Solved

EPO configuration advice

Posted on 2009-07-16
10
1,055 Views
Last Modified: 2013-12-09
All right, sock it to me. I have a task to configure Epolicy Orchestrator again. Did it once, but fumbled through it.

These are things I have to do:
1) edit the repository lists and make all computers get their dats from the EPO server (we call it the SecServer)
2) schedule scans three times a week.
3) Allow FixCCS.exe from being blocked (I figured this one out)
4) Alert my email account ABC@DEF.gov  (yes, catch that one web spiders and spam the heck out of it)

Other suggestions are going to be taken into serious consideration.
Any white papers are appreciated.

Thanks

John
0
Comment
Question by:ChiefIT
  • 4
  • 4
  • 2
10 Comments
 
LVL 16

Accepted Solution

by:
legalsrl earned 500 total points
ID: 24876576
OK, piece of cake....

1.  Deploy the ePO Agents to the clients from within ePO, that way they will automatically update from the Sec Server
2.  Create an On Demand Scan Task from within ePO to scan your machines on the dates/times you want
3.  You've already done this
4.  Set up Notification on each detection to send you an email
5.  Read this Evaluation Guide attached

Let me know if you need anything else
Cheers
Si

epo-400-eval-guide-en-us.pdf
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 24880108
excellent white paper.

This is much easier than I thought.

Do you have any other recommendations that I might look into for my domain???
__________________________________________________
By the way, you might find this important to you:
Allow FixCCS.exe from being blocked (I figured this one out)

Windows XP has released SP3. In that Service pack there is a file called FixCCS.exe that is prevented from running. That stands for Fix Current Control Set. This executable file does about 8800 registry edits to your current control set. Without it, your Service pack 3 doesn't work well, and you end up with serious problems to your OS. I had to prevent McAfee from blocking that file.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 24882190
Interesting point, but why is FixCCS blocked ?

I've never come across it being blocked in the x many hundred installs I've done over the past year.....what's different your end ?

I can quite happily provide you with recommendations for products for your domain, but they would be purely with a technical bias....i.e. they are the best product for the job.....I don't get involved with the costings ! So what are you looking for ?

Cheers
Si
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 24883295
FixCCS runs from a temp file and makes a bunch of registry edits. On Access scanner blocks both, unless you premit it.

I am looking for better ways to imrove EPO to make it work at peak performance. I am also considering McAfee Antispyware that goes with this enterprise package of AV console. Will EPO administer that as well? It appears like it will.
0
 
LVL 16

Assisted Solution

by:legalsrl
legalsrl earned 500 total points
ID: 24885306
OK, gotcha, sounds like you might have a misconfiguration on the Access Protection policies in VSE......I wouldn't prevent things running from the temp folder, and only set it to report, not block

McAfee AS can also be configured through ePO, in fact any McAfee product should be able to be configured from within ePO, including appliances

Cheers
Si
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 38

Author Closing Comment

by:ChiefIT
ID: 31604313
Just what the doctor ordered, THANKS!!!
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 24886180
Thanks, just what I was looking for!!

You provided a white paper to help me configure it, you gave me information on how to configure AS console and also provided answers to my direct questions on what I wanted to do.

So, all in all, that was perfect advice.
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 24886213
Thank you very much, if there's anything else you need just let me know, cheers Si
0
 
LVL 2

Expert Comment

by:Robert_IT
ID: 24993789
Setup EPO???

Major missing components that everyone misses besides reading the manuals, is creating internal documentation, polices, and all those AV exclusions. Toss EPO into your environment and your servers can easily stop talking if they have any unique requirements.

I didn't hear much in the way of recommending testing either, what gives with you guys!
0
 
LVL 2

Expert Comment

by:Robert_IT
ID: 24993803
Legalsrl,

Here's something I posted on the McAfee forums to help with the exclusions I mentioned. I also created an Excel spreadsheet to document all the setting for version 4.0. McAfee EPO can easily become an undocumented nightmare if your not careful.

http://community.mcafee.com/showthread.php?t=229802
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now