mail servers are In the Lost and Found (or below it) container you might need to move them to the "My Organisation" Folder or the policies won?t apply.

6. Because of this Problem, You need to create a group below "My Organisation" > Move the Systems into the new Group > Then Set that group to accept all the new detected clients.
7. On the server desktop launch the Launch McAfee ePolicy Orchestrator Console application.
8. Log in with the login details you created above.
9. Click the Systems icon > Select My Organisation > Group Tab > New Subgroup > Call it something like DOMAINNAME-LIVE
10. Ensure the new group is selected on the left > Next to sorting Criteria Click Edit.
11. Select the second option > "systems that match any of the criteria below..." > Enter the IP range (each subnet on a different line) e.g. 192.168.1.1-192.168.1.254
12. Click Save.
13. Now Move your client systems into this new group.

Note: Any New systems will now get imported into this group (Providing you don?t introduce a new subnet).


*****Force a change on a client*****

1. On the server desktop launch the Launch McAfee ePolicy Orchestrator Console application.
2. Log in with the login details you created above.
3. Click the Systems icon > Systems Tab > Select the server/workstation > More Actions.
4. Wake Up agent > OK > Close.

See what happening on a client (and Force Policies)

1. Log on to the client.
2. Start > Run >

On a machine running version 8.00 > "C:\Program Files\McAfee\Common Framework\CmdAgent.exe" /s {enter}

On a Machine running version 8.50i > "C:\Program Files\Network Associates\Common Framework\CmdAgent.exe" /s {enter}

3. Click check for new Polices > Enforce Policies.

*****Deploy Software*****

1. On the server desktop launch the Launch McAfee ePolicy Orchestrator Console application.
2. Log in with the login details you created above.
3. Click the Systems icon > Select the "Tree" the machines are in e.g." > "MY Organisation" > Client Tasks.
4. New Task > Call it "Deploy AV8.0.0" > Select Product Deployment (McAfee Agent) from the drop down > Next.
5. Select "Virus scan Enterprise 8.0.0." and select Install > Tick "Run at every Policy enforcement" > Next.
6. Next > Next > Save.
7. Repeat for each package you want to deploy. (Dont forget to do one for the ePO agent)
8. When all packaged are done repeat the above but choose "update(McAfee Agent)" > Select Engines/DATS and Patches as required.

*****Add Exclusions to Scanning for a particular machine.*****

1. Log into ePO.
2. Click Systems > Locate the server or workstation you want to enforce the policy on > Select the tick box next to it.
3. With the box ticked select the Policies Tab.
4. Exclusions are in the following two Policies "On-Access Default Process Policies" and "On-Access Low Risk Processes Policies".
5. Beside "On-Access Default Process Policies" click Edit Assignment.
6. With Break inheritance and assign the policy and settings below" selected.
7. Click New Policy > Can it something sensible like dont scan folder folder123 > OK.
8. Change Settings for from Workstation to server (as appropriate).
9. Click Exclusions > Click the Add button to add a new exclusion > Change the drop down to "Exclude by Pattern".
10. Type in the path to the folder i.e C:\folder123\ then tick "Exclude Subfolders".
11. Save > Save.
12. Repeat Steps 5 to 11 for "On-Access Low Risk Processes Policies".
13. Click systems > Systems > Tick the Machine in Question > More Actions > Wake Up Agents > OK
14. Go to the client > Open the AV On-Access Scan Properties > All Processes > Detection > Exclusions > Ensure that the folder is here.


Regards,

PeteLong