Sie sind auf Seite 1von 5

Datenblatt McAfee Produktschulung

McAfee Produktschulung TRN-SYS-TCL5-Z2

VirusScan 8.5i, Anti-Spyware 8.5 & ePolicy Orchestrator 4.0


In diesem Kurs werden Installation, Konfiguration und Wartung von McAfee VirusScan Enterprise 8.5i, McAfee AntiSpyware Enterprise 8.5 und McAfee ePolicy Orchestrator 4.0 ausgiebig erlutert und praxisnah vermittelt. Anhand detaillierter praktischer bungen erlernen die Teilnehmer den Einsatz der leistungsstarken erweiterten Funktionen von VirusScan Enterprise 8.5i und sind anschlieend ebenfalls in der Lage, mit ePolicy Orchestrator 4.0 eine Anti-Viren-Lsung fr das gesamte Unternehmen bereitzustellen, zu verwalten und zu warten.
McAfee ePolicy Orchestrator McAfee Foundstone

Entwickeln eines Verstndnisses fr das Sichern von Freigaben (Shares), Dateien und Verzeichnissen Blockieren unerwnschter Programme wie Spyware und Adware Konfigurieren und Ausfhren von Aktualisierungen und Spiegelungen (Mirrors) Describe the components and features of McAfee ePolicy Orchestrator (ePO) Beschreiben der Komponenten und Funktionen von McAfee ePolicy Orchestrator (ePO) Ermitteln der Installationsvoraussetzungen und Erfassen der Bereitstellungsoptionen Installieren eines ePolicy Orchestrator-Servers Anmelden bei der webbasierten ePolicy Orchestrator-Konsole und Verwenden der Benutzeroberflche Erstellen und Verwenden von benannten Richtlinienobjekten sowie Anwenden der Vererbung Entwerfen und Erstellen der Systemstruktur sowie Entwickeln eines Verstndnisses von Gruppen- und Berechtigungsrichtlinien sowie der Benutzerauthentifizierung Definieren des McAfee Agent und Beschreiben der Interaktion mit dem ePO-Server Erstellen, Bereitstellen und Verwalten von ePO-Ablagen Hinzufgen von Produkten und Software-Updates zu Ablagen Bereitstellen und Verwalten von VirusScan Enterprise 8.5i mit dem ePOAgent Verstehen und Konfigurieren des globalen Aktualisierens und Verwalten von globalen Updates Ausfhren von Abfragen fr die ePolicy Orchestrator-Berichtsdatenbank und Erstellen individueller Abfragen Verstehen der Wartungs- und Sicherungsanforderungen von ePolicy Orchestrator

McAfee Foundstone

Network and System Protection Products McAfee ePolicy Orchestrator McAfee Foundstone McAfee Policy Enforcer

Vorkenntnisse
Alle Teilnehmer sollten bereits vor Kursbeginn ber fundierte Grundkenntnisse ber Viren und Anti-Viren-Technologie verfgen.

bungen
Alle Themen werden durch praktische bungen ergnzt, in denen die erworbenen Kenntnisse vertieft werden sollen. Dabei werden die praktischen Grundkenntnisse vermittelt, die zur Installation, Konfiguration und Wartung von McAfee Anti-Viren-Produkten erforderlich sind.

Kursunterlagen
Kurshandbuch

Kursdauer
Fnf Tage

Kursinhalte
Installieren, Reparieren und Entfernen von Virus Scan Enterprise 8.5i Verwenden der Virus Scan-Konsole Konfigurieren von Scanvorgngen bei Zugriff (on access), auf Anforderung (on demand) sowie fr E-Mails Unterscheiden zwischen Scanvorgngen bei Prozessen mit hohem und niedrigem Risiko Untersuchen von Buffer-Overflow-Eigenschaften Untersuchen und Aktivieren von Port-Sperrregeln

Empfohlene Anschlusskurse
In den folgenden Kursen werden zentrale Kenntnisse und Ferigkeiten hinsichtlich der Anti-Viren-Technologie vermittelt: McAfee Host Intrusion Prevention System Essentials (TRN-SYS-TCL4-Z2) McAfee IntruShield Essentials (TRN-NET-TCL5-Z2)

McAfee Produktschulung TRN-SYS-TCL5-Z2

Course Outline
Security Risk Management with ePolicy Orchestrator The four stages in risk management Feature management and product management Components, architecture and communication Installation Deployment options Server and database sizing Requirements for Hardware and software Port requirements The installation process Upgrade considerations Post-installation considerations Lab: Creating a SQL 2005 account Lab: Installing ePO 4.0.0 Lab: Verify services on the ePO server The Web-based Console and Dashboards Web-based Console Login Root Certificate Import Viewing the Server Version Number Console Tabs and buttons Dashboards Setting up Dashboards and Behavior Creating Dashboards Active Dashboards Recommendations Lab: Configure the Security Certificate settings. Create a Dashboard monitor, set a Dashboard monitor, create multiple Dashboard monitors, and set a Dashboard monitor to Public access ePO Permission Sets and Users The Configuration tab Permission Sets Global Administrator Which permission do I need? List of Permissions ePO User Accounts Managing Accounts Giving Users Permissions to Dashboards Personal Settings Lab: Create a Windows user account and verify that the account has been created correctly Lab: To create and edit a new permission set. Test the new Permission set on a new ePO user account. Active Directory Synchronization Domain Synchronization Lab: Log on to the ePO Console and add sub groups to the ePO System Tree Lab: To configure a new permission set to administrate Group2. Assign and test the permission set to an ePO user account

Populating the System Tree Adding Systems manually to an existing group Importing systems from a text file Deploying the agent whilst creating the system tree Active Directory discovery Domain Synchronization Lab: Text import of systems Lab: Configure an Active Directory Synchronization Mapping point in the System Tree and import Systems Lab: Use the Active Directory Synchronization task to remove systems and import new systems Lab: Deploy the Agent while populating the ePO server Applying Tags and Sorting the System Tree Understanding Tags Tags and how they work Tags and permissions Working with tags Tag Catalog Creating Tags with the Tag Builder Some Powerful uses of tags All systems with the Tag Page Excluding systems from Automatic Tagging Applying tags to selected systems Applying Criteria-based tags to all matching systems Applying Criteria-based tags on a schedule Sorting Systems in the ePO System Tree Criteria-based Sorting IP Address Sorting Criteria Sorting Options Tags and Systems with similar characteristics, Tag-based sorting criteria, Group order and sorting, Catch-all groups System tree sorting settings on the ePO server Sorting Systems manually Moving systems manually with the system tree Organization systems for management Lab: Configure a basic tag and apply it to the managed clients and verify the results Lab: Configure an automated task for assigning tags Lab: Configure a complex criteria tag that is applied on every agent communication interval. Assign this tag and IP sorting in the System tree and verify the sorting The Policy Catalog & Managing Policies What is a policy The Policy Catalog Accessing the Policy Catalog Viewing Policies Where Policies are Displayed Creating a New Policy Duplicating a Policy

Creating the System Tree The Organization Environmental Borders Methods of Organizing the ePO System Tree System Tree Concepts Lost & Found Group Inheritance Creating your System Tree Administrator Access The Group Tab Creating Groups

McAfee Produktschulung TRN-SYS-TCL5-Z2

Editing a Policy Renaming or Deleting a Named Policy Exporting a Policy Importing a Policy Changing the Owner of a Policy Managing Policy Assignment Policy settings page Viewing a Policy Assignment Assigning a Policy to a Group in the System Tree Assigning a policy to a managed system or to multiple managed systems within a group Enforcing a Policy Viewing Assignment where Policy enforcement is disabled Copying and pasting policy assignments Locking assignment and enforcement Assignment and inheritance Viewing and resetting inheritance When policies are enforced Lab: Examine the Policy Catalog, create new policy objects, and assign the policy objects Lab: Examining machine properties Lab: Observing agent event collection Lab: Viewing & understanding VirusScan properties Lab: Duplicate & modify the ePO agent policy Lab: Assignment and inheritance Lab: Uploading events

Agent Policies, System Details, and Client Tasks Agent Policy: General Policy Agent Policy: Event Policy Agent Policy: Logging Policy Agent Policy: Repositories Policy Agent Policy: Updates Policy Agent Policy: Proxy Policy Systems Tab Systems Details Systems Information Tag Catalog System Details Client Tasks Editing a task to block inheritance View and reset Inheritance Tasks VirusScan On-Demand Scan Task Agent Update Task Considerations when creating client update tasks Lab: Create a duplicate of the Agent Policy currently assigned to your ePO server. Assign this new policy to your server and change this policy Lab: View system properties available for your ePO server. View and examine the property settings relating to the Agent policy. View the VirusScan property settings through ePO. Lab: Generate some test viruses and observe how the agent stores and sends event information Lab: to configure a task and change the inheritance of the task on a group and a system. Verify the broken inheritance. Reset the broken inheritance and verify success. The McAfee Agent Overview The common framework Requirements Files and directories Log files

When to analyze each log file Installing the Agent Installing agents through an ePO Push Local installation of the Agent Managed installation of the Agent Scripted Agent installation Enabling the Agent on unmanaged McAfee Products Creating a custom agent installation package Imaged installation of the Agent Understanding how the Agent GUID is used by the ePolicy Orchestrator server Maintaining the Agent Upgrading the Agent CMA version 3.6.0 Important considerations for upgrading the Agent Removing the Agent Inactive Agent Cleanup task Overview of the Agent Communications Agent-to-Server communications Agent Communication Typical Agent-to-server communication Interval (ASCI) Agent-to-server communications process Agent-to-Product communications Forcing Agent Activity from the server Locating the Agent node using DNS Forcing Agent Activity from the Client Locating the ePO server using DNS Viewing the Agent Log SuperAgent Functionality & Requirements SuperAgent Wakeup Call Agents for other platforms Lab: Examine the ePO agent log file using Windows Explorer, Internet Explorer, and the ePolicy Orchestrator Agent Monitor Lab: Invoke activity at the Agent machine using the CMDAGENT utility. Monitor the activity at the agent by viewing the agent log file. Lab: Determine the agent configuration both locally and remotely without using the ePO server

Managing Product Maintenance with ePO Repositories Repositories overview Repository pre-requisites and system requirements Master, distributed, source and fallback repositories Creating repositories Exporting/Importing the Sitelist.xml file Creating the SuperAgent Distributed Repository Managing software in a repository Extensions and Adding Product Extensions Pull and replication tasks Sample topologies Global updating and the SuperAgent Deployment Task Ensuring access to the source site Signature updates Engine updates Additional updates The McAfee Internet sites The CommonUpdater Current Directory Size of Repository Updates Troubleshooting Server task logs Lab: Create a new Source Repository Lab: Create a pull task

McAfee Produktschulung TRN-SYS-TCL5-Z2

Lab: Adding the VSE 8.5i install files to the repository Lab: Adding MASE 8.5 install files and Extensions to the repository Lab: Deploying VirusScan using ePO Lab: Updating VSE from the closest repository Lab: Create a Super Agent and UNC-based distributed Repository Lab: Create a customized replication task Lab: Using global updating Lab: Trigger a global update

Lab: Source repository for your ePO Server Lab: pull task to populate your ePO Master repository with files from the Source repository Lab: Agent Update task to update the DATs and signatures onto the ePO managed systems.

Notifications MyAVERT Threat Notification Threat details Configuring the MyAvert update frequency and proxy settings The Notification Process Notification methods, variables and rules Notification rules and System Tree scenarios Default rules Determining how events are forwarded Setting up ePO Notifications Giving users appropriate permissions to Notifications Working with SNMP servers Working with registered executables and external commands Rule Creation Notification log Lab: Configure the VSE policy for SMTP Lab: Outlook client configuration Lab: Configure the agent policy Lab: Create a notification rule Lab: Generate a virus outbreak with eicar test virus Reporting with Queries Querying the database Queries Tab Public and Personal Queries Query Permissions Multi-server Roll-up Querying Registering ePO Servers Creating a Data Roll up server task Working with queries Creating custom queries Running an existing query Running a query on a schedule Making personal queries public Duplicating queries Sharing a query between ePO servers Query Builder Chart types Table columns Filters Unsaved query Running an existing query Running a query on a schedule Making personal queries public Duplicating queries Exporting query results to other formats Default queries Known issues Printing and Exporting Lab: Add sample data to your database by adding a demo extension to the ePO server Lab: Configure the deployment task to install VirusScan & AntiSpyware and verify the successful deployment.

Upgrading to ePO 4.0.0 Requirements for an ePO upgrade to ePO 4.0.0 Changes to policies, tasks, products, and user accounts with an upgrade Considerations for an upgrade Methods and procedure of an upgrade How to migrate the events Lab: Upgrade an ePO server 3.6.1 to ePO version 4.0.0. Lab: Configure the Security Certificate settings for the ePO console and event migration

Performance and Availability options How to Query the ePO database How to use the Query Builder to create your own queries Actionable queries Multi-server roll-up querying Default queries and what they display Query Permissions Lab: Create a custom Query with the Query builder Lab: Use ePO queries and familiarize yourself with the information available Lab: Create queries for public access

Maintenance, Monitoring, & Utilities Server tasks Allowed Cron Syntax when scheduling a server task Server settings: Security Keys Working with security keys Using ASSC keys in multi-server environments Viewing systems that use an ASSC key pair Making an ASSC key pair the master Deleting ASSC keys Using master repository keys in multi-server environments Backing up and restoring security keys Viewing and changing communication ports The Audit Log The Event Log Database Maintenance SQL Server agent SQL Maintenance Configuring ePO and SQL authentication The backup and restore process Archiving Data Monitoring the ePO server Log files Performance Monitor Counters Utilities Changing the SQL Server information Configuring VirusScan Enterprise OAS policies Describe Installation requirements for VSE 8.5i Describe the Local and Policy Configuration Policy Categories On-Access Scanner On-Access General Policies

McAfee Produktschulung TRN-SYS-TCL5-Z2

Describe how to create policies for VirusScan 8.5i in ePO Understand the High-Risk, Low-Risk, & Default processes

Configuring Access Protection VirusScan 8.5i Policies Access Protection policies Protection levels Maximum Protection options To include or exclude processes for access protection rules User defined rules MASE Anti-Spyware Access Protection rules Port Blocking Properties File/folder protection Registry blocking rule VirusScan self-protection Purpose and application of rules Creating rules What happens when an access violation occurs? Lab: Create and test a port blocking rule Lab: Configure and test the File, Share, and Folder Protection rules Lab: Configure and test the McAfee VirusScan self protection Buffer Overflow, PUP & Quarantine Policies Buffer Overflow policies Buffer overflow exclusion

Buffer overflow limitations Unwanted Programs policies MASE 8.5 changes to VSE Excluding Unwanted Programs User-defined detection Quarantine Manager policies Quarantine Process View items in the quarantine Lab: To configure and test unwanted programs policy Lab: To configure and manage the Quarantine Manager Policy and quarantined items in the Quarantine Policy

VSE Tasks VSE Tasks Deployment task Mirror task Update task Restore From Quarantine On-demand scan Anti-Spyware Changes to On-Demand Scanner Testing VirusScan Lab: Create an On-demand scan task for all systems running VirusScan 8.5 VSE Troubleshooting Configure Session Settings Default VSE Log file Directory Performance issues The Minimum Escalation Requirements Tool Anatomy of a successful update Troubleshooting failed updates Troubleshooting using WireShark Quarantine Fails for Files in Temporary Internet Files

61104