McAfee EPolicy Orchestrator 5.10.0 Product Guide PDF Free Download

2y ago

61 Views

1 Downloads

4.41 MB

383 Pages

Report/dmca

Download PDF

Transcription

Revision BMcAfee ePolicy Orchestrator 5.10.0 ProductGuide

COPYRIGHTCopyright 2019 McAfee, LLCTRADEMARK ATTRIBUTIONSMcAfee and the McAfee logo, McAfee Active Protection, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes,McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee,LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others.LICENSE INFORMATIONLicense AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THEGENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASECONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVERECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOUDOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IFAPPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.2McAfee ePolicy Orchestrator 5.10.0 Product Guide

Contents123Product overview13Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Key features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .How it works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131314Using the ePolicy Orchestrator interface17Log on and log off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Navigating the interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Using the McAfee ePO navigation menu . . . . . . . . . . . . . . . . . . . . . . .Customizing the shortcut bar . . . . . . . . . . . . . . . . . . . . . . . . . . .Personal settings categories . . . . . . . . . . . . . . . . . . . . . . . . . . .Server settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Working with lists and tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Filter a list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create a custom filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Search for specific list items . . . . . . . . . . . . . . . . . . . . . . . . . . .Clicking table row checkboxes . . . . . . . . . . . . . . . . . . . . . . . . . . .Select the Columns to Display page . . . . . . . . . . . . . . . . . . . . . . . . .Selecting items in tree lists . . . . . . . . . . . . . . . . . . . . . . . . . . . .17171718181821212122222323Dashboards and monitors25Using dashboards and monitors . . .Manage dashboards . . . . . . .Export and import dashboards . . .Specify first-time dashboards . . . .Manage dashboard monitors . . . .Move and resize dashboard monitors .Set default monitor refresh intervals .4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25262728293030Generating queries and reports33Query and report permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Introduction to queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Query Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Work with queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Manage custom queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create a query group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Run a query on a schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . .About reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Report anonymization permissions . . . . . . . . . . . . . . . . . . . . . . . . . . .Structure of a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Edit an existing report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Add elements to a report . . . . . . . . . . . . . . . . . . . . . . . . . . . .Configure image report elements . . . . . . . . . . . . . . . . . . . . . . . . .Configure text report elements . . . . . . . . . . . . . . . . . . . . . . . . . .343536373739394040404141424243McAfee ePolicy Orchestrator 5.10.0 Product Guide3

Contents567Configure query table report elements . . . . . . . . . . . . . . . . . . . . . . .Configure query chart report elements . . . . . . . . . . . . . . . . . . . . . . .Customize a report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Run a report on a schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .View report output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Configure the template and location for exported reports . . . . . . . . . . . . . . . . . . .Group reports together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43444445464747Disaster Recovery49Working with Snapshots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Using Disaster Recovery Snapshots to restore your server . . . . . . . . . . . . . . . .How the Server Snapshot dashboard monitor works . . . . . . . . . . . . . . . . . .Save a snapshot from the McAfee ePO Dashboard . . . . . . . . . . . . . . . . . . .Save a snapshot using Web API commands . . . . . . . . . . . . . . . . . . . . . .Install McAfee ePO software on a restore server . . . . . . . . . . . . . . . . . . . . . . .Change the server recovery passphrase . . . . . . . . . . . . . . . . . . . . . . . . . .49505051515254Using the System Tree and Tags55Organizing systems with the System Tree . . . . . . . . . . . . . . . . . . . . . . . . .Considerations when planning your System Tree . . . . . . . . . . . . . . . . . . . .System Tree groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Sorting your systems dynamically . . . . . . . . . . . . . . . . . . . . . . . . .Active Directory synchronization . . . . . . . . . . . . . . . . . . . . . . . . . .Types of Active Directory synchronization . . . . . . . . . . . . . . . . . . . . . .NT domain synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . .Criteria-based sorting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .View system information details . . . . . . . . . . . . . . . . . . . . . . . . . .Creating and populating System Tree groups . . . . . . . . . . . . . . . . . . . . .Add systems to an existing group manually . . . . . . . . . . . . . . . . . . . . . .Create groups manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Export systems from the System Tree . . . . . . . . . . . . . . . . . . . . . . . .Create a text file of groups and systems . . . . . . . . . . . . . . . . . . . . . . .Import systems and groups from a text file . . . . . . . . . . . . . . . . . . . . . .Sort systems into criteria-based groups . . . . . . . . . . . . . . . . . . . . . . .Import Active Directory containers . . . . . . . . . . . . . . . . . . . . . . . . .Import NT domains into an existing group . . . . . . . . . . . . . . . . . . . . . .Schedule System Tree synchronization . . . . . . . . . . . . . . . . . . . . . . .Update a synchronized group with an NT domain manually . . . . . . . . . . . . . . . .Move systems within the System Tree . . . . . . . . . . . . . . . . . . . . . . . .How Transfer Systems works . . . . . . . . . . . . . . . . . . . . . . . . . . .How the Automatic Responses feature interacts with the System Tree . . . . . . . . . . . .Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Manage tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Create, delete, and change tag subgroups . . . . . . . . . . . . . . . . . . . . . .Exclude systems from automatic tagging . . . . . . . . . . . . . . . . . . . . . . .Create a query to list systems based on tags . . . . . . . . . . . . . . . . . . . . .Apply tags to selected systems . . . . . . . . . . . . . . . . . . . . . . . . . .Clear tags from systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Apply criteria-based tags to all matching systems . . . . . . . . . . . . . . . . . . .Apply criteria-based tags on a schedule . . . . . . . . . . . . . . . . . . . . . . 18282838384858586User accounts and permission sets87User accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87Edit user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88Creating McAfee ePO users with Active Directory . . . . . . . . . . . . . . . . . . . . . . . 894McAfee ePolicy Orchestrator 5.10.0 Product Guide

ContentsEnable Windows authentication in the McAfee ePO server . . . . . . . . . . . . . . . . . . . 90Configure advanced Windows authentication . . . . . . . . . . . . . . . . . . . . . . . . 90Windows authentication and authorization strategies . . . . . . . . . . . . . . . . . . . . . 91Locking out user accounts to protect your server . . . . . . . . . . . . . . . . . . . . . . . 92Restricting or allowing IP addresses to protect your server . . . . . . . . . . . . . . . . . . . 92Managing password policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Disable user account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Reset administrator password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Create a custom logon message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Restrict a user session to a single IP address . . . . . . . . . . . . . . . . . . . . . . . .94The Audit Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95View user actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95Remove outdated actions from the Audit Log . . . . . . . . . . . . . . . . . . . . . 95Authenticating with certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96Configure McAfee ePO for certificate-based authentication . . . . . . . . . . . . . . . . 96Disable certificate-based authentication . . . . . . . . . . . . . . . . . . . . . . . 97Configure user accounts for certificate-based authentication . . . . . . . . . . . . . . . 98Update the certificate revocation list . . . . . . . . . . . . . . . . . . . . . . . . 98Troubleshooting certificate-based authentication . . . . . . . . . . . . . . . . . . . . 99Permission sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99How users, groups, and permission sets fit together . . . . . . . . . . . . . . . . . .99Add or edit permission set . . . . . . . . . . . . . . . . . . . . . . . . . . .101Import or export permission set . . . . . . . . . . . . . . . . . . . . . . . . .1028910Software Catalog103What's in the Software Catalog . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Check in, update, and remove software using the Software Catalog . . . . . . . . . . . . . . .Checking product compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Reconfigure Product Compatibility List download . . . . . . . . . . . . . . . . . . .103104105106Manual package and update management109Bring products under management . . . . . . . . . . . . . . . . . . . . . . . . . . .Check in packages manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Delete DAT or engine packages from the Master Repository . . . . . . . . . . . . . . . . . .Move DAT and engine packages between branches . . . . . . . . . . . . . . . . . . . . .Check in Engine, DAT, and Extra.DAT update packages manually . . . . . . . . . . . . . . . . .Best practice: Automating DAT file testing . . . . . . . . . . . . . . . . . . . . . . . . .Pull and copy DAT updates from McAfee . . . . . . . . . . . . . . . . . . . . . .Best practice: Create a test group of systems . . . . . . . . . . . . . . . . . . . . .Best practice: Configure an agent policy for the test group . . . . . . . . . . . . . . . .Best practice: Configure an on-demand scan of the test group . . . . . . . . . . . . . .Best practice: Schedule an on-demand scan of the test group . . . . . . . . . . . . . . .Best practice: Configure an Automatic Response for malware detection . . . . . . . . . . .109109110110111111113115115116117118Deploying products121Product deployment steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Choosing a product deployment method . . . . . . . . . . . . . . . . . . . . . . . . .Benefits of product deployment projects . . . . . . . . . . . . . . . . . . . . . . . . .Viewing Product Deployment audit logs . . . . . . . . . . . . . . . . . . . . . . . . . .View product deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Deploy products using a deployment project . . . . . . . . . . . . . . . . . . . . . . . .Monitor and edit deployment projects . . . . . . . . . . . . . . . . . . . . . . . . . .Global updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Deploy update packages automatically with global updating . . . . . . . . . . . . . . . . . .121122123124124124126127128McAfee ePolicy Orchestrator 5.10.0 Product Guide5

Contents11ePO Support CenterePO Server Health . . . . . . . . .Manual server health checks . .Support Notifications . . . . . . . .Create Support Notification tags .Apply Support Notification tags .Remove a support notification tagDelete a supp

Save a snapshot from the McAfee ePO Dashboard .51 Save a snapshot using Web API commands .51 Install McAfee ePO software on a restore server .52