Solved

EPO configuration advice

Posted on 2009-07-16
10
1,056 Views
Last Modified: 2013-12-09
All right, sock it to me. I have a task to configure Epolicy Orchestrator again. Did it once, but fumbled through it.

These are things I have to do:
1) edit the repository lists and make all computers get their dats from the EPO server (we call it the SecServer)
2) schedule scans three times a week.
3) Allow FixCCS.exe from being blocked (I figured this one out)
4) Alert my email account ABC@DEF.gov  (yes, catch that one web spiders and spam the heck out of it)

Other suggestions are going to be taken into serious consideration.
Any white papers are appreciated.

Thanks

John
0
Comment
Question by:ChiefIT
  • 4
  • 4
  • 2
10 Comments
 
LVL 16

Accepted Solution

by:
legalsrl earned 500 total points
ID: 24876576
OK, piece of cake....

1.  Deploy the ePO Agents to the clients from within ePO, that way they will automatically update from the Sec Server
2.  Create an On Demand Scan Task from within ePO to scan your machines on the dates/times you want
3.  You've already done this
4.  Set up Notification on each detection to send you an email
5.  Read this Evaluation Guide attached

Let me know if you need anything else
Cheers
Si

epo-400-eval-guide-en-us.pdf
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 24880108
excellent white paper.

This is much easier than I thought.

Do you have any other recommendations that I might look into for my domain???
__________________________________________________
By the way, you might find this important to you:
Allow FixCCS.exe from being blocked (I figured this one out)

Windows XP has released SP3. In that Service pack there is a file called FixCCS.exe that is prevented from running. That stands for Fix Current Control Set. This executable file does about 8800 registry edits to your current control set. Without it, your Service pack 3 doesn't work well, and you end up with serious problems to your OS. I had to prevent McAfee from blocking that file.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 24882190
Interesting point, but why is FixCCS blocked ?

I've never come across it being blocked in the x many hundred installs I've done over the past year.....what's different your end ?

I can quite happily provide you with recommendations for products for your domain, but they would be purely with a technical bias....i.e. they are the best product for the job.....I don't get involved with the costings ! So what are you looking for ?

Cheers
Si
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 24883295
FixCCS runs from a temp file and makes a bunch of registry edits. On Access scanner blocks both, unless you premit it.

I am looking for better ways to imrove EPO to make it work at peak performance. I am also considering McAfee Antispyware that goes with this enterprise package of AV console. Will EPO administer that as well? It appears like it will.
0
 
LVL 16

Assisted Solution

by:legalsrl
legalsrl earned 500 total points
ID: 24885306
OK, gotcha, sounds like you might have a misconfiguration on the Access Protection policies in VSE......I wouldn't prevent things running from the temp folder, and only set it to report, not block

McAfee AS can also be configured through ePO, in fact any McAfee product should be able to be configured from within ePO, including appliances

Cheers
Si
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 38

Author Closing Comment

by:ChiefIT
ID: 31604313
Just what the doctor ordered, THANKS!!!
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 24886180
Thanks, just what I was looking for!!

You provided a white paper to help me configure it, you gave me information on how to configure AS console and also provided answers to my direct questions on what I wanted to do.

So, all in all, that was perfect advice.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 24886213
Thank you very much, if there's anything else you need just let me know, cheers Si
0
 
LVL 2

Expert Comment

by:Robert_IT
ID: 24993789
Setup EPO???

Major missing components that everyone misses besides reading the manuals, is creating internal documentation, polices, and all those AV exclusions. Toss EPO into your environment and your servers can easily stop talking if they have any unique requirements.

I didn't hear much in the way of recommending testing either, what gives with you guys!
0
 
LVL 2

Expert Comment

by:Robert_IT
ID: 24993803
Legalsrl,

Here's something I posted on the McAfee forums to help with the exclusions I mentioned. I also created an Excel spreadsheet to document all the setting for version 4.0. McAfee EPO can easily become an undocumented nightmare if your not careful.

http://community.mcafee.com/showthread.php?t=229802
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
anti virus for Blackberry 6 54
Memory Leak in Windows 2012, Non-Paged pool 8.5GB 25 94
Antivirus - Webroot vs Symantec? 6 104
Check a file for virus / malware 24 126
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now