McAfee Endpoint Security

Transcription

1 Migration Guide McAfee Endpoint Security For use with epolicy Orchestrator software

2 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, , TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, epolicy Orchestrator, McAfee epo, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence, McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfee Total Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Endpoint Security Migration Guide

3 Contents Preface 5 About this guide Audience Conventions Find product documentation About migrating to McAfee Endpoint Security 7 What settings can I migrate? What happens to policies during migration? Overview of the migration process Overview of deployment process Choosing a migration path Preparing to migrate Install the Migration Assistant Migrating settings automatically 13 Automatic migration workflow Migrate settings automatically Verify automatically migrated objects How repeated automatic migrations are handled Migrating settings manually 19 Manual migration workflow Migrate policies manually Migrate client tasks manually Verify manually migrated objects How repeated manual migrations are handled How migration updates product settings 25 McAfee Default policy and product default settings Policy names and notes Policy merging and multiple-instance policies Migrating legacy policies to Threat Prevention Migration notes for VirusScan Enterprise settings Migrating legacy policies to Endpoint Security Firewall Migration notes for McAfee Host IPS Firewall settings Migrating legacy policies to Web Control Migration notes for SiteAdvisor Enterprise settings A Troubleshooting 37 Error messages B Creating Firewall rules to replace predefined Access Protection port-blocking rules 39 Create rule to prevent mass mailing worms from sending mail McAfee Endpoint Security Migration Guide 3

4 Contents Create rule to prevent IRC communication Create rule to prevent FTP communication Create rule to prevent HTTP communication C Changes to migrated settings 45 Changes to VirusScan Enterprise settings Changes to Firewall settings Changes to SiteAdvisor Enterprise settings Index 59 4 McAfee Endpoint Security Migration Guide

5 Preface This guide provides the information you need to work with your McAfee product. Contents About this guide Find product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who implement and enforce the company's security program. Conventions This guide uses these typographical conventions and icons. Book title, term, emphasis Bold User input, code, message Interface text Hypertext blue Title of a book, chapter, or topic; a new term; emphasis. Text that is strongly emphasized. Commands and other text that the user types; a code sample; a displayed message. Words from the product interface like options, menus, buttons, and dialog boxes. A link to a topic or to an external website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product. McAfee Endpoint Security Migration Guide 5

6 Preface Find product documentation Find product documentation On the ServicePortal, you can find Information about a released product, including product documentation, technical articles, and more. Task 1 Go to the ServicePortal at and click the Knowledge Center tab. 2 In the Knowledge Base pane under Content Source, select Product Documentation. 3 Select a product and version, then click Search to display a list of documents. 6 McAfee Endpoint Security Migration Guide

7 1 1 About migrating to McAfee Endpoint Security When you upgrade your legacy products to McAfee Endpoint Security, you can also migrate your custom settings and assignments. The Endpoint Migration Assistant walks you through the migration process. You can let the Migration Assistant migrate all your settings and assignments automatically, based on your current settings and new product defaults, or you can select and configure them manually. The Migration Assistant migrates settings in environments managed with McAfee epolicy Orchestrator (McAfee epo ) version or higher. Contents What settings can I migrate? What happens to policies during migration? Overview of the migration process Overview of deployment process Choosing a migration path Preparing to migrate Install the Migration Assistant What settings can I migrate? Endpoint Security enables you to migrate settings for the most recent versions of McAfee legacy products. Automatic migration Migrates all your legacy policies, client tasks, and the Host IPS Catalog. Manual migration Lets you select objects to migrate. You can customize the objects during the migration process, if needed. McAfee Endpoint Security Migration Guide 7

8 1 About migrating to McAfee Endpoint Security What happens to policies during migration? You can migrate these objects for these legacy products: Table 1-1 Products and settings to migrate Product (all patch levels) McAfee VirusScan Enterprise, version 8.8 McAfee Host Intrusion Prevention Firewall, version 8.0 McAfee SiteAdvisor Enterprise, version 3.5 Objects to migrate Policies Select Workstation or Server if you have both defined. Migrate each type separately. Client tasks Policies Only Firewall and General policies are migrated. Host IPS Catalog Renamed Firewall Catalog in Endpoint Security. (Automatic migration only.) Policies Client tasks If unsupported product versions are installed on the systems where you want to install Endpoint Security, upgrade them to supported versions before proceeding with installation. See the product documentation for instructions. What happens to policies during migration? Endpoint Security optimizes and consolidates legacy products into an integrated, efficient new platform. In addition to new and enhanced features that leverage the latest developments in security technology, a new McAfee Endpoint Security Common module centralizes the shared protection features so they are easily accessible by all product modules. As a result, some of the policy settings you are familiar with in legacy products have changed. The Migration Assistant ensures that the settings in your legacy policies are moved to the correct policies in Endpoint Security. In some cases, they are merged with other Endpoint Security settings, and in others, new default settings are applied to support updated technologies. New and revised categories reflect new and shared features. New settings represent new functionality. Some settings are removed, moved to a different category or policy, or merged with settings for other features. Settings shared by multiple product modules and features are moved to the Options policy in the Common module. In some cases, settings are duplicated in multiple policies for use by functionality that is split across modules. See Appendix C, Changes to migrated settings, for details about settings that are removed, moved, renamed, or merged. 8 McAfee Endpoint Security Migration Guide

9 About migrating to McAfee Endpoint Security Overview of the migration process 1 Overview of the migration process Use the Endpoint Migration Assistant to migrate product settings where a legacy version of one or more product modules is installed. 1 Check that the legacy products you want to migrate settings for are supported. 2 Install the Migration Assistant extension on the McAfee epo server. 3 Open the Migration Assistant, select an automatic or manual path, then follow the instructions on the screen. Automatic migration Migrates all your legacy policies and client tasks. Retains assignments. Also migrates the Host IPS Catalog. Runs a server task to complete the migration. Manual migration Lets you select and optionally configure each policy and client task to migrate. Does not retain assignments. Does not migrate the Host IPS Catalog. 4 (Manual migration only) Repeat step 3 to select and migrate each of your policies and client tasks. If you run automatic migration again, the Migration Assistant deletes the objects you created during a previous automatic migration. 5 Verify that your settings were migrated successfully. See also Install the Migration Assistant on page 12 What settings can I migrate? on page 7 How repeated automatic migrations are handled on page 17 McAfee Endpoint Security Migration Guide 9

10 1 About migrating to McAfee Endpoint Security Overview of deployment process Overview of deployment process Migration is only one task in the process of installing and deploying Endpoint Security. This deployment overview shows where migration fits into the overall process. See the McAfee Endpoint Security Installation Guide and McAfee epolicy Orchestrator Installation Guide for more information about installing the product components and creating assignments. 1 Check that the environment and managed systems where you want to install Endpoint Security meet the requirements described in the McAfee Endpoint Security Installation Guide. 2 Check in and install the product package extension files and the McAfee Agent package files to the McAfee epo server. 3 Create a client task to deploy the correct version of the McAfee Agent to managed systems. 4 Migrate legacy product settings. 5 (Manual migration only) Assign the migrated policies and client tasks to managed groups and systems. 6 Deploy the Endpoint Security Client to managed systems. Choosing a migration path Decide which migration path to follow by considering the characteristics of your network or managed systems and your migration goals. 1 Decide whether you need to migrate at all. Do you want to retain any current settings and assignments for your legacy products? No Install Endpoint Security 10.1 without migrating. See the McAfee Endpoint Security Installation Guide for instructions. Yes Use the Migration Assistant to migrate your settings before deploying Endpoint Security 10.1 to systems. 2 If you do want to migrate your settings, decide whether to migrate automatically or manually. Automatic migration is a "hands-off" process. The Migration Assistant makes all the migration decisions "behind the scenes." Recommended for: Networks with fewer than 250 managed systems. Customers who use default policy settings or a minimum number of custom policies. Migrating the Host IPS Catalog. Manual migration is a "hands-on" process. You make most of the migration decisions by selecting the objects to migrate and editing their settings, if needed. Recommended for: Networks with more than 250 managed systems. Customers who use multiple custom policies. Customers who want to fine-tune existing policy settings during the migration process. 10 McAfee Endpoint Security Migration Guide

11 About migrating to McAfee Endpoint Security Preparing to migrate 1 Customers who want to fine-tune assignments. Customers who want to personally supervise and approve each step of the migration process. Table 1-2 Choosing a migration path Automatic migration Manual migration Pros Requires minimal input from you. Migrates all the settings for each supported product. All of your policies and client tasks are migrated at the same time. Retains policy and client task assignments. Migrates the Host IPS Catalog. Lets you select each policy and client task to migrate. Lets you edit the settings for each policy or client task to migrate. Cons You can't select specific policies or client tasks to migrate. You can't edit policies or client tasks. Does not migrate unassigned policies. Requires more input from you. Does not retain assignments. You need to assign policies and client tasks to managed systems. Does not migrate the Host IPS Catalog. Preparing to migrate To streamline the migration process and minimize conflicts or duplication in migrated settings, McAfee recommends that you perform these tasks before you migrate. Install the Endpoint Migration Assistant The Migration Assistant is a self-contained McAfee epo extension that you need to install on the McAfee epo server. Review and revise objects you plan to migrate Review legacy settings and assignments. Consolidate them where possible. Remove duplicates and unused objects. Notify others not to make changes to the Policy Catalog, Client Task Catalog, and Host IPS Catalog during migration If objects change while you're migrating them, the migrated objects don't reflect those changes. Locate unassigned policies and client tasks for migration (Automatic migration only) During automatic migration, only policies and client tasks that are assigned to at least one group or managed system are migrated. Use manual migration to migrate unassigned policies or client tasks. What to do next Once you install the Migration Assistant and review the settings you want to migrate, you are ready to begin migration. See Appendix C, Changes to migrated settings, for details about settings that are removed, moved, renamed, or merged. McAfee Endpoint Security Migration Guide 11

12 1 About migrating to McAfee Endpoint Security Install the Migration Assistant Install the Migration Assistant The Migration Assistant extension is required only for migrating legacy settings to Endpoint Security. It is not part of the Endpoint Security product extension package. You must install it on your McAfee epo server as a separate extension if you plan to migrate. Task For option definitions, click? in the interface. 1 In McAfee epo, select Menu Software Manager Software Not Checked In. 2 On the left side of the Software Manager screen, under Product Categories, select Licensed, then: a In the Software Not Checked In table, select McAfee Endpoint Security Migration Assistant. The description and the extension for the Migration Assistant are displayed in the table at the bottom of the screen. b Click Check In to check in the Migration Assistant extension to your McAfee epo. When installation is complete, the Migration Assistant is listed on the Extensions screen. 12 McAfee Endpoint Security Migration Guide

13 2 2 Migrating settings automatically Use automatic migration to migrate all the policies and client tasks for your legacy products. The Endpoint Migration Assistant creates and assigns the new Endpoint Security policies and client tasks automatically, based on your current product settings. This migration path requires minimal input from you. Automatic migration also migrates the entries in your legacy Host IPS Catalog to the new Endpoint Security Firewall Catalog. Contents Automatic migration workflow Migrate settings automatically Verify automatically migrated objects How repeated automatic migrations are handled Automatic migration workflow Here's a high-level overview of the automatic migration process. 1 Run the Migration Assistant and select Automatic migration. 2 Preview and save the proposed policies. A server task runs and completes the migration. Automatic migration retains assignments for migrated policies and client tasks. After automatic migration completes, you can deploy Endpoint Security 10.1 to managed systems. See the McAfee Endpoint Security Installation Guide and McAfee epolicy Orchestrator Installation Guide for more information. McAfee Endpoint Security Migration Guide 13

14 2 Migrating settings automatically Migrate settings automatically Migrate settings automatically Use automatic migration to migrate all your currently assigned policies and client tasks, along with the Host IPS Catalog, at the same time with minimal interaction. Before you begin Verify that the products to migrate are supported and install the Migration Assistant extension on the McAfee epo server. 14 McAfee Endpoint Security Migration Guide

15 Migrating settings automatically Migrate settings automatically 2 For these objects... Policies Client Tasks Host IPS Catalog The Migration Assistant... Creates the new policies, adds them to the Endpoint Security Policy Catalog, and assigns them to the same managed systems. You can preview the new policies before they are created. If you don't like them, you can cancel the migration and begin a manual migration instead. Creates the new tasks, adds them to the Endpoint Security Client Task Catalog, and assigns them to the same managed systems. Migrates legacy catalog entries to the Endpoint Security Firewall Catalog. If another user makes changes to the Policy Catalog, Client Task Catalog, or Host IPS Catalog during migration, the migrated objects don't reflect those changes. Task For option definitions, click? in the interface. 1 In McAfee epo, select Menu Policy Endpoint Migration Assistant. 2 For Mode, select Automatic migration. 3 If you have VirusScan Enterprise installed, also select either Workstation or Server. Select one to migrate now, then use manual migration to migrate the other at a later time. Threat Prevention policies do not differentiate between workstation and server settings. 4 Click Next to generate a preview of the new Endpoint Security policies. A progress bar appears and lets you know how many policies are being included in the preview. 5 Review the new policies. a Under New Categories in the left pane, select a category, then preview the new policies for that category in the right pane. b (Optional) For every new policy that is created under Endpoint Security, click Rename and Edit Notes to rename the policy or edit the policy notes, if needed. See Policy names and notes for information about conventions used. 6 Click Save to run a server task to complete the migration. (To cancel the migration, click Cancel.) Client tasks and the Host IPS Catalog are also migrated. The Migration Assistant runs a server task to migrate your settings in the background. You can check its status in the Server Task Log. You must wait for the server task to complete before starting another migration session. See also Policy names and notes on page 25 What settings can I migrate? on page 7 Install the Migration Assistant on page 12 McAfee Endpoint Security Migration Guide 15

16 2 Migrating settings automatically Verify automatically migrated objects Verify automatically migrated objects Check that objects were migrated successfully before deploying the Endpoint Security Client to managed systems. Before you begin You have used the Migration Assistant to automatically migrate legacy policies, client tasks, and the Host IPS Catalog to Endpoint Security. Task For option definitions, click? in the interface. 1 Verify migrated policies. a In McAfee epo, select Menu Policy Policy Catalog. b Select each product module, then check that the migrated policies were created. 2 Verify migrated policy assignments. a In McAfee epo, select Menu Systems Section System Tree. b c View the Assigned Policies for the groups and systems where the source policies were assigned. Verify that the new Endpoint Security policies are assigned to those groups and systems. 3 Verify migrated client tasks. a In McAfee epo, select Menu Policy Client Task Catalog. b Select each product module where you migrated client tasks, then select the category for each task you migrated, and verify that the migrated client task was created. 4 Verify migrated client task assignments. a In McAfee epo, select Menu Systems Section System Tree. b c Review the Client Task Assignments for the groups and systems where the source client tasks were assigned. Verify that the migrated client tasks have the same schedule and settings as the source client tasks. 5 Verify the migrated Firewall Catalog. a In McAfee epo, select Menu Policy Firewall Catalog. b Verify that the migrated entries appear in the migrated Firewall Catalog. 16 McAfee Endpoint Security Migration Guide

17 Migrating settings automatically How repeated automatic migrations are handled 2 How repeated automatic migrations are handled Running automatic migration after you have already migrated some or all of your settings affects the new objects created during the previous migration session. When you run automatic migration after migrating previously, the Migration Assistant: Deletes objects created during a previous automatic migration session. For example, if you migrate your policies automatically, then run automatic migration again, only the new policies created in the most recent migration session are listed in the Policy Catalog when you complete the second migration. Retains objects created during a previous manual migration, but does not retain their assignments. Assigns the new policies to managed systems. For example, if you have assigned policies that you migrated manually to managed systems, the new policies are assigned instead. These actions also apply to the Common Options policies created during previous migrations. McAfee Endpoint Security Migration Guide 17

18 2 Migrating settings automatically How repeated automatic migrations are handled 18 McAfee Endpoint Security Migration Guide

19 3 3 Migrating settings manually Use manual migration to migrate selected policies or client tasks for your legacy products. The Endpoint Migration Assistant lets you select specific objects to migrate and edit them if needed. Manual migration does not retain assignments for migrated objects. Contents Manual migration workflow Migrate policies manually Migrate client tasks manually Verify manually migrated objects How repeated manual migrations are handled Manual migration workflow Here's a high-level overview of the manual migration process. 1 Run the Migration Assistant and select Manual migration. 2 Select the type of objects to migrate. You can migrate policies or client tasks. 3 Select your client tasks or your policies from the categories to migrate. You can edit the settings, if needed. 4 Save your selections. Your selections are migrated in the background. 5 Run the Migration Assistant again to migrate additional objects. After manual migration, you must assign the new policies and client tasks to managed systems as part of product deployment. See the McAfee epolicy Orchestrator Installation Guide for more information. McAfee Endpoint Security Migration Guide 19

20 3 Migrating settings manually Migrate policies manually Migrate policies manually Use manual migration to select each policy to migrate, then edit them if needed. Once the new policies are created, you need to assign them to managed systems. Before you begin Verify that the products to migrate are supported and install the Migration Assistant extension on the McAfee epo server. If another user makes changes to the Policy Catalog during migration, the migrated policies don't reflect those changes. Task For option definitions, click? in the interface. 1 In McAfee epo, select Menu Policy Endpoint Migration Assistant. 2 For Mode, select Manual migration. 3 For Objects to Migrate, select Policies, then click Next. Only the objects that you have permission to view are listed. 20 McAfee Endpoint Security Migration Guide

21 Migrating settings manually Migrate policies manually 3 4 Under Available Policies in the left pane, select one or more policy categories for one or more products. The legacy policies within those categories are listed on the right side of the screen. 5 If you select VirusScan Enterprise policies, the Workstation settings are listed by default. (On the same line as the product name, you'll see Settings for: Workstation.) To display server policy settings instead, click Edit, then select Server. 6 If a category contains multiple policies, select the name of the policy to migrate from the drop-down list that appears next to the category name. 7 If settings in a selected policy are merging with policies from other categories, the Migration Assistant displays the other categories. For each of these categories: Select the name of the policy to migrate settings from. If you don't want to migrate settings in that category now, select None. If you select None for all the merging categories, no new policy is created for these categories. 8 Click Next. The Migration Assistant displays the source policies on the left side of the screen. At the top of the screen, you see tabs for each Endpoint Security policy to be created. Each tab gives a preview of the new policies created when the selected source policies are migrated. The left pane shows the selected source policies. 9 Click Next to start the manual migration wizard. 10 On the open tab, type a name for the policy, type notes to describe it, and configure its options, then click Next to proceed to the next tab. Repeat this step until you have configured all the selected policies, then click Next. 11 Review the summary of changes, then click Save to create the new policies and add them to the Policy Catalog. If you need to change anything, click Back to return to previous tabs, or click Cancel to return to the screen where you select the policies to migrate. 12 Select whether you want to migrate more objects. If you select... Yes No The Migration Assistant... Displays the screen where you can select additional objects to migrate. Displays the first screen with default settings. See also Policy names and notes on page 25 What settings can I migrate? on page 7 Install the Migration Assistant on page 12 McAfee Endpoint Security Migration Guide 21

22 3 Migrating settings manually Migrate client tasks manually Migrate client tasks manually Use manual migration to select each client task to migrate, then edit them if needed. Once the new client tasks are created, assign them to managed systems. Before you begin Verify that the products to migrate are supported and install the Migration Assistant extension on the McAfee epo server. If another user makes changes to the Client Task Catalog during migration, the migrated client tasks don't reflect those changes. Task For option definitions, click? in the interface. 1 In McAfee epo, select Menu Policy Endpoint Migration Assistant. 2 For Mode, select Manual migration. 3 For Objects to Migrate, select Client Tasks, then click Next. Only the objects that you have permission to view are listed. 4 Under Available Tasks in the left pane, select the task types to migrate. The legacy tasks of that type are listed on the right side of the screen. You can type a name or partial name in the Filter list box at the top of the left pane to filter the listing. 5 If you have created multiple tasks of the same type, a drop-down list appears next to the task type name. Select the name of the task to migrate. 6 (Optional) To migrate another task of the same type, click + and select the task from the new drop-down list, then repeat for all the tasks to migrate. This option is available only when another task of the same type exists. 7 Click Next to start the manual migration wizard. At the top of the screen, you see tabs for each Endpoint Security client task to be created. Each tab gives a preview of the new tasks when the selected source tasks are migrated. The left pane shows the selected source task. 8 (Optional) For each new task to create, type a new name and edit settings, if needed. 9 Click Next. 10 Review the summary of changes, then click Save to create the new client tasks and add them to the Client Task Catalog. If you need to make additional edits, click Back to return to previous tabs, or click Cancel to return to the screen where you select the tasks to migrate. 11 Select whether you want to migrate more policies or tasks. If you select... Yes No The Migration Assistant... Displays the screen where you can select additional objects to migrate. Displays the first screen with default settings. 22 McAfee Endpoint Security Migration Guide

23 Migrating settings manually Verify manually migrated objects 3 See also Policy names and notes on page 25 What settings can I migrate? on page 7 Install the Migration Assistant on page 12 Verify manually migrated objects Check that your selections were migrated successfully before deploying the Endpoint Security Client to managed systems. Before you begin You have used the Migration Assistant to manually migrate legacy policies or client tasks to Endpoint Security. Task For option definitions, click? in the interface. 1 Verify migrated policies. a In McAfee epo, select Menu Policy Policy Catalog. b Select each product module where you migrated policies, then check that the migrated policies were created. 2 Verify migrated client tasks. a In McAfee epo, select Menu Policy Client Task Catalog. b c Select each product module where you migrated client tasks. Select the category for each task you migrated, and verify that the migrated client task was created. How repeated manual migrations are handled Manual migration has no effect on objects migrated during a previous migration session. For example, if you migrate some policies for a product module, then migrate the same policies again: The new policies are created in the Policy Catalog. If the target policy name already exists, the MA appends a digit to the newer policy name (for example, My Policy, My Policy-1, My Policy-2). The previously migrated policies still appear in the Policy Catalog. Manual migration does not retain assignments for migrated objects. You must assign the migrated objects manually. You also must manually delete the objects created during the previous migration session that you no longer want. However, if you have assigned objects that you created during a previous manual migration session, these assignments are not affected if you migrate the same objects again. McAfee Endpoint Security Migration Guide 23

24 3 Migrating settings manually How repeated manual migrations are handled 24 McAfee Endpoint Security Migration Guide

25 4 How 4 migration updates product settings Changes to Endpoint Security policies include new policies, categories, options, and default settings that are designed to leverage the latest protection technologies and optimize product performance. During the migration process, legacy settings for policies, options, rules, and tasks might be renamed, removed, or reset to default values, depending on how the features work in Endpoint Security. Some settings are moved to new categories or policies, or merged with other settings. Contents McAfee Default policy and product default settings Policy names and notes Policy merging and multiple-instance policies Migrating legacy policies to Threat Prevention Migrating legacy policies to Endpoint Security Firewall Migrating legacy policies to Web Control McAfee Default policy and product default settings The McAfee Default policy does not migrate. If you currently use the McAfee Default policy for legacy products, the Migration Assistant assigns the new Endpoint Security McAfee Default policy. If a source policy with default settings (McAfee Default, My Default (unedited), or Typical Corporate Environment) is assigned to any group or managed system, the Migration Assistant assigns the new Endpoint Security McAfee Default policy during automatic migration. Policy names and notes The Migration Assistant uses these general conventions for naming migrated Endpoint Security policies and creating policy notes. You can edit the policy names and notes before saving the new policies or after they are created. Policy names Automatic migration One-to-one policy migration Same as the source name. One-to-multiple or multiple-to-one policy migration Uses these conventions: McAfee Endpoint Security Migration Guide 25

26 4 How migration updates product settings Policy merging and multiple-instance policies Product module Target policy name Examples Threat Prevention Firewall Web Control Migrated [legacy product abbreviation] Policy-[n] where: Legacy product abbreviation is VSE, HIPS, or SAE. n is incremented each time a new policy is migrated for the same module. Migrated VSE Policy Migrated VSE Policy-1 Migrated VSE Policy-2 Migrated HIPS Policy Migrated HIPS Policy-1 Migrated SAE Policy Common Migrated Policy-[n] where n is incremented each time a new Common Options policy is created during a migration session. Migrated Policy Migrated Policy-1 Migrated Policy-2 Manual migration One-to-one policy migration Same as the source name. If the target policy name already exists, the Migration Assistant appends a digit that is incremented each time a new policy is created using that name (for example, My Policy, My Policy-1, My Policy-2). You can type a different policy name before saving the new policy. One-to-multiple or multiple-to-one policy migration You must type a name for the each target policy. Policy notes During migration, the Migration Assistant creates policy notes that include the name (and type, if applicable) of the source policy or policies, the migration date and time, and the name of the user who migrated the policy. For example: Source: VirusScan Enterprise Access Protection Policies > My Default; Type: Server; 9/10/ AM - Automatic Migration; User: admin Policy merging and multiple-instance policies Sometimes, multiple source policies are merged into a single target policy. Table 4-1 How policies are merged during migration Product module Source policies Target policy VirusScan Enterprise High-Risk Processes Low-Risk Processes On-Access Default Processes On-Access General Threat Prevention On-Access Scan Quarantine Manager Threat Prevention Options McAfee Host IPS Unwanted Programs Firewall (Options and DNS Blocking) General (Trusted Applications and Trusted Networks) Firewall Options 26 McAfee Endpoint Security Migration Guide

27 How migration updates product settings Migrating legacy policies to Threat Prevention 4 Table 4-1 How policies are merged during migration (continued) Product module Source policies Target policy SiteAdvisor Enterprise Content Actions Rating Actions Web Control Content Actions Authorize List Hardening Content Actions Rating Actions Enable or Disable Event Tracking General (some settings) Web Control Options Multiple-instance policies Multiple-instance policies, also known as multi-slot policies, allow you to assign more than one policy instance to a client, resulting in one combined, effective policy. When migrating legacy policies to Endpoint Security, multiple-instance policies from one or more source policies are merged into one target policy for the respective policy type. Table 4-2 How multiple-instance policies are migrated Source product Source policies Target product module McAfee Host IPS General (Trusted Applications) SiteAdvisor Enterprise Prohibit List and Authorize List Content Actions Firewall Web Control Target policy Options (Trusted Applications) Block and Allow List Content Actions Migrating legacy policies to Threat Prevention This overview shows where migrated policy settings for McAfee VirusScan Enterprise 8.8 appear in Endpoint Security policies. McAfee Endpoint Security Migration Guide 27

28 4 How migration updates product settings Migrating legacy policies to Threat Prevention Migration notes for VirusScan Enterprise settings During the migration process to Endpoint Security 10.1, the Migration Assistant adjusts the migrated settings in your target policies to address differences between the legacy product and the new product. Therefore, some of the target policy settings don't match your legacy settings. See Appendix C, Changes to migrated settings, for details about settings that are removed, moved, renamed, or merged. Workstation and server settings In VirusScan Enterprise, policies include settings for servers and workstations. This is not the case for Threat Prevention policies. Therefore, you must specify to migrate either the workstation settings or the server settings. The default is Workstation. If you use automatic migration, you must select one type of settings for automatic migration, then migrate the other type of settings manually. 28 McAfee Endpoint Security Migration Guide

29 How migration updates product settings Migrating legacy policies to Threat Prevention 4 Quarantine folder The path for the quarantine folder is limited to 190 characters, but VirusScan Enterprise allowed 256 characters. During client migration, if the migrated quarantine folder path contains more than 190 characters, the path automatically reverts to the default location, <SYSTEM_DRIVE>\\Quarantine. Access Protection port-blocking rules Endpoint Security Firewall provides more advanced port-blocking capabilities than the predefined Access Protection rules for VirusScan Enterprise 8.8. Access Protection port-blocking rules, either predefined or user-defined, are not migrated. User-added inclusions and exclusions for predefined rules are also not migrated. To continue using one or more of the predefined Access Protection port-blocking rules, you can create Endpoint Security Firewall firewall rules to define the same behavior. See Appendix B, Creating Firewall rules to replace Access Protection port-blocking rules, for more information. If you created custom Access Protection port-blocking rules in VirusScan Enterprise, create Endpoint Security Firewall firewall rules to block those ports in Endpoint Security. Self Protection settings When you migrate Access Protection rules (except port-blocking rules): Self Protection settings move from the Access Protection policies to the Common Options policy. Self Protection is enabled by default, regardless of the legacy setting. User-defined exclusions configured for each legacy product module are migrated as global exclusions for Endpoint Security. User-defined exclusions for three predefined rules in the Common Standard Protection category are migrated as global Self Protection exclusions in the Common Prevent modification of McAfee files and settings Migrates to the Self Protection resource options for Files and folders and Registry. Prevent termination of McAfee processes Migrates to the Self Protection resource option for Processes. Prevent hooking of McAfee processes Migrates to the Self Protection resource option for Processes. McAfee recommends that you review your exclusions after migration, then revise or remove them as needed. We also recommend that you review exclusions configured for any third-party applications to access VirusScan Enterprise registry or file locations, because these locations have changed in Endpoint Security. Exploit Prevention (Buffer Overflow Protection) In Endpoint Security, Buffer Overflow Protection settings are renamed Exploit Prevention. After migration, the protection level for Exploit Prevention is set to the default Standard Protection, which detects and blocks only high-severity buffer overflow exploits identified in the Exploit Prevention content file and stops the detected threat. McAfee recommends that you use this setting for a limited time only, then review the log file during that time to determine whether to change to Maximum Protection. McAfee Endpoint Security Migration Guide 29

30 4 How migration updates product settings Migrating legacy policies to Threat Prevention Exclusions for root-level folders VirusScan Enterprise supports the exclusion of root-level folders if the path starts with wildcard characters such as "?" or '"/". No drive identifier is required. However, Threat Prevention does not support the same syntax for leading wildcard characters in exclusions. The Migration Assistant converts unsupported syntax by changing the leading characters to "**\". It makes the same conversions for exclusions in on-demand scans. If you plan to migrate root-level exclusions that include wildcard characters, McAfee recommends that you revise the legacy exclusions in VirusScan Enterprise to supported syntax, if needed. Supported exclusion patterns Threat Prevention supports the following exclusion patterns, and the Migration Assistant does not change them during migration: Environmental variables Patterns that begin with % (for example, %systemroot%\test\ ) UNC paths Patterns that begin with \\ (for example, \\Test ) Full paths Patterns that include an absolute drive designator (for example, C:\Test\ ) Patterns that begin with **\ Unsupported exclusion patterns For all other VirusScan Enterprise exclusion patterns, the Migration Assistant: Converts leading characters to **\. For example, converts these leading characters: \?:?:\ *\ *: *:\ Inserts **\ when there are no leading characters. For example, converts Test to **\Test Appends a backslash character to the exclusion pattern, if the Also Exclude Subfolders option is selected for an exclusion and the exclusion pattern doesn't end with a backslash ( \ ) character. With the **\ syntax, Threat Prevention excludes folders at more levels in the folder structure than VirusScan Enterprise does. McAfee recommends that you review the migrated exclusions and revise them, if needed, to duplicate the behavior of the legacy exclusions. See KB85746 for more information. The following table shows an example of how migrated exclusions are handled differently than exclusions in legacy products. 30 McAfee Endpoint Security Migration Guide

31 How migration updates product settings Migrating legacy policies to Endpoint Security Firewall 4 Table 4-3 How non-absolute root-level exclusions are handled Legacy exclusion \test\ or?:\test\ Excludes: \test\ folder at the root level on any drive. For example: c:\test\ d:\test\ z:\test Does not exclude: \test folder at levels other than the root level on any drive, such as: c:\lab\test\ d:\lab\project\test\ Migrated exclusion **\test\ Excludes: \test\ folder at the root or any other level on any drive. For example: c:\test\ d:\test\ z:\test c:\lab\test\ d:\lab\project \test\ To exclude only the \test folder at the root level, revise the migrated exclusion to specify an absolute path. For example: c:\test\ d:\test\ z:\test Migrating legacy policies to Endpoint Security Firewall This overview shows where migrated policy settings for the Firewall and General policy options from McAfee Host IPS appear in Endpoint Security policies. Only settings for the Firewall and General policies migrate to Endpoint Security. You can continue to manage McAfee Host Intrusion Prevention as a separate extension, with its remaining policy settings in effect. McAfee Endpoint Security Migration Guide 31

32 4 How migration updates product settings Migrating legacy policies to Endpoint Security Firewall Migration notes for McAfee Host IPS Firewall settings During the migration process to Endpoint Security 10.1, the Migration Assistant adjusts the migrated settings in your target policies to address differences between the legacy product and the new product. Therefore, some of the target policy settings don't match your legacy settings. Policy settings that are migrated Only settings from the Firewall and General policies that apply to the Endpoint Security Firewall are migrated: Firewall Status Firewall Rules General (Client UI) See Appendix C, Changes to migrated settings, for details about settings that are removed, moved, renamed, or merged. 32 McAfee Endpoint Security Migration Guide

33 How migration updates product settings Migrating legacy policies to Web Control 4 Multiple-instance policies Trusted Applications policies are multiple-instance policies. When you migrate them, they are merged into one target policy for the policy type. These changes occur when you migrate Trusted Applications policies: For all the source instances that have the McAfee Host IPS Firewall enabled, trusted executables are appended to the Trusted Executables list in the target Firewall Options policy. If there is a default policy (McAfee Default, My Default (unedited), or Typical Corporate Environment) in any instance of the source policies, the Migration Assistant adds Endpoint Security McAfee Default values to the Endpoint Security target policy. Firewall Status and Rules migration If Host Intrusion Prevention 8.0 is installed, you can migrate the Host IPS Firewall settings for use with Endpoint Security Firewall. You can then run McAfee Host IPS (without its Firewall) side by side with Endpoint Security Firewall. You don't need to migrate your settings for the Endpoint Security Firewall. You can continue to run the McAfee Host IPS Firewall after installing Endpoint Security. Whenever McAfee Host IPS Firewall is installed and enabled, Endpoint Security Firewall is disabled even if enabled in the policy settings. If you do choose to migrate your Host IPS Firewall settings, the Migration Assistant migrates the Firewall Status and Firewall Rules. Firewall Rules and Trusted Networks The Trusted Networks Trust for IPS setting in McAfee Host IPS does not correspond directly to a setting in Endpoint Security Firewall policies. Table 4-4 How trusted networks are migrated Product McAfee Host IPS Firewall Endpoint Security Firewall What you need to know How legacy feature works: IP addresses become "trusted" only after they are applied to firewall rules that "allow" them. How policy setting is migrated: IP addresses that were formerly listed under Trusted Networks Trust for IPS migrate as Defined Networks Not trusted. How new Defined Networks feature works: All traffic is allowed to Defined Networks that are labeled Trusted. Add IP addresses that you want to treat as trusted networks. How to configure migrated policy setting: Configure traffic to the IP addresses that were migrated as Not trusted by associating them with firewall rules in the Firewall Rules policy. See the Endpoint Security Firewall Help for more information. Migrating legacy policies to Web Control This overview shows where migrated policy settings for McAfee SiteAdvisor Enterprise 3.5 appear in Endpoint Security policies. McAfee Endpoint Security Migration Guide 33

34 4 How migration updates product settings Migrating legacy policies to Web Control Migration notes for SiteAdvisor Enterprise settings During the migration process to Endpoint Security 10.1, the Migration Assistant adjusts the migrated settings in your target policies to address differences between the legacy product and the new product. Therefore, some of the target policy settings don't match your legacy settings. See Appendix C, Changes to migrated settings, for details about settings that are removed, moved, renamed, or merged. Multiple-instance policies The Authorize List, Prohibit List, and Content Actions policies are multiple-instance policies. When you migrate them, multiple instances are merged into one target policy for each policy type. If any instance of a source policy is a default policy (My Default (unedited) or McAfee Default), the Endpoint Security McAfee Default instance is used for the target policy instead of merging. Block and Allow List All instances of SiteAdvisor Enterprise Authorize List and Prohibit List source policies are merged into one Endpoint Security Block and Allow List target policy. 34 McAfee Endpoint Security Migration Guide

35 How migration updates product settings Migrating legacy policies to Web Control 4 Each source policy instance has these settings: Track events and request information from the McAfee SiteAdvisor server Configure access to individual file downloads based on their rating Give this Authorize List precedence over the Prohibit List For each of these settings, if the value of the setting is the same for all instances of the source policies, the value is migrated. Otherwise, the target policy uses the Endpoint Security McAfee Default settings. Content Actions All instances of source policies that have the Enable Categorization option selected are evaluated during migration. When merging policies that have different actions defined for categories, the most stringent action from the Action for green column is applied to each category in the target policy. Actions specified for yellow, red, and unrated content are ignored when creating the target policy. For some special categories, both Action for green and Action for unrated columns are considered. For all instances of source policies where the Enable Categorization option is not selected, the option is deselected in the target policy. The Endpoint Security McAfee Default settings are added for all categories. McAfee Endpoint Security Migration Guide 35