McAfee (NAI) "ePolicy" Server Thoughts and Details

To get started:

Just in case:
** You might need the following information to contact McAfee if you have any questions:
Grant Number: XXXXXX-OPI (that’s the letters, opa)
Customer Service: 800-722-3709

It’s the Dell PowerEdge in my former cube. Or, to make life easier, install and configure Win 2K Terminal Services Client on your Win 2K Pro client. Then you can work from your own cube.
Anyway, the Hostname= epo. The IP= 100.100.10.10. Keep in mind that this is a member server. You can perform Active Directory tasks if needed/wanted.
As of June 18th, all MS Critical Updates and / or patches and fixes are installed. I have configured the Critical Updates to appear in system tray. Yes, it’s annoying, but it it’s important.

Also, keep in mind that in the system tray is a little engine of sorts: “\\EPO - MSSQLServer - Running”. This is the database engine. It’s not actually connected to our SQL server. It’s using the local DB, I believe it’s MDAC. If I’m not mistaken this is a mini version of SQL so to speak, and can be used in situations like ours where there is not that much data querying/collection taking place. Right-click the engine to view options.

On the Desktop, there is a shortcut to the “ePolicy Orchestrator 2.0 Console”. Open it, log in as admin, with same domain administrator password that we use. In the Console on the left, open “ePolicy Orchestrator (EPO)”, then dig down thru the Directory and you will eventually see all company computers hooked up. They are tracked via hostname.

Most tasks/commands are completed via right-clicking either the host or the group. For example, to add a new client, right-click Win95, then go to New/Computer/Add. Type in hostname, OK, then Add it, and send the ePolicy package. The clients have to meet the basic requirements set forth in my “ePolicy_client_configs” Doc. I reviewed these steps many times with some of you.

Something interesting: go to WebImmune on the lower left, which takes you to the web site. Click Anti-Virus Updates, then Product Upgrades, and put in the Grant Number (well, it’s got letters too) mentioned above. Also, note the Contact information on this page, and Product Lifecycle information as well.

Under the repository, notice that Linux can be covered too (if you can get this notion past the, ahem, stubborn engineers...). The “ePo Reports” are just that: reports which summarize the whos and whats of anti-virus coverage in the company. Review the Database. If it says, “connection failed”, do not despair: right-click the server and connect using, in this case, “Currently logged on user” for Authentication Type (click options if needed).
After connecting, open Reports/Anti-Virus/Coverage, the “Agent to Server Connection”. At the “Customize Report” answer no. Accept the default values for now, OK, and you see all hosts covered. Under the Reports area, notice the several different categories and sub-categories to explore.

One important item to keep in mind is the Policies tab on the right side. Navigate upward to the “Directory”, in the left pane. Then look to the left, notice Policies, Proprties, Tasks. With Directory highlighted, open Policies, then select “VirusScan v4.51 for Windows” on bottom. The “Enforce Policies…” is checked. This means that all subdirectories underneath inherit the configurations here. To view the specifics, click the Plus sign by “VirusScan v4.51”.
Further review will show you that in fact, most of the main categories are NOT inherited due to concerns that the ePolicy client or maybe the software itself was “slowing down” or “crashing” several PCs.

Of definite importance is the Tasks. This is where the actual McAfee software is slated for updating. This is accomplished via FTP, from the client PCs directly to McAfee’s FTP servers. Other tasks can be scheduled too.

Explore around, right-click objects as you never right-clicked before.

Have fun.

The End.

ePO CLIENT CONFIGS