Your SlideShare is downloading. ×
McAfee Security 1.0 User Guide
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

McAfee Security 1.0 User Guide

1,187
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,187
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. McAfee Security 1.0 User Guide
  • 2. COPYRIGHT Copyright © 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. License Attributions Refer to the product Release Notes. 2 McAfee Security software version 1.0 User Guide
  • 3. Contents Introducing McAfee Security 1.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 How McAfee Security works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Types of protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 New features in this release. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Installing and managing McAfee Security on standalone computers. . . . . . . . . . . . . . . . 9 Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Methods of installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Standard installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Command-line (silent) installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Testing your installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Testing the Anti-malware feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Testing the Application Protection feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Testing the Desktop Firewall feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Uninstalling McAfee Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Integrating McAfee Security with McAfee ePolicy Orchestrator 4.0. . . . . . . . . . . . . . . . 14 Deploying McAfee Security using ePolicy Orchestrator 4.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Checking-in the McAfee Agent and McAfee Security package to ePolicy Orchestrator 4.0. . . . . . . . 14 Installing McAfee Agent on client computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Installing McAfee Security extensions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Installing McAfee Security on client computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Setting policies using ePolicy Orchestrator 4.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Creating policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Enforcing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Scheduling tasks using ePolicy Orchestrator 4.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 On-demand scan task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Removing McAfee Security using ePolicy Orchestrator 4.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Removing McAfee Security from the client computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Removing McAfee Security extensions from the ePolicy Orchestrator server. . . . . . . . . . . . . . . . . . . 18 Integrating McAfee Security with McAfee ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . 19 Deploying McAfee Security using ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Checking-in the McAfee Agent and McAfee Security package to ePolicy Orchestrator 4.5. . . . . . . . 19 McAfee Security software version 1.0 User Guide 3
  • 4. Contents Installing McAfee Agent on client computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Installing McAfee Security extensions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Installing McAfee Security on client computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Setting policies using ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Creating policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Enforcing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Scheduling tasks using ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 On-demand scan task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Removing McAfee Security using ePolicy Orchestrator 4.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Removing McAfee Security from the client computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Removing extensions from the ePolicy Orchestrator server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Launching McAfee Security Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Dashboard with the latest events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 History of all events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Quarantining malware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Default activities in McAfee Security Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Update Now. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Scan Now. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Configuring scan tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Creating a new scan task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Modifying an existing scan task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Deleting a scan task. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Configuring McAfee Security Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 General Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Configuring Anti-malware Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Configuring On-access Scan Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Configuring On-demand Scan Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Specifying Anti-malware Exclusions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Configuring Application Protection Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Configuring Application Protection Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Specifying Application Protection Exclusions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Configuring Desktop Firewall Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Configuring Desktop Firewall Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Specifying Trusted Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Enhanced Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Update Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Default Preferences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 4 McAfee Security software version 1.0 User Guide
  • 5. Contents Help option in the menu bar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 McAfee Security software version 1.0 User Guide 5
  • 6. Introducing McAfee Security 1.0 McAfee Security 1.0 safeguards your Mac from malware, prevents execution of unwanted applications, and denies unauthorized network access. Topics covered in this chapter are: Contents How McAfee Security works Types of protection New features in this release How McAfee Security works McAfee Security is suite-based and offers enhanced security for your Mac. In addition to anti-virus, it now includes anti-spyware, desktop firewall, and application protection features. McAfee Security integrates with your Mac OS and works in real-time to detect malware. It scans files, folders, local or network mounted volumes, and other items for potentially unwanted code and notifies you in case of malware detections. Scanning takes place every time you create or access an item. You can also schedule scans to run immediately, at a particular time, or at regular intervals. Central to your McAfee Security software are the McAfee Security scanning engine and the malware definition files (DATs). The engine is a complex data analyzer. It identifies the type of the item being scanned and decodes the content of that object to understand what the item is. It then scans items on your Mac comparing them with all known signatures stored in the DAT files. The DAT files contain a great deal of information including thousands of different drivers; each of which contain detailed instructions on how to identify malware (based on their signatures). Additionally, you can configure application protection rules to prevent unwanted applications from executing or from accessing the incoming and/or outgoing network connections. For example, you can set rules such that the iTunes application can be launched (executed) and used for recreational purposes but cannot be used to access the Internet for downloading music. You can also specify path-based application exclusions to exclude applications from these rules. McAfee Security also monitors network communications and allows or denies access to specific networks/hosts/IP addresses based on the firewall rules you configure. You can also specify trusted networks in groups to exclude them from these rules. Types of protection McAfee Security provides the following protections: 6 McAfee Security software version 1.0 User Guide
  • 7. Introducing McAfee Security 1.0 New features in this release Protection feature Description Protection from malware Safeguards your Mac from viruses, spyware, Trojan horses, potentially unwanted programs, and other malware. Desktop firewall protection Allows or denies access from/to a specific network/IP/host based on a set of configured rules. Application protection Prevents applications on your Mac from: • execution (launch). • accessing the incoming or outgoing network connection. New features in this release New features of McAfee Security includes: Core features Option Definition Desktop firewall protection McAfee Security can allow or deny unauthorized access to specific networks,subnets, hosts, or IP addresses based on the firewall rules you configure. TIP: For more information, refer to the Configuring Desktop Firewall Preferences section. Application protection McAfee Security can prevent the execution of unwanted applications and/or restrict network access to them based on the application protection rules you configure. TIP: For more information, refer to the Configuring Application Protection Preferences section. Protection from spyware McAfee Security scans your Mac to ensure it is free from spyware. McAfee menulet for easy access of McAfee Click the McAfee menulet to launch McAfee Security Console, Security McAfee Security Preferences, and the About dialog box. TIP: For more information, refer to the Menulet options section. Enhanced dashboard McAfee Security offers an enhanced dashboard that displays the security status and the latest anti-malware and application protection events. TIP: For more information, refer to the Dashboard section. History of all events The History screen displays all anti-malware and application protection events. Click History on the left pane of the McAfee Security console to view all anti-malware and application protection events. TIP: For more information, refer to the History of all events section. Quarantine malware McAfee Security quarantines malware (or suspected malware-like behavior) to a location you specified while installing McAfee Security, so that the item cannot be opened or executed. TIP: For more information, refer to the Quarantining malware section. McAfee Security software version 1.0 User Guide 7
  • 8. Introducing McAfee Security 1.0 New features in this release Option Definition Enhanced notification and alert mechanisms You are notified of malware detections (resulting from on-access scan), prevention of application execution, and denial of network access to an application in the McAfee Notification screen. McAfee Security displays the McAfee Alert screen if an unknown or modified application tries to execute when you set the corresponding application protection setting as Prompt. In this case, you are prompted to select an appropriate action. ePolicy Orchestrator manageability You can deploy and manage McAfee Security across multiple client (optional) computers using McAfee ePolicy Orchestrator 4.0 or later. Additional features Support for: • Specifying extended set of primary and secondary actions for on-access and on-demand scans. • Specifying regular expression based exclusions for on-access and on-demand scans separately. • Specifying desktop firewall trusted networks. • Whitelisting applications based on their locations. • Running multiple on-demand scans immediately at the same time. • Scheduling multiple on-demand scans to run simultaneously. • Enhanced MER tool for collecting diagnostic data of the software. 8 McAfee Security software version 1.0 User Guide
  • 9. Installing and managing McAfee Security on standalone computers McAfee Security can be installed on standalone systems using the standard installation or command-line (silent) installation method. Topics covered in this chapter are: Contents Prerequisites Methods of installation Testing your installation Uninstalling McAfee Security Prerequisites Hardware requirements Option Definition Processor Intel or PowerPC RAM 1 GB or higher Software requirements Option Definition Disk space Minimum 300 MB of free disk space (500 MB recommended) Operating system • Mac OS X Leopard 10.5 or later • Mac OS X Tiger 10.4.6 or later Methods of installation You can install McAfee Security using one of the following methods: Tasks Standard installation Command-line (silent) installation McAfee Security software version 1.0 User Guide 9
  • 10. Installing and managing McAfee Security on standalone computers Methods of installation Standard installation Standard installation includes installing McAfee Security by running the user interface installer. During standard installation, a wizard appears leading the installation process through a series of instructions you must follow. Prerequisite: You must have administrator rights to install McAfee Security. 1 Download McAfee Security for Mac-1.0-<release-type>-<build-number>.dmg to your desktop and double-click it to mount. 2 Double-click McAfee Security.mpkg. The Welcome to the McAfee Security Installer screen appears. 3 Click Continue and follow the on-screen instructions to install the software. NOTE: The installer places the McAfee Security application in /Applications. Command-line (silent) installation Command-line installation involves installing McAfee Security locally on a computer without the need for user intervention. 1 Download McAfee Security for Mac-1.0-<release-type>-<build-number>.dmg to your desktop. 2 Locate the McAfee Security.mpkg file in the DMG file downloaded from the McAfee website, then save it to a temporary location. 3 Open the Terminal window and change the working directory to the one where you saved the McAfee Security.mpkg file. 4 Type the following command and press return: sudo installer -pkg McAfeeSecurity.mpkg –target / 5 Type the administrator password when prompted and press return. A message appears when the installation is complete. Menulet options After McAfee Security is installed, you can click the McAfee menulet to launch: • McAfee Security Console — To view the five latest product events, security status of your Mac, status of on-accessing scanning, spyware scanning, desktop firewall, application protection, instance of the last anti-malware update, history of all product events, quarantined malware, and configure manual updates/scans. • McAfee Security Preferences — To configure the general, anti-malware, desktop firewall, application protection, and update preferences (settings). • About dialog box — To get the following information: • Version (and build) information of McAfee Security. • Anti-malware information that includes the version (and build) information, Engine version, DAT version, and the DAT creation date. • Version (and build) information of application protection. • Version (and build) information of desktop firewall. 10 McAfee Security software version 1.0 User Guide
  • 11. Installing and managing McAfee Security on standalone computers Testing your installation Testing your installation To test your installation, perform the following instructions in this section. If these tests are successful, you are ready to start using McAfee Security. Prerequisite: You must have administrator rights to test the application protection and the desktop firewall feature. Tasks Testing the Anti-malware feature Testing the Application Protection feature Testing the Desktop Firewall feature Testing the Anti-malware feature You can test McAfee Security by using the European Institute of Computer Anti-Virus Research (EICAR) standard anti-virus test file. This file is a combined effort by anti-virus vendors throughout the world to implement one standard by which customers can verify their anti-virus software. 1 Go to the EICAR.ORG website http://www.eicar.org and download the anti-virus test file Eicar.com. 2 Run the on-demand scanner on the downloaded ZIP file. McAfee Security will report finding the EICAR test file. Testing the Application Protection feature Use this task to test the Application Protection feature of McAfee Security. Consider a scenario where you want to prevent iTunes from execution. 1 Click the McAfee menulet on the status bar, then select McAfee Security Preferences. Alternatively, you can launch the McAfee Security Console, click McAfee Security on the status bar, then select Preferences. NOTE: For instructions on launching the McAfee Security Console, see the Launching McAfee Security Console section. 2 Click Application Protection. Click the lock to make changes, type your administrator password, then click OK. The application protection preferences will have default settings. TIP: For more information about the application protection default settings, see the Default preferences section. 3 In Rules, click + at the bottom left corner of the console to create an application protection rule to prevent iTunes from executing. 4 In Application Name, browse and add iTunes located in Finder | Applications. 5 In Action, select Deny Execution, then click OK to return to the Rules screen. 6 Launch Finder, go to Applications, double-click iTunes. The following message appears in McAfee Notification screen. McAfee Security software version 1.0 User Guide 11
  • 12. Installing and managing McAfee Security on standalone computers Uninstalling McAfee Security NOTE: For further information on configuring application protection preferences, see the Configuring Application Protection Preferences section in the McAfee Security Preferences chapter. Testing the Desktop Firewall feature Use this task to test the Desktop Firewall feature of McAfee Security. Consider a scenario where you want to deny accessing any IP address from your system. 1 Click the McAfee menulet on the status bar, then select McAfee Security Preferences. Alternatively, you can launch the McAfee Security Console, click McAfee Security on the status bar, then select Preferences. NOTE: For instructions on launching the McAfee Security Console, see the Launching McAfee Security Console section. 2 Click Desktop Firewall. Click the lock, type your administrator password, then click OK. The desktop firewall preferences will have default settings. TIP: For more information about the desktop firewall default settings, see the Default preferences section. 3 In Rules, click Custom, then click + at the bottom left corner of the console to create a desktop firewall rule. 4 Type a Rule Name, select Deny as Action, IP as Protocol, Both as Direction of the network connection, and select an active network Interface as required. 5 In IP address, Subnet or Network, select Me as the source IP and Any as the destination IP address for which the access must be denied, then click OK to return to the Rules screen. Access to any IP address from your system is blocked. Uninstalling McAfee Security You can uninstall McAfee Security from Finder or through command-line. Prerequisites: You must have administrator rights to uninstall McAfee Security. 12 McAfee Security software version 1.0 User Guide
  • 13. Installing and managing McAfee Security on standalone computers Uninstalling McAfee Security Uninstalling McAfee Security from Finder 1 Launch Finder, go to Applications, then double-click McAfeeSecurityUninstaller. 2 Type the administrator password when prompted and press return. Uninstalling McAfee Security through command-line 1 In the Terminal window, type the following command and press return. /usr/local/McAfee/uninstallMSC 2 When prompted, type your password and press return. When the uninstallation process completes, the Terminal displays a message stating that McAfee Security is uninstalled from your Mac. McAfee Security software version 1.0 User Guide 13
  • 14. Integrating McAfee Security with McAfee ePolicy Orchestrator 4.0 This chapter describes how to configure McAfee Security using McAfee ePolicy Orchestrator management software version 4.0. To use this chapter effectively, you need to be familiar with ePolicy Orchestrator 4.0. McAfee ePolicy Orchestrator 4.0 provides a scalable platform for centralized policy management and enforcement on your McAfee security products and systems on which they reside. It also provides comprehensive reporting and product deployment capabilities; all through a single point of control. NOTE: This document does not provide detailed information about installing or using ePolicy Orchestrator software. See the McAfee ePolicy Orchestrator 4.0 product documentation for more information. Topics covered in this chapter are: Deploying McAfee Security using ePolicy Orchestrator 4.0 Scheduling tasks using ePolicy Orchestrator 4.0 Removing McAfee Security using ePolicy Orchestrator 4.0 Deploying McAfee Security using ePolicy Orchestrator 4.0 Topics covered in this section are: Installing McAfee Agent on client computers Installing McAfee Security extensions Installing McAfee Security on client computers Checking-in the McAfee Agent and McAfee Security package to ePolicy Orchestrator 4.0 You can check-in the McAfee Agent package and McAfee Security package from the Repository page. Repository is the central location for all McAfee updates residing on the ePolicy Orchestrator server. It retrieves user-specified updates from the McAfee site or user-defined source sites. 1 Copy the MSA-MAC 4.0.0 Build <build number> Package #4 (ENU-LICENSED-RELEASE-PATCH1).zip and McAfee Security for Mac-1.0-ePO-<build number>.zip files to a temporary location of your ePolicy Orchestrator computer. 2 Using an administrator account, log on to the ePolicy Orchestrator server. 14 McAfee Security software version 1.0 User Guide
  • 15. Integrating McAfee Security with McAfee ePolicy Orchestrator 4.0 Deploying McAfee Security using ePolicy Orchestrator 4.0 3 Click Software | Check in Package. The Check In Package page appears. 4 Select the Package type as Product or Update (.ZIP). Browse in File path to locate and check-in the MSA-MAC 4.0.0 Build <build number> Package #4 (ENU-LICENSED-RELEASE-PATCH1).zip file. 5 Click Next. The Package Options page appears with the package information. 6 Click Save. NOTE: Repeat the same steps and in step 4, check-in the McAfee Security package McAfee Security for Mac-1.0-ePO-<build number>.zip. Installing McAfee Agent on client computers After checking-in the McAfee Agent package to the ePolicy Orchestrator server 4.0, you should manually install McAfee Agent 4.0 on the client computers. 1 Copy install.sh file from the following location to the client computer(s): <ePO install directory>DBSoftwareCurrentEPOAGENT3700MACXInstall0409 2 Type sh install.sh -i in the Terminal window and press return. To upgrade the agent, you can type sh install.sh -u in the Terminal window and press return. Prerequisite: You must log on as a root user to execute the sh install.sh command. The sh.install.sh file is created automatically after you check-in the Agent package in to the ePolicy Orchestrator server. Installing McAfee Security extensions 1 Copy the McAfee_Security_for_Mac_Anti_malware_AVAS.zip to a temporary location of your ePolicy Orchestrator computer. 2 Using an administrator account, log on to the ePolicy Orchestrator server. 3 Click Configuration | Extensions | Install Extension. The Install Extension dialog box appears. 4 Click Browse to install the anti-virus extension file McAfee_Security_for_Mac_Anti_malware_AVAS.zip, then click OK. 5 Click OK. NOTE: Repeat the same steps to install the following extensions: • McAfee_Security_for_Mac_Desktop_Firewall.zip (Desktop Firewall policy extension) • McAfee_Security_for_Mac_Application_Protection.zip (Application Protection policy extension) • McAfee_Security_for_Mac_Reports.zip (Reports extension) Installing McAfee Security on client computers 1 Log on to the ePolicy Orchestrator server as an administrator. 2 Click Systems, select the required system(s), click Client Tasks tab, then New Task. The Client Task Builder page appears. McAfee Security software version 1.0 User Guide 15
  • 16. Integrating McAfee Security with McAfee ePolicy Orchestrator 4.0 Setting policies using ePolicy Orchestrator 4.0 3 In Description, type a Name, Notes (optional), select the Type as Product Deployment (McAfee Agent), then click Next. 4 In Configuration, select Mac as Target Platforms, McAfee Security for Mac 1.0 as Products and components, and Install as Action, then click Next. 5 Schedule the task to run immediately or as required, then click Next to view a summary of the task. 6 Click Save, then send an agent wake-up call. Setting policies using ePolicy Orchestrator 4.0 You can create, edit, delete and enforce policies to a specific group/system(s) in the System Tree. Creating policies Enforcing policies Creating policies 1 Log on to the ePolicy Orchestrator server as an administrator. 2 Click Systems | System Tree and choose a desired group/system(s). 3 Click Policies, select the following options from the Product drop-down list. • McAfee Security for Mac 1.0.0:Application Protection • McAfee Security for Mac 1.0.0:Desktop Firewall • McAfee Security for Mac 9.0.0:Anti-malware A list of policies managed by the chosen point product appears in the lower pane. 4 Locate a policy category, then click Edit Assignment. The Policy assignment for My Organization page appears. 5 Click New policy. The Create a new policy dialog box appears. Choose McAfee Default or My Default as required. NOTE: The McAfee Default policy is read-only and cannot be edited, renamed, or deleted. 6 Type a New policy name, then click OK. 7 Configure the anti-malware, desktop firewall, and/or application protection preferences as required, then click Save. 8 Click Save again. Enforcing policies You can enforce a policy to multiple managed nodes within a group. 1 Log on to the ePolicy Orchestrator server as an administrator. 2 Click Systems. In System Tree, select the required system(s). 3 Click Modify Policies on a Single System. 4 Select the required Product, click the policy link, and configure the appropriate policy as required. 16 McAfee Security software version 1.0 User Guide
  • 17. Integrating McAfee Security with McAfee ePolicy Orchestrator 4.0 Scheduling tasks using ePolicy Orchestrator 4.0 5 Click Save, then Close. 6 Send an agent wake-up call. NOTE: In step 2, if you select group(s): 1 Click the Policies tab, select the required Product, click the policy link, and configure the appropriate policy as required. 2 Click Save. 3 Send an agent wake-up call. Scheduling tasks using ePolicy Orchestrator 4.0 ePolicy Orchestrator allows you to create, schedule and maintain client tasks that run on the managed systems. You can define client tasks for the entire System Tree, a specific group, or an individual system. On-demand scan task You can schedule multiple on-demand scan tasks to run immediately, at specific times, or at regularly-scheduled intervals across managed nodes. 1 Log on to the ePolicy Orchestrator server as an administrator. 2 Click Systems | System Tree | Client Tasks. 3 Select the desired group in the System Tree for which you want to create the on-demand scan task. 4 Click New Task. The Client Task Builder page appears. 5 Under Description, type a Name and Notes (optional) for the on-demand scan task. 6 Select On Demand Scan (McAfee Security for Mac 9.0.0:Anti-malware) as the Type of the task and click Next. 7 In Configuration, add the file(s) to be scanned. 8 Click Next and schedule the task as desired 9 Click Next to view the summary of the on-demand scan task. 10 Click Save, then send an agent wake-up call. Removing McAfee Security using ePolicy Orchestrator 4.0 This section provides instructions to uninstall McAfee Security from the client computers and remove the extensions from the ePolicy Orchestrator server. Removing McAfee Security from the client computers Removing McAfee Security extensions from the ePolicy Orchestrator server McAfee Security software version 1.0 User Guide 17
  • 18. Integrating McAfee Security with McAfee ePolicy Orchestrator 4.0 Removing McAfee Security using ePolicy Orchestrator 4.0 Removing McAfee Security from the client computers 1 Click Systems, select the required system(s), click Client Tasks tab, then New Task. The Client Task Builder page appears. 2 In Description, type a Name, Notes (optional), select the Type as Product Deployment (McAfee Agent), then click Next. 3 In Configuration, select Mac as Target Platforms, McAfee Security for Mac 1.0 as Products and components, Install as Remove and an appropriate Language, then click Next. 4 Schedule the task to run immediately or as required, then click Next to view a summary of the task. 5 Click Save, then send an agent wake-up call. Removing McAfee Security extensions from the ePolicy Orchestrator server 1 Log on to the ePolicy Orchestrator server as an administrator. 2 Click Configuration | Extensions. 3 Select the following extension files (one at a time), then click Remove. • McAfee Security for Mac 1.0.0:Application Protection • McAfee Security for Mac 1.0.0:Desktop Firewall • McAfee Security for Mac 9.0.0:Anti-malware • McAfee Security for Mac Reports 4 Select the option Force removal, bypassing any checks or errors. NOTE: This step is not mandatory, but recommended. 5 Click OK. 18 McAfee Security software version 1.0 User Guide
  • 19. Integrating McAfee Security with McAfee ePolicy Orchestrator 4.5 This chapter describes how to configure McAfee Security using McAfee ePolicy Orchestrator management software version 4.5. To use this chapter effectively, you need to be familiar with ePolicy Orchestrator 4.5. McAfee ePolicy Orchestrator 4.5 provides a scalable platform for centralized policy management and enforcement on your McAfee security products and systems on which they reside. It also provides comprehensive reporting and product deployment capabilities; all through a single point of control. NOTE: This document does not provide detailed information about installing or using ePolicy Orchestrator software. See the McAfee ePolicy Orchestrator 4.5 product documentation for more information. Topics covered in this chapter are: Contents Deploying McAfee Security using ePolicy Orchestrator 4.5 Setting policies using ePolicy Orchestrator 4.5 Scheduling tasks using ePolicy Orchestrator 4.5 Removing McAfee Security using ePolicy Orchestrator 4.5 Deploying McAfee Security using ePolicy Orchestrator 4.5 Topics covered in this section are: Contents Installing McAfee Agent on client computers Installing McAfee Security extensions Installing McAfee Security on client computers Checking-in the McAfee Agent and McAfee Security package to ePolicy Orchestrator 4.5 You can check-in the Agent package and McAfee Security package from the Packages in Master Repository page. McAfee Security software version 1.0 User Guide 19
  • 20. Integrating McAfee Security with McAfee ePolicy Orchestrator 4.5 Deploying McAfee Security using ePolicy Orchestrator 4.5 1 Copy the MSA-MAC 4.0.0 Build <build number> Package #4 (ENU-LICENSED-RELEASE-PATCH1).zip and McAfee Security for Mac-1.0-ePO-<build number>.zip files (from the ePO Server Components folder) to a temporary location of your ePolicy Orchestrator computer. 2 Log on to the ePolicy Orchestrator server as an administrator. 3 Click Menu | Software | Master Repository. The Packages in Master Repository page appears. 4 Click Actions | Check In Package. The Package page appears. 5 Select the Package type as Product or Update (.ZIP). Browse in File path to locate and check-in the MSA-MAC 4.0.0 Build <build number> Package #4 (ENU-LICENSED-RELEASE-PATCH1).zip file. 6 Click Next. The Package Options page appears with the package information. 7 Click Save. NOTE: Repeat the same steps and check-in the McAfee Security package McAfee Security for Mac-1.0-ePO-<build number>.zip. Installing McAfee Agent on client computers After checking-in the McAfee Agent package to the ePolicy Orchestrator server 4.5, you must manually install McAfee Agent 4.0 on the client computers. 1 Copy install.sh file from the following location to the client computer. <ePO install directory>DBSoftwareCurrentEPOAGENT3700MACXInstall0409 2 Type sh install.sh -i in the Terminal window and press return. To upgrade the agent, you can type sh install.sh -u in the Terminal window and press return. Important: You must log on as a root user to execute the sh.install.sh command. The sh.install.sh file is created automatically after you check-in the Agent package in to the ePolicy Orchestrator server. Installing McAfee Security extensions 1 Copy the McAfee_Security_for_Mac_Anti_malware_AVAS.zip to a temporary location of your ePolicy Orchestrator computer. 2 Log on to the ePolicy Orchestrator server as an administrator. 3 Click Menu | Software | Extensions | Install Extension. The Install Extension dialog box appears. 4 Click Browse to install the anti-virus extension file McAfee_Security_for_Mac_Anti_malware_AVAS.zip, then click OK. 5 Click OK. NOTE: Repeat the same steps to install the following extensions: • McAfee_Security_for_Mac_Desktop_Firewall.zip (Desktop Firewall policy extension) • McAfee_Security_for_Mac_Application_Protection.zip (Application Protection policy extension) 20 McAfee Security software version 1.0 User Guide
  • 21. Integrating McAfee Security with McAfee ePolicy Orchestrator 4.5 Setting policies using ePolicy Orchestrator 4.5 • McAfee_Security_for_Mac_Reports.zip (Report extension) Installing McAfee Security on client computers 1 Log on to the ePolicy Orchestrator server as an administrator. 2 Click Menu | Systems | System Tree, then select the systems from on you want to install McAfee Security. 3 Click Client Tasks | Actions | New Task. The Client Task Builder page appears. 4 In Description, type a Name, Notes (optional), select the Type as Product Deployment, then click Next. 5 In Configuration, select Mac as Target Platforms, McAfee Security for Mac 1.0 as Products and components, Install as Action and the appropriate Language, then click Next. 6 Schedule the task to run immediately or as required, then click Next to view a summary of the task. 7 Click Save, then send an agent wake-up call. Setting policies using ePolicy Orchestrator 4.5 The ePolicy Orchestrator console allows you to enforce policies across mutliple Macs. These policies override configurations set on individual Macs. For information regarding policies and how they are enforced, see the McAfee ePolicy Orchestrator 4.5 Product Guide. After you have modified the appropriate policies and saved the changes for the intended computer or group of computers, you are ready to deploy new settings via the McAfee Agent. You can create, edit, delete, or assign a policy to a specific group/system. Creating policies Enforcing policies Creating policies You can create, edit, delete, or assign a policy to a specific group in the System Tree. 1 Log on to the ePolicy Orchestrator server as an administrator. 2 Click Menu | Systems | System Tree | Assigned Policies. 3 Select the following options (one at a time) from the Product drop-down list: • McAfee Security for Mac 1.0.0:Application Protection • McAfee Security for Mac 1.0.0:Desktop Firewall • McAfee Security for Mac 9.0.0:Anti-malware A list of policies managed by the chosen point product appears in the lower pane. 4 Locate the required policy, then click Edit Assignment. 5 Click New policy or Edit policy as required. The Create a new policy dialog box appears. Choose McAfee Default or My Default as required. NOTE: The McAfee Default policy is read-only and cannot be edited, renamed, or deleted. 6 Type a New policy name, then click OK. McAfee Security software version 1.0 User Guide 21
  • 22. Integrating McAfee Security with McAfee ePolicy Orchestrator 4.5 Scheduling tasks using ePolicy Orchestrator 4.5 7 Configure the anti-malware, desktop firewall, and/or application protection preferences as required (based on the option you selected in step 3), then click Save. 8 Click Save again. Enforcing policies 1 Log on to the ePolicy Orchestrator server as an administrator. 2 Click Menu | Systems | System Tree select the required system(s). 3 Click Actions | Agent | Modify Policies on a Single System. 4 Select the required Product, click the policy link, and configure the appropriate policy as required. 5 Click Save, then Close. 6 Send an agent wake-up call. NOTE: In step 2, if you select group(s): 1 Click the Assigned Policies tab, select the required Product, click the policy link, and configure the appropriate policy as required. 2 Click Save. 3 Send an agent wake-up call. Scheduling tasks using ePolicy Orchestrator 4.5 ePolicy Orchestrator allows you to create, schedule and maintain client tasks that run on the managed systems. You can define client tasks for the entire System Tree, a specific group, or an individual system. On-demand scan task You can schedule multiple on-demand scan tasks to run immediately, at specific times, or at regularly-scheduled intervals across managed nodes. 1 Log on to the ePolicy Orchestrator server as an administrator. 2 Click Menu | Systems | System Tree and select a required group or system(s). 3 Click Client Task | Actions | New Task. The Client Task Builder page appears. 4 In Description, type a Name and Notes (optional) for the on-demand scan task. 5 Select On Demand Scan (McAfee Security for Mac 9.0.0:Anti-malware) as the Type of the task and click Next. 6 In Configuration, add the file(s) to be scanned. 7 Click Next and schedule the task as desired 8 Click Next to view the summary of the on-demand scan task. 9 Click Save, then send an agent wake-up call. 22 McAfee Security software version 1.0 User Guide
  • 23. Integrating McAfee Security with McAfee ePolicy Orchestrator 4.5 Removing McAfee Security using ePolicy Orchestrator 4.5 Removing McAfee Security using ePolicy Orchestrator 4.5 This section provides instructions to uninstall McAfee Security from the client computers and remove the extensions from the ePolicy Orchestrator server. Removing McAfee Security from the client computers Removing extensions from the ePolicy Orchestrator server Removing McAfee Security from the client computers 1 Log on to the ePolicy Orchestrator server as an administrator. 2 Click Menu | Systems | System Tree, then select the systems from which you want to uninstall McAfee Security. 3 Click Client Tasks | Actions | New Task. The Client Task Builder page appears. 4 In Description, type a Name, Notes (optional), select the Type as Product Deployment, then click Next. 5 In Configuration, select Mac as Target Platforms, McAfee Security for Mac 1.0 as Products and components, Remove as Action and the appropriate Language, then click Next. 6 Schedule the task to run immediately or as required, then click Next to view a summary of the task. 7 Click Save, then send an agent wake-up call. Removing extensions from the ePolicy Orchestrator server 1 Log on to the ePolicy Orchestrator server as an administrator. 2 Click Menu | Software | Extensions. 3 Click McAfee Security for Mac on the left pane. 4 Click the Remove link of the product extensions. 5 Select the option Force removal, bypassing any checks or errors, then click OK. NOTE: This step is not mandatory, but recommended. 6 Click OK. McAfee Security software version 1.0 User Guide 23
  • 24. Launching McAfee Security Console You can launch McAfee Security Console using one of the following methods: • Click the McAfee menulet on your status bar, then select McAfee Security Console. • Launch Finder, go to Applications, then double-click McAfee Security. From the left pane of the console, you can navigate to the enhanced McAfee Security Dashboard, History screen displaying all product events, Quarantine screen that provides information on quarantined items, and the Update Now and Scan Now activities. Topics covered in this chapter are: Contents Dashboard with the latest events History of all events Quarantining malware Default activities in McAfee Security Console Configuring scan tasks Dashboard with the latest events Dashboard is the default screen that comes up when you launch McAfee Security Console. McAfee Security has an enhanced dashboard that displays: • Five latest events related to scanning, anti-malware updates, prevention of application execution, and denial of network access to applications. • Status of your Mac security, on-access scanning, spyware scanning, application protection, and desktop firewall. • Instance of the last anti-malware update. 24 McAfee Security software version 1.0 User Guide
  • 25. Launching McAfee Security Console History of all events History of all events The History screen displays all anti-malware and application protection events. You can use the arrows at the bottom of the console to navigate through multiple History pages. McAfee Security software version 1.0 User Guide 25
  • 26. Launching McAfee Security Console Quarantining malware Viewing event details Double-click an event to view its details. Alternatively, you can click an event, click History on the McAfee Security menu bar, then select View Details. A dialog box appears providing the event details. Click to close the dialog box. The events mainly include: • Anti-malware Update — Double-clicking this event displays a dialog box that provides information on the DAT version, Engine version, and the status of the update. • Blocked (Network access) — Double-clicking this event displays a dialog box that provides information on the IP and Port for which the access was denied, type of connection, path of the application for which the network access was blocked, and the protocol involved in the operation. • Blocked (Application execution) — Double-clicking this event displays a dialog box that provides the path of the application that was prevented from execution. • On-access Scan — Double-clicking this event displays a dialog box that provides information on the process that accessed the item, status of the scan (whether an item was detected or not), total number of detected items, name and location of the infected files, and the action taken when they were detected. • On-demand Scan — Double-clicking this event displays a dialog box that provides information on the number of files that were and were not scanned, name and location of the infected files, and the action taken when they were detected. Sorting events To sort events alphabetically, click the column headers on the screen. Alternatively, you can click History on the McAfee Security menu bar, select Arrange By, then select Event, Type, or Date & Time as required. Removing events To remove an event, click the event, then click Delete (or press delete). You can also select multiple events, then click Delete (or press delete). To delete all the events from the History screen, click History on the McAfee Security menu bar, then select Clear history. NOTE: You must have administrator rights delete event(s) or clear the history of events. Quarantining malware The quarantine functionality enforces an item (suspected of containing malware) to isolate to a quarantine location that you specified while installing McAfee Security, so that the item cannot be opened or executed. The Quarantine screen displays the original location of items that are quarantined and the instance when they were quarantined. You can use the arrows at the bottom of the console to navigate through multiple Quarantine pages. 26 McAfee Security software version 1.0 User Guide
  • 27. Launching McAfee Security Console Default activities in McAfee Security Console Restoring and deleting quarantined item Select a path and click Restore to restore the item to its original location. Click Delete (or press delete) to remove the quarantined item. NOTE: You must have administrator rights to restore or delete a quarantined item. Default activities in McAfee Security Console On launching the McAfee Security console, you can use the following default activities: Update Now Scan Now Update Now This option helps you manually run an Update to keep your Mac up-to-date with the latest anti-malware DAT and Engine. 1 Click Update Now on the left pane of the console. Alternatively, you can click Activity | Start Anti-malware Update from the McAfee Security menu bar. 2 Click Start Update to initiate the anti-malware update task. After the update process is complete, the details of the update process are displayed, which includes the latest DAT and Engine versions, status of the last update, and the DAT creation date. TIP: You can view the details of the Update task on the History screen. McAfee Security software version 1.0 User Guide 27
  • 28. Launching McAfee Security Console Configuring scan tasks Scan Now This option helps you scan specific files, folders, local or network mounted volumes, and other items on your Mac immediately. 1 Click Scan Now on the left pane of the console. 2 In the What to scan section, select the items from the drop-down menu. Click + to include more items to be scanned. Alternatively, you can drag-and-drop files for scanning. 3 Click Start Scan. A progress bar appears indicating the items being scanned. After scanning completes, a summary of the scan task is displayed, which includes the number of items scanned and threats detected. TIP: You can view the details of the scan task on the History screen. Configuring scan tasks Use the following instructions in this section to create, modify, and delete scan tasks. Tasks Creating a new scan task Modifying an existing scan task Deleting a scan task Creating a new scan task Use this task to create and run regular scan operations as required. 1 Launch the McAfee Security Console. NOTE: For instructions, see the Launching McAfee Security Console section. 2 Click + on the bottom left corner of the McAfee Security console. Alternatively, you can press command + N or you can click Activity | New Activity on the McAfee Security menu bar. 3 Type a Scan Name, then click Create. The scan task name appears on the left pane. 4 In the What to scan section, select the items from the drop-down menu. Alternatively, you can drag-and-drop items for scanning. 5 In the When to scan section, select an appropriate schedule for the scan task. NOTE: If you select to scan items immediately, click Start Scan. 6 Click Schedule Scan. A message appears stating that the scan task is scheduled. 7 Click OK. Modifying an existing scan task Use this task to modify an existing scan task. 1 Click on an existing scan task name on the left pane of the console. 28 McAfee Security software version 1.0 User Guide
  • 29. Launching McAfee Security Console Configuring scan tasks 2 If the existing scan task is: • Scheduled task — Click Modify Task , select the required items for scanning, re-schedule the scan as required, then click Schedule Scan. • Scheduled to run immediately — To run this task immediately, select the required items for scanning, then click Start Scan. • Scheduled to run immediately — To re-schedule this task, select the required items for scanning, then click Schedule Scan. Deleting a scan task Use this task to delete a scan task. 1 Click on an existing scan task name on the left pane of the console. 2 Perform one of the following steps: • Click - on the left bottom corner of the console. • Click Activity | Delete Activity from the McAfee Security menu bar. • Press delete. McAfee Security software version 1.0 User Guide 29
  • 30. Configuring McAfee Security Preferences McAfee Security preferences enable you to configure the anti-malware, application protection, desktop firewall, and update preferences. Prerequisite: You must have administrator rights to configure McAfee Security preferences. Topics covered in this chapter are: Contents General Preferences Configuring Anti-malware Preferences Configuring Application Protection Preferences Configuring Desktop Firewall Preferences Enhanced Reports Update Preferences Default Preferences Help option in the menu bar General Preferences General preferences allow you to enable or disable the on-access scan, spyware scan, application protection, and desktop firewall protection features. 1 Click the McAfee menulet on the status bar, then select McAfee Security Preferences. Alternatively, you can launch the McAfee Security Console, then perform one of the following instructions: • Click McAfee Security on the menu bar, then select Preferences. • Press Command+, The General screen appears. NOTE: For instructions on launching the McAfee Security console, see the Launching McAfee Security console section. 2 Click the lock to make changes. Type your administrator password when prompted, then click OK. 3 Click ON or OFF to enable or disable the following features: • On-access Scan • Spyware Scan • Application Protection • Desktop Firewall 30 McAfee Security software version 1.0 User Guide
  • 31. Configuring McAfee Security Preferences Configuring Anti-malware Preferences Configuring Anti-malware Preferences Anti-malware preferences enable you to configure the on-access scan and on-demand scan preferences, and specify items to be excluded from scanning. You can even specify regular expression based exclusions for on-access and on-demand scanning separately. NOTE: Click Reset to reset the anti-malware preferences to their default values. To configure the anti-malware preferences, perform the following instructions in this section. Configuring On-access Scan Preferences Configuring On-demand Scan Preferences Specifying Anti-malware Exclusions Configuring On-access Scan Preferences Use this task to configure on-access scan preferences. On-access scan consistently monitors all items for malware. On-access scanning takes place whenever an item is read from the disk, written to the disk (or both) based on the configured preferences. 1 Click the McAfee menulet on the status bar, then select McAfee Security Preferences. Alternatively, you can launch the McAfee Security Console, then perform one of the following instructions: • Click McAfee Security on the menu bar, then select Preferences. • Press Command+, 2 Click Anti-malware. NOTE: By default, the On-access Scan preferences screen is displayed. 3 To configure the on-access scan preferences, click the lock, type your administrator password, then click OK. The on-access scan preferences will have default settings. McAfee Security software version 1.0 User Guide 31
  • 32. Configuring McAfee Security Preferences Configuring Anti-malware Preferences 4 Use the following options to configure the on-access scan preferences: • From the Scan files while drop-down menu, select one of the following options: • Read — To scan items that are only being read from the hard disk. • Write — To scan items when they are written to the hard disk. • Read & Write — To scan items that are being read from or written to the hard disk. • In Maximum scan time (in seconds), specify a time after which the scanning of each file terminates. The minimum and maximum values you can specify are 10 and 999 seconds respectively. Default value is 45 seconds. • From the When a virus is found or When a spyware is found drop-down menu, select one of the following options: • Clean — To clean (repair) the virus/spyware. If you select this option, the If clean fails drop-down menu appears, which provides you the options to quarantine or delete the item (infected with virus/spyware) or notify you of the virus/spyware detection, when the cleaning process fails. • Quarantine — To quarantine the item containing virus/spyware. If you select this option, the If quarantine fails drop-down menu appears, which provides you the options to delete the item (infected with virus/spyware) or notify you of the virus/spyware detection, when the quarantine process fails. • Delete — To delete the item containing virus/spyware. • Notify — To notify you in case of a virus/spyware detection (no other actions being taken). • You can also enable scanning for: 32 McAfee Security software version 1.0 User Guide
  • 33. Configuring McAfee Security Preferences Configuring Anti-malware Preferences • Archives & Compressed Files • Apple Mail Messages • Network Volumes Configuring On-demand Scan Preferences Use this task to configure on-demand scan preferences. You can schedule on-demand scans to run immediately, at a particular time, or at regular intervals. 1 Click the McAfee menulet on the status bar, then select McAfee Security Preferences. Alternatively, you can launch the McAfee Security Console, then perform one of the following instructions: • Click McAfee Security on the menu bar, then select Preferences. • Press Command+, 2 Click Anti-malware. 3 Click On-demand Scan. 4 To configure the on-demand scan preferences, click the lock, type your administrator password, then click OK. The on-demand scan preferences will have default settings. 5 Use the following options to configure the on-demand scan preferences: • From the When a virus is found or When a spyware is found drop-down menu, select one of the following options: • Clean — To clean (repair) the virus/spyware. If you select this option, the If clean fails drop-down menu appears, which provides you the options to quarantine or McAfee Security software version 1.0 User Guide 33
  • 34. Configuring McAfee Security Preferences Configuring Application Protection Preferences delete the item (infected with virus/spyware) or notify you of the virus/spyware detection, when the cleaning process fails. • Quarantine — To quarantine the item containing virus/spyware. If you select this option, the If quarantine fails drop-down menu appears, which provides you the options to delete the item (infected with virus/spyware) or notify you of the virus/spyware detection, when the quarantine process fails. • Delete — To delete the item containing virus/spyware. • Notify — To notify you in case of a virus/spyware detection (no other actions being taken). • You can also enable or disable scanning for: • Archives & Compressed Files • Apple Mail Messages Specifying Anti-malware Exclusions Use this task to specify anti-malware exclusions. You can exclude specific items from being scanned. 1 Click the McAfee menulet on the status bar, then select McAfee Security Preferences. Alternatively, you can launch the McAfee Security Console, then perform one of the following instructions: • Click McAfee Security on the menu bar, then select Preferences. • Press Command+, 2 Click Anti-malware then click Exclusions. 3 Click the lock to make changes. Type your administrator password when prompted, then click OK. 4 Click + at the bottom left corner of the screen. The Set Exclusions screen appears allowing you to select and add items to the exclusion list. 5 Select the required items, then click OK to return to the Exclusions screen. 6 Select or deselect the On-access Scan and/or On-demand Scan options as required. By default, both options are enabled so that the items are excluded from both the scans. NOTE: To modify the path/item of an existing exclusion, double-click it in the corresponding cell. The path/item becomes editable. Specify the new path/item. You can also specify regular expression based exclusions. To delete an exclusion, select it, then click - at the bottom left corner of the screen (or press delete). Configuring Application Protection Preferences Application Protection preferences enable you configure rules to prevent the execution of unwanted applications and/or deny network access to specific applications. You can exclude specific applications from these rules. NOTE: Application Protection preferences support only Mach-O executable binaries and not scripts or Rosetta based applications. 34 McAfee Security software version 1.0 User Guide
  • 35. Configuring McAfee Security Preferences Configuring Application Protection Preferences To configure the application protection preferences, perform the following instructions in this section. Configuring Application Protection Rules Specifying Application Protection Exclusions Configuring Application Protection Rules Use this task to configure application protection preferences. Using McAfee Security, you can prevent specific applications from execution or from accessing the network connection. 1 Click the McAfee menulet on the status bar, then select McAfee Security Preferences. Alternatively, you can launch the McAfee Security Console, then perform one of the following instructions: • Click McAfee Security on the menu bar, then select Preferences. • Press Command+, 2 Click Application Protection. 3 To configure the application protection preferences, click the lock, type your administrator password, then click OK. The application protection preferences will have default settings. 4 In Rules, use the following options to configure the application protection preferences: • Select or deselect the Allow All Apple Signed Binaries as required. McAfee Security software version 1.0 User Guide 35
  • 36. Configuring McAfee Security Preferences Configuring Application Protection Preferences • Select Allow, Deny, or Prompt from the Unknown/Modified Applications drop-down menu for configuring the application execution and network access settings for all unknown and modified applications. NOTE: If you select Prompt for <n> seconds (minimum and maximum value of 'n' being 10 and 300 respectively) and try launching an unknown and modified application, the McAfee Alert screen appears for <n> seconds prompting you to select an appropriate action for the application execution that must be applicable Always or Once. The available actions are: • Allow execution with full network access — To allow the application to execute and access the network. • Allow execution without network access — To allow the application only to execute and deny network access to it. • Deny execution — To prevent the application execution. Creating an Application Protection Rule 1 Click + at the bottom left corner of the console. 2 In Application Name, browse and add an application/binary. 3 In Action, select one of the following options as required: • Allow Execution With Full Network Access • Allow Execution Without Network Access • Allow Execution With Restricted Network Access • Deny Execution 4 If you select Allow Execution With Restricted Network Access, you can click + on the bottom left corner of the Application Protection screen and specify a Protocol, IP Address/Subnet, Port/Range, and the Direction of network that can be allowed or denied (in Action). NOTE: If you do not click + to add these options, network access for the selected application/binary is denied. 5 Click OK to return to the Rules screen. Modifying an existing Application Protection Rule (To restrict network access) 1 For an existing rule, click on the cell below Action, select Allow Execution With Restricted Network Access, then click + at the bottom left corner of the console. 2 In Application Protection screen, you can again select the required Action. However, you cannot re-select the Application Name. 3 Click + on the bottom left corner of the Application Protection screen and specify a Protocol, IP Address/Subnet, Port/Range, and the Direction of network that can be allowed or denied (in Action). 4 Click OK to return to the Rules screen. NOTE: To delete a rule, select it then click - (or press delete). 36 McAfee Security software version 1.0 User Guide
  • 37. Configuring McAfee Security Preferences Configuring Desktop Firewall Preferences Specifying Application Protection Exclusions Use this task to configure application protection exclusions. You can exclude path-based applications from the application protection rules. The Exclusions option overrides the application protection rules you create. 1 Click the McAfee menulet on the status bar, then select McAfee Security Preferences. Alternatively, you can launch the McAfee Security Console, then perform one of the following instructions: • Click McAfee Security on the menu bar, then select Preferences. • Press Command+, 2 Click Application Protection. 3 To specify application protection exclusions, click the lock, type your administrator password, then click OK. 4 Click Exclusions. 5 Click + at the bottom left corner of the screen to add an exclusion. 6 From the list, add the path of the application(s) you want to exclude from the application protection rule(s), then click Open. NOTE: To delete an exclusion, press delete. Configuring Desktop Firewall Preferences Desktop Firewall preferences enable you to configure rules to prevent unauthorized access to networks/subnet/IP addresses. You can exclude trusted networks (in groups) from these rules. To configure the desktop firewall preferences, perform the following instructions in this section. Configuring Desktop Firewall Rules Specifying Trusted Networks Configuring Desktop Firewall Rules Use this task to configure desktop firewall preferences. Desktop Firewall monitors network traffic and allows or restricts access to specific networks or IP addresses. 1 Click the McAfee menulet on the status bar, then select McAfee Security Preferences. Alternatively, you can launch the McAfee Security Console, then perform one of the following instructions: • Click McAfee Security on the menu bar, then select Preferences. • Press Command+, 2 Click Desktop Firewall. 3 To configure the desktop firewall preferences, click the lock, type your administrator password, then click OK. The desktop firewall preferences will have default settings. The Rules screen opens with Allow all Connections as the default configuration. 4 Use the following options to configure the firewall preferences: • Allow All Connections — Select this option to allow all network connections. McAfee Security software version 1.0 User Guide 37
  • 38. Configuring McAfee Security Preferences Configuring Desktop Firewall Preferences • Deny — Select this option to deny incoming and/or outgoing network connection. • Custom — Selecting this option enables you to add custom firewall rules. 5 If you select Custom in step 4, click + at the bottom left corner of the screen to add a rule. 6 Type a rule name. 7 In General, select an Action, Protocol, Direction of the network connection, and a network Interface for the rule from the drop-down lists. 8 In IP address, Subnet or Network, select the source and destination IP address/subnet/network and the port/port range for which the access must be provided or denied. 9 Click OK. NOTE: To configure advanced firewall settings, click Advanced, select or deselect the following options, then click OK: • Firewall logging • Stealth mode • Block unknown traffic By default, all options are deselected. Editing rules Double-click the rule, then perform step 6 to 9. You can also click on the cell below Action or Direction to change the settings directly on the Rules screen. Prioritizing and deleting rules You can also use: • -: to delete an existing desktop firewall rule. Select a repository, click - on the bottom left corner of the screen (or press delete). • ^ v: to prioritize rules. 10 Click the McAfee menulet on the status bar, then select McAfee Security Preferences. Alternatively, you can launch the McAfee Security Console, then perform one of the following instructions: • Click McAfee Security on the menu bar, then select Preferences. • Press Command+, Specifying Trusted Networks Use this task to exclude groups of trusted networks from the firewall rules. NOTE: You can configure a minimum of 50 groups and 15 IP addresses per group. 1 Click the McAfee menulet on the status bar, then select McAfee Security Preferences. Alternatively, you can launch the McAfee Security Console, then perform one of the following instructions: • Click McAfee Security on the menu bar, then select Preferences. • Press Command+, 2 Click Desktop Firewall. 38 McAfee Security software version 1.0 User Guide
  • 39. Configuring McAfee Security Preferences Enhanced Reports 3 Click the lock to make changes. Type your administrator password when prompted, then click OK. By default, the Rules screen opens. 4 Click Trusted Networks. Two panes are displayed beside each other; one for specifying groups and the other for specifying IP/subnet address(es)/host name(s) in a group. 5 Click + in the Groups pane to specify a trusted group, then type a group name. 6 Select the group, then click + in the IP/Subnet Address/Host Name pane to add the trusted IP/subnet addresses, or host names to be excluded from the firewall rules. Enhanced Reports McAfee Security creates reports in enhanced McAfee Alert and McAfee Notification screens. McAfee Alert McAfee Security displays a McAfee Alert screen if an unknown or modified application tries to execute when the application protection rule is set as Prompt. In this case, you are prompted to select an appropriate action that must be applicable Always or Once as shown in the following figure. McAfee Security software version 1.0 User Guide 39
  • 40. Configuring McAfee Security Preferences Update Preferences If you select Always, a new rule is added for that application in the Rules screen of the Application Protection Preferences. McAfee Notification McAfee Security notifies you of the following scenarios in an enhanced McAfee Notification screen: • Malware detected during on-access scanning. (Click the caret to find the detection details). • Prevention of application execution. • Denial of network access to an application. Update Preferences McAfee Security is configured to access the McAfee FTP server, HTTP server and/or a local repository to download the latest DAT files. After installing McAfee Security, it automatically connects to a FTP, HTTP and/or a local repository (that you have configured) to download and update your DAT files while you are connected to the Internet. If your organization uses proxy servers to connect to the Internet for retrieving packages, you can use the Proxy Settings tab. 1 Click the McAfee menulet on the status bar, then select McAfee Security Preferences. Alternatively, you can launch the McAfee Security Console, then perform one of the following instructions: • Click McAfee Security on the menu bar, then select Preferences. • Press Command+, 2 Click Update. 40 McAfee Security software version 1.0 User Guide
  • 41. Configuring McAfee Security Preferences Default Preferences 3 To configure the update preferences, click the lock, type your administrator password, then click OK. The Update preferences will have default settings. By default, the Repository List screen opens. 4 In Repository name, you can use: • + : to add a new repository. Click + on the bottom left corner of the screen and type a name for the new repository. • - : to delete an existing repository that you create. Select a repository, click - on the bottom left corner of the screen or press delete. • ^ v : to prioritize repositories. You can even drag-and-drop the repositories to prioritize them. 5 In Repository Type, select FTP, HTTP, or a Local repository from where the latest DATs can be downloaded. 6 Specify a Repository URL, Port, User Name, and Password for the repository. 7 Click Proxy Settings. NOTE: Click Do not use a proxy if you do not want to use a proxy server for connecting to the Internet. 8 To use a proxy server, click Configure proxy settings manually. 9 To specify the same IP address and port number for all the proxy types, select the Use these settings for all proxy types option. 10 Select FTP or HTTP server as required. Type the IP Address and Port number of the selected server. 11 To specify username and password for FTP, HTTP, or a local repository, select the Use authentication option. 12 To bypass a proxy server for specific domain(s), select the Specify exceptions option, then type the proxy server name. 13 Click the Schedule tab and schedule the task as required. 14 Click Apply. Default Preferences Features Default preferences Anti-malware On-access Scan: • Scan on write — Enabled. • Maximum scan time for a file — 45 seconds. • When a virus/spyware is found, • Primary action — Clean. • If primary action fails — Quarantine. • Scan archives and compressed files — Disabled. • Scan Apple Mail messages — Disabled. • Scan network volumes — Disabled. On-demand Scan: McAfee Security software version 1.0 User Guide 41
  • 42. Configuring McAfee Security Preferences Help option in the menu bar Features Default preferences • Scan archives and compressed files — Enabled. • Scan Apple Mail messages — Enabled. Application protection • All Apple signed binaries — Allowed (Not applicable for Tiger). • Execution and network access of Unknown/Modified applications — Allow. Desktop firewall protection • Allow All Connections — Enabled. • Trusted Networks: • Group — McAfee Servers. • IP/Subnet Address/Host Name — www.mcafee.com, www.vil.com. Update • Repository — McAfeeHttp, McAfeeFtp. • Proxy settings — Do no use a proxy. NOTE: You must have administrator rights to configure/modify McAfee Security preferences. Help option in the menu bar After launching McAfee Security, you can use the following options by clicking Help on the menu bar: McAfee Security Help Selecting this option helps you access the help pages of McAfee Security that provides high-level and detailed instructions on how to use the software. RUN MERTool MER tool helps you collect the diagnostic data of McAfee Security. Selecting this option prompts you to type your administrator password. Once you type your password, a diagnostic report of all logs McAfeeMERTool.zip is created and located in your home directory. McAfee Support Selecting this option opens the McAfee Enterprise Support webpage that provides information on McAfee Technical Support. McAfee KnowledgeBase Selecting this option opens the McAfee Technical Support ServicePortal webpage where the corporate knowledge base articles are published. McAfee HotFixes / Patches Selecting this option opens the McAfee Technical Support ServicePortal webpage from where you can download the product hotfixes and patches. Submit A Malware Sample Selecting this option opens the McAfee Avert(r) Labs WebImmune webpage where you can submit potentially infected files to WebImmune for analysis. 42 McAfee Security software version 1.0 User Guide
  • 43. Configuring McAfee Security Preferences Help option in the menu bar McAfee Virus Information Lab Selecting this option opens the McAfee Avert Labs Threat Library webpage that has detailed information on the origin of viruses, Trojans, hoaxes, vulnerabilities and potentially unwanted programs. McAfee Security software version 1.0 User Guide 43
  • 44. Index ePO 4.0 (continued) setting up policies 16 A uninstall mcafee security 17 anti-malware feature ePO 4.5 testing 11 install McAfee Security 19 application protection schedule task 22 exclusions 37 setting policies 21 preferences 34 uninstall mcafee security from client 23 rules 35 ePO4.0 application protection feature remove extensions 18 testing 11 remove product from client 18 ePO4.5 C create policies 21 check-in Agent package policy enforcement 22 ePO 4.5 19 exclusions check-in McAfee Security package application protection 37 ePO 4.5 19 scanning 34 command-line installation 10 configure F scan task 28 files configure preferences exclude from scanning 34 on-access scanner 31 firewall on-demand scanner 33 rules 37 create on-demand scan task 28 create new policy 16 G create policies general preferences 30 ePO 4.5 21 H D help option dashboard 24 menubar 42 default activity history scan now 28 all product events 25 update now 27 History screen 25 delete on-demand scan task 29 deploy McAfee Security I ePO 4.0 14 install using ePO 4.5 19 extensions 15, 20 desktop firewall install McAfee Agent preferences 37 using ePO 4.0 15 desktop firewall feature install McAfee Agent on client testing 12 using ePO 4.5 20 detection reports 39 install McAfee Security ePO 4.0 14 install McAfee Security on client E using ePO 4.5 21 enforce policies installation methods 9 ePO 4.0 16 introduction ePO 4.0 McAfee Security 6 check-in McAfee Agent package 14 check-in McAfee Security package 14 enforce policies 16 L install McAfee Agent on clients 15 launch schedule scan 17 Mcafee Security console 24 schedule task 17 44 McAfee Security software version 1.0 User Guide
  • 45. Index M Q malware quarantine quarantine 26 malware 26 McAfee Alert 39 McAfee Notification 39 McAfee Security R how it works 6 remove extension install on client computers 15 ePO 4.0 18 installation 9 remove McAfee Security extensions integrating with ePO 4.0 14 ePO 4.5 23 integrating with ePO 4.5 19 reports introduction 6 McAfee Alert 39 launch console 24 McAfee Notification 39 methods of installing 9 rules new features 7 application protection 35 preferences 30 firewall 37 prerequisites for installing 9 types of protection 6 S uninstall 12 scan now 27, 28 McAfee Security dashboard 24 scan task McAfee Security extensions modify 28 install 15, 20 scanner menubar option exclusions 34 help 42 schedule scan 28 modify schedule tasks on-demand scan task 28 using ePO 4.0 17 scan task 28 using ePO 4.5 22 set policies N ePO 4.5 21 new policy silent installation 10 create using ePO 16 specify trusted networks 38 standard installation 10 system requirements 9 O on-access scanner configure preferences 31 T on-demand scan test schedule using ePO 4.0 17 product installation 11 on-demand scan task testing create 28 anti-malware feature 11 delete 29 application protection feature 11 modify 28 desktop firewall feature 12 on-demand scanner trusted networks configure preferences 33 groups 38 P U policies uninstall ePO 4.0 16 McAfee Security 12 policy enforcement mcafee security using ePO 4.0 17 ePO 4.5 22 uninstall mcafee security preferences 30, 31, 34, 37 from client 18 anti-malware 31 uninstall McAfee Security application protection 34 ePO 4.5 23 desktop firewall 37 uninstall mcafee security from client prerequisites 9 ePO 4.5 23 product update now 27 new features 7 product installation W test 11 what's new 7 protection types 6 McAfee Security software version 1.0 User Guide 45
  • 46. Index 46 McAfee Security software version 1.0 User Guide