Protection Pilot

Product Guide
revision 1.0
ProtectionPilot
Maximum Protection. Simple Administration.
McAfee System Protection

Industry-leading intrusion prevention solutions
Product Guide
revision 1.0
ProtectionPilot
Maximum Protection. Simple Administration.
McAfee System Protection

Industry-leading intrusion prevention solutions
COPYRIGHT
Copyright 2006 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN (STYLIZED N), ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA), INTRUSHIELD, INTRUSION PREVENTION THROUGH INNOVATION, MCAFEE, MCAFEE (AND IN KATAKANA), MCAFEE AND DESIGN, MCAFEE.COM, MCAFEE VIRUSSCAN, NET TOOLS, NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
LICENSE INFORMATION License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
Attributions
This product includes or may include: Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). Cryptographic software written by Eric A. Young and software written by Tim J. Hudson. Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein. Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer. Software originally written by Robert Nordier, Copyright 1996-7 Robert Nordier. Software written by Douglas W. Sauder. Software developed by the Apache Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt. International Components for Unicode (ICU) Copyright 1995-2002 International Business Machines Corporation and others. Software developed by CrystalClear Software, Inc., Copyright 2000 CrystalClear Software, Inc. FEAD Optimizer technology, Copyright Netopsystems AG, Berlin, Germany. Outside In Viewer Technology 1992-2001 Stellent Chicago, Inc. and/or Outside In HTML Export, 2001 Stellent Chicago, Inc. Software copyrighted by Thai Open Source Software Center Ltd. and Clark Cooper, 1998, 1999, 2000. Software copyrighted by Expat maintainers. Software copyrighted by The Regents of the University of California, 1996, 1989, 1998-2000. Software copyrighted by Gunnar Ritter. Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A., 2003. Software copyrighted by Gisle Aas. 1995-2003. Software copyrighted by Michael A. Chase, 1999-2000. Software copyrighted by Neil Winton, 1995-1996. Software copyrighted by RSA Data Security, Inc., 1990-1992. Software copyrighted by Sean M. Burke, 1999, 2000. Software copyrighted by Martijn Koster, 1995. Software copyrighted by Brad Appleton, 1996-1999. Software copyrighted by Michael G. Schwern, 2001. Software copyrighted by Graham Barr, 1998. Software copyrighted by Larry Wall and Clark Cooper, 1998-2000. Software copyrighted by Frodo Looijaard, 1997. Software copyrighted by the Python Software Foundation, Copyright 2001, 2002, 2003. A copy of the license agreement for this software can be found at www.python.org. Software copyrighted by Beman Dawes, 1994-1999, 2002. Software written by Andrew Lumsdaine, Lie-Quan Lee, Jeremy G. Siek 1997-2000 University of Notre Dame. Software copyrighted by Simone Bordet & Marco Cravero, 2002. Software copyrighted by Stephen Purcell, 2001. Software developed by the Indiana University Extreme! Lab (http://www.extreme.indiana.edu/). Software copyrighted by International Business Machines Corporation and others, 1995-2003. Software developed by the University of California, Berkeley and its contributors. Software developed by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http:// www.modssl.org/). Software copyrighted by Kevlin Henney, 2000-2002. Software copyrighted by Peter Dimov and Multi Media Ltd. 2001, 2002. Software copyrighted by David Abrahams, 2001, 2002. See http://www.boost.org/libs/bind/bind.html for documentation. Software copyrighted by Steve Cleary, Beman Dawes, Howard Hinnant & John Maddock, 2000. Software copyrighted by Boost.org, 1999-2002. Software copyrighted by Nicolai M. Josuttis, 1999. Software copyrighted by Jeremy Siek, 1999-2001. Software copyrighted by Daryle Walker, 2001. Software copyrighted by Chuck Allison and Jeremy Siek, 2001, 2002. Software copyrighted by Samuel Krempp, 2001. See http://www.boost.org for updates, documentation, and revision history. Software copyrighted by Doug Gregor (gregod@cs.rpi.edu), 2001, 2002. Software copyrighted by Cadenza New Zealand Ltd., 2000. Software copyrighted by Jens Maurer, 2000, 2001. Software copyrighted by Jaakko Jrvi (jaakko.jarvi@cs.utu.fi), 1999, 2000. Software copyrighted by Ronald Garcia, 2002. Software copyrighted by David Abrahams, Jeremy Siek, and Daryle Walker, 1999-2001. Software copyrighted by Stephen Cleary (shammah@voyager.net), 2000. Software copyrighted by Housemarque Oy <http://www.housemarque.com>, 2001. Software copyrighted by Paul Moore, 1999. Software copyrighted by Dr. John Maddock, 1998-2002. Software copyrighted by Greg Colvin and Beman Dawes, 1998, 1999. Software copyrighted by Peter Dimov, 2001, 2002. Software copyrighted by Jeremy Siek and John R. Bandela, 2001. Software copyrighted by Joerg Walter and Mathias Koch, 2000-2002. Software copyrighted by Carnegie Mellon University 1989, 1991, 1992. Software copyrighted by Cambridge Broadband Ltd., 2001-2003. Software copyrighted by Sparta, Inc., 2003-2004. Software copyrighted by Cisco, Inc. and Information Network Center of Beijing University of Posts and Telecommunications, 2004. Software copyrighted by Simon Josefsson, 2003. Software copyrighted by Thomas Jacob, 2003-2004. Software copyrighted by Advanced Software Engineering Limited, 2004. Software copyrighted by Todd C. Miller, 1998. Software copyrighted by The Regents of the University of California, 1990, 1993, with code derived from software contributed to Berkeley by Chris Torek.
PATENT INFORMATION
Protected by US Patents 6,470,384; 6,493,756; 6,496,875; 6,553,377; 6,553,378.
Issued June 2006 / McAfee ProtectionPilot software

DBN 005-EN
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Getting help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Getting information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Contact information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1 Introducing ProtectionPilot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Maximum number of managed computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Supported products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Using the console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Security Threats data monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2 Getting Started with ProtectionPilot . . . . . . . . . . . . . . . . . . . . . . 23

What to do after installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Automatic DAT and engine updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Existing update locations (first-time installation only) . . . . . . . . . . . . . . . . . . . . . . . . 23 Manual upgrade of the agent (upgrade only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Novell environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Proxy settings for the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Windows Firewall exceptions on the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Answers to common questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 How is up-to-dateness defined? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Do I have the most current DAT and engine files available? . . . . . . . . . . . . . . . . . . . 27 Whats my current level of protection? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Are my computers up-to-date? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Have there been any detections lately? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Are any of my computers still infected or impacted? . . . . . . . . . . . . . . . . . . . . . . . . . 30
Product Guide
Contents
Which computers have the most detections? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 What are the most prevalent detections? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Are there any new threats or updates? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Am I already protected against new threats? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 If Im not yet protected against new threats, what countermeasures can I take? . . . . 33 When did I get the latest updates? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 What happens if the maximum number of managed computers is exceeded? . . . . . 33 What happens when multiple managed computers have the same name? . . . . . . . . 34 How can I provide feedback on the software? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 How do I resolve a failed status in the Security Threats data monitor? . . . . . . . . . . . 36 Where to find information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3 Making Sure Computers are Managed and Protected . . . . . . . . 39

Deploying products to new computers and putting them under management . . . . . . . . . . 40 Putting existing McAfee products under management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Updating groups of computers from domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Manually installing the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Adding computers that use a system image of a managed computer . . . . . . . . . . . . . . . . 51 Adding products to the server repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
4 Keeping Products Up-To-Date . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Upgrading products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Adding policy pages to the server repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Adding extended policy pages to the server repository . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Performing immediate DAT and engine updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Changing the frequency of DAT and engine updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
5 Organizing Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Defining the organization of computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Renaming groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Moving computers between groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Uninstalling managed products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Removing a computer from management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Removing an entire group of computers from management . . . . . . . . . . . . . . . . . . . . . . . 66
vi
ProtectionPilot software
Contents
6 Changing Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Changing agent policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Changing managed product policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Restoring default policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
7 Scheduling Client Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Performing scheduled updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Performing scheduled scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Performing scheduled scans (GroupShield for Exchange) . . . . . . . . . . . . . . . . . . . . . . . . 78 Modifying default on-demand scan client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Modifying user-defined client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Deleting user-defined client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
8 Investigating Detections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Listing computers with reported detections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Listing what has been detected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Listing which files have been impacted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Viewing detections by type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Viewing detection history for computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Learning more about detections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Scanning managed computers for possible infections . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Printing detection reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
9 Resolving Compliance Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Listing non-compliant computers and taking action to bring them up-to-date . . . . . . . . . . 96 Viewing agent log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Viewing computer and product properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Viewing update history for computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Printing compliance reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
10 Managing the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Adding proxy settings for the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Using the proxy settings in Internet Explorer for the server . . . . . . . . . . . . . . . . . . . 108 Defining custom proxy settings for the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Adding the agent-to-server communication port as a Windows Firewall exception . . . . . 110 Adding the server service and console-to-server communication port as Windows Firewall exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Product Guide
vii
Contents
Defining the minimum compliance level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Changing the definition of not communicating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Changing the server password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Changing port numbers used for server communication . . . . . . . . . . . . . . . . . . . . . . . . . 115 Changing the name of the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Viewing the server log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Modifying the size of the server log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Viewing the Avert Labs log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
A Managing AutoUpdate Repositories . . . . . . . . . . . . . . . . . . . . . 119

When to use AutoUpdate repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Download and replication credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Creating distributed repositories on non-dedicated computers . . . . . . . . . . . . . . . . . . . . 121 Creating distributed repositories on HTTP servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Creating distributed repositories on FTP servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Creating distributed repositories using UNC shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Modifying distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Removing distributed repositories from management . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Replicating to distributed repositories immediately . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Adding proxy settings for managed computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Using the proxy settings in Internet Explorer for managed computers . . . . . . . . . . 129 Defining custom proxy settings for managed computers . . . . . . . . . . . . . . . . . . . . . 130
B Receiving Notification of Incidents . . . . . . . . . . . . . . . . . . . . . . 133

Setting up the Alert Manager server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Sending notifications of alert messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Sending notifications as text messages via email or pagers . . . . . . . . . . . . . . . . . . 136 Sending alert messages to the Alert Manager server . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Sending alert messages from VirusScan 4.5.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Sending alert messages from VirusScan Enterprise . . . . . . . . . . . . . . . . . . . . . . . . 139 Sending alert messages from NetShield for NetWare . . . . . . . . . . . . . . . . . . . . . . . 140
C Managing AntiSpyware Enterprise . . . . . . . . . . . . . . . . . . . . . . . 143 D Managing AntiSpyware Enterprise Standalone . . . . . . . . . . . . 145 E Managing GroupShield for Exchange . . . . . . . . . . . . . . . . . . . . 147
viii
Contents
F Managing Earlier Versions of VirusScan . . . . . . . . . . . . . . . . . . 149 G Managing NetShield for NetWare . . . . . . . . . . . . . . . . . . . . . . . . 151 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Product Guide
ix
Contents
Preface
This guide introduces the McAfee ProtectionPilot software, and provides the following information: Overview of the product. Descriptions of product features. Detailed instructions for configuring and deploying the software. Procedures for performing tasks. Troubleshooting information.
Audience
This information is designed for system and network administrators who are managing up to 500 computers and are responsible for their companys security program.
Getting help
There are a variety of resources available to you when you need more information about the product. Click Help or from anywhere in the application.
Review the ProtectionPilot Release Notes (ReadMe.txt) for a list of known issues and last-minute updates to the product and its documentation. The default location is: C:\Program Files\McAfee\ProtectionPilot\<VERSION> Click McAfee Support under Resource Sites on the Welcome to McAfee ProtectionPilot page for access to a free knowledgebase of known issues and supplemental documentation.
Product Guide
11
Preface
Conventions
This guide uses the following conventions:
Bold
All words from the user interface, including options, menus, buttons, and dialog box names.
Example
Type the User name and Password of the desired account.

Courier
Text that represents something the user types exactly (for example, a command at the system prompt).
Examples
Run this command on the computer:

C:\SETUP.EXE
Italic
For emphasis or when introducing a new term; for names of product manuals and topics (headings) within the manuals.
Example
For more information, see the ProtectionPilot Product Guide. <TERM> Angle brackets enclose a generic term.
Example
In the tree pane under ePolicy Orchestrator, right-click <SERVER>.

NOTE
Supplemental information; for example, an alternate method of executing the same command. Important advice to protect a user, computer system, enterprise, software installation, or data.
WARNING
12
Getting information
Getting information
Installation Guide Product Guide Procedures on preparing for, installing, and deploying the software in a production environment. Procedures on customizing the software for your environment and maintaining the software. Product introduction and features, detailed instructions for configuring the software, information on deployment, recurring tasks, and operating procedures. Help Context-sensitive Help topics accessible from most pages that list the procedures related to that page, reference information, and all information found in the Product Guide. ReadMe. Product information, system requirements, resolved issues, any known issues, and last-minute additions or changes to the product or its documentation. Contact information for McAfee services and resources: technical support, customer service, McAfee Avert Labs), beta program, and training. A text file is included with the software application and on the product CD. The McAfee License Agreement booklet that includes all of the license types you can purchase for your product. The License Agreement presents general terms and conditions for use of the licensed product.
Release Notes
License Agreement
Product Guide
13
Preface
Contact information
Threat Center: McAfee Avert Labs http://www.mcafee.com/us/threat_center/default.asp
Avert Labs Threat Library http://vil.nai.com Avert Labs WebImmune & Submit a Sample (Logon credentials required) https://www.webimmune.net/default.asp Avert Labs DAT Notification Service http://vil.nai.com/vil/signup_DAT_notification.aspx
Download Site http://www.mcafee.com/us/downloads/

Product Upgrades (Valid grant number required) Security Updates (DATs, engine) HotFix and Patch Releases For Security Vulnerabilities (Available to the public) For Products (ServicePortal account and valid grant number required) Product Evaluation McAfee Beta Program
Technical Support http://www.mcafee.com/us/support/

KnowledgeBase Search http://knowledge.mcafee.com/ McAfee Technical Support ServicePortal (Logon credentials required) https://mysupport.mcafee.com/eservice_enu/start.swe
Customer Service
Web http://www.mcafee.com/us/support/index.html http://www.mcafee.com/us/about/contact/index.html Phone US, Canada, and Latin America toll-free: +1-888-VIRUS NO or +1-888-847-8766 Monday Friday, 8 a.m. 8 p.m., Central Time
Professional Services
Enterprise: http://www.mcafee.com/us/enterprise/services/index.html http://www.mcafee.com/us/smb/services/index.html Small and Medium Business:
14
Introducing ProtectionPilot
The ProtectionPilot software is a security management system that simplifies security management tasks for network administrators who manage up to 500 computers. Management consists of deploying (sending and installing) security products, configuring product settings, and keeping those products up-to-date. The software is a system made up of these components: server, console, database, and agent.
Maximum number of managed computers

You can manage up to 500 computers using ProtectionPilot. You are notified whenever this limit is exceeded. However once the number of managed computers reaches 600, you can no longer add new computers. You are also notified whenever this upper limit is reached or exceeded. Computers above 600 are automatically removed from management (the agent is uninstalled from the computers). The security products remain.
Supported products
For a list of the McAfee products you can manage using the McAfee ProtectionPilot software, see the ProtectionPilot Release Notes (ReadMe.txt).
Product Guide
15
Server
Executing all console requests and handling the exchange of data from the console and agents to the database, the ProtectionPilot server does a majority of the work of the software.
Agents
Consoles
Server
Database
Figure 1-1. How the server handles data received from agents and the console
16
Console
Console
The piece you interact with directly to execute tasks and view data is the ProtectionPilot console. Although a console is always installed with the server, you can also install it separately. In this case, it is called a remote console because it is used to access the server remotely (from a different computer). Remote consoles are useful if you need to access the server from another computer or location; for example, if access to the server room is restricted or it isnt set up as a work space.
Console
Server
Computer
Remote Consoles
Computer
Figure 1-2. Relationship between the console, remote consoles, and the server
Product Guide
17
Using the console

The main user interface components of the ProtectionPilot console are described below.
1 2 4
5
Figure 1-3. User interface components
Click the buttons at the top of the center pane of the console to go directly to the corresponding section (a group of related pages). For example, click the Server button to display the Server section.
1 Sections
Tree pane You can also click the items in the tree pane (left pane of the console) to go directly to the corresponding section. This is the only way to go directly to the group and computer sections.
2 3
Back Click
to go back to the page that you last viewed.
Print Click
to open a printer-friendly version of the contents of the center pane. The right pane of the console (contains the back, print, and help buttons, and Management Tasks) is excluded.
Help Click page appear.
4 5
to open the Help file. Descriptions of the options on the current
Management Tasks Provides quick access to tasks related to the current page. Security Threats data monitor Displays newly discovered and recently
updated threats. The detection definition (DAT) files and scanning engine that provide protection against these threats are automatically retrieved as they become available.
18
Console
Security Threats data monitor

2 1
3
Figure 1-4. The Security Threats data monitor
You can easily determine whether the DAT and engine files in the server repository provide protection against all known threats and, if not, the highest risk level of any new threats.
1 Protection Status and Risk Assessment
Protection Available The DAT and engine files in the server repository
already provide protection against all threats that are known to McAfee Avert Labs. To determine whether each managed computer is protected, view the compliance data from the Home section.
Protection Pending on Medium-Risk Threats The updated DAT file for
threats assessed by Avert Labs as medium risk is pending. However, updated protection is available in a supplemental virus definition (EXTRA.DAT) file, which you can manually download if you need protection before the next full DAT file is available, such as in an outbreak scenario. For more information, see If Im not yet protected against new threats, what countermeasures can I take? on page 33.
Protection Pending on High-Risk Threats The updated DAT file for
threats assessed by Avert Labs as high risk is pending. However, updated protection is available in a supplemental virus definition (EXTRA.DAT) file, which you can manually download if you need protection before the next full DAT file is available, such as in an outbreak scenario. For more information, see If Im not yet protected against new threats, what countermeasures can I take? on page 33.
Security Threats Click Security Threats to view details (such as risk level, discovery date, and detection type) about each threat. For instructions, see Viewing and managing notifications on new threats under Keeping Products Up-To-Date in the Help file.
2 3
Unread Notifications The number of unread threat notifications is listed. Once
you mark a notification as read, it is no longer counted here.

Status The last time that new threat notifications were retrieved from the Avert
Labs website and whether that task was successful appears in the Security Threats data monitor in addition to the server log file. For instructions, see Viewing the server log file on page 116.
Product Guide
19
Database
The core component of ProtectionPilot is the database, which stores all data about those computers and products you are managing with the software. Typically, the database is installed on the same computer as the server (local database), but you can also install it on a different computer (remote database). You can even take advantage of an existing database.
Server
Database
Computer
Figure 1-5. Local database
Server
Computer
Database
Computer
Figure 1-6. Remote database
20
Agent
Agent
The ProtectionPilot agent is the key to remotely managing products. Installed on each computer, it deploys products, updates detection definition (DAT) files and the scanning engine, and upgrades existing products with service pack and patch releases. It also gathers data about installed security products, the computer, and infection and system activity. In addition, it ensures that requests from the server are executed and re-executed or enforced as needed. For example, if a user removes the security product you have defined for the computer, the agent will reinstall the product automatically.
Managed Computer Agent Managed Products
Server
Figure 1-7. Relationship between the agent, managed computer and products, and the server
Product Guide
21
22
Getting Started with ProtectionPilot

What to do after installation. Answers to common questions. Where to find information.
Before you start using the ProtectionPilot software, you might find it useful to review these sections:
What to do after installation

If you have installed or upgraded the server and console, you might need to complete additional tasks to ensure proper functionality. Automatic DAT and engine updates. Existing update locations (first-time installation only). Manual upgrade of the agent (upgrade only). Novell environment. Proxy settings for the server. Windows Firewall exceptions on the server.
Automatic DAT and engine updates

By default, ProtectionPilot automatically retrieves detection definition (DAT) files and the scanning engine from McAfee hourly, then begins updating managed products immediately. This default setup ensures that the latest DAT and engine files are protecting your network as soon as they are available. You can change how often DAT and engine files are updated. For instructions, see Changing the frequency of DAT and engine updates on page 59.
Existing update locations (first-time installation only)

If you have been using update locations (repositories) to centrally distribute detection definition (DAT) files and the scanning engine to computers, this updating strategy is no longer used once you install the server and console. Instead, new DAT and engine files are automatically retrieved from McAfee every hour, and the updating of managed products begins immediately following.
Product Guide
23
Although we recommend using this default updating strategy, there are situations in which using AutoUpdate repositories are recommended. For more information, see Managing AutoUpdate Repositories on page 119.
Manual upgrade of the agent (upgrade only)

Any managed computer that meets the criteria for manual agent installation will be reported as out-of-date (not up-to-date) until the updated agent is installed on it. For a list, see Criteria for Manual Agent Installation in the ProtectionPilot Release Notes (ReadMe.txt). For instructions, see Manually installing the agent on page 50.
Novell environment
You must manually install the agent to computers in Novell networks before you can deploy McAfee products. For instructions, see Manually installing the agent on page 50 and Deploying products to new computers and putting them under management on page 40. For more information on managing NetShield for NetWare, see Managing NetShield for NetWare on page 151.
Proxy settings for the server

If the ProtectionPilot server connects to the Internet via a proxy server, you need to add these settings before the automatic updating of detection definition (DAT) files and the scanning engine can begin. For instructions, see Adding proxy settings for the server on page 108.
Windows Firewall exceptions on the server

If the ProtectionPilot server is running Windows XP Professional, Service Pack 2 and computers being managed by that server are running an operating system other than Windows XP, Service Pack 2, you need to add the agent-to-server communication port (default is 81) as an exception in the Windows Firewall on the server computer. For instructions, see Adding the agent-to-server communication port as a Windows Firewall exception on page 110. If the ProtectionPilot server is running Windows XP Professional, Service Pack 2 and you want to install a remote console, you need to add the ProtectionPilot server service (NAIMSERV.EXE) and the console-to-server communication port (default is 82) as exceptions in the Windows Firewall on the ProtectionPilot server computer. For instructions, see Adding the server service and console-to-server communication port as Windows Firewall exceptions on page 111.
24
Answers to common questions

This section provides answers to these commonly asked questions: How is up-to-dateness defined? Do I have the most current DAT and engine files available? Whats my current level of protection? Are my computers up-to-date? Have there been any detections lately? Are any of my computers still infected or impacted? Which computers have the most detections? What are the most prevalent detections? Are there any new threats or updates? Am I already protected against new threats? If Im not yet protected against new threats, what countermeasures can I take? When did I get the latest updates? What happens if the maximum number of managed computers is exceeded? What happens when multiple managed computers have the same name? How can I provide feedback on the software? How do I resolve a failed status in the Security Threats data monitor?
Product Guide
25
How is up-to-dateness defined?

There are two items that together define product compliance, or whether a computer is reported as up-to-date. Computers running GroupShield for Exchange or AntiSpyware Enterprise must meet additional requirements to be reported as up-to-date.
The minimum compliance definition Any managed computer with one or more product, agent, DAT, or engine versions that are earlier than those defined as the minimum compliance level is reported as out-of-date (not up-of-date). For instructions, see Defining the minimum compliance level on page 112. How recently the agent has connected to the server How long its been since an
agent last communicated with the server affects whether the managed computer is reported as up-to-date. By default, this time period is 7 days. You can change this time period as needed. For instructions, see Changing the definition of not communicating on page 113.
GroupShield for Exchange computers must also be running VirusScan Enterprise Computers running GroupShield for Exchange must also be running VirusScan Enterprise 7.0 or later to be reported as up-to-date. Once these computers are compliant, when you add a newer version of GroupShield for Exchange to the server repository or increase its minimum compliance level, the older version of GroupShield for Exchange will be reported as out-of-date. AntiSpyware Enterprise computers must also be running VirusScan Enterprise
Computers running AntiSpyware Enterprise must also be running the corresponding version of VirusScan Enterprise to be reported as up-to-date. Once these computers are compliant, when you add a newer version of AntiSpyware Enterprise to the server repository or increase its minimum compliance level, the older version of AntiSpyware Enterprise will be reported as out-of-date.
26
Do I have the most current DAT and engine files available?

In addition to being able to easily determine what your current level of protection is, you can see at-a-glance whether you have the most current detection definition (DAT) files and scanning engine released by McAfee Avert Labs. This protection status appears next to DAT version and Engine version under ProtectionPilot Server.
Up-to-date Indicates that the DAT or engine files in the server repository are
the most current ones.

Update Pending Indicates that Avert Labs has released updated DAT or
engine files, but they havent been retrieved from the McAfee website yet.
NOTE
Although the default setup monitors the McAfee website on an hourly basis for updates and every 15 minutes once updates for security threats are released by Avert Labs, it takes time for DAT and engine files to be made available on all McAfee download servers. You can perform an immediate update to see whether this updated protection is available or wait for the default hourly Update Server task to retrieve them. For instructions, see Performing immediate DAT and engine updates on page 58.
Figure 2-1. Viewing DAT and engine protection status
Product Guide
27
Whats my current level of protection?

To view the DAT and engine version numbers:
From the Home section, see DAT version and Engine version under ProtectionPilot Server.
Figure 2-2. Viewing DAT and engine version numbers from the Home section
From the Server section, see DAT version and Engine version under Server
Status.
Figure 2-3. Viewing DAT and engine version numbers from the Server section
To view the version numbers of all products:
From the Server section, click the Repository tab. The product names and version numbers are listed under Server Repository.
Figure 2-4. Viewing the version number of all products in the server repository
28
Are my computers up-to-date?

Once you know what up-to-dateness means and how to control the definition of product compliance, the question becomes: Are my managed computers actually up-to-date? (For more information on product compliance, see How is up-to-dateness defined? on page 26.) Compliance reports break this question down into these categories:
Up-to-date All product, agent, DAT, and engine versions are equal to or later
than those in the server repository, and the agent has communicated recently.
Pending An immediate update has been sent, but the agent has not yet returned the update status to the server. Not communicating The agent hasnt communicated recently. Not up-to-date One or more product, agent, DAT, or engine versions are earlier than those in the server repository, and the agent has communicated recently.
You can click any of these categories to view compliance details on computers. You can use this data to determine why some computers are non-compliant and take action to bring them up-to-date. For instructions, see Resolving Compliance Issues on page 95.
Have there been any detections lately?

Of course, before you can investigate detections, you need to know whether any have occurred recently. Detection reports provide this information to you at-a-glance:
Cleaned / Blocked Files where clean or block succeeded. Deleted Files where delete succeeded. Quarantined Files where move (quarantine) succeeded. Error Files where access was denied, or where clean, block, delete, or move (quarantine) failed. Warnings VirusScan Enterprise detections (including buffer overflow exclusions and blocked files, network shares, or folders) found in warning mode. No action is taken on these detections.
You can click any of these categories to view detection details on computers. You can use this data to determine what has been detected and which files have been impacted. For instructions, see Investigating Detections on page 83.
Product Guide
29
Are any of my computers still infected or impacted?

Once you determine whether there are any current detections (see Have there been any detections lately? on page 29), you'll want to determine whether any computers are still infected by viruses or impacted by potentially unwanted programs. You need to take action on any computers reported under the Quarantined or Error detection categories.
Which computers have the most detections?

You can easily find out which computers in your network have the highest number of detections.
1 2 3 4
From the All Computers section, click the General tab. Select a timeframe, such as Today or This week. Click the Total number of detections. View Detection detail grouped by computers.
Figure 2-5. Viewing computers with the most detections
What are the most prevalent detections?

You can easily determine which detections are most prevalent in your network.
1 2
From the All Computers section, click the General tab. Select a timeframe, such as Today or This week.
30
3 4
Click the Total number of detections. View Detection detail grouped by detections.
Figure 2-6. Viewing the most prevalent detections
Are there any new threats or updates?

The Security Threats data monitor informs you of newly discovered and recently updated threats, and retrieves the detection definition (DAT) files and the scanning engine that provide protection against these threats as they become available. Click Security Threats to view details (such as risk level, discovery date, and detection type) about each threat. For instructions, see Viewing and managing notifications on new threats under Keeping Products Up-To-Date in the Help file. You can view the last time that new threat notifications were retrieved from the McAfee Avert Labs website and whether that task (DefaultAvertAlerts) was successful in the server log file. For instructions, see Viewing the server log file on page 116.
Figure 2-7. Viewing the number of unread threat notifications
Product Guide
31
Am I already protected against new threats?

You can easily determine whether the detection definition (DAT) files and scanning engine in the server repository provide protection against all known threats and, if not, the highest risk level of any new threats.
Protection Available The DAT and engine files in the server repository
already provide protection against all threats that are known to McAfee Avert Labs. To determine whether each managed computer is protected, view the compliance data from the Home section.
Protection Pending on Medium-Risk Threats The updated DAT file for
threats assessed by Avert Labs as medium risk is pending. However, updated protection is available in a supplemental virus definition (EXTRA.DAT) file, which you can manually download if you need protection before the next DAT file is available, such as in an outbreak scenario. For instructions, see Updating EXTRA.DAT files under Keeping Products Up-To-Date in the Help file.
Protection Pending on High-Risk Threats The updated DAT file for threats
assessed by Avert Labs as high risk is pending. However, updated protection is available in a supplemental virus definition (EXTRA.DAT) file, which you can manually download if you need protection before the next DAT file is available, such as in an outbreak scenario. For instructions, see Updating EXTRA.DAT files under Keeping Products Up-To-Date in the Help file.
Figure 2-8. Viewing protection status and risk assessment of new threats
32
If Im not yet protected against new threats, what countermeasures can I take?
If or (Protection Pending) appears in the Security Threats data monitor, you can manually download a supplemental virus definition (EXTRA.DAT) file if you need protection before the next full detection definition (DAT) file is available, such as in an outbreak scenario. McAfee occasionally releases EXTRA.DAT files at customer request or in the interim before a full DAT file is released. For instructions, see Updating EXTRA.DAT files under Keeping Products Up-To-Date in the Help file. You can have only one version of an EXTRA.DAT file in the server repository or installed on computers at any time. By default, the EXTRA.DAT file is ignored once the next DAT file is available because it incorporates the supplemental information provided by the EXTRA.DAT file. Once all managed computers have received the next DAT file, we recommend removing the EXTRA.DAT file from the server repository. This does not affect existing installations, but prevents the file from being distributed to new computers.
When did I get the latest updates?

Regardless of whether you actively monitor the McAfee Avert Labs website for new threats and updates, you will often want to know when the ProtectionPilot server last checked for new detection definition (DAT) files and the scanning engine on the McAfee website, whether that task completed successfully, and when the site will be checked again for new updates. From the Home section, see Last update under ProtectionPilot Server.
Figure 2-9. Last update answers the question When did I get the latest updates?
What happens if the maximum number of managed computers is exceeded?

You can manage up to 500 computers using ProtectionPilot. You are notified whenever this limit is exceeded. However once the number of managed computers reaches 600, you can no longer add new computers. You are also notified whenever this upper limit is reached or exceeded. Computers above 600 are automatically removed from management (the agent is uninstalled from the computers). The security products remain.
Product Guide
33
What happens when multiple managed computers have the same name?
If multiple managed computers have the same computer name, data for the computer that most recently communicated with the ProtectionPilot server appears for all computers whose names are identical. This data includes computer properties, all compliance and detection data, and the agent log file. In addition, all immediate client tasks (Update All, Update, Scan All, Scan, Enforce, and Check Connection) are executed only on the computer that most recently communicated with the server. We recommend that all managed computers have unique computer names.
How can I provide feedback on the software?

The Submit Product Feedback link allows you to share your experiences about how the product works in your environment and to submit feature requests. Your input will help us improve the product and make sure it best suits your needs.
NOTE
Please dont use the feedback form to submit requests for technical assistance, because it is not routed to McAfee Support. To resolve technical issues, contact your designated technical support resources directly. The Submit Product Feedback link is available from the Home section.
34
To open the form, click Submit Product Feedback under Resource Sites, select the language for providing feedback and the product, then click Submit. Complete the form and click Submit Feedback.
Figure 2-10. Submit Product Feedback form
Product Guide
35
How do I resolve a failed status in the Security Threats data monitor?

If a failed status appears in the Security Threats data monitor, the ProtectionPilot server cannot retrieve threat notifications or the detection definition (DAT) files and scanning engine that provide protection against these threats as they become available. We recommend that you resolve this issue so you can be informed of newly discovered and recently updated threats. Use the information below to verify that the server is set up correctly to receive threat notifications: If you use firewall or personal firewall software, you need to ensure that communication port 8801 accepts outbound communication relative to the ProtectionPilot server. This is the port number that the server uses for outbound communication to the McAfee Avert Labs website. If the ProtectionPilot server connects to the Internet via a proxy server, you need to add these settings to begin receiving security threat notifications. For instructions, see Adding proxy settings for the server on page 108. If you are using the proxy settings in Internet Explorer for the server, we recommend that you define the proxy settings being used in Internet Explorer as custom proxy settings in ProtectionPilot. For instructions, see Adding proxy settings for the server on page 108. If the above information doesn't resolve the issue, view the Avert Labs log file. It provides details on the specific reason that the task failed. For instructions, see Viewing the Avert Labs log file on page 117.
Where to find information

Once youve completed the post-installation tasks, you are ready to customize the software for your environment, maintain it, and troubleshoot it:
Making Sure Computers are Managed and Protected Different ways you can
ensure that new computers are put under management and protected by the McAfee security products.
Keeping Products Up-To-Date Updating detection definition (DAT) files and
the scanning engine, and upgrading existing products with service pack and patch releases.
Organizing Computers Keeping your managed computers organized. Changing Policies How to change policy settings and restore the default
settings.
Scheduling Client Tasks How to schedule the client tasks used to update
managed products and scan managed computers.
36
Where to find information Investigating Detections Investigating and responding to detections. Resolving Compliance Issues Determining why computers are non-compliant and taking action to bring them up-to-date. Managing the Server Tasks associated with managing the ProtectionPilot
server.
Managing AutoUpdate Repositories When to use AutoUpdate repositories and
how to manage them.

Receiving Notification of Incidents How to be notified whenever McAfee security products detect activity categorized at a certain priority level. Managing AntiSpyware Enterprise Tasks for managing AntiSpyware
Enterprise are outlined here with references to the detailed steps.

Managing AntiSpyware Enterprise Standalone Tasks for managing AntiSpyware Enterprise standalone are outlined here with references to the detailed steps. Managing GroupShield for Exchange Tasks for managing GroupShield for
Exchange are outlined here with references to the detailed steps.

Managing Earlier Versions of VirusScan Tasks for managing versions of VirusScan Enterprise that are earlier than those deployed during installation are outlined here with references to the detailed steps. Managing NetShield for NetWare Tasks for managing NetShield for NetWare
are outlined here with references to the detailed steps.

Reference Tasks for backing up, restoring, and maintaining the ProtectionPilot database, and reference information on predefined variables used in the software; see the Help file.
Product Guide
37
38
Making Sure Computers are Managed and Protected
There are a number of ways you can ensure that new computers are put under management and are protected by the McAfee security products. This section covers these tasks for managing and protecting new computers: Deploying products to new computers and putting them under management. Putting existing McAfee products under management. Updating groups of computers from domains. Manually installing the agent. Adding computers that use a system image of a managed computer. Adding products to the server repository. The Help file covers this additional task for managing and protecting new computers: Replacing Symantec AntiVirus with VirusScan Enterprise.
Product Guide
39
Deploying products to new computers and putting them under management

For option definitions, click Help or
1
in the interface.
From the All Computers section on the General tab, click Add Computers under Management Tasks. Click Next in the Add Computers Wizard. Select the desired domains, workgroups, or individual computers, then click Next.
2 3
Figure 3-1. Add Computers Wizard Select computers to be managed
40
Specify how to organize the selected computers under All Computers, then click Next.
To Add Computers To... Existing groups with predefined IP settings. Existing groups with the same name as the computers domain or workgroup. An existing group. A new group. Select... According to group IP settings or domain names. According to group IP settings or domain names. In an existing group, then select the desired group from the list. In a new group, then type its name in the box.
Figure 3-2. Add Computers Wizard Specify how the selected computers should be placed into groups
Product Guide
41
Select the desired products, then click Next. If the product isnt listed here, you need to add it to the server repository. For instructions, see Adding products to the server repository on page 51.
Figure 3-3. Add Computers Wizard Select products to deploy
42
To deploy the agent to computers, select Push agent. Not all computers support remote installation of the agent. For more information, see Step 7 on page 44.
a
To hide the agent installation, select Hide agent installation user interface for
agent push.
In Domain\User, type the credentials to use when installing the agent on the selected computers:
Figure 3-4. Add Computers Wizard Specify agent deployment options
If the computers are in a domain...

Then, these permissions are needed... Domain administrator (in that domain) Use this format in Domain\User... <DOMAIN>\<USER> Example: MAIN\ADMINISTRATOR Local administrator (on those computers) <COMPUTER>\<USER> Example: SHULL\ADMINISTRATOR Local administrator (on the ProtectionPilot server) .\<USER> Example: .\ADMINISTRATOR
Product Guide
43
If the computers are in a workgroup...

Then, these permissions are needed... Local administrator (on those computers) Use this format in Domain\User... <COMPUTER>\<USER> Example: SHULL\ADMINISTRATOR
NOTE
We recommend setting up the same local administrator user account on all computers, so you can put all of the computers under management at once. Local administrator (on the ProtectionPilot server) .\<USER> Example: .\ADMINISTRATOR
NOTE
The local administrator user accounts on the server and on each computer must be the same.
c
Type the password associated with the user account that you provided in Password.
To save the agent package (FramePkg.exe) for manual installation, select Download agent, then click Browse to select a location. For instructions, see Manually installing the agent on page 50.
NOTE
The agent must be manually installed on any computer that meets specified criteria. For a list, see Criteria for Manual Agent Installation in the ProtectionPilot Release Notes (ReadMe.txt).
8
Click Next, then Finish. Computers appear in the console within at the most three minutes.
44
Putting existing McAfee products under management

1
in the interface.
From the All Computers section on the General tab, click Add Computers under Management Tasks. Click Next in the Add Computers Wizard. Select the desired domains, workgroups, or individual computers, then click Next.
2 3
Figure 3-5. Add Computers Wizard Select computers to be managed
Product Guide
45
Specify how to organize the selected computers under All Computers, then click Next.
To Add Computers To... Existing groups with predefined IP settings. Existing groups with the same name as the computers domain or workgroup. An existing group. A new group. Select... According to group IP settings or domain names. According to group IP settings or domain names. In an existing group, then select the desired group from the list. In a new group, then type its name in the box.
Figure 3-6. Add Computers Wizard Specify how the selected computers should be placed into groups
46
Deselect all products, then click Next.
Figure 3-7. Add Computers Wizard Select products to be deploy 6
To deploy the agent to computers, select Push agent. Not all computers support remote installation of the agent. For more information, see Step 7 on page 48.
a
To hide the agent installation, select Hide agent installation user interface for
agent push.
Figure 3-8. Add Computers Wizard Specify agent deployment options
Product Guide
47


NOTE
NOTE
c
Type the password associated with the user account that you provided in Password.
To save the agent package (FramePkg.exe) for manual installation, select Download agent, then click Browse to select a location. For instructions, see Manually installing the agent on page 50.
NOTE
8
Click Next, then Finish. Computers appear in the console within at the most three minutes.
48
Updating groups of computers from domains
Updating groups of computers from domains

When computers join a domain, the Update Groups From Domains server task adds them to the group, puts them under management, and applies the policies and tasks for that group to them. By default, this task is disabled.
NOTE
Remember, the agent must be manually installed on computers that meet specified criteria. For a list, see Criteria for Manual Agent Installation in the ProtectionPilot Release Notes (ReadMe.txt). For instructions, see Manually installing the agent on page 50. When computers leave a domain, they remain in the group. The agent and security products remain on the computers. You can view the names of computers that were added by this server task in the server log file. For instructions, see Viewing the server log file on page 116. For option definitions, click Help or in the interface.
To update groups of computers from domains:

1
From the Server section on the Summary tab, click Update Groups From Domains under Server Tasks to expand the task options.
Figure 3-9. Update Groups From Domains server task 2 3
Click Add. Type the name of the domain in Domain name.
Product Guide
49
Type the user name of a domain administrator account in that domain in Domain User Name. Type the password for the domain administrator account in Domain password, then confirm it by re-typing it in Re-Enter password.
Figure 3-10. Adding a new domain 6
Select the desired frequency options. For example, lets say you want to update groups every day at noon. Select the Daily interval, then indicate that the task should run every day at 12:00 pm. Be sure that the Enabled box is selected. Click Apply Settings under Management Tasks to save the current entries.
7 8
Manually installing the agent

You need to distribute the agent package (FramePkg.exe) to users for them to install when their computers meet specified criteria. For a list, see Criteria for Manual Agent Installation in the ProtectionPilot Release Notes (ReadMe.txt). Once installed, the agent contacts the ProtectionPilot server within at the most three minutes, and the computer appears in Lost&Found.
To save agent package for manual installation:
1
From the Home section, click Download Agent Package under Management
Tasks.
2 3 4
Click Save when asked whether you want to open or save the file. Specify a location, then click Save. Once the file has been downloaded, click Close in the Download Complete dialog box.
50
Adding computers that use a system image of a managed computer
To manually install the agent:
Install the agent via a logon script. OR Distribute the file to users using one of these methods, and ask them to install the agent by double-clicking the FramePkg.exe file:
Network directory Copy the package to a network directory (for example, \\<COMPUTER>\<FOLDER>) to which users have permissions. Removable media Copy the package to removable media (for example,
3.5-inch disk).
Email Attach the package to an email message.
Adding computers that use a system image of a managed computer

You can install the agent and McAfee products on computers used to create system images of software. The first time you log on to a computer built using a system image that includes the agent the agent immediately contacts the ProtectionPilot server. If this computer meets the criteria of existing groups (domain or workgroup membership or IP settings), it appears in those groups; otherwise, it appears in Lost&Found.
Adding products to the server repository

During the installation, the files you need to deploy (send and install) those products available for deployment are added to the server repository. For a list, see Products Available for Deployment During Installation in the ProtectionPilot Release Notes (ReadMe.txt). Before you can deploy other products, you must add their package (PkgCatalog.z) file to the server repository. The server repository stores product releases and updates, and is where managed computers retrieve them. Package files contain the Setup program and other files needed for product deployment. For option definitions, click Help or
1
in the interface.
Locate the package (PkgCatalog.z) file on the product CD, or download it from the McAfee website (requires a McAfee grant number): http://www.mcafee.com/us/downloads/
From the Server section, click the Repository tab. The Manage AutoUpdate Repositories page appears.
Product Guide
51
3 4 5
Click Check In Package under Management Tasks. Click Next in the Check In Package wizard. Select Products and updates, then click Next.
Figure 3-11. Check In Package Wizard (page 1) 6
Click Browse to select the package (PkgCatalog.z) file for the product.
Click Finish, then OK.
52
Keeping Products Up-To-Date
The task of keeping your security products up-to-date includes updating detection definition (DAT) files and the scanning engine, and upgrading existing products with service pack and patch releases. This section covers these tasks for keeping products up-to-date: Upgrading products. Adding policy pages to the server repository. Adding extended policy pages to the server repository. Performing immediate DAT and engine updates. Changing the frequency of DAT and engine updates. The Help file covers these additional tasks for keeping products up-to-date: Downloading and updating DAT or engine files manually. Updating DAT or engine files using SuperDAT packages. Updating EXTRA.DAT files. Downgrading DAT files. Starting a program after an update. Viewing and managing notifications on new threats.
Product Guide
53
Upgrading products
Use this procedure to deploy new versions of McAfee products to managed computers. Periodically, you might also want to upgrade existing products with service pack or patch releases. For option definitions, click Help or
1
in the interface.
Locate the package (PkgCatalog.z) file on the product CD, or download it from the McAfee website (requires a McAfee grant number): http://www.mcafee.com/us/downloads/
From the Server section, click the Repository tab. The Manage AutoUpdate Repositories page appears. Click Check In Package under Management Tasks. Click Next in the Check In Package wizard. Select Products and updates, then click Next.
3 4 5
Figure 4-1. Check In Package Wizard (page 1)
54
Adding policy pages to the server repository
Click Browse to select the package (PkgCatalog.z) file for the product release.
Click Finish, then OK. Managed products are immediately upgraded.
Adding policy pages to the server repository

During the initial installation, the policy pages (.nap), which you need to be able to change settings for those products available for deployment are added to the server repository. For a list, see Products Available for Deployment During Installation in the ProtectionPilot Release Notes (ReadMe.txt). Before you can change settings for other products, you must add their policy pages to the server repository. The server repository stores product policy pages locally. Policy pages contain the files needed to change policy settings and create scheduled tasks for products. For option definitions, click Help or
1
in the interface.
Locate the policy page (.nap) on the product CD, or download it from the McAfee website (requires a McAfee grant number): http://www.mcafee.com/us/downloads/
From the Server section, click the Repository tab. The Manage AutoUpdate Repositories page appears. Click Check In Package under Management Tasks.
Product Guide
55
Select Management NAP, then click Next.
Click Browse to select the policy page (.nap) for the product.
Click Finish.
56
Adding extended policy pages to the server repository
Adding extended policy pages to the server repository

Before you can view detection and compliance data for selected products, you must add their extended policy pages (.nap) to the server repository. The server repository stores extended product policy pages locally. Extended policy pages contain the files needed to extend detection and compliance reporting for selected products. For option definitions, click Help or
1
in the interface.
Locate the extended policy page (.nap) on the product CD, or download it from the McAfee website (requires a McAfee grant number): http://www.mcafee.com/us/downloads/
From the Server section, click the Repository tab. The Manage AutoUpdate Repositories page appears. Click Check In Package under Management Tasks. Select Extended NAP, then click Next.
3 4
Figure 4-5. Check In Package Wizard (page 1)
Product Guide
57
Click Browse to select the extended policy page (.nap) for the product.
Click Finish.
Performing immediate DAT and engine updates

By default, ProtectionPilot automatically retrieves detection definition (DAT) files and the scanning engine from McAfee hourly, then begins updating managed products immediately. The software also monitors the McAfee website every 15 minutes once updates for security threats are released by McAfee Avert Labs because it takes time for DAT and engine files to be made available on all McAfee download servers. You can perform an immediate update to see whether this updated protection is available or wait for the default hourly Update Server task to retrieve them. You can immediately update managed products by first checking the McAfee website for new DAT and engine files, or by using the files that are in the server repository.
58
Changing the frequency of DAT and engine updates
To update from McAfee:

1
From the Home section, click Update All under Management Tasks. The Update All Wizard appears and lists the version numbers of the most current DAT and engine files. Click Finish to perform the update.
Figure 4-7. Update All Wizard
To update from the server repository:
From the All Computers section on the General tab, click Update under Management Tasks.
Changing the frequency of DAT and engine updates

You can change how often ProtectionPilot checks the McAfee website for updated detection definition (DAT) files and the scanning engine. For option definitions, click Help or
1
in the interface.
From the Server section on the Summary tab, click Server Update under Server Tasks to expand the task options. Select the desired frequency options. For example, lets say you want to retrieve updates from McAfee every Wednesday at noon. Select the Weekly interval, then indicate that the task should run every Wednesday at 12:00 pm.
Product Guide
59
Be sure that the Enabled box is selected.
Figure 4-8. Server Update server task 4
Click Apply Settings under Management Tasks to save the current entries.
60
Organizing Computers
You most likely have reasons to apply different product settings and tasks to each department, office, or computer type. How you organize your managed computers under All Computers can be a useful tool in their management. For example, you might want more restrictive product settings on server computers than on workstations. Keeping your managed computers organized is an important aspect in managing them efficiently. This section covers these tasks for managing the organization of computers under
All Computers:
Defining the organization of computers. Renaming groups. Moving computers between groups. Uninstalling managed products. Removing a computer from management. Removing an entire group of computers from management. The Help file covers this additional information and tasks for managing the organization of computers under All Computers: Lost&Found. Adding IP settings to existing groups. Modifying IP settings of existing groups. Deleting IP settings from existing groups. Verifying the integrity of IP settings. Sorting computers by IP address.
Product Guide
61
Defining the organization of computers

You define how to organize the computers you want to manage by creating groups. A group is a collection of computers that share common characteristics. You can create groups based on domain or workgroup membership; logical groupings (for example, geographic location or computer type, such as server versus workstation); or IP address. Groups simplify management by allowing you to perform tasks on all computers in a group at once. For option definitions, click Help or
To create a group:
1
in the interface.
From the All Computers section on the General tab, click Add Group under Management Tasks. Click Next in the Add Group Wizard.
By domain or workgroup membership:
Select Domain name, select the domain or workgroup from the list box, then click Next.
Using logical groupings:
Select Group name, type a descriptive and unique name in the box, then click Next twice.
Figure 5-1. Add Group Wizard Specify group name
62
Defining the organization of computers
By IP address: a
Select Group name, type a descriptive and unique name in the box, then click Next. Click Add to open the IP Management dialog box. You can define multiple IP settings for a group by repeating this step.
NOTE
IP addresses cannot overlap between or within groups. To specify an IP address range, type the beginning and ending IP addresses in the range in IP range, then click OK. Use this format: XXX.XXX.XXX.XXX, where X is 0 255; for example, 161.69.0.0 161.69.255.255. To specify an address mask, type the address mask and number of significant bits in IP subnet mask, then click OK. Use this format: XXX.XXX.XXX.XXX/YY, where X is 0 255 and Y is 0 32. For example, the address mask 161.69.0.0/16 equals the range 161.69.0.0 161.69.255.255. The address mask 161.69.255.0/18 equals the range 161.69.192.0 161.69.255.255.
Figure 5-2. Add Group Wizard Specify IP settings c 3
When youre done defining the IP settings, click Next.
Click Finish. Groups appear in the console within at the most three minutes.
Product Guide
63
Renaming groups
You can easily rename groups as you refine the organization of managed computers.
1
In the tree pane under McAfee ProtectionPilot | All Computers, right-click a group, then click Rename. Type the new name, then press Enter.
Moving computers between groups

You can use cut-and-paste or drag-and-drop operations to move computers from one group to another. Remember that if a computer belongs to a group that is based on IP addresses, the computer will reappear in that group whenever you sort computers by IP address until you modify the groups IP settings to exclude it. For instructions, see Modifying IP settings of existing groups in the Help file. You will most often need to move computers from the Lost&Found into the correct group. We recommend that you first move computers from the Lost&Found to their respective groups before taking any other actions on them. For more information on this special group, see Lost&Found in the Help file. Drag the computer from one group to another. OR
1
In the tree pane under McAfee ProtectionPilot | All Computers, right-click a computer from one group, then click Cut. Right-click another group, then click Paste.
Uninstalling managed products

You can uninstall more than one managed product at a time regardless of whether all selected computers have those products installed on them. For example, lets say the WORKSTATION group includes computers running VirusScan Enterprise only and computers running both VirusScan Enterprise and AntiSpyware Enterprise. You can select the WORKSTATION group, then select both VirusScan Enterprise and AntiSpyware Enterprise; the appropriate products are automatically removed from each computer in the group.
1
In the tree pane under McAfee ProtectionPilot, select All Computers, a group of computers, or an individual computer. Click Uninstall Products under Management Tasks.
64
Removing a computer from management
Click Next, then select the products that you want to remove from the computers.
Figure 5-3. Uninstall Products Wizard 4
Click Next, then Finish. Computers are reported as pending until the selected products are removed.
Removing a computer from management

When you delete a computer, it is removed from its group under All Computers and removed from management (the agent is uninstalled from the computer). You can also uninstall managed products at the same time.
NOTE
You cannot remove the ProtectionPilot server from management.
Product Guide
65
To remove a computer from management:

1
In the tree pane under McAfee ProtectionPilot | All Computers, right-click a computer from its group, then click Delete. Select the products that you want to remove from the computer and click Yes. Selected products, then the agent are uninstalled. Computers are reported as pending until the agent is removed.
Figure 5-4. Removing a computer from management
Removing an entire group of computers from management

When you delete a group, it and all of its computers are removed from All Computers, and the computers are removed from management (the agent is uninstalled from the computers). You can also uninstall managed products at the same time.
NOTE
You cannot remove the ProtectionPilot server from management. To delete the group that contains the server, you must first move the server computer to another group.
66
Removing an entire group of computers from management
To remove an entire group of computers from management:

1
In the tree pane under McAfee ProtectionPilot | All Computers, right-click a group, then click Delete. Select the products that you want to remove from the computer and click Yes. Selected products, then the agent are uninstalled. Computers are reported as pending until the agent is removed.
Figure 5-5. Removing a group of computers from management
Product Guide
67
68
Changing Policies
Policies are the configuration settings for each product that can be managed via ProtectionPilot. These settings determine how the product behaves on managed computers. For example, you can specify which types of files that you want VirusScan Enterprise to scan by choosing those settings on the corresponding policy page. You can change policy settings for all computers, a group of computers, or an individual computer.
NOTE
Be sure to always click Apply Settings or Apply to save your policy changes. This section covers these tasks for changing policies: Changing agent policy settings. Changing managed product policy settings. Restoring default policy settings. The Help file covers this additional task for changing policies: Changing agent for NetWare policy settings.
Product Guide
69
Changing Policies
Changing agent policy settings

You can control how the agent behaves on managed computers by changing its policy settings. You can restore the default policy settings at any time. For instructions, see Restoring default policy settings on page 72.
1
In the tree pane under McAfee ProtectionPilot, select All Computers, a group of computers, or an individual computer. Click the Policies tab. Click ProtectionPilot Agent to open the Policy Settings dialog box. On the General tab, deselect Inherit.
2 3 4
Figure 6-1. ProtectionPilot Agent policy page To make the agent user interface accessible from managed computers:
When shown, the agent icon appears in the system tray of managed computers and allows management tasks to be performed locally. To show the agent system tray icon, select Show Agent Tray Icon.
To define how often existing settings are reapplied:
The policy enforcement interval determines how often existing product policy settings are reapplied (enforced) on managed computers. Because this enforcement occurs locally, this interval does not require any bandwidth. Change the Policy Enforcement Interval (default is 5 minutes) as needed.
70
Changing managed product policy settings
To define how often updated settings are retrieved:
The agent-to-server communication interval (ASCI) determines how often the agent retrieves updated product policy settings and client tasks from the ProtectionPilot server. New policy settings are applied (enforced) as soon as they are received. New tasks run at the next scheduled time after being received. To conserve bandwidth, only data that has changed since the last ASCI is transmitted. Change the Agent to Server communication interval (default is 7 minutes) as needed.
To specify how to handle restarts required during product installations: a
When computers need to be restarted as part of an installation, select Prompt user when software installation requires reboot to display a dialog box notifying users of this. Otherwise, computers are automatically restarted when required. When computers need to be restarted as part of an installation, select Automatic reboot with timeout to restart computers if the user does not intervene before the specified time (in seconds) has elapsed.
5 6
Click Apply All to save the current entries. Click Close to return to the Policies page.
Changing managed product policy settings

You can control how each managed product behaves on managed computers by changing its policy settings. You can restore the default policy settings at any time. For instructions, see Restoring default policy settings on page 72.
1
In the tree pane under McAfee ProtectionPilot, select All Computers, a group of computers, or an individual computer. Click the Policies tab. Click the desired product and version (for example, VirusScan Enterprise 8.5) to open the Policy Settings dialog box. Select the desired option (for example, General Policies) in Select policy categories. Deselect Inherit. Make changes as needed. For information about each option, see the product documentation for each McAfee product. Click Apply All to save the current entries. Click Close to return to the Policies page.
Product Guide 71
2 3
5 6
7 8
Changing Policies
Restoring default policy settings

You can reset product policies to their original settings.
NOTE
You can also restore the default policy settings on any policy page by selecting Inherit, then clicking Apply. For option definitions, click Help or
1
in the interface.
In the tree pane under McAfee ProtectionPilot, select All Computers, a group of computers, or an individual computer. Click the Policies tab. Select Restore Inheritance under Management Tasks.
2 3
Figure 6-2. Reset Policy Inheritance dialog box 4 5
Select the Level at which you want to restore the default policy settings. Specify whether you want to reset the default settings on All products or Selected products. If you choose Selected products, select the desired products from the Products list. Click OK.
72
Scheduling Client Tasks
Although you can update most McAfee products immediately or have these products scan computers immediately by clicking Update or Scan (respectively) under Management Tasks, you can also schedule these activities to occur on a one-time or periodic basis. In addition, you can update the NetShield for NetWare product or have the NetShield for NetWare product scan computers only by scheduling the appropriate client tasks. This section covers these procedures for scheduling client tasks: Performing scheduled updates. Performing scheduled scans. Performing scheduled scans (GroupShield for Exchange). Modifying default on-demand scan client tasks. Modifying user-defined client tasks. Deleting user-defined client tasks. The Help file covers these additional tasks for scheduling client tasks: Performing scheduled DAT updates (NetShield for NetWare). Performing scheduled engine updates (NetShield for NetWare).
Product Guide
73
Performing scheduled updates

You can perform scheduled updates using these steps for most McAfee products. The Update client task updates these managed products with the detection definition (DAT) files, scanning engine, service pack releases, and patch releases in the server repository. For option definitions, click Help or
1
in the interface.
In the tree pane under McAfee ProtectionPilot, select All Computers, a group of computers, or an individual computer. Click the Scheduled Tasks tab. The Scheduled Tasks page appears. Click Create Task under Management Tasks. Select the ProtectionPilot Agent | Update task, then click Next under Management Tasks.
2 3 4
Figure 7-1. Scheduled Tasks Task Types page 5 6
Type a descriptive name for the task in Name under Task Settings. Click Settings to open the Task Settings dialog box.
Figure 7-2. ProtectionPilot Agent Update Task Settings dialog box 7
To display the progress of the update to users, select Show update progress dialog. To install the update without notifying users, deselect Show update progress
dialog.
74
Performing scheduled updates
To provide users the option to postpone the update, select Allow users to postpone this update. Users can specify how long to postpone the update. In Maximum number of postpones allowed, type the maximum number of times users can postpone the update before it is installed automatically. the update before it is installed automatically.
10 In Postpone timeout interval, type how long (in seconds) users have to postpone
11 Click OK to save the current entries. 12 Deselect Inherit under Schedule Settings.
Figure 7-3. Scheduled Tasks Task and Schedule Settings page 13 Select Enable; otherwise, the task wont start, regardless of settings on this
page.
14 To limit the amount of time for which the task can run before it is automatically
cancelled, select Stop the task if it runs for, then specify the time limit.
15 Select the frequency for the task in Select an interval, then specify the
corresponding frequency options that appear. For example, if you selected Daily, Daily Options appear.
16 Click Apply Settings under Management Tasks to save the current entries.
Product Guide
75
Performing scheduled scans

You can perform scheduled scans of managed computers. You must schedule separate On-Demand Scan client tasks for each managed product. The On-Demand Scan task scans the computers using the task settings you specify. For option definitions, click Help or
1
in the interface.
In the tree pane under McAfee ProtectionPilot, select All Computers, a group of computers, or an individual computer. Click the Scheduled Tasks tab. The Scheduled Tasks page appears. Click Create Task under Management Tasks. Select the <PRODUCT> | On-Demand Scan task, then click Next under Management Tasks.
2 3 4
Figure 7-4. Schedule Tasks page 5 6 7
Type a descriptive name for the task in Name under Task Settings. Click Settings to open the Task Settings dialog box. Make changes as needed. For information about each option, see the product documentation for each McAfee product. Click OK to save the current entries.
76
Performing scheduled scans
Deselect Inherit under Schedule Settings.
page.
corresponding frequency options that appear. For example, if you selected Daily, Daily Options appears.
Product Guide
77
Performing scheduled scans (GroupShield for Exchange)

You can perform scheduled scans of managed computers running GroupShield for Exchange. The Scan client task scans the computers using the task settings you specify.
NOTE The Scan command under Management Tasks does not
prompt GroupShield for Exchange to scan computers immediately. The only way for the GroupShield for Exchange product to scan computers is by scheduling a Scan client task. For option definitions, click Help or
1
in the interface.
In the tree pane under McAfee ProtectionPilot, select All Computers, a group of computers, or an individual computer. Click the Scheduled Tasks tab. Click Create Task under Management Tasks. Select the desired version of GroupShield for Exchange; for example, GroupShield For Exchange 6.0, select the Scan task, then click Next under Management Tasks.
2 3 4
Figure 7-6. Scheduled Tasks page 5 6 7
Type a descriptive name for the task in Name under Task Settings. Click Settings to open the Task Settings dialog box. Make changes as needed. For information about each option, see the product documentation for the McAfee product. Click OK to save the current entries.
78
Modifying default on-demand scan client tasks
Deselect Inherit under Schedule Settings.
page.
corresponding frequency options that appear. For example, if you selected Daily, Daily options appears.
Modifying default on-demand scan client tasks

When you click Scan under Management Tasks, default on-demand scan client tasks are created for most McAfee products. If you click Scan from the Manage Computer page, only the task for the product version installed on that computer is created. Once created, you can modify the settings for these tasks; however, default tasks cannot be deleted. These default tasks are always scheduled to run immediately. Any changes you make to the schedule settings will be overwritten. For option definitions, click Help or
1
in the interface.
In the tree pane under McAfee ProtectionPilot, select All Computers, a group of computers, or an individual computer. Click the Scheduled Tasks tab.
Product Guide
79
In the Scheduled tasks table, select a default on-demand scan task (<PRODUCT>_<VERSION>_DefaultODS; for example, VirusScan Enterprise_8.5.0_DefaultODS), then click Edit.
Figure 7-8. Scheduled Tasks page 4
Click Settings to make changes to the task settings, then click OK to save the current entries. Click Apply Settings under Management Tasks to save the current entries.
Modifying user-defined client tasks

1
in the interface.
In the tree pane under McAfee ProtectionPilot, select All Computers, a group of computers, or an individual computer. Click the Scheduled Tasks tab. The Scheduled Tasks page appears. Select a task from the table, then click Edit.
2 3
Figure 7-9. Scheduled Tasks page
80
Deleting user-defined client tasks
Click Settings to make changes to the task settings, then click OK to save the current entries. Make changes to the schedule settings as needed. Click Apply Settings under Management Tasks to save the current entries.
5 6
Deleting user-defined client tasks

1
in the interface.
In the tree pane under McAfee ProtectionPilot, select All Computers, a group of computers, or an individual computer. Click the Scheduled Tasks tab. The Scheduled Tasks page appears. Select a task from the table, then click Delete.
2 3
Figure 7-10. Scheduled Tasks page
Product Guide
81
82
Investigating Detections
You can view detection data in a variety of ways including which computers and files were impacted by which detections. You can even go directly to the authority McAfee Avert Labs to learn everything you ever wanted to know about each detection at the click of a button. This section covers these tasks for investigating detections: Listing computers with reported detections. Listing what has been detected. Listing which files have been impacted. Viewing detections by type. Viewing detection history for computers. Learning more about detections. Scanning managed computers for possible infections. Printing detection reports.
Product Guide
83
Listing computers with reported detections

1 2
Figure 8-1. Detections reported this week 3
Click a detection category, such as Quarantined or Error, to view detections reported within that timeframe, grouped by computer name.
Figure 8-2. Detection detail grouped by computers
84
Listing what has been detected
Listing what has been detected

1 2
Figure 8-3. Detections reported this week 3 4
Click a detection category, such as Quarantined or Error. Click Detection detail grouped by detections.
Figure 8-4. Detection detail grouped by detections
Product Guide
85
Listing which files have been impacted

1 2
Click a detection category, such as Quarantined or Error.
86
Viewing detections by type
Click Detection Count to view the files that were impacted by that detection.
Figure 8-7. Which files have been impacted
Viewing detections by type

You can view summary, detailed, and historical detection data by type: viruses and Trojans, potentially unwanted programs (including spyware), intrusion protection (including buffer overflow exclusions), access protection (including blocked ports, files, network shares, or folders), and other detections, such as Internet worms and vulnerabilities. By default, all detections except access protection detection are displayed.
1 2
From the All Computers section, click the General tab. Select Include Access Protections if desired.
Figure 8-8. Viewing summary detection data by type 3
Select a timeframe, such as Today or This week.
Product Guide
87
Select a detection type, such as Unwanted Programs or Intrusion Protections. The selected detection types reported within that timeframe are displayed, grouped by detection count.
Figure 8-9. Viewing detailed detection data by type
Viewing detection history for computers

1 2
Figure 8-10. Detections reported this week
88
Viewing detection history for computers
Figure 8-11. Detection detail grouped by computers 4
Click Detection Count to view the detection history for computers.
Figure 8-12. Detection History
Product Guide
89
Learning more about detections

Each detection name listed in the detection details is linked directly to its description in the Virus Information Library provided by McAfee Avert Labs. Find out the minimum version of detection definition (DAT) files and the scanning engine you need to protect your network against every known virus. Learn about the symptoms and method of infection and much more.
1 2
90
Scanning managed computers for possible infections
Click Detection Name to go to the Avert Labs website for a complete description of that detection.
Figure 8-15. Description of viruses on the Avert Labs website
Scanning managed computers for possible infections

You can modify the settings of this immediate scan, or perform scheduled scans of managed computers. For instructions, see Modifying default on-demand scan client tasks on page 79 or Performing scheduled scans on page 76, respectively.
1
In the tree pane under McAfee ProtectionPilot, select All Computers, a group of computers, or an individual computer. Click Scan under Management Tasks.
Product Guide
91
Printing detection reports

To print data for all computers:
1
From the Home section, select a timeframe (such as Today or This week) under the detection reports. Click to open a printer-friendly version of the report in Internet Explorer.
2 3
Use the browser to print the report or save it to a file; for example, File | Print or File | Save As.
Figure 8-16. Detection report from the Home section
92
Printing detection reports
To print data for all computers and groups:

1
From the All Computers section on the General tab, select a timeframe (such as Today or This week) under the detection reports. Click to open a printer-friendly version of the report in Internet Explorer.
Figure 8-17. Detection reports from the All Computers section 3
Product Guide
93
94
Resolving Compliance Issues
If managed computers are reported as Not communicating or Not up-to-date, how to determine why they are non-compliant and take action to bring them up-to-date are vital tasks to ensuring that your network is protected. This section covers these tasks for resolving product compliance issues: Listing non-compliant computers and taking action to bring them up-to-date. Viewing agent log files. Viewing computer and product properties. Viewing update history for computers. Printing compliance reports. The Help file covers this additional task for resolving product compliance issues: Creating an updating activity log file.
Product Guide
95
Listing non-compliant computers and taking action to bring them up-to-date

1 2
From the All Computers section, click the General tab. Click a compliance category, such as Not communicating or Not up-to-date, to view compliance issues, grouped by computer name.
Figure 9-1. Manage All Computers page
Cells that appear in red indicate that one or more product versions are earlier than those in the server repository, or that the agent has not communicated recently.
Figure 9-2. Red cells indicating which products are out-of-date
96
To check computer and agent connectivity:
Select the desired computers, then click Check Connection. Whether the computer is online and the agent is running is verified. The Status column is updated with the current connection status as described below:
If the Status is... Inactive Then... The computer is online, but the agent is not running. Reinstall the agent, see To reinstall the agent:, following. Not Tested Offline Connectivity hasnt been checked within the last minute. The computer is offline. The agent status cannot be determined. Start the computer. If it is still reported as non-compliant, continue troubleshooting. Online The computer is online and the agent is running. Continue troubleshooting.
When one or more agents or computers cannot be contacted, the connectivity results can take a substantial amount of time. You can cancel computer and agent connectivity checks if you no longer want to wait for their results.
Figure 9-3. Offline status of laptop computers that are out of the office
Product Guide
97
Resolving Compliance Issues To force an immediate DAT and engine update:
If the DAT or Engine cells appear in red, select those computers, then click Update. The updating of managed products with all product updates in the server repository begins immediately.
To install or reinstall products: a
If the Product Version cell appears in red, select those computers, then click Deploy. Click Next in the Deploy Products Wizard. Select the desired products. If the product isnt listed here, you need to add it to the server repository. For instructions, see Adding products to the server repository on page 51. Deselect Reinstall McAfee ProtectionPilot agent, then click Next. Click Finish.
b c
d e
To reinstall the agent: a
If the Agent Version or Last Contact cells appear in red, select those computers, then click Deploy. Click Next in the Deploy Products Wizard. Select Reinstall McAfee ProtectionPilot agent. Deselect all products, then click Next. To deploy the agent to computers, select Push agent. Not all computers support remote installation of the agent. For more information, see Step i on page 99. To hide the agent installation, select Hide agent installation user interface for
agent push.
b c d e
98

NOTE
NOTE
h
Type the password associated with the user account that you provided in Password. To save the agent package (FramePkg.exe) for manual installation, select Download agent, then click Browse to select a location. For instructions, see Manually installing the agent on page 50.
NOTE
j
Click Next, then Finish.
Product Guide
99
To force an immediate collection of computer and product properties:
To have the complete set of properties resent to you, select the desired computers, then click Enforce.
To force an immediate policy and task enforcement:
To reapply (enforce) the existing product policy settings and tasks on managed computers manually, select the desired computers, then click Enforce.
3
If computers are still reported as non-compliant, here are additional tasks you can use to track down the source of the issue: Viewing agent log files on page 100. Viewing computer and product properties on page 101. Viewing update history for computers on page 102. Creating an updating activity log file in the Help file.
Viewing agent log files

1
In the tree pane under McAfee ProtectionPilot| All Computers, select a computer from its group. Click the Agent Log tab to view the agent activity log file.
Figure 9-4. Agent Activity log file
To view the current or previous agent installation log file, click current or
previous next to FrameSvc.
To view the current client tasks log file, click current next to NaPrdMgr.
To print a log file: a b
Click
to open a printer-friendly version of the log in Internet Explorer.
Use the browser to print the log or save it to a file; for example, File | Print or File | Save As.
100
Viewing computer and product properties
To refresh the contents of a log file:
Click Refresh under Management Tasks.
Viewing computer and product properties

1 2
From the All Computers section, click the General tab. Under Compliance, select whether to view compliance data for all computers (displayed by default) or sorted by group (click to expand). Click a compliance category, such as Not communicating or Not up-to-date, to view compliance issues grouped by computer name.
Figure 9-5. Compliance Details page 4
Click a computer name. The Manage Computer page appears.
Figure 9-6. Manage Computer page
Product Guide
101
To view the complete set of properties, click View detailed properties under Computer Conditions.
Figure 9-7. Properties for Computer page
Viewing update history for computers

1 2
From the All Computers section, click the General tab. Under Compliance, select whether to view compliance data for all computers (displayed by default) or sorted by group (click to expand). Click a compliance category, such as Not communicating or Not up-to-date, to view compliance issues grouped by computer name.
Figure 9-8. Compliance Details page
102
Viewing update history for computers
Click a computer name. The Manage Computer page appears.
Figure 9-9. Manage Computer page 5
Click View update history under Compliance.
Figure 9-10. Update History for Computer page
Product Guide
103
Printing compliance reports

To print data for all computers:
1
From the Home section, click in Internet Explorer.
to open a printer-friendly version of the report
Figure 9-11. Compliance report from the Home section
104
Printing compliance reports
To print data for all computers and groups:

1
From the All Computers section, click the report in Internet Explorer.
to open a printer-friendly version of
Figure 9-12. Compliance reports from the All Computers section
Product Guide
105
106
Managing the Server
10
Many of the tasks associated with managing the ProtectionPilot server will need to be done only once if at all when you initially install the server and console or when specific settings on your network, such as proxy settings, change. This section covers these tasks for managing the server: Adding proxy settings for the server. Adding the agent-to-server communication port as a Windows Firewall exception. Adding the server service and console-to-server communication port as Windows Firewall exceptions. Defining the minimum compliance level. Changing the definition of not communicating. Changing the server password. Changing port numbers used for server communication. Changing the name of the server. Viewing the server log file. Modifying the size of the server log file. Viewing the Avert Labs log file. The Help file covers this additional task for managing the server: Removing proxy settings on the server.
Product Guide
107
Managing the Server
Adding proxy settings for the server

If the ProtectionPilot server connects to the Internet via a proxy server, you need to add these settings before updates can be retrieved from the McAfee website and managed computers updated with them. You can use the proxy settings in Internet Explorer or specify custom proxy settings. Using the proxy settings in Internet Explorer for the server. Defining custom proxy settings for the server.
Using the proxy settings in Internet Explorer for the server

1
in the interface.
From the Server section, click the Proxy tab.
Figure 10-1. Proxy Settings for Server and Repositories page 2 3
Select Use Internet Explorer proxy settings. Provide a user account with permissions to the proxy server specified in Internet Explorer.
a b
Select Use HTTP proxy authentication or Use FTP proxy authentication. In the User name, Password, and Re-enter password boxes that correspond to the desired protocol, type the user name and password associated with the user account.
Click Apply Settings under Management Tasks.
108
Adding proxy settings for the server
Defining custom proxy settings for the server

1
in the interface.
From the Server section, click the Proxy tab.
Figure 10-2. Proxy Settings for Server and Repositories page 2 3
Select Use custom proxy settings. Provide the address and port number of the proxy server you want to use to gain access to distributed repositories using HTTP or FTP protocols.
a
In Hostname or IP Address, type the IP address or fully-qualified domain name of the proxy server. In Port, type the port number of the proxy server.
b 4
To specify distributed repositories to which the server can connect directly, select Bypass local addresses, then type the IP addresses or fully-qualified domain name of those computers separated by a semi-colon (;). Provide a user account with permissions to the proxy server you specified in HTTP or FTP in Step 3.
a b
Select Use HTTP proxy authentication or Use FTP proxy authentication. In the User name, Password, and Re-enter password boxes that correspond to the desired protocol, type the user name and password associated with the user account.
Product Guide
109
Managing the Server
Adding the agent-to-server communication port as a Windows Firewall exception

If the ProtectionPilot server is running Windows XP Professional, Service Pack 2 and computers being managed by that server are running an operating system other than Windows XP, Service Pack 2, you need to add the agent-to-server communication port (default is 81) as an exception in the Windows Firewall on the server computer.
1
Click the Start button, then point to Control Panel | Security Center (if using Category View) | Windows Firewall. On the Exceptions tab, click Add Port. In Name, provide a literal description of the exception, such as ProtectionPilot agent-to-server communication. In Port number, type the appropriate port number (default is 81).
NOTE
2 3
To view the agent-to-server communication port number, click the Settings tab from the Server section in the ProtectionPilot console.
5 6
Be sure that TCP is selected. Click OK to save the current entries and return to the Windows Firewall dialog box. Notice that ProtectionPilot agent-to-server communication now appears under Programs and Services.
110
Adding the server service and console-to-server communication port as Windows Firewall exceptions
Adding the server service and console-to-server communication port as Windows Firewall exceptions
If the ProtectionPilot server is running Windows XP Professional, Service Pack 2 and you want to install a remote console, you need to add the ProtectionPilot server service (NAIMSERV.EXE) and the console-to-server communication port (default is 82) as exceptions in the Windows Firewall on the ProtectionPilot server computer.
1
Click the Start button, then point to Control Panel | Security Center (if using Category View) | Windows Firewall. On the Exceptions tab, click Add Program. Click Browse, then select NAIMSERV.EXE from the installation directory. The default location is C:\PROGRAM FILES\McAfee\PROTECTIONPILOT\<VERSION> (for upgrades) and C:\PROGRAM FILES\MCAFEE\PROTECTIONPILOT\<VERSION> (for new installations). Notice that NAIMSERV.EXE now appears under Programs and Services. Click Add Port. In Name, provide a literal description of the exception, such as ProtectionPilot console-to-server communication. In Port number, type the appropriate port number (default is 82).
NOTE
2 3
4 5 6
To view the console-to-server communication port number, click the Settings tab from the Server section in the ProtectionPilot console.
8 9
Be sure that TCP is selected. Click OK to save the current entries and return to the Windows Firewall dialog box. Notice that ProtectionPilot console-to-server communication now appears under Programs and Services.
Product Guide
111
Managing the Server
Defining the minimum compliance level

You can define minimum compliance level by selecting a specific product version or by always using the latest version in the server repository or that has been installed locally on managed computers. For more information on how this impacts which computers are reported as up-to-date, see How is up-to-dateness defined? on page 26. For option definitions, click Help or
1
in the interface.
From the Server section, click the Settings tab.
Figure 10-3. Server Settings page 2
Select Minimum compliance definition, then select whether to use the latest version or a specific product version for each product listed. Click Apply Settings under Management Tasks to save the current entries.
112
Changing the definition of not communicating
Changing the definition of not communicating

How long its been since an agent last communicated with the server affects whether the managed computer is reported as up-to-date. For more information, see How is up-to-dateness defined? on page 26. For option definitions, click Help or
1 2
in the interface.
From the Server section, click the Settings tab. Change the Not communication definition, then click Apply Settings under Management Tasks.
Figure 10-4. Server Settings page
Product Guide
113
Managing the Server
Changing the server password

Although you specify a secure password during the initial installation of the server and console, its a good idea to periodically change the password to ensure that the server is kept secure. How often you need to change the server password will depend on your companys security policies. For option definitions, click Help or
1 2
in the interface.
From the Server section, click the Settings tab. Select Change server password.
Figure 10-5. Server Settings page 3 4
Type the new password in New server password and Confirm new password. Click Apply Settings under Management Tasks.
114
Changing port numbers used for server communication
Changing port numbers used for server communication

Typically, you wont need to change the port numbers used for communication to and from the server once you define them during the initial installation. However, you might need to when installing new software or when your companys security policies change. Most often you will only need to refresh your memory on which port numbers the server uses for communication. For option definitions, click Help or
1
in the interface.
Figure 10-6. Server Settings page 2
The Agent-to-server communications port is display only. If you need to change this port number, back up the ProtectionPilot database, uninstall the server and console, then assign the new port number when you re-install the server and console. The Console-to-server communications port is display only. If you need to change this port number, back up the ProtectionPilot database, uninstall the server and console, and any remote consoles, then assign the new port number when you re-install the server and consoles. Type a different Server-to-agent communications port (default is 8081) as needed. If you change this port number, immediate client tasks are disabled until the next agent-to-server communication.
Product Guide
115
Managing the Server
Changing the name of the server

If you need to change the name of the server, back up the ProtectionPilot database, uninstall the server and all consoles, then change the computer name before you re-install the server and console and any remote consoles.
Viewing the server log file

The server log file contains entries about server activity, server events, and server tasks. From the Server section, click the Log tab.
Figure 10-7. View Server Log page To print the log file: a b
Click
Use the browser to print the log; for example, File | Print.
To refresh contents of the log file:
Click Refresh under Management Tasks.

To save the log to a file: a b
Click
Use the browser to save the log to a file; for example, File | Save As.
116
Modifying the size of the server log file
Modifying the size of the server log file

1
Figure 10-8. Server Settings page 2 3
Type a different Server log size (default is 2048 KB) as needed. Click Apply Settings under Management Tasks.
Viewing the Avert Labs log file

The McAfee Avert Labs log file contains entries on threat notifications and the detection definition (DAT) files and scanning engine that provide protection against these threats as provided via the Security Threats data monitor. Type the following web address in a browser window on the ProtectionPilot server: http://<SERVER>:<CONSOLE-TO-SERVER PORT>/Avert/AvertLog.htm Where <SERVER> is the name of the server computer. And where <CONSOLE-TO-SERVER PORT> is the console-to-server port number (default is 82).
Product Guide
117
Managing the Server
118
Managing AutoUpdate Repositories
If you have been using update locations to centrally distribute detection definition (DAT) files and the scanning engine to computers, this updating strategy is no longer used once you install the server and console. Instead, new DAT and engine files are automatically retrieved from McAfee every hour, and the updating of managed products begins immediately following. Although we recommend using this default updating strategy, there are situations in which using AutoUpdate repositories are recommended. This section covers these tasks for managing AutoUpdate repositories: When to use AutoUpdate repositories. Download and replication credentials. Creating distributed repositories on non-dedicated computers. Creating distributed repositories on HTTP servers. Creating distributed repositories on FTP servers. Creating distributed repositories using UNC shares. Modifying distributed repositories. Removing distributed repositories from management. Replicating to distributed repositories immediately. Adding proxy settings for managed computers. The Help file covers these additional tasks for managing AutoUpdate repositories: Removing proxy settings on managed computers. Specifying the order in which AutoUpdate repositories are selected.
Product Guide
119
When to use AutoUpdate repositories

If your company is geographically dispersed, we recommend setting up a separate distributed AutoUpdate repository in each satellite office that has more than five end-users. We also recommend choosing a computer, such as a server, that is always on to host these repositories. Those offices with less than five end-users and mobile users can use the server repository instead of setting up a separate one.
McAfee website
Satellite Office or Mobile Users Server Managed Computers
Server Repository
Managed Computer
Managed Computer
Managed Computer
Distributed Repository
Main Office Managed Computers
Satellite Office
Figure A-1. Setting up AutoUpdate repositories across geographically dispersed offices
120
Download and replication credentials
Download and replication credentials

Download credentials are used by managed computers to connect to AutoUpdate repositories. Provide user accounts with read-only permissions to the HTTP server, FTP server, or UNC share that hosts the repository. Replication credentials are used by the server repository to copy files to AutoUpdate repositories. Provide user accounts with read and write permissions to the HTTP server, FTP server, or UNC share that hosts the repository. Agent-based AutoUpdate repositories dont need download or replication credentials because the agent authenticates the files.
Creating distributed repositories on non-dedicated computers

Before you begin
Verify that the computer has at least 100 MB (on the drive where the repository is stored) of free disk space and 256 MB of RAM. You need to know a local directory on the managed computer to store the repository.
To create distributed repositories on non-dedicated computers:

1 2 3
in the interface.
From the Server section, click the Repository tab. Click Add Repository under Management Tasks. Select Agent, then click Next under Management Tasks.
Product Guide
121
Select a managed computer to host the repository from the table.
Figure A-2. Manage AutoUpdate Repositories Agent Repository Options page 5
The Repository name defaults to EPOSA_<COMPUTER>, where <COMPUTER> is the name of the managed computer. Type a local directory (for example, C:\REPOSITORY) where you want to store the repository in Repository path. You can also use predefined or system environment variables to define this location. For more information, see Variables in the Help file. Click Apply Settings under Management Tasks.
Creating distributed repositories on HTTP servers

Before you begin
Verify that the computer is an HTTP-compliant (version 1.1) server on Microsoft Windows, Linux, or Novell NetWare operating systems with a UNC share. You need to know the web address and port number of the HTTP server. You need to know a network directory on the HTTP server to store the repository.
122
Creating distributed repositories on HTTP servers
Make sure you have user accounts with the appropriate credentials, see Download and replication credentials on page 121. If managed computers connect to repositories through a firewall, ensure that the repository accepts inbound communication on the appropriate communication port. Typically, this is port 80.
To create distributed repositories on HTTP servers:

1 2 3
in the interface.
From the Server section, click the Repository tab. Click Add Repository under Management Tasks. Select HTTP, then click Next under Management Tasks.
Figure A-3. Manage AutoUpdate Repositories HTTP Options page 4 5
Type the web address of the HTTP server in URL. Type the port number that the HTTP server uses for communication (typically, this is port 80) in Port. Type a descriptive and unique name for the repository in Repository name. If the HTTP server requires authentication, select Use download credentials, then type the user account information in User name, Password, and Re-enter password under HTTP Download Credentials. To authenticate the user account you specified, click Verify.
6 7
Product Guide
123
Under HTTP Replication Credentials, type the UNC share name of the physical directory that represents the virtual directory where you want to store the repository on the HTTP server in UNC path. Use this format: \\<COMPUTER>\<FOLDER>. You can also use predefined or system environment variables to define this location. For more information, see Variables in the Help file. Type the user account information for the network directory in Domain name, User name, Password, and Re-enter password. To authenticate the user account you specified, click Verify.
10 Click Apply Settings under Management Tasks.
Creating distributed repositories on FTP servers

Before you begin
Verify that the computer is a Windows, Linux, or NetWare FTP server. You need to know the web address and port number of the FTP server. Make sure you have user accounts with the appropriate credentials, see Download and replication credentials on page 121. If managed computers connect to repositories through a firewall, ensure that the repository accepts inbound communication on the appropriate communication port. Typically, this is port 20 or 21.
To create distributed repositories on FTP servers:

1 2
in the interface.
From the Server section, click the Repository tab. Click Add Repository under Management Tasks.
124
Creating distributed repositories using UNC shares
Select FTP, then click Next under Management Tasks.
Figure A-4. Manage AutoUpdate Repositories FTP Options page 4 5
Type the web address of the FTP server in URL. Type the port number that the FTP server uses for communication (typically, this is port 20 or 21) in Port. Type a descriptive and unique name for the repository in Repository name. Under Download Credentials, select Use Anonymous or type the user account information in User name, Password, and Re-enter password. To authenticate the user account you specified, click Verify.
6 7
Under Replication Credentials, type the user account information in User name, Password, and Re-enter password. To authenticate the user account you specified, click Verify.
Creating distributed repositories using UNC shares

Before you begin
Verify that the computer uses Windows, Linux, NetWare, or UNIX Samba UNC shares. You need to know a network directory to store the repository.
Product Guide
125
Make sure you have user accounts with the appropriate credentials, see Download and replication credentials on page 121. If managed computers connect to repositories through a firewall, ensure that the repository accepts inbound communication on the appropriate communication port. Typically, this is port 137, 138, or 139.
To create distributed repositories using UNC shares:

1 2 3
in the interface.
From the Server section, click the Repository tab. Click Add Repository under Management Tasks. Select UNC, then click Next under Management Tasks.
Figure A-5. Manage AutoUpdate Repositories UNC Options page 4
Type the network directory where you want to store the repository in Share path. Use this format: \\<COMPUTER>\<FOLDER>. You can also use predefined or system environment variables to define this location. For more information, see Variables in the Help file.
5 6
Type a descriptive and unique name for the repository in Repository name. Under Download Credentials, select Use logged on user or type the user account information in Domain name, User name, Password, and Re-enter password. To authenticate the user account you specified, click Verify.
126
Modifying distributed repositories
Under Replication Credentials, type the user account information in Domain name, User name, Password, and Re-enter password. To authenticate the user account you specified, click Verify.
Modifying distributed repositories

1 2
in the interface.
From the Server section, click the Repository tab. Select a repository under Distributed Repositories, then click Edit.
Figure A-6. Manage AutoUpdate Repositories page 3 4
Make changes as needed. Click Apply Settings under Management Tasks to save the current entries.
Removing distributed repositories from management

When you remove distributed repositories from management, the contents of the repository remain. You need to manually delete the files from the computer. For option definitions, click Help or
1
in the interface.
From the Server section, click the Repository tab. The Manage AutoUpdate Repositories page appears. Select a repository under Distributed Repositories, then click Delete.
Product Guide
127
Replicating to distributed repositories immediately

Although the Server Update task automatically copies the contents of the server repository to all distributed repositories, there are instances when you might want to perform this task on-demand. For example, when troubleshooting issues with product compliance, you might perform an on-demand replication to ensure that all distributed repositories have the same updates as the server repository before updating computers. For option definitions, click Help or
1
in the interface.
From the Server section, click the Repository tab. The Manage AutoUpdate Repositories page appears. Select repositories under Distributed Repositories, then click Replicate.
Figure A-7. Manage AutoUpdate Repositories page 3
Select whether to perform an incremental (copy only new or updated files) or a full replication (copy all files), then click Finish.
Figure A-8. Replicate Wizard
128
Adding proxy settings for managed computers

If managed computers connect to AutoUpdate repositories via a proxy server, you need to add these settings before updates can be retrieved.You can use the proxy settings in Internet Explorer or specify custom proxy settings. Using the proxy settings in Internet Explorer for managed computers. Defining custom proxy settings for managed computers.
Using the proxy settings in Internet Explorer for managed computers

1
in the interface.
In the tree pane under McAfee ProtectionPilot, select All Computers, a group of computers, or an individual computer. Click the Policies tab. Click ProtectionPilot Agent to open the Policy Settings dialog box. On the Proxy tab, deselect Inherit.
2 3 4
Figure A-9. Proxy tab in the ProtectionPilot Agent policy page 5 6
Select Use Internet Explorer Proxy Settings. Provide a user account with permissions to the proxy server specified in Internet Explorer.
a b
Select Use authentication for HTTP, Use authentication for FTP, or both. In the user name, password, and confirm password boxes that correspond to the desired protocol, type the user name and password associated with the user account.
Product Guide
129
7 8
Click Apply All to save the current entries. Click Close to return to the Policies page.
Defining custom proxy settings for managed computers

1
in the interface.
In the tree pane under McAfee ProtectionPilot, select All Computers, a group of computers, or an individual computer. Click the Policies tab. Click ProtectionPilot Agent to open the Policy Settings dialog box. On the Proxy tab, deselect Inherit.
2 3 4
Figure A-10. Proxy tab in the ProtectionPilot Agent policy page 5 6
Select Manually configure the proxy settings. Provide the address and port number of the proxy server you want to use to gain access to distributed repositories using HTTP or FTP protocols.
a
In Address, type the IP address or fully-qualified domain name of the proxy server. In Port, type the port number of the proxy server. To use the same Address and Port for both HTTP or FTP protocols, select Use these settings for all proxy types.
b c
130
Provide a user account with permissions to the proxy server you specified in HTTP or FTP in Step 6.
a b
Select Use authentication for HTTP, Use authentication for FTP, or both. In the user name, password, and confirm password boxes that correspond to the desired protocol, type the user name and password associated with the user account.
To specify managed computers that connect directly to AutoUpdate repositories bypassing the proxy server, select Specify exceptions, then type the IP addresses or fully-qualified domain name of those computers separated by a semi-colon (;). Click Apply All to save the current entries.
10 Click Close to return to the Policies page.
Product Guide
131
132
Receiving Notification of Incidents
You can be notified whenever McAfee security products detect activity categorized at a certain priority level, such as critical or high. You pick the notification method that is most convenient and timely for you. Notification methods include email messages, pager text messages, print-outs, network popup messages, a program triggered when possible infections are detected, or entries written to a log file. You can set up multiple levels of notification as well. For example, you might want to receive a page for critical alert messages and save low priority messages to a log file. This section covers these tasks for setting up the default alerting method: Setting up the Alert Manager server. Sending notifications of alert messages. Sending alert messages to the Alert Manager server. The Help file covers these tasks for setting up centralized alerting: Setting up the Alert Manager server. Setting up a centralized alerting location. Sending notifications of alert messages. Sending alert messages to a centralized alerting location.
Product Guide
133
Setting up the Alert Manager server

The computer that is acting as the Alert Manager server must have GroupShield for Exchange or VirusScan Enterprise installed on it. Be sure that the computer that is hosting the Alert Manager server is equipped to send the type of notifications that you want to receive. We recommend setting up the Alert Manager server on a different computer than the ProtectionPilot server, to avoid impacting ProtectionPilot server performance during an outbreak.
When to use a centralized alerting location
If you block named pipe connections on your network, you need to forward alert messages to a central location instead of directly to the Alert Manager server. The Alert Manager server periodically retrieves alert messages from this central location, then sends the appropriate notifications to you. For instructions, see Setting up a centralized alerting location under Receiving Notification of Incidents in the Help file.
NOTE
GroupShield for Exchange does not support the use of a centralized alerting location.
Alert messages and mobile (unconnected) computers
Because alert messages are not written to a file, they can only be sent during the session in which they are generated (they are deleted once the computer is turned off), and then only if the computer is connected to the network.
To deploy the Alert Manager software:
1
Add the Alert Manager package (PkgCatalog.z) file to the server repository. For instructions, see Adding products to the server repository on page 51. In the tree pane under McAfee ProtectionPilot | All Computers, select the computer that is hosting the Alert Manager server from its group. Click Deploy under Management Tasks.
134
Sending notifications of alert messages
4 5
Click Next in the Deploy Products Wizard. Select Alert Manager, click Next, then Finish.
Figure B-1. Deploy Products Wizard Select products to deploy

This section covers the most common method for sending notifications of alert messages: Sending notifications as text messages via email or pagers. The Help file covers these additional tasks for sending notifications of alert messages: Sending notifications as network messages. Sending notifications to a printer. Sending notifications via SNMP. Launching a program in response to detections. Logging alert messages in event log files. Sending notifications to a Terminal Server as network messages.
Product Guide
135
Sending notifications as text messages via email or pagers

You can send notifications of alert messages via email or as text messages on pagers. How fast recipients receive these text messages depends on the response time of the sending and receiving mail servers.
1
In the tree pane under McAfee ProtectionPilot | All Computers, select the computer that is hosting the Alert Manager server from its group. Click the Policies tab. Click the desired version of Alert Manager; for example, Alert Manager 4.7, to open the Policy Settings dialog box. Click the E-mail tab. Deselect Inherit.
2 3
4 5
Figure B-2. E-Mail tab in the Alert Manager policy page 6
Click Add, then type the recipients email address, a message subject, and a reply email address, such as your own.
Figure B-3. E-Mail dialog box
136
Click Mail Settings, then in Server, type the IP address or computer name of an SMTP mail server. If the mail server requires it and only if type its password in Login, then click OK.
Figure B-4. E-Mail Settings dialog box 8
Click Priority Level, then drag the slider to indicate the priority level of alert messages. Messages with the selected priority and higher will generate this type of notification.
Figure B-5. Priority Level dialog box 9
Click OK twice, then click Apply to save the current entries.
Product Guide
137
Sending alert messages to the Alert Manager server

We recommend that you configure each managed computer to forward its alert messages to the Alert Manager server. In turn, the Alert Manager server sends the appropriate notifications to you. The Alert Manager client-side software is installed by default with these McAfee products: GroupShield for Exchange.
NOTE
The Alert Manager client-side software is installed by default only when the GroupShield for Exchange software is installed manually. If you deployed GroupShield for Exchange from ProtectionPilot, you must also deploy the Alert Manager software. For instructions, see To deploy the Alert Manager software: on page 134. The VirusScan software. NetShield for NetWare. Alert messages for GroupShield for Exchange are forwarded to the Alert Manager server by default. To forward alert messages for other products, you must define the location of the Alert Manager server for each managed product. For instructions, see these topics: Sending alert messages from VirusScan 4.5.1. Sending alert messages from VirusScan Enterprise. Sending alert messages from NetShield for NetWare.
Sending alert messages from VirusScan 4.5.1

1
In the tree pane under McAfee ProtectionPilot | All Computers, select a group of computers or an individual computer running VirusScan 4.5.1. Click the Policies tab. Click VirusScan v4.51 for Windows to open the Policy Settings dialog box. Select Alert Options in Select policy categories.
2 3 4
138
Deselect Inherit.
Figure B-6. VirusScan 4.5.1 Alert Options policy page 6 7 8
Deselect Disable Alerting. To permit users to change these policy settings, select Allow User Changes. Deselect Use DMI; Desktop Management Interface (DMI) messaging is no longer supported on the server side. Select Enable Alert Manager Alerting. Directory, see the Alert Manager 4.7 product documentation.
10 For more information on publishing the Alert Manager server to Active
11 Type the name of the Alert Manager server in Destination for alerts, using UNC
notation; for example, \\<COMPUTER>.

12 Click Apply to save the current entries. 13 Click Close to return to the Policies page.
Sending alert messages from VirusScan Enterprise

1
In the tree pane under McAfee ProtectionPilot | All Computers, select a group of computers or an individual computer running VirusScan Enterprise. Click the Policies tab. Click the desired version of VirusScan Enterprise; for example, VirusScan
Enterprise 7.1, to open the Policy Settings dialog box.
2 3
Select Alert Manager Alerts Policies in Select policy categories.
Product Guide
139
Deselect Inherit.
Figure B-7. VirusScan Enterprise 7.1 Alert Manager Alerts policy page 6
Under Which components will generate alerts, select the client-side components from which you want alert messages forwarded:
On-Access Scan Forwards alert messages found by the On-Access Scan
task.
On-Demand Scan and scheduled scans Forwards alert messages found by the On-Demand Scan task and scheduled scan tasks. E-Mail Scan Forwards alert messages found by the on-delivery and on-demand E-Mail Scan tasks. AutoUpdate Forwards alert messages found by the AutoUpdate task, Update Now task, and scheduled update tasks.
7 8
Under Alert Manager destination selection, select Enable Alert Manager alerting. Type the name of the Alert Manager server in Specify Alert Manager server to receive alerts, using UNC notation; for example, \\<COMPUTER>. Click Apply to save the current entries.
Sending alert messages from NetShield for NetWare

1
In the tree pane under McAfee ProtectionPilot | All Computers, select a group of computers or an individual computer running NetShield for NetWare. Click the Policies tab.
140
Click the desired version of NetShield for NetWare; for example, NetShield for
NetWare v4.6 to open the Policy Settings dialog box.
4 5 6 7 8 9
Select Alert Properties in Select policy categories. Deselect Inherit. Under Centralized alerting, deselect Enable centralized alerting. Under Advanced alerting, select Use alert manager. Click Apply to save the current entries. Select Alert Manager in Select policy categories.
10 Click the Forward tab. 11 Deselect Inherit. 12 Click Add, then in Computer, type the name of the Alert Manager server, using
UNC notation; for example, \\<COMPUTER>.

13 Select the priority level of alert messages that you want forwarded in Priority
Level. Messages with the selected priority and higher will be forwarded to the
Alert Manager server.

NOTE
We recommend setting the priority level to Informational, so that all alert messages are forwarded to the Alert Manager server. This ensures that this setting does not conflict with the priority level setting on the Alert Manager server.
14 Click Apply to save the current entries. 15 Click Close to return to the Policies page.
Product Guide
141
142
Managing AntiSpyware Enterprise
Use these steps to manage the AntiSpyware Enterprise add-on to the corresponding version of VirusScan Enterprise. For each version, you must add three separate files to the server repository: An updated VirusScan Enterprise policy page (VSE<VERSION>.nap; for example, VSE800.nap); see Step 1. Product policy page (VSEMAS<VERSION>.nap; for example, VSEMAS80.nap); see Step 1. Product package (PkgCatalog.z) file; see Step 2.
To manage AntiSpyware Enterprise:
1 Adding policy pages to the server repository Add the updated VirusScan Enterprise policy page (VSE<VERSION>.nap) and the AntiSpyware Enterprise policy page (VSEMAS<VERSION>.nap) to the server repository. For instructions, see Adding policy pages to the server repository on page 55.
NOTE
When you add an updated VirusScan Enterprise policy page to the server repository, answer yes when asked whether you want to overwrite the existing policy page. The VirusScan Enterprise policy settings remain unchanged. Registry and cookies scan items are added to the default on-demand scan client tasks (<PRODUCT>_<VERSION>_DefaultODS; for example, VirusScan Enterprise_8.0.0_DefaultODS) and to new VirusScan Enterprise on-demand scan client tasks.
2 Deploying (sending and installing) AntiSpyware Enterprise from ProtectionPilot: a
Verify that all computers meet the minimum hardware and software requirements; see the AntiSpyware Enterprise product documentation. Add the package (PkgCatalog.z) file for AntiSpyware Enterprise to the server repository. For instructions, see Adding products to the server repository on page 51. Deploy AntiSpyware Enterprise. For instructions, see Deploying products to new computers and putting them under management on page 40.
Product Guide
143
Managing AntiSpyware Enterprise Changing agent settings You can change the policy settings for the agent using the ProtectionPilot console. For instructions, see Changing agent policy settings on page 70. Changing VirusScan Enterprise settings to enable AntiSpyware Enterprise To
enable AntiSpyware Enterprise, you need to change the VirusScan Enterprise policy settings. For instructions, see Changing managed product policy settings on page 71. For information on each option, see the AntiSpyware Enterprise product documentation.
NOTE
AntiSpyware Enterprise is disabled by default. You can enable it and control its behavior using the VirusScan Enterprise policy page.
5 Updating AntiSpyware Enterprise You can update AntiSpyware Enterprise immediately by clicking Update under Management Tasks. You can also schedule updates to occur on a one-time or periodic basis. This task updates the AntiSpyware Enterprise software with the detection definition (DAT) files, scanning engine, service pack releases, and patch releases in the server repository. For instructions, see Performing scheduled updates on page 74. Scanning AntiSpyware Enterprise computers for potentially unwanted programs You need to modify the default on-demand scan task for VirusScan Enterprise to scan computers running AntiSpyware Enterprise for potentially unwanted programs. For instructions, see Modifying default on-demand scan client tasks on page 79. For information on each option, see the AntiSpyware Enterprise product documentation. You can then have VirusScan Enterprise scan computers immediately by clicking Scan under Management Tasks. You can also schedule this to occur on a one-time or periodic basis. For instructions, see Performing scheduled scans on page 76. Receiving notification of incidents You can be notified whenever McAfee security products detect activity categorized at a certain priority level, such as critical or high. You pick the notification method that is most convenient and timely for you. To receive notification of AntiSpyware Enterprise incidents, send alert messages from VirusScan Enterprise. For instructions on setting up the default alerting method, see Setting up the Alert Manager server on page 134, Sending notifications of alert messages on page 135, and Sending alert messages to the Alert Manager server on page 138. For instructions on setting up centralized alerting, see Setting up the Alert Manager server, Setting up a centralized alerting location, Sending notifications of alert messages, and Sending alert messages to a centralized alerting location under Receiving Notification of Incidents in the Help file.
144
Managing AntiSpyware Enterprise Standalone
Use these steps to manage the AntiSpyware Enterprise standalone version. You must add three separate files to the server repository: Product policy page (ASE<VERSION>.nap; for example, ASE850.nap); see Step 1. Product extended policy page (ASE<VERSION>Reports.nap); for example, ASE850Reports.nap); see Step 2. Product package (PkgCatalog.z) file; see Step 3.
To manage AntiSpyware Enterprise standalone:
1 Adding policy pages to the server repository Add the AntiSpyware Enterprise
standalone policy page (ASE<VERSION>.nap) to the server repository. For instructions, see Adding policy pages to the server repository on page 55.
2 Adding extended policy pages to the server repository Add the AntiSpyware Enterprise standalone extended policy page (ASE<VERSION>Reports.nap) to the server repository. For instructions, see Adding policy pages to the server repository on page 55. Deploying (sending and installing) AntiSpyware Enterprise standalone from ProtectionPilot: a
Verify that all computers meet the minimum hardware and software requirements; see the AntiSpyware Enterprise standalone product documentation. Add the package (PkgCatalog.z) file for AntiSpyware Enterprise standalone to the server repository. For instructions, see Adding products to the server repository on page 51. Deploy AntiSpyware Enterprise standalone. For instructions, see Deploying products to new computers and putting them under management on page 40.
Changing agent settings You can change the policy settings for the agent using the ProtectionPilot console. For instructions, see Changing agent policy settings on page 70.
Product Guide
145
Managing AntiSpyware Enterprise Standalone Changing AntiSpyware Enterprise standalone You can control how each managed product behaves on managed computers by changing its policy settings. For instructions, see Changing managed product policy settings on page 71. For information about each option, see the AntiSpyware Enterprise standalone product documentation. Updating AntiSpyware Enterprise standalone You can update AntiSpyware Enterprise standalone immediately by clicking Update under Management Tasks. You can also schedule updates to occur on a one-time or periodic basis. This task updates the AntiSpyware Enterprise standalone software with the detection definition (DAT) files, scanning engine, service pack releases, and patch releases in the server repository. For instructions, see Performing scheduled updates on page 74. Scanning AntiSpyware Enterprise standalone computers for possible infections You can have AntiSpyware Enterprise standalone scan computers immediately by clicking Scan under Management Tasks. You can also schedule this to occur on a one-time or periodic basis. For instructions, see Performing scheduled scans on page 76.
146
Managing GroupShield for Exchange

Use the steps that follow to manage GroupShield for Exchange.
1
Installing GroupShield for Exchange You can install GroupShield for Exchange manually or deploy it from ProtectionPilot. For post-installation tasks, see the GroupShield for Exchange product documentation. To install GroupShield for Exchange manually: a
Install GroupShield for Exchange. For instructions, see the GroupShield for Exchange product documentation. Put computers running GroupShield for Exchange under management. For instructions, see Putting existing McAfee products under management on page 45.
To deploy (send and install) GroupShield for Exchange from ProtectionPilot: a
Add the GroupShield for Exchange package (PkgCatalog.z) file to the server repository. For instructions, see Adding products to the server repository on page 51. Deploy GroupShield for Exchange to computers and put them under management. For instructions, see Deploying products to new computers and putting them under management on page 40.
Changing agent settings You can change the policy settings for the agent using the ProtectionPilot console. For instructions, see Changing agent policy settings on page 70. Changing GroupShield for Exchange settings You can control how each
managed product behaves on managed computers by changing its policy settings. For instructions, see Changing managed product policy settings on page 71. For information about each option, see the GroupShield for Exchange product documentation.
4 Updating GroupShield for Exchange You can update GroupShield for Exchange immediately by clicking Update under Management Tasks. You can also schedule updates to occur on a one-time or periodic basis. This task updates GroupShield for Exchange with the detection definition (DAT) files, scanning engine, service pack releases, and patch releases in the server repository. For instructions, see Performing scheduled updates on page 74.
Product Guide
147
Managing GroupShield for Exchange Scanning GroupShield for Exchange computers for possible infections You can perform scheduled scans of managed computers running GroupShield for Exchange. The Scan client task scans the computers using the task settings you specify. For instructions, see Performing scheduled scans (GroupShield for Exchange) on page 78. Receiving notification of incidents You can be notified whenever McAfee security products detect activity categorized at a certain priority level, such as critical or high. You pick the notification method that is most convenient and timely for you. For instructions, see Setting up the Alert Manager server on page 134, Sending notifications of alert messages on page 135, and Sending alert messages to the Alert Manager server on page 138.
148
Managing Earlier Versions of VirusScan
Use the steps that follow to manage product versions of the VirusScan software that are earlier than those deployed during installation. Although, you can manage and update VirusScan 4.5.1, Service Pack 1, you cannot deploy it to computers or upgrade it to VirusScan Enterprise from the ProtectionPilot console. If you want these versions to be considered compliant, see Defining the minimum compliance level on page 112.
To manage earlier versions of VirusScan:
1 Deploying (sending and installing) VirusScan Enterprise from ProtectionPilot: a
Add the VirusScan Enterprise package (PkgCatalog.z) file to the server repository. For instructions, see Adding products to the server repository on page 51. Deploy VirusScan Enterprise to computers and put them under management. For instructions, see Deploying products to new computers and putting them under management on page 40.
Changing agent settings You can change the policy settings for the agent using the ProtectionPilot console. For instructions, see Changing agent policy settings on page 70. Changing VirusScan settings You can control how each managed product behaves on managed computers by changing its policy settings. For instructions, see Changing managed product policy settings on page 71. For information about each option, see the VirusScan or VirusScan Enterprise product documentation. Updating VirusScan You can update the VirusScan software immediately by clicking Update under Management Tasks. You can also schedule updates to occur on a one-time or periodic basis. This task updates the VirusScan software with the detection definition (DAT) files, scanning engine, service pack releases, and patch releases in the server repository. For instructions, see Performing scheduled updates on page 74. Scanning VirusScan computers for possible infections You can have the VirusScan software scan computers immediately by clicking Scan under Management Tasks. You can also schedule this to occur on a one-time or periodic basis. For instructions, see Performing scheduled scans on page 76.
Product Guide
149
Managing Earlier Versions of VirusScan Receiving notification of incidents You can be notified whenever McAfee security products detect activity categorized at a certain priority level, such as critical or high. You pick the notification method that is most convenient and timely for you. For instructions on setting up the default alerting method, see Setting up the Alert Manager server on page 134, Sending notifications of alert messages on page 135, and Sending alert messages to the Alert Manager server on page 138. For instructions on setting up centralized alerting, see Setting up the Alert Manager server, Setting up a centralized alerting location, Sending notifications of alert messages, and Sending alert messages to a centralized alerting location under Receiving Notification of Incidents in the Help file.
150
Managing NetShield for NetWare

1
The management of NetShield for NetWare differs from that of other supported McAfee products. Use the steps that follow to manage NetShield for NetWare.
Installing the agent for NetWare You must install the agent for NetWare manually. This is required to put computers running NetShield for NetWare under management. For a list of the agent for NetWare requirements, see System Requirements in the ProtectionPilot Release Notes (ReadMe.txt). For instructions on installing the agent for NetWare, see the NetShield for NetWare product documentation. Changing agent for NetWare settings You can change the policy settings for the agent for NetWare using the ProtectionPilot console. For instructions, see Changing agent for NetWare policy settings in the Help file. Installing NetShield for NetWare Installing NetShield for NetWare is a manual process. For a list of the NetShield for NetWare server requirements and NetWare administrator computer requirements, see the NetShield for NetWare product documentation. For instructions on installing NetShield for NetWare, see the NetShield for NetWare product documentation. Changing NetShield for NetWare settings You can change the policy settings for NetShield for NetWare using the ProtectionPilot console. For instructions, see Changing managed product policy settings on page 71. For information about each option, see the NetShield for NetWare product documentation. Upgrading NetShield for NetWare Upgrading the software with service pack
and patch releases is a manual process. For instructions, see the NetShield for NetWare product documentation.
6 Updating NetShield for NetWare You can update the NetShield for NetWare software by scheduling the appropriate client tasks. For instructions, see Performing scheduled DAT updates (NetShield for NetWare) and Performing scheduled engine updates (NetShield for NetWare) in the Help file. Scanning NetShield for NetWare computers for possible infections You can scan computers running the NetShield for NetWare software for possible infections by scheduling the appropriate client tasks. For instructions, see Performing scheduled scans on page 76.
Product Guide
151
Managing NetShield for NetWare
152
Index
Symbols
.nap files (See extended policy pages), (See policy pages), 55 57 viewing, 100 agent repositories (See AutoUpdate repositories, creating on non-dedicated computers) agent system tray icon, defined, 70 agent-to-server communication interval (See ASCI) alert messages sending from NetShield for NetWare, 140 sending from VirusScan 4.5.1, 138 sending from VirusScan Enterprise, 139 alert messages (centralized alerting) sending from NetShield for NetWare (See the Help file) sending from VirusScan 4.5.1 (See the Help file) sending from VirusScan Enterprise (See the Help file) alerting sending alert messages to a centralized alerting location (See the Help file) sending alert messages to the Alert Manager server, 138 sending notifications of alert messages, 135 setting up a centralized alerting location (See the Help file) setting up the Alert Manager server, 134 AntiSpyware Enterprise standalone, managing, 145 AntiSpyware Enterprise, managing, 143 ASCI, defined, 71 audience for this manual, 11 AutoUpdate repositories creating on FTP servers, 124 creating on HTTP servers, 122 creating on non-dedicated computers, 121 creating using UNC shares, 125 download credentials, 121 modifying, 127 removing from management, 127 replicating to, 128 replication credentials, 121 specifying selection order (See the Help file)
A
agent cancelling connectivity checks, 96 changing settings, 70 criteria for manual installation (See the README file), 39 defined, 21 installing manually, 50 installing via Terminal Services (See the README file) making user interface accessible from managed computers, 70 restoring default settings, 72 system requirements (See the README file) testing connectivity, 96 uninstalling, 65 to 66 when manual upgrade is needed, 24 when maximum number of computers exceeded, 33 agent activity log files printing, 100 refreshing contents, 100 saving to a file, 100 viewing, 100 agent for NetWare changing settings (See the Help file) installing (See the NetShield for NetWare product documentation) system requirements (See the README file) agent installation log files printing, 100 refreshing contents, 100 saving to a file, 100
Product Guide
153
Index
system requirements for FTP servers, 124 system requirements for HTTP servers, 122 system requirements for non-dedicated computers, 121 system requirements for UNC shares, 125 when to use, 120 Avert Labs log file, viewing, 117 Avert Labs Threat Center, 14 Avert Labs Threat Library, 14 AvertLog.htm (See Avert Labs log file, 117
B
beta program website, 14
C
cleaned / blocked detection category, defined, 29 client tasks DAT updates, 74 DAT updates for NetShield for NetWare (See the Help file) deleting user-defined, 81 engine updates, 74 engine updates for NetShield for NetWare (See the Help file) modifying default on-demand scan, 79 modifying user-defined, 80 scheduled scans, 76 scheduled scans (GroupShield for Exchange), 78 client tasks log files printing, 100 refreshing contents, 100 saving to a file, 100 viewing, 100 common image (See system image) communication ports, changing, 115 compliance (See up-to-dateness) compliance categories, defined, 29 computers adding from system image, 51 cancelling connectivity checks, 96 deleting, 65 to 66 determining which are still infected or impacted, 30
moving to another group, 64 organizing, 62 putting under management automatically, 40 putting under management manually, 50 removing a group from management, 66 removing from management, 65 taking action on non-compliant computers, 96 testing connectivity, 96 updating from domains, 49 viewing properties, 101 viewing update history, 102 when maximum number exceeded, 33 when multiple have the same name, 34 configuration settings (See policy settings) console connecting via Terminal Services (See the README file) defined, 17 system requirements (See the README file) user interface, 18 conventions used in this manual, 12 customer service, contacting, 14
D
DAT files Avert Labs notification service for updates, 14 changing update frequency, 59 default updating setup, 23 downgrading (See the Help file) forcing immediate update, 58 immediate update from McAfee, 58 immediate update from the server repository, 58 latest retrieved from McAfee, 33 learning about new, 31 protection status, 27 scheduled updates, 74 scheduled updates for NetShield for NetWare (See the Help file) updates, website, 14 updating manually (See the Help file) updating using SuperDAT packages (See the Help file) version number, 28
154
Index
viewing update history, 102 database backing up (See the Help file) defined, 20 maintenance settings (See the Help file) restoring (See the Help file) system requirements (See the README file) default policy settings, restoring, 72 deleted detection category, defined, 29 deployment, definition, 51 detection categories, defined, 29 detection reports, printing, 92 detections impacted files, 86 learning about, 90 listing, 85 listing computers with the most, 30 listing the most prevalent, 30 printing, 92 reported on computers, 84 viewing by type, 87 viewing history, 88 distributed repositories (See AutoUpdate repositories) documentation for the product, 13 domain membership organizing computers by, 62 updating computers based on, 49 download credentials for AutoUpdate repositories, 121 download website, 14 downloading updates changing frequency, 59 default updating setup, 23 forcing immediately, 58 immediate update from McAfee, 58 latest retrieved from McAfee, 33 learning about new updates, 31 manually (See the Help file) scheduled updates, 74 scheduled updates for NetShield for NetWare (See the Help file) updating using SuperDAT packages (See the Help file)
E
engine changing update frequency, 59 default updating setup, 23 forcing immediate update, 58 immediate update from McAfee, 58 immediate update from the server repository, 58 latest retrieved from McAfee, 33 learning about new, 31 scheduled updates, 74 scheduled updates for NetShield for NetWare (See the Help file) updating manually (See the Help file) updating using SuperDAT packages (See the Help file) version number, 28 viewing update history, 102 error (failed) detection category, defined, 29 evaluating McAfee products, download website, 14 existing products, putting under management, 45 existing update locations, post-installation, 23 extended policy pages adding to the server repository, 57 definition , 57 EXTRA.DAT files, updating (See the Help file)
F
failed status in Security Threats data monitor, resolving, 36 feedback, providing on the software, 34 FrameSvc log files (See agent installation log files)
G
getting information, 11, 13 groups creating, 62 defined, 62 deleting, 66 moving computers between, 64 putting a group of computers under management automatically, 40
Product Guide
155
Index
removing a group of computers from management, 66 renaming, 64 GroupShield for Exchange, managing, 147
N
NaPrdMgr log files (See client tasks log files) NetShield for NetWare installing (See the NetShield for NetWare product documentation) managing, 151 upgrading (See the NetShield for NetWare product documentation) node (See computers), 33 Norton (See Symantec AntiVirus) not communicating compliance category changing the definition, 113 defined, 29 taking action on non-compliant computers, 96 notifications of alert messages email messages, 136 launching programs (See the Help file) logging to a file (See the Help file) network messages (See the Help file) network messages on Terminal Services (See the Help file) pager text messages, 136 print-outs (See the Help file) SNMP (See the Help file) Novell environment, post-installation, 24
H
history, viewing for updates, 102 HotFix and Patch releases (for products and security vulnerabilities), 14
I
IP address organizing computers by, 62 sorting computers by (See the Help file) IP settings adding (See the Help file) deleting (See the Help file) modifying (See the Help file) verifying integrity (See the Help file)
K
KnowledgeBase search, 14
L
limit to number of managed computers, 33 local database, defined, 20 log files agent activity, 100 agent installation, 100 Avert Lab, 117 client tasks, 100 server log, 116 updating activity (See the Help file) logical groupings, organizing computers using, Lost&Found moving computers from, 64
O
on-demand scanning modifying default on-demand scan client tasks, 79 performing immediately, 91 scheduling, 76 scheduling (GroupShield for Exchange), 78 out-of-date compliance category defined, 29 taking action on non-compliant computers, 96
62
M
managed computers (See computers) managed products (See products) management, defined, 15 manuals, 13 maximum number of managed computers, minimum compliance, defining, 112
P
package file, definition, 51 password, changing on the server, patch releases scheduled updates, 74 upgrading, 54 114
33
156
Index
upgrading NetShield for NetWare (See the NetShield for NetWare product documentation), 151 pending compliance category, defined, 29 PkgCatalog.z file, definition, 51 policies (See policy settings) policy enforcement interval, defined, 70 policy pages adding to the server repository, 55 definition , 55 policy settings agent settings defined, 70 changing agent, 70 changing agent for NetWare (See the Help file) changing product, 71 defined, 69 product settings defined (See the McAfee product documentation) restoring defaults product compliance (See up-to-dateness) product documentation, 13 product upgrades, 14 products adding to the server repository, 51 changing settings, 71 deploying to new computers, 40 handling restarts required for installations, 71 keeping up-to-date, 53 list of supported, 153 list of supported (See the README file, 15 policy settings defined (See the McAfee product documentation) putting existing products under management, 45 restoring default settings, 72 system requirements (See the product documentation for each McAfee product), 15 uninstalling, 64 upgrading, 54 version number, 28 viewing properties, 101 viewing update history, 102
when maximum number of managed computers exceeded, 33 professional services, McAfee resources, 14 program, starting after an update (See the Help file) properties, viewing computer and product, 101 protection status, defined, 27 ProtectionPilot, defined, 15 proxy settings for managed computers adding, 129 defining custom settings, 130 removing (See the Help file) using settings in Internet Explorer, 129 proxy settings for the server adding, 108 defining custom settings, 109 removing (See the Help file) using settings in Internet Explorer, 108 when needed, 24
Q
quarantine detection category, defined, 29
R
remote consoles defined, 17 system requirements (See the README file) user interface, 18 remote database, defined, 20 replication credentials for AutoUpdate repositories, 121 repositories (See AutoUpdate repositories) restore inheritance (See default policy settings)
S
scanning computers immediately, 91 modifying default on-demand scan client tasks, 79 scheduling, 76 scheduling (GroupShield for Exchange), 78 section, defined, 18 Security Headquarters (See Avert Labs) Security Threats data monitor defined, 18
Product Guide
157
Index
icons defined, 19 resolving failed status, 36 security updates, DAT files and engine, 14 security vulnerabilities, releases for, 14 server changing communication ports, 115 changing password, 114 changing the name, 116 defined, 16 managing via Terminal Services (See the README file) system requirements (See the README file) server activity (See server log file), 116 server events (See server log file), 116 server log file modifying the size, 117 printing, 116 refreshing contents, 116 saving to a file, 116 viewing, 116 server repository adding extended policy pages, 57 adding policy pages, 55 adding products, 51 viewing contents, 28 service pack releases scheduled updates, 74 upgrading, 54 upgrading NetShield for NetWare (See the NetShield for NetWare product documentation), 151 ServicePortal, technical support, 14 submit a sample, Avert Labs WebImmune, 14 supplemental virus definition files (See EXTRA.DAT files) supported products list (See the README file, 15 system requirements (See the product documentation for each McAfee product), 15 supported products, list of, 153 Symantec AntiVirus, replacing with VirusScan Enterprise (See the Help file) system image, adding computers from, 51
system requirements (See the README file and the product documentation for each McAfee product)
T
technical support, contacting, 14 Terminal Services, system requirements (See the README file) Threat Center (See Avert Labs) threat library, 14 threat notifications (See Avert Labs log file, 117 threats determining current protection status against, 32 learning about new, 31 managing notifications (See the Help file), 53 resolving failed status in Security Threats data monitor, 36 taking countermeasures against when protection pending, 33 viewing new and updated, 19 viewing notifications (See the Help file), 53 training, McAfee resources, 14 tree pane, defined, 18
U
update pending protection status, defined, 27 updates changing update frequency, 59 default updating setup, 23 downgrading DAT files (See the Help file) forcing immediate, 58 immediate update from McAfee, 58 immediate update from the server repository, 58 latest retrieved from McAfee, 33 learning about new, 31 scheduled updates, 74 scheduled updates for NetShield for NetWare (See the Help file) updating manually (See the Help file) updating using SuperDAT packages (See the Help file) viewing history, 102 updating activity log files, creating (See the Help file) upgrade website, 14
158
Index
upgrades scheduled updates, 74 upgrading immediately, 54 upgrading NetShield for NetWare (See the NetShield for NetWare product documentation), 151 up-to-date compliance category, defined, 29 up-to-date protection status, defined, 27 up-to-dateness defined, 26 defining compliance, 112 user interface, defined, 18
V
variables, defined (See the Help file) version numbers, viewing, 28 Virus Information Library (See Avert Labs Threat Library) VirusScan, managing earlier versions, 149
W
warnings detection category, defined, 29 WebImmune, Avert Labs Threat Center, 14 Windows Firewall exceptions adding, 111 when needed on the server, 24 workgroup membership, organizing computers by, 62
Product Guide
159
Index
160
700-1379-00
Copyright 2006 McAfee, Inc. All Rights Reserved.
mcafee.com

Protection Pilot

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Protection Pilot

Hochgeladen von

Copyright:

Verfügbare Formate

Product Guide

Maximum Protection. Simple Administration.

McAfee System Protection

Maximum Protection. Simple Administration.

McAfee System Protection

LICENSE INFORMATION License Agreement

Issued June 2006 / McAfee ProtectionPilot software

2 Getting Started with ProtectionPilot . . . . . . . . . . . . . . . . . . . . . . 23

3 Making Sure Computers are Managed and Protected . . . . . . . . 39

4 Keeping Products Up-To-Date . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

7 Scheduling Client Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

9 Resolving Compliance Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

10 Managing the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

A Managing AutoUpdate Repositories . . . . . . . . . . . . . . . . . . . . . 119

B Receiving Notification of Incidents . . . . . . . . . . . . . . . . . . . . . . 133

Type the User name and Password of the desired account.

Run this command on the computer:

In the tree pane under ePolicy Orchestrator, right-click <SERVER>.

Download Site http://www.mcafee.com/us/downloads/

Technical Support http://www.mcafee.com/us/support/

Maximum number of managed computers

Using the console

to go back to the page that you last viewed.

to open the Help file. Descriptions of the options on the current

Security Threats data monitor

Unread Notifications The number of unread threat notifications is listed. Once

you mark a notification as read, it is no longer counted here.

Figure 1-5. Local database

Managed Computer Agent Managed Products

Getting Started with ProtectionPilot

What to do after installation

Automatic DAT and engine updates

Existing update locations (first-time installation only)

Getting Started with ProtectionPilot

Manual upgrade of the agent (upgrade only)

Proxy settings for the server

Windows Firewall exceptions on the server

Answers to common questions

Answers to common questions

Getting Started with ProtectionPilot

How is up-to-dateness defined?

Answers to common questions

Do I have the most current DAT and engine files available?

the most current ones.

Figure 2-1. Viewing DAT and engine protection status

Getting Started with ProtectionPilot

Whats my current level of protection?

To view the version numbers of all products:

Answers to common questions

Are my computers up-to-date?

Have there been any detections lately?

Getting Started with ProtectionPilot

Are any of my computers still infected or impacted?

Which computers have the most detections?

Figure 2-5. Viewing computers with the most detections

What are the most prevalent detections?

Answers to common questions

Figure 2-6. Viewing the most prevalent detections

Are there any new threats or updates?

Figure 2-7. Viewing the number of unread threat notifications

Getting Started with ProtectionPilot

Am I already protected against new threats?

Answers to common questions

When did I get the latest updates?