Solved

EPO configuration advice

Posted on 2009-07-16
10
1,060 Views
Last Modified: 2013-12-09
All right, sock it to me. I have a task to configure Epolicy Orchestrator again. Did it once, but fumbled through it.

These are things I have to do:
1) edit the repository lists and make all computers get their dats from the EPO server (we call it the SecServer)
2) schedule scans three times a week.
3) Allow FixCCS.exe from being blocked (I figured this one out)
4) Alert my email account ABC@DEF.gov  (yes, catch that one web spiders and spam the heck out of it)

Other suggestions are going to be taken into serious consideration.
Any white papers are appreciated.

Thanks

John
0
Comment
Question by:ChiefIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 16

Accepted Solution

by:
legalsrl earned 500 total points
ID: 24876576
OK, piece of cake....

1.  Deploy the ePO Agents to the clients from within ePO, that way they will automatically update from the Sec Server
2.  Create an On Demand Scan Task from within ePO to scan your machines on the dates/times you want
3.  You've already done this
4.  Set up Notification on each detection to send you an email
5.  Read this Evaluation Guide attached

Let me know if you need anything else
Cheers
Si

epo-400-eval-guide-en-us.pdf
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 24880108
excellent white paper.

This is much easier than I thought.

Do you have any other recommendations that I might look into for my domain???
__________________________________________________
By the way, you might find this important to you:
Allow FixCCS.exe from being blocked (I figured this one out)

Windows XP has released SP3. In that Service pack there is a file called FixCCS.exe that is prevented from running. That stands for Fix Current Control Set. This executable file does about 8800 registry edits to your current control set. Without it, your Service pack 3 doesn't work well, and you end up with serious problems to your OS. I had to prevent McAfee from blocking that file.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 24882190
Interesting point, but why is FixCCS blocked ?

I've never come across it being blocked in the x many hundred installs I've done over the past year.....what's different your end ?

I can quite happily provide you with recommendations for products for your domain, but they would be purely with a technical bias....i.e. they are the best product for the job.....I don't get involved with the costings ! So what are you looking for ?

Cheers
Si
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 
LVL 38

Author Comment

by:ChiefIT
ID: 24883295
FixCCS runs from a temp file and makes a bunch of registry edits. On Access scanner blocks both, unless you premit it.

I am looking for better ways to imrove EPO to make it work at peak performance. I am also considering McAfee Antispyware that goes with this enterprise package of AV console. Will EPO administer that as well? It appears like it will.
0
 
LVL 16

Assisted Solution

by:legalsrl
legalsrl earned 500 total points
ID: 24885306
OK, gotcha, sounds like you might have a misconfiguration on the Access Protection policies in VSE......I wouldn't prevent things running from the temp folder, and only set it to report, not block

McAfee AS can also be configured through ePO, in fact any McAfee product should be able to be configured from within ePO, including appliances

Cheers
Si
0
 
LVL 38

Author Closing Comment

by:ChiefIT
ID: 31604313
Just what the doctor ordered, THANKS!!!
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 24886180
Thanks, just what I was looking for!!

You provided a white paper to help me configure it, you gave me information on how to configure AS console and also provided answers to my direct questions on what I wanted to do.

So, all in all, that was perfect advice.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 24886213
Thank you very much, if there's anything else you need just let me know, cheers Si
0
 
LVL 2

Expert Comment

by:Robert_IT
ID: 24993789
Setup EPO???

Major missing components that everyone misses besides reading the manuals, is creating internal documentation, polices, and all those AV exclusions. Toss EPO into your environment and your servers can easily stop talking if they have any unique requirements.

I didn't hear much in the way of recommending testing either, what gives with you guys!
0
 
LVL 2

Expert Comment

by:Robert_IT
ID: 24993803
Legalsrl,

Here's something I posted on the McAfee forums to help with the exclusions I mentioned. I also created an Excel spreadsheet to document all the setting for version 4.0. McAfee EPO can easily become an undocumented nightmare if your not careful.

http://community.mcafee.com/showthread.php?t=229802
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question