McAfee Endpoint Security

Transcription

1 Migration Guide McAfee Endpoint Security For use with epolicy Orchestrator software

2 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, , TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, epolicy Orchestrator, McAfee epo, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence, McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfee Total Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Endpoint Security Migration Guide

3 Contents Preface 5 About this guide Audience Conventions Find product documentation About migrating to McAfee Endpoint Security 7 What settings can I migrate? What happens to policies during migration? Overview of the migration process Overview of deployment process Choosing a migration path Preparing to migrate Install the Migration Assistant Migrating settings automatically 13 Automatic migration workflow Migrate settings automatically Verify automatically migrated objects How repeated automatic migrations are handled Migrating settings manually 19 Manual migration workflow Migrate policies manually Migrate client tasks manually Verify manually migrated objects How repeated manual migrations are handled How migration updates product settings 25 McAfee Default policy and product default settings Policy names and notes Policy merging and multiple-instance policies Migrating legacy policies to Threat Prevention Migration notes for VirusScan Enterprise settings Migrating legacy policies to Endpoint Security Firewall Migration notes for McAfee Host IPS Firewall settings Migrating legacy policies to Web Control Migration notes for SiteAdvisor Enterprise settings A Troubleshooting 37 Error messages B Creating Firewall rules to replace predefined Access Protection port-blocking rules 39 Create rule to prevent mass mailing worms from sending mail McAfee Endpoint Security Migration Guide 3

4 Contents Create rule to prevent IRC communication Create rule to prevent FTP communication Create rule to prevent HTTP communication C Changes to migrated settings 45 Changes to VirusScan Enterprise settings Changes to Firewall settings Changes to SiteAdvisor Enterprise settings Index 59 4 McAfee Endpoint Security Migration Guide

5 Preface This guide provides the information you need to work with your McAfee product. Contents About this guide Find product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who implement and enforce the company's security program. Conventions This guide uses these typographical conventions and icons. Book title, term, emphasis Bold User input, code, message Interface text Hypertext blue Title of a book, chapter, or topic; a new term; emphasis. Text that is strongly emphasized. Commands and other text that the user types; a code sample; a displayed message. Words from the product interface like options, menus, buttons, and dialog boxes. A link to a topic or to an external website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product. McAfee Endpoint Security Migration Guide 5

6 Preface Find product documentation Find product documentation On the ServicePortal, you can find Information about a released product, including product documentation, technical articles, and more. Task 1 Go to the ServicePortal at and click the Knowledge Center tab. 2 In the Knowledge Base pane under Content Source, select Product Documentation. 3 Select a product and version, then click Search to display a list of documents. 6 McAfee Endpoint Security Migration Guide

7 1 1 About migrating to McAfee Endpoint Security When you upgrade your legacy products to McAfee Endpoint Security, you can also migrate your custom settings and assignments. The Endpoint Migration Assistant walks you through the migration process. You can let the Migration Assistant migrate all your settings and assignments automatically, based on your current settings and new product defaults, or you can select and configure them manually. The Migration Assistant migrates settings in environments managed with McAfee epolicy Orchestrator (McAfee epo ) version or higher. Contents What settings can I migrate? What happens to policies during migration? Overview of the migration process Overview of deployment process Choosing a migration path Preparing to migrate Install the Migration Assistant What settings can I migrate? Endpoint Security enables you to migrate settings for the most recent versions of McAfee legacy products. Automatic migration Migrates all your legacy policies, client tasks, and the Host IPS Catalog. Manual migration Lets you select objects to migrate. You can customize the objects during the migration process, if needed. McAfee Endpoint Security Migration Guide 7

8 1 About migrating to McAfee Endpoint Security What happens to policies during migration? You can migrate these objects for these legacy products: Table 1-1 Products and settings to migrate Product (all patch levels) McAfee VirusScan Enterprise, version 8.8 McAfee Host Intrusion Prevention Firewall, version 8.0 McAfee SiteAdvisor Enterprise, version 3.5 Objects to migrate Policies Select Workstation or Server if you have both defined. Migrate each type separately. Client tasks Policies Only Firewall and General policies are migrated. Host IPS Catalog Renamed Firewall Catalog in Endpoint Security. (Automatic migration only.) Policies Client tasks If unsupported product versions are installed on the systems where you want to install Endpoint Security, upgrade them to supported versions before proceeding with installation. See the product documentation for instructions. What happens to policies during migration? Endpoint Security optimizes and consolidates legacy products into an integrated, efficient new platform. In addition to new and enhanced features that leverage the latest developments in security technology, a new McAfee Endpoint Security Common module centralizes the shared protection features so they are easily accessible by all product modules. As a result, some of the policy settings you are familiar with in legacy products have changed. The Migration Assistant ensures that the settings in your legacy policies are moved to the correct policies in Endpoint Security. In some cases, they are merged with other Endpoint Security settings, and in others, new default settings are applied to support updated technologies. New and revised categories reflect new and shared features. New settings represent new functionality. Some settings are removed, moved to a different category or policy, or merged with settings for other features. Settings shared by multiple product modules and features are moved to the Options policy in the Common module. In some cases, settings are duplicated in multiple policies for use by functionality that is split across modules. See Appendix C, Changes to migrated settings, for details about settings that are removed, moved, renamed, or merged. 8 McAfee Endpoint Security Migration Guide

9 About migrating to McAfee Endpoint Security Overview of the migration process 1 Overview of the migration process Use the Endpoint Migration Assistant to migrate product settings where a legacy version of one or more product modules is installed. 1 Check that the legacy products you want to migrate settings for are supported. 2 Install the Migration Assistant extension on the McAfee epo server. 3 Open the Migration Assistant, select an automatic or manual path, then follow the instructions on the screen. Automatic migration Migrates all your legacy policies and client tasks. Retains assignments. Also migrates the Host IPS Catalog. Runs a server task to complete the migration. Manual migration Lets you select and optionally configure each policy and client task to migrate. Does not retain assignments. Does not migrate the Host IPS Catalog. 4 (Manual migration only) Repeat step 3 to select and migrate each of your policies and client tasks. If you run automatic migration again, the Migration Assistant deletes the objects you created during a previous automatic migration. 5 Verify that your settings were migrated successfully. See also Install the Migration Assistant on page 12 What settings can I migrate? on page 7 How repeated automatic migrations are handled on page 17 McAfee Endpoint Security Migration Guide 9

10 1 About migrating to McAfee Endpoint Security Overview of deployment process Overview of deployment process Migration is only one task in the process of installing and deploying Endpoint Security. This deployment overview shows where migration fits into the overall process. See the McAfee Endpoint Security Installation Guide and McAfee epolicy Orchestrator Installation Guide for more information about installing the product components and creating assignments. 1 Check that the environment and managed systems where you want to install Endpoint Security meet the requirements described in the McAfee Endpoint Security Installation Guide. 2 Check in and install the product package extension files and the McAfee Agent package files to the McAfee epo server. 3 Create a client task to deploy the correct version of the McAfee Agent to managed systems. 4 Migrate legacy product settings. 5 (Manual migration only) Assign the migrated policies and client tasks to managed groups and systems. 6 Deploy the Endpoint Security Client to managed systems. Choosing a migration path Decide which migration path to follow by considering the characteristics of your network or managed systems and your migration goals. 1 Decide whether you need to migrate at all. Do you want to retain any current settings and assignments for your legacy products? No Install Endpoint Security 10.1 without migrating. See the McAfee Endpoint Security Installation Guide for instructions. Yes Use the Migration Assistant to migrate your settings before deploying Endpoint Security 10.1 to systems. 2 If you do want to migrate your settings, decide whether to migrate automatically or manually. Automatic migration is a "hands-off" process. The Migration Assistant makes all the migration decisions "behind the scenes." Recommended for: Networks with fewer than 250 managed systems. Customers who use default policy settings or a minimum number of custom policies. Migrating the Host IPS Catalog. Manual migration is a "hands-on" process. You make most of the migration decisions by selecting the objects to migrate and editing their settings, if needed. Recommended for: Networks with more than 250 managed systems. Customers who use multiple custom policies. Customers who want to fine-tune existing policy settings during the migration process. 10 McAfee Endpoint Security Migration Guide

11 About migrating to McAfee Endpoint Security Preparing to migrate 1 Customers who want to fine-tune assignments. Customers who want to personally supervise and approve each step of the migration process. Table 1-2 Choosing a migration path Automatic migration Manual migration Pros Requires minimal input from you. Migrates all the settings for each supported product. All of your policies and client tasks are migrated at the same time. Retains policy and client task assignments. Migrates the Host IPS Catalog. Lets you select each policy and client task to migrate. Lets you edit the settings for each policy or client task to migrate. Cons You can't select specific policies or client tasks to migrate. You can't edit policies or client tasks. Does not migrate unassigned policies. Requires more input from you. Does not retain assignments. You need to assign policies and client tasks to managed systems. Does not migrate the Host IPS Catalog. Preparing to migrate To streamline the migration process and minimize conflicts or duplication in migrated settings, McAfee recommends that you perform these tasks before you migrate. Install the Endpoint Migration Assistant The Migration Assistant is a self-contained McAfee epo extension that you need to install on the McAfee epo server. Review and revise objects you plan to migrate Review legacy settings and assignments. Consolidate them where possible. Remove duplicates and unused objects. Notify others not to make changes to the Policy Catalog, Client Task Catalog, and Host IPS Catalog during migration If objects change while you're migrating them, the migrated objects don't reflect those changes. Locate unassigned policies and client tasks for migration (Automatic migration only) During automatic migration, only policies and client tasks that are assigned to at least one group or managed system are migrated. Use manual migration to migrate unassigned policies or client tasks. What to do next Once you install the Migration Assistant and review the settings you want to migrate, you are ready to begin migration. See Appendix C, Changes to migrated settings, for details about settings that are removed, moved, renamed, or merged. McAfee Endpoint Security Migration Guide 11

12 1 About migrating to McAfee Endpoint Security Install the Migration Assistant Install the Migration Assistant The Migration Assistant extension is required only for migrating legacy settings to Endpoint Security. It is not part of the Endpoint Security product extension package. You must install it on your McAfee epo server as a separate extension if you plan to migrate. Task For option definitions, click? in the interface. 1 In McAfee epo, select Menu Software Manager Software Not Checked In. 2 On the left side of the Software Manager screen, under Product Categories, select Licensed, then: a In the Software Not Checked In table, select McAfee Endpoint Security Migration Assistant. The description and the extension for the Migration Assistant are displayed in the table at the bottom of the screen. b Click Check In to check in the Migration Assistant extension to your McAfee epo. When installation is complete, the Migration Assistant is listed on the Extensions screen. 12 McAfee Endpoint Security Migration Guide

13 2 2 Migrating settings automatically Use automatic migration to migrate all the policies and client tasks for your legacy products. The Endpoint Migration Assistant creates and assigns the new Endpoint Security policies and client tasks automatically, based on your current product settings. This migration path requires minimal input from you. Automatic migration also migrates the entries in your legacy Host IPS Catalog to the new Endpoint Security Firewall Catalog. Contents Automatic migration workflow Migrate settings automatically Verify automatically migrated objects How repeated automatic migrations are handled Automatic migration workflow Here's a high-level overview of the automatic migration process. 1 Run the Migration Assistant and select Automatic migration. 2 Preview and save the proposed policies. A server task runs and completes the migration. Automatic migration retains assignments for migrated policies and client tasks. After automatic migration completes, you can deploy Endpoint Security 10.1 to managed systems. See the McAfee Endpoint Security Installation Guide and McAfee epolicy Orchestrator Installation Guide for more information. McAfee Endpoint Security Migration Guide 13

14 2 Migrating settings automatically Migrate settings automatically Migrate settings automatically Use automatic migration to migrate all your currently assigned policies and client tasks, along with the Host IPS Catalog, at the same time with minimal interaction. Before you begin Verify that the products to migrate are supported and install the Migration Assistant extension on the McAfee epo server. 14 McAfee Endpoint Security Migration Guide

15 Migrating settings automatically Migrate settings automatically 2 For these objects... Policies Client Tasks Host IPS Catalog The Migration Assistant... Creates the new policies, adds them to the Endpoint Security Policy Catalog, and assigns them to the same managed systems. You can preview the new policies before they are created. If you don't like them, you can cancel the migration and begin a manual migration instead. Creates the new tasks, adds them to the Endpoint Security Client Task Catalog, and assigns them to the same managed systems. Migrates legacy catalog entries to the Endpoint Security Firewall Catalog. If another user makes changes to the Policy Catalog, Client Task Catalog, or Host IPS Catalog during migration, the migrated objects don't reflect those changes. Task For option definitions, click? in the interface. 1 In McAfee epo, select Menu Policy Endpoint Migration Assistant. 2 For Mode, select Automatic migration. 3 If you have VirusScan Enterprise installed, also select either Workstation or Server. Select one to migrate now, then use manual migration to migrate the other at a later time. Threat Prevention policies do not differentiate between workstation and server settings. 4 Click Next to generate a preview of the new Endpoint Security policies. A progress bar appears and lets you know how many policies are being included in the preview. 5 Review the new policies. a Under New Categories in the left pane, select a category, then preview the new policies for that category in the right pane. b (Optional) For every new policy that is created under Endpoint Security, click Rename and Edit Notes to rename the policy or edit the policy notes, if needed. See Policy names and notes for information about conventions used. 6 Click Save to run a server task to complete the migration. (To cancel the migration, click Cancel.) Client tasks and the Host IPS Catalog are also migrated. The Migration Assistant runs a server task to migrate your settings in the background. You can check its status in the Server Task Log. You must wait for the server task to complete before starting another migration session. See also Policy names and notes on page 25 What settings can I migrate? on page 7 Install the Migration Assistant on page 12 McAfee Endpoint Security Migration Guide 15

16 2 Migrating settings automatically Verify automatically migrated objects Verify automatically migrated objects Check that objects were migrated successfully before deploying the Endpoint Security Client to managed systems. Before you begin You have used the Migration Assistant to automatically migrate legacy policies, client tasks, and the Host IPS Catalog to Endpoint Security. Task For option definitions, click? in the interface. 1 Verify migrated policies. a In McAfee epo, select Menu Policy Policy Catalog. b Select each product module, then check that the migrated policies were created. 2 Verify migrated policy assignments. a In McAfee epo, select Menu Systems Section System Tree. b c View the Assigned Policies for the groups and systems where the source policies were assigned. Verify that the new Endpoint Security policies are assigned to those groups and systems. 3 Verify migrated client tasks. a In McAfee epo, select Menu Policy Client Task Catalog. b Select each product module where you migrated client tasks, then select the category for each task you migrated, and verify that the migrated client task was created. 4 Verify migrated client task assignments. a In McAfee epo, select Menu Systems Section System Tree. b c Review the Client Task Assignments for the groups and systems where the source client tasks were assigned. Verify that the migrated client tasks have the same schedule and settings as the source client tasks. 5 Verify the migrated Firewall Catalog. a In McAfee epo, select Menu Policy Firewall Catalog. b Verify that the migrated entries appear in the migrated Firewall Catalog. 16 McAfee Endpoint Security Migration Guide

17 Migrating settings automatically How repeated automatic migrations are handled 2 How repeated automatic migrations are handled Running automatic migration after you have already migrated some or all of your settings affects the new objects created during the previous migration session. When you run automatic migration after migrating previously, the Migration Assistant: Deletes objects created during a previous automatic migration session. For example, if you migrate your policies automatically, then run automatic migration again, only the new policies created in the most recent migration session are listed in the Policy Catalog when you complete the second migration. Retains objects created during a previous manual migration, but does not retain their assignments. Assigns the new policies to managed systems. For example, if you have assigned policies that you migrated manually to managed systems, the new policies are assigned instead. These actions also apply to the Common Options policies created during previous migrations. McAfee Endpoint Security Migration Guide 17

18 2 Migrating settings automatically How repeated automatic migrations are handled 18 McAfee Endpoint Security Migration Guide

19 3 3 Migrating settings manually Use manual migration to migrate selected policies or client tasks for your legacy products. The Endpoint Migration Assistant lets you select specific objects to migrate and edit them if needed. Manual migration does not retain assignments for migrated objects. Contents Manual migration workflow Migrate policies manually Migrate client tasks manually Verify manually migrated objects How repeated manual migrations are handled Manual migration workflow Here's a high-level overview of the manual migration process. 1 Run the Migration Assistant and select Manual migration. 2 Select the type of objects to migrate. You can migrate policies or client tasks. 3 Select your client tasks or your policies from the categories to migrate. You can edit the settings, if needed. 4 Save your selections. Your selections are migrated in the background. 5 Run the Migration Assistant again to migrate additional objects. After manual migration, you must assign the new policies and client tasks to managed systems as part of product deployment. See the McAfee epolicy Orchestrator Installation Guide for more information. McAfee Endpoint Security Migration Guide 19

20 3 Migrating settings manually Migrate policies manually Migrate policies manually Use manual migration to select each policy to migrate, then edit them if needed. Once the new policies are created, you need to assign them to managed systems. Before you begin Verify that the products to migrate are supported and install the Migration Assistant extension on the McAfee epo server. If another user makes changes to the Policy Catalog during migration, the migrated policies don't reflect those changes. Task For option definitions, click? in the interface. 1 In McAfee epo, select Menu Policy Endpoint Migration Assistant. 2 For Mode, select Manual migration. 3 For Objects to Migrate, select Policies, then click Next. Only the objects that you have permission to view are listed. 20 McAfee Endpoint Security Migration Guide

21 Migrating settings manually Migrate policies manually 3 4 Under Available Policies in the left pane, select one or more policy categories for one or more products. The legacy policies within those categories are listed on the right side of the screen. 5 If you select VirusScan Enterprise policies, the Workstation settings are listed by default. (On the same line as the product name, you'll see Settings for: Workstation.) To display server policy settings instead, click Edit, then select Server. 6 If a category contains multiple policies, select the name of the policy to migrate from the drop-down list that appears next to the category name. 7 If settings in a selected policy are merging with policies from other categories, the Migration Assistant displays the other categories. For each of these categories: Select the name of the policy to migrate settings from. If you don't want to migrate settings in that category now, select None. If you select None for all the merging categories, no new policy is created for these categories. 8 Click Next. The Migration Assistant displays the source policies on the left side of the screen. At the top of the screen, you see tabs for each Endpoint Security policy to be created. Each tab gives a preview of the new policies created when the selected source policies are migrated. The left pane shows the selected source policies. 9 Click Next to start the manual migration wizard. 10 On the open tab, type a name for the policy, type notes to describe it, and configure its options, then click Next to proceed to the next tab. Repeat this step until you have configured all the selected policies, then click Next. 11 Review the summary of changes, then click Save to create the new policies and add them to the Policy Catalog. If you need to change anything, click Back to return to previous tabs, or click Cancel to return to the screen where you select the policies to migrate. 12 Select whether you want to migrate more objects. If you select... Yes No The Migration Assistant... Displays the screen where you can select additional objects to migrate. Displays the first screen with default settings. See also Policy names and notes on page 25 What settings can I migrate? on page 7 Install the Migration Assistant on page 12 McAfee Endpoint Security Migration Guide 21

22 3 Migrating settings manually Migrate client tasks manually Migrate client tasks manually Use manual migration to select each client task to migrate, then edit them if needed. Once the new client tasks are created, assign them to managed systems. Before you begin Verify that the products to migrate are supported and install the Migration Assistant extension on the McAfee epo server. If another user makes changes to the Client Task Catalog during migration, the migrated client tasks don't reflect those changes. Task For option definitions, click? in the interface. 1 In McAfee epo, select Menu Policy Endpoint Migration Assistant. 2 For Mode, select Manual migration. 3 For Objects to Migrate, select Client Tasks, then click Next. Only the objects that you have permission to view are listed. 4 Under Available Tasks in the left pane, select the task types to migrate. The legacy tasks of that type are listed on the right side of the screen. You can type a name or partial name in the Filter list box at the top of the left pane to filter the listing. 5 If you have created multiple tasks of the same type, a drop-down list appears next to the task type name. Select the name of the task to migrate. 6 (Optional) To migrate another task of the same type, click + and select the task from the new drop-down list, then repeat for all the tasks to migrate. This option is available only when another task of the same type exists. 7 Click Next to start the manual migration wizard. At the top of the screen, you see tabs for each Endpoint Security client task to be created. Each tab gives a preview of the new tasks when the selected source tasks are migrated. The left pane shows the selected source task. 8 (Optional) For each new task to create, type a new name and edit settings, if needed. 9 Click Next. 10 Review the summary of changes, then click Save to create the new client tasks and add them to the Client Task Catalog. If you need to make additional edits, click Back to return to previous tabs, or click Cancel to return to the screen where you select the tasks to migrate. 11 Select whether you want to migrate more policies or tasks. If you select... Yes No The Migration Assistant... Displays the screen where you can select additional objects to migrate. Displays the first screen with default settings. 22 McAfee Endpoint Security Migration Guide

23 Migrating settings manually Verify manually migrated objects 3 See also Policy names and notes on page 25 What settings can I migrate? on page 7 Install the Migration Assistant on page 12 Verify manually migrated objects Check that your selections were migrated successfully before deploying the Endpoint Security Client to managed systems. Before you begin You have used the Migration Assistant to manually migrate legacy policies or client tasks to Endpoint Security. Task For option definitions, click? in the interface. 1 Verify migrated policies. a In McAfee epo, select Menu Policy Policy Catalog. b Select each product module where you migrated policies, then check that the migrated policies were created. 2 Verify migrated client tasks. a In McAfee epo, select Menu Policy Client Task Catalog. b c Select each product module where you migrated client tasks. Select the category for each task you migrated, and verify that the migrated client task was created. How repeated manual migrations are handled Manual migration has no effect on objects migrated during a previous migration session. For example, if you migrate some policies for a product module, then migrate the same policies again: The new policies are created in the Policy Catalog. If the target policy name already exists, the MA appends a digit to the newer policy name (for example, My Policy, My Policy-1, My Policy-2). The previously migrated policies still appear in the Policy Catalog. Manual migration does not retain assignments for migrated objects. You must assign the migrated objects manually. You also must manually delete the objects created during the previous migration session that you no longer want. However, if you have assigned objects that you created during a previous manual migration session, these assignments are not affected if you migrate the same objects again. McAfee Endpoint Security Migration Guide 23

24 3 Migrating settings manually How repeated manual migrations are handled 24 McAfee Endpoint Security Migration Guide

25 4 How 4 migration updates product settings Changes to Endpoint Security policies include new policies, categories, options, and default settings that are designed to leverage the latest protection technologies and optimize product performance. During the migration process, legacy settings for policies, options, rules, and tasks might be renamed, removed, or reset to default values, depending on how the features work in Endpoint Security. Some settings are moved to new categories or policies, or merged with other settings. Contents McAfee Default policy and product default settings Policy names and notes Policy merging and multiple-instance policies Migrating legacy policies to Threat Prevention Migrating legacy policies to Endpoint Security Firewall Migrating legacy policies to Web Control McAfee Default policy and product default settings The McAfee Default policy does not migrate. If you currently use the McAfee Default policy for legacy products, the Migration Assistant assigns the new Endpoint Security McAfee Default policy. If a source policy with default settings (McAfee Default, My Default (unedited), or Typical Corporate Environment) is assigned to any group or managed system, the Migration Assistant assigns the new Endpoint Security McAfee Default policy during automatic migration. Policy names and notes The Migration Assistant uses these general conventions for naming migrated Endpoint Security policies and creating policy notes. You can edit the policy names and notes before saving the new policies or after they are created. Policy names Automatic migration One-to-one policy migration Same as the source name. One-to-multiple or multiple-to-one policy migration Uses these conventions: McAfee Endpoint Security Migration Guide 25

26 4 How migration updates product settings Policy merging and multiple-instance policies Product module Target policy name Examples Threat Prevention Firewall Web Control Migrated [legacy product abbreviation] Policy-[n] where: Legacy product abbreviation is VSE, HIPS, or SAE. n is incremented each time a new policy is migrated for the same module. Migrated VSE Policy Migrated VSE Policy-1 Migrated VSE Policy-2 Migrated HIPS Policy Migrated HIPS Policy-1 Migrated SAE Policy Common Migrated Policy-[n] where n is incremented each time a new Common Options policy is created during a migration session. Migrated Policy Migrated Policy-1 Migrated Policy-2 Manual migration One-to-one policy migration Same as the source name. If the target policy name already exists, the Migration Assistant appends a digit that is incremented each time a new policy is created using that name (for example, My Policy, My Policy-1, My Policy-2). You can type a different policy name before saving the new policy. One-to-multiple or multiple-to-one policy migration You must type a name for the each target policy. Policy notes During migration, the Migration Assistant creates policy notes that include the name (and type, if applicable) of the source policy or policies, the migration date and time, and the name of the user who migrated the policy. For example: Source: VirusScan Enterprise Access Protection Policies > My Default; Type: Server; 9/10/ AM - Automatic Migration; User: admin Policy merging and multiple-instance policies Sometimes, multiple source policies are merged into a single target policy. Table 4-1 How policies are merged during migration Product module Source policies Target policy VirusScan Enterprise High-Risk Processes Low-Risk Processes On-Access Default Processes On-Access General Threat Prevention On-Access Scan Quarantine Manager Threat Prevention Options McAfee Host IPS Unwanted Programs Firewall (Options and DNS Blocking) General (Trusted Applications and Trusted Networks) Firewall Options 26 McAfee Endpoint Security Migration Guide

27 How migration updates product settings Migrating legacy policies to Threat Prevention 4 Table 4-1 How policies are merged during migration (continued) Product module Source policies Target policy SiteAdvisor Enterprise Content Actions Rating Actions Web Control Content Actions Authorize List Hardening Content Actions Rating Actions Enable or Disable Event Tracking General (some settings) Web Control Options Multiple-instance policies Multiple-instance policies, also known as multi-slot policies, allow you to assign more than one policy instance to a client, resulting in one combined, effective policy. When migrating legacy policies to Endpoint Security, multiple-instance policies from one or more source policies are merged into one target policy for the respective policy type. Table 4-2 How multiple-instance policies are migrated Source product Source policies Target product module McAfee Host IPS General (Trusted Applications) SiteAdvisor Enterprise Prohibit List and Authorize List Content Actions Firewall Web Control Target policy Options (Trusted Applications) Block and Allow List Content Actions Migrating legacy policies to Threat Prevention This overview shows where migrated policy settings for McAfee VirusScan Enterprise 8.8 appear in Endpoint Security policies. McAfee Endpoint Security Migration Guide 27

28 4 How migration updates product settings Migrating legacy policies to Threat Prevention Migration notes for VirusScan Enterprise settings During the migration process to Endpoint Security 10.1, the Migration Assistant adjusts the migrated settings in your target policies to address differences between the legacy product and the new product. Therefore, some of the target policy settings don't match your legacy settings. See Appendix C, Changes to migrated settings, for details about settings that are removed, moved, renamed, or merged. Workstation and server settings In VirusScan Enterprise, policies include settings for servers and workstations. This is not the case for Threat Prevention policies. Therefore, you must specify to migrate either the workstation settings or the server settings. The default is Workstation. If you use automatic migration, you must select one type of settings for automatic migration, then migrate the other type of settings manually. 28 McAfee Endpoint Security Migration Guide

29 How migration updates product settings Migrating legacy policies to Threat Prevention 4 Quarantine folder The path for the quarantine folder is limited to 190 characters, but VirusScan Enterprise allowed 256 characters. During client migration, if the migrated quarantine folder path contains more than 190 characters, the path automatically reverts to the default location, <SYSTEM_DRIVE>\\Quarantine. Access Protection port-blocking rules Endpoint Security Firewall provides more advanced port-blocking capabilities than the predefined Access Protection rules for VirusScan Enterprise 8.8. Access Protection port-blocking rules, either predefined or user-defined, are not migrated. User-added inclusions and exclusions for predefined rules are also not migrated. To continue using one or more of the predefined Access Protection port-blocking rules, you can create Endpoint Security Firewall firewall rules to define the same behavior. See Appendix B, Creating Firewall rules to replace Access Protection port-blocking rules, for more information. If you created custom Access Protection port-blocking rules in VirusScan Enterprise, create Endpoint Security Firewall firewall rules to block those ports in Endpoint Security. Self Protection settings When you migrate Access Protection rules (except port-blocking rules): Self Protection settings move from the Access Protection policies to the Common Options policy. Self Protection is enabled by default, regardless of the legacy setting. User-defined exclusions configured for each legacy product module are migrated as global exclusions for Endpoint Security. User-defined exclusions for three predefined rules in the Common Standard Protection category are migrated as global Self Protection exclusions in the Common Prevent modification of McAfee files and settings Migrates to the Self Protection resource options for Files and folders and Registry. Prevent termination of McAfee processes Migrates to the Self Protection resource option for Processes. Prevent hooking of McAfee processes Migrates to the Self Protection resource option for Processes. McAfee recommends that you review your exclusions after migration, then revise or remove them as needed. We also recommend that you review exclusions configured for any third-party applications to access VirusScan Enterprise registry or file locations, because these locations have changed in Endpoint Security. Exploit Prevention (Buffer Overflow Protection) In Endpoint Security, Buffer Overflow Protection settings are renamed Exploit Prevention. After migration, the protection level for Exploit Prevention is set to the default Standard Protection, which detects and blocks only high-severity buffer overflow exploits identified in the Exploit Prevention content file and stops the detected threat. McAfee recommends that you use this setting for a limited time only, then review the log file during that time to determine whether to change to Maximum Protection. McAfee Endpoint Security Migration Guide 29

30 4 How migration updates product settings Migrating legacy policies to Threat Prevention Exclusions for root-level folders VirusScan Enterprise supports the exclusion of root-level folders if the path starts with wildcard characters such as "?" or '"/". No drive identifier is required. However, Threat Prevention does not support the same syntax for leading wildcard characters in exclusions. The Migration Assistant converts unsupported syntax by changing the leading characters to "**\". It makes the same conversions for exclusions in on-demand scans. If you plan to migrate root-level exclusions that include wildcard characters, McAfee recommends that you revise the legacy exclusions in VirusScan Enterprise to supported syntax, if needed. Supported exclusion patterns Threat Prevention supports the following exclusion patterns, and the Migration Assistant does not change them during migration: Environmental variables Patterns that begin with % (for example, %systemroot%\test\ ) UNC paths Patterns that begin with \\ (for example, \\Test ) Full paths Patterns that include an absolute drive designator (for example, C:\Test\ ) Patterns that begin with **\ Unsupported exclusion patterns For all other VirusScan Enterprise exclusion patterns, the Migration Assistant: Converts leading characters to **\. For example, converts these leading characters: \?:?:\ *\ *: *:\ Inserts **\ when there are no leading characters. For example, converts Test to **\Test Appends a backslash character to the exclusion pattern, if the Also Exclude Subfolders option is selected for an exclusion and the exclusion pattern doesn't end with a backslash ( \ ) character. With the **\ syntax, Threat Prevention excludes folders at more levels in the folder structure than VirusScan Enterprise does. McAfee recommends that you review the migrated exclusions and revise them, if needed, to duplicate the behavior of the legacy exclusions. See KB85746 for more information. The following table shows an example of how migrated exclusions are handled differently than exclusions in legacy products. 30 McAfee Endpoint Security Migration Guide

31 How migration updates product settings Migrating legacy policies to Endpoint Security Firewall 4 Table 4-3 How non-absolute root-level exclusions are handled Legacy exclusion \test\ or?:\test\ Excludes: \test\ folder at the root level on any drive. For example: c:\test\ d:\test\ z:\test Does not exclude: \test folder at levels other than the root level on any drive, such as: c:\lab\test\ d:\lab\project\test\ Migrated exclusion **\test\ Excludes: \test\ folder at the root or any other level on any drive. For example: c:\test\ d:\test\ z:\test c:\lab\test\ d:\lab\project \test\ To exclude only the \test folder at the root level, revise the migrated exclusion to specify an absolute path. For example: c:\test\ d:\test\ z:\test Migrating legacy policies to Endpoint Security Firewall This overview shows where migrated policy settings for the Firewall and General policy options from McAfee Host IPS appear in Endpoint Security policies. Only settings for the Firewall and General policies migrate to Endpoint Security. You can continue to manage McAfee Host Intrusion Prevention as a separate extension, with its remaining policy settings in effect. McAfee Endpoint Security Migration Guide 31

32 4 How migration updates product settings Migrating legacy policies to Endpoint Security Firewall Migration notes for McAfee Host IPS Firewall settings During the migration process to Endpoint Security 10.1, the Migration Assistant adjusts the migrated settings in your target policies to address differences between the legacy product and the new product. Therefore, some of the target policy settings don't match your legacy settings. Policy settings that are migrated Only settings from the Firewall and General policies that apply to the Endpoint Security Firewall are migrated: Firewall Status Firewall Rules General (Client UI) See Appendix C, Changes to migrated settings, for details about settings that are removed, moved, renamed, or merged. 32 McAfee Endpoint Security Migration Guide

33 How migration updates product settings Migrating legacy policies to Web Control 4 Multiple-instance policies Trusted Applications policies are multiple-instance policies. When you migrate them, they are merged into one target policy for the policy type. These changes occur when you migrate Trusted Applications policies: For all the source instances that have the McAfee Host IPS Firewall enabled, trusted executables are appended to the Trusted Executables list in the target Firewall Options policy. If there is a default policy (McAfee Default, My Default (unedited), or Typical Corporate Environment) in any instance of the source policies, the Migration Assistant adds Endpoint Security McAfee Default values to the Endpoint Security target policy. Firewall Status and Rules migration If Host Intrusion Prevention 8.0 is installed, you can migrate the Host IPS Firewall settings for use with Endpoint Security Firewall. You can then run McAfee Host IPS (without its Firewall) side by side with Endpoint Security Firewall. You don't need to migrate your settings for the Endpoint Security Firewall. You can continue to run the McAfee Host IPS Firewall after installing Endpoint Security. Whenever McAfee Host IPS Firewall is installed and enabled, Endpoint Security Firewall is disabled even if enabled in the policy settings. If you do choose to migrate your Host IPS Firewall settings, the Migration Assistant migrates the Firewall Status and Firewall Rules. Firewall Rules and Trusted Networks The Trusted Networks Trust for IPS setting in McAfee Host IPS does not correspond directly to a setting in Endpoint Security Firewall policies. Table 4-4 How trusted networks are migrated Product McAfee Host IPS Firewall Endpoint Security Firewall What you need to know How legacy feature works: IP addresses become "trusted" only after they are applied to firewall rules that "allow" them. How policy setting is migrated: IP addresses that were formerly listed under Trusted Networks Trust for IPS migrate as Defined Networks Not trusted. How new Defined Networks feature works: All traffic is allowed to Defined Networks that are labeled Trusted. Add IP addresses that you want to treat as trusted networks. How to configure migrated policy setting: Configure traffic to the IP addresses that were migrated as Not trusted by associating them with firewall rules in the Firewall Rules policy. See the Endpoint Security Firewall Help for more information. Migrating legacy policies to Web Control This overview shows where migrated policy settings for McAfee SiteAdvisor Enterprise 3.5 appear in Endpoint Security policies. McAfee Endpoint Security Migration Guide 33

34 4 How migration updates product settings Migrating legacy policies to Web Control Migration notes for SiteAdvisor Enterprise settings During the migration process to Endpoint Security 10.1, the Migration Assistant adjusts the migrated settings in your target policies to address differences between the legacy product and the new product. Therefore, some of the target policy settings don't match your legacy settings. See Appendix C, Changes to migrated settings, for details about settings that are removed, moved, renamed, or merged. Multiple-instance policies The Authorize List, Prohibit List, and Content Actions policies are multiple-instance policies. When you migrate them, multiple instances are merged into one target policy for each policy type. If any instance of a source policy is a default policy (My Default (unedited) or McAfee Default), the Endpoint Security McAfee Default instance is used for the target policy instead of merging. Block and Allow List All instances of SiteAdvisor Enterprise Authorize List and Prohibit List source policies are merged into one Endpoint Security Block and Allow List target policy. 34 McAfee Endpoint Security Migration Guide

35 How migration updates product settings Migrating legacy policies to Web Control 4 Each source policy instance has these settings: Track events and request information from the McAfee SiteAdvisor server Configure access to individual file downloads based on their rating Give this Authorize List precedence over the Prohibit List For each of these settings, if the value of the setting is the same for all instances of the source policies, the value is migrated. Otherwise, the target policy uses the Endpoint Security McAfee Default settings. Content Actions All instances of source policies that have the Enable Categorization option selected are evaluated during migration. When merging policies that have different actions defined for categories, the most stringent action from the Action for green column is applied to each category in the target policy. Actions specified for yellow, red, and unrated content are ignored when creating the target policy. For some special categories, both Action for green and Action for unrated columns are considered. For all instances of source policies where the Enable Categorization option is not selected, the option is deselected in the target policy. The Endpoint Security McAfee Default settings are added for all categories. McAfee Endpoint Security Migration Guide 35

36 4 How migration updates product settings Migrating legacy policies to Web Control 36 McAfee Endpoint Security Migration Guide

37 A Troubleshooting Use this information to resolve problems during the migration process. Error messages Error messages are displayed by programs when an unexpected condition occurs that can't be fixed by the program itself. Use this list to find an error message, an explanation of the condition, and any action you can take to correct it. Table A-1 Migration Assistant error messages Message Description Solution There are no products installed that can be migrated. An Endpoint Security Automatic Migration server task is running and must be completed before continuing. You can migrate only the settings that you have permission to view. You can't begin another migration until the server task is complete. Check your permissions and update them if needed. Wait until the server task is complete, then begin another migration. McAfee Endpoint Security Migration Guide 37

38 A Troubleshooting Error messages 38 McAfee Endpoint Security Migration Guide

39 B Creating Firewall rules to replace predefined Access Protection portblocking rules The Migration Assistant does not migrate predefined or user-defined Access Protection port-blocking rules from VirusScan Enterprise 8.8. However, you can create firewall rules in Endpoint Security Firewall that define behavior equivalent to the predefined VirusScan Enterprise port-blocking rules. VirusScan Enterprise 8.8 includes these four predefined port-blocking rules that are not migrated: AVO10: Prevent mass mailing worms from sending mail AVO11: Prevent IRC communication CW05: Prevent FTP communication CS06: Prevent HTTP communication Contents Create rule to prevent mass mailing worms from sending mail Create rule to prevent IRC communication Create rule to prevent FTP communication Create rule to prevent HTTP communication Create rule to prevent mass mailing worms from sending mail Use this task to create Endpoint Security 10.1 firewall rules that are equivalent to the predefined Access Protection rule AVO10 in VirusScan Enterprise 8.8. See the Endpoint Security Firewall Help for more information about creating firewall rules. Rule AVO10: Prevent mass mailing worms from sending mail Rule AVO10 G_030_AntiVirusOn { Description "Prevent mass mailing worms from sending mail" Process { Include * Exclude ${Default Client} ${DefaultBrowser} eudora.exe msimn.exe msn6.exe msnmsgr.exe neo20.exe nlnotes.exe outlook.exe pine.exe poco.exe thebat.exe thunde*.exe winpm-32.exe MAPISP32.exe VMIMB.EXE RESRCMON.EXE Owstimer.exe SPSNotific* WinMail.exe explorer.exe iexplore.exe firefox.exe mozilla.exe netscp.exe opera.exe msn6.exe $ {epotomcatdir}\\bin\\tomcat.exe ${epotomcatdir}\\bin\\tomcat5.exe ${epotomcatdir}\\bin\ \tomcat5w.exe ${epotomcatdir}\\bin\\tomcat7.exe inetinfo.exe amgrsrvc.exe ${epoapachedir}\ \bin\\apache.exe webproxy.exe msexcimc.exe Exclude ntaskldr.exe nsmtp.exe nrouter.exe agent.exe Exclude ebs.exe firesvc.exe modulewrapper* msksrvr.exe mskdetct.exe mailscan.exe rpcserv.exe Exclude mdaemon.exe worldclient.exe wspsrv.exe } Port OTU { Include 25 Include 587 } McAfee Endpoint Security Migration Guide 39

40 B Creating Firewall rules to replace predefined Access Protection port-blocking rules Create rule to prevent mass mailing worms from sending mail } You need to create two firewall rules to provide equivalent functionality to the VirusScan Enterprise 8.8 rule. Task For option definitions, click? in the interface. 1 In McAfee epo, select Menu Policy Policy Catalog, then select Endpoint Security Firewall from the Product list. 2 From the Category list, select Rules. 3 Click the name of the assigned Firewall Rules policy. 4 Click Add Rule, then configure a rule with the following settings. Action: Block Direction: Out To be effective, this rule must be positioned above any other rules that block or allow outgoing TCP traffic to remote ports 25 or 587. Network protocol: Any protocol Transport protocol: TCP Remote ports: 25 and 587 Applications: Add executables with the file name or path* set to the Exclude section in the AVO10 rule.** * Variable names ${Default Client}, ${DefaultBrowser}, ${epotomcatdir}, $ {epoapachedir} are not supported by Endpoint Security 10.1, so in order to add these executables, you need to add the executable file names associated with the desired default client, default browser, McAfee epo Tomcat Install directory before \bin\, and McAfee epo Apache Install directory before \bin\. ** Use single backslashes instead of double backslashes. 5 Click Save. 6 Click Add Rule, then configure a second rule directly below the rule you created in step 4: Action: Block Transport protocol: TCP Direction: Out Remote ports: 25 and 587 Network protocol: Any protocol 7 Click Save. This rule is created and enabled in Endpoint Security 10.1 for all managed systems where it is assigned. The AVO10 rule was disabled by default in VirusScan Enterprise 8.8, so the traffic was allowed. To achieve the VirusScan Enterprise default behavior in Endpoint Security, change the Block rule's Action to Allow. 40 McAfee Endpoint Security Migration Guide

41 Creating Firewall rules to replace predefined Access Protection port-blocking rules Create rule to prevent IRC communication B Create rule to prevent IRC communication Use this task to create an Endpoint Security 10.1 firewall rule that is equivalent to the predefined Access Protection rule AVO11 in VirusScan Enterprise 8.8. See the Endpoint Security Firewall Help for more information about creating firewall rules. Rule AVO10: Prevent mass mailing worms from sending mail Rule AVO11 G_030_AntiVirusOn { Description "Prevent IRC communication" Process { Include * } Port IOTU { Include } } Task For option definitions, click? in the interface. 1 In McAfee epo, select Menu Policy Policy Catalog, then select Endpoint Security Firewall from the Product list. 2 From the Category list, select Rules. 3 Click the name of the assigned Firewall Rules policy. 4 Click New Rule, then configure the following settings. Action: Block Transport protocol: TCP Direction: Either Local ports: Network protocol: Any protocol Remote ports: Click Save. This rule is created and enabled in Endpoint Security 10.1 for all managed systems where it is assigned. The AVO11 rule was disabled by default in VirusScan Enterprise 8.8, so IRC traffic was allowed. To achieve the VirusScan Enterprise default behavior in Endpoint Security, change the Block rule's Action to Allow. Create rule to prevent FTP communication Use this task to create Endpoint Security Firewall 10.1 firewall rules that are equivalent to the predefined Access Protection rule CW05 in VirusScan Enterprise 8.8. See the Endpoint Security Firewall Help for more information about creating firewall rules. Rule CW05: Prevent FTP communication Rule CW05 G_070_CommonOff { Description "Prevent FTP communication" Enforce 0 Report 0 Process { Include * Exclude ${DefaultBrowser} explorer.exe iexplore.exe firefox.exe mozilla.exe netscp.exe opera.exe msn6.exe ${epotomcatdir}\\bin\\tomcat.exe ${epotomcatdir}\\bin\ \tomcat5.exe ${epotomcatdir}\\bin\\tomcat5w.exe ${epotomcatdir}\\bin\\tomcat7.exe inetinfo.exe amgrsrvc.exe ${epoapachedir}\\bin\\apache.exe webproxy.exe msexcimc.exe McAfee Endpoint Security Migration Guide 41

42 B Creating Firewall rules to replace predefined Access Protection port-blocking rules Create rule to prevent FTP communication mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe mcscancheck.exe lucoms* luupdate.exe lsetup.exe idsinst.exe sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywa* boxinfo.exe Exclude pasys* google* Exclude alg.exe ftp.exe agentnt.exe } Port OTU { Include } } You need to create two firewall rules to provide equivalent functionality to the VirusScan Enterprise 8.8 rule. Task For option definitions, click? in the interface. 1 In McAfee epo, select Menu Policy Policy Catalog, then select Endpoint Security Firewall from the Product list. 2 From the Category list, select Rules. 3 Click the name of the assigned Firewall Rules policy. 4 Click Add Rule, then configure a rule with the following settings. Action: Allow Direction: Out To be effective, this rule must be positioned above any other rules that block or allow outgoing TCP traffic to remote ports 20 or 21. Network protocol: Any protocol Transport protocol: TCP Remote ports: 20 and 21 Applications: Add executables with the file name or path* set to the Exclude section in the VirusScan Enterprise rule above.** * Variable names ${Default Client}, ${DefaultBrowser}, ${epotomcatdir}, and$ {epoapachedir} are not supported by Endpoint Security Firewall To add these executables, you need to add the executable file names associated with the desired default client, default browser, McAfee epo Tomcat Install directory before \bin\, and McAfee epo Apache Install directory before \bin\. ** Use single backslashes instead of double backslashes. 5 Click Save. 6 Click Add Rule, then configure a second rule directly below the rule you created in step 4: Action: Block Transport protocol: TCP Direction: Out Remote ports: 20 and 21 Network protocol: Any protocol 7 Click Save. 42 McAfee Endpoint Security Migration Guide

43 Creating Firewall rules to replace predefined Access Protection port-blocking rules Create rule to prevent HTTP communication B This rule is created and enabled in Endpoint Security 10.1 for all managed systems where it is assigned. The CW05 rule was disabled by default in VirusScan Enterprise 8.8, so FTP traffic was allowed. To achieve the VirusScan Enterprise default behavior in Endpoint Security, change the Block rule's Action to Allow. Create rule to prevent HTTP communication Create Endpoint Security 10.1 firewall rules that are equivalent to the predefined Access Protection rule CW06 in VirusScan Enterprise 8.8. See the Endpoint Security Firewall Help for more information about creating firewall rules. Rule CW06: Prevent HTTP communication Rule CW06 G_070_CommonOff { Description "Prevent HTTP communication" Enforce 0 Report 0 Process { Include * Exclude ${DefaultBrowser} ${Default Client} explorer.exe iexplore.exe firefox.exe mozilla.exe netscp.exe opera.exe msn6.exe ${epotomcatdir}\\bin\\tomcat.exe $ {epotomcatdir}\\bin\\tomcat5.exe ${epotomcatdir}\\bin\\tomcat5w.exe ${epotomcatdir}\\bin\ \tomcat7.exe inetinfo.exe amgrsrvc.exe ${epoapachedir}\\bin\\apache.exe webproxy.exe msexcimc.exe mcscript* frameworks* naprdmgr.exe naprdmgr64.exe frminst.exe naimserv.exe framepkg.exe narepl32.exe updaterui.exe cmdagent.exe cleanup.exe mctray.exe udaterui.exe framepkg_upd.exe mue_inuse.exe setlicense.exe mcscancheck.exe eudora.exe msimn.exe msn6.exe msnmsgr.exe neo20.exe nlnotes.exe outlook.exe pine.exe poco.exe thebat.exe thunde*.exe winpm-32.exe MAPISP32.exe VMIMB.EXE RESRCMON.EXE Owstimer.exe SPSNotific* WinMail.exe msiexec.exe msi*.tmp setup.exe ikernel.exe setup*.exe?setup.exe??setup.exe???setup.exe _ins*._mp McAfeeHIP_Clie* InsFireTdi.exe update.exe uninstall.exe SAEuninstall.exe SAEDisable.exe Setup_SAE.exe Exclude lucoms* luupdate.exe lsetup.exe idsinst.exe sevinst.exe nv11esd.exe tsc.exe v3cfgu.exe ofcservice.exe earthagent.exe tmlisten.exe inodist.exe ilaunchr.exe ii_nt86.exe iv_nt86.exe cfgeng.exe f-secu* fspex.exe getdbhtp.exe fnrb32.exe "f-secure automa*" sucer.exe ahnun000.tmp supdate.exe autoup.exe pskmssvc.exe pavagent.exe dstest.exe paddsupd.exe pavsrv50.exe avtask.exe giantantispywa* boxinfo.exe Exclude alg.exe mobsync.exe waol.exe agentnt.exe svchost.exe runscheduled.exe pasys* google* backweb-* Exclude vmnat.exe devenv.exe windbg.exe jucheck.exe realplay.exe acrord32.exe acrobat.exe Exclude wfica32.exe mmc.exe mshta.exe dwwin.exe wmplayer.exe console.exe wuauclt.exe Exclude javaw.exe ccmexec.exe ntaskldr.exe winamp.exe realplay.exe quicktimeplaye* SiteAdv.exe McSACore.exe } Port OTU { Include 80 Include 443 } } Task For option definitions, click? in the interface. 1 In McAfee epo, select Menu Policy Policy Catalog, then select Endpoint Security Firewall from the Product list. 2 From the Category list, select Rules. 3 Click the name of the assigned Firewall Rules policy. McAfee Endpoint Security Migration Guide 43

44 B Creating Firewall rules to replace predefined Access Protection port-blocking rules Create rule to prevent HTTP communication 4 Click Add Rule, then configure a rule with the following settings. Action: Allow Direction: Out To be effective, this rule must be positioned above any other rules that block or allow outgoing TCP traffic to remote ports 80 or 443. Network protocol: Any protocol Transport protocol: TCP Remote ports: 80 and 443 Applications: Add executables with the file name or path* set to the Exclude section in the CW06 rule.** * Variable names ${Default Client}, ${DefaultBrowser}, ${epotomcatdir}, $ {epoapachedir} are not supported by Endpoint Security To add these executables, you need to add the executable file names associated with the desired default client, default browser, McAfee epo Tomcat Install directory before \bin\, and McAfee epo Apache Install directory before \bin\. ** Use single backslashes instead of double backslashes. 5 Click Save. 6 Click Add Rule, then configure a second rule directly below the rule you created in step 4: Action: Block Transport protocol: TCP Direction: Out Remote ports: 80 and 443 Network protocol: Any protocol 7 Click Save. This rule is created and enabled in Endpoint Security 10.1 for all managed systems where it is assigned. The CW06 rule was disabled by default in VirusScan Enterprise 8.8, so HTTP traffic was allowed. To achieve the VirusScan Enterprise default behavior in Endpoint Security, change the Block rule's Action to Allow. 44 McAfee Endpoint Security Migration Guide

45 C Changes to migrated settings Use this information to locate legacy policy and task settings after migrating to Endpoint Security Contents Changes to VirusScan Enterprise settings Changes to Firewall settings Changes to SiteAdvisor Enterprise settings Changes to VirusScan Enterprise settings As part of the migration process from VirusScan Enterprise 8.8 to Threat Prevention, some policies are removed, moved, renamed, or merged with other settings. Removed settings These VirusScan Enterprise settings are not migrated. Access Protection Policies Rules User-defined and predefined port-blocking rules, including user-defined inclusions and exclusions for predefined rules Rules that are added via content updates Anti-spyware Standard Protection: Protect Internet Explorer favorites and settings Anti-virus Standard Protection: Prevent mass mailing worms from sending mail Anti-virus Standard Protection: Prevent IRC communication Anti-virus Standard Protection: Prevent use of tftp.exe Anti-virus Maximum Protection: Protect cached files from password and address stealers Anti-virus Maximum Protection: Prevent svchost executing non-windows executables Anti-virus Maximum Protection: Protect phonebook files from password and address stealers Common Standard Protection: Prevent modification of McAfee Common Management Agent files and settings Common Standard Protection: Prevent modification of McAfee Scan Engine files and settings Common Standard Protection: Protect Mozilla & Firefox files and settings Common Standard Protection: Disable HCP URLs in Internet Explorer Common Maximum Protection: Prevent FTP communication McAfee Endpoint Security Migration Guide 45

46 C Changes to migrated settings Changes to VirusScan Enterprise settings Common Maximum Protection: Prevent HTTP communication Common Maximum Protection: Prevent programs registering as a service Virtual Machine Protection: Prevent modification of VMWare Server files and settings Virtual Machine Protection: Prevent modification of VMWare virtual machine files Virtual Machine Protection: Prevent modification of VMWare Workstation files and settings Virtual Machine Protection: Prevent Termination of VMWare Processes Alert Policies Alert Manager Alerts: Scan Alert Manager Alerts: AutoUpdate Alert Manager Alerts: Disable alerting Alert Manager Alerts: Enable centralized alerting Alert Manager Alerts: Enable Alert Manager alerting Additional Alerting Options: Send SNMP trap using SNMP service Buffer Overflow Protection Policies Buffer Overflow Protection: Show the messages dialog box when a buffer overflow is detected Buffer Overflow Protection: Module in Buffer overflow exclusions Reports: all settings General Options Policies Display Options: Show the system tray icon with all menu options Display Options: Show the system tray icon with minimal menu options Display Options: Do not show the system tray icon Display Options: Allow this system to make remote console connections to other systems Display Options: Disable default AutoUpdate task schedule Display Options: Enable splash screen Password Options: all settings Global Scan Settings: Enable saving scan data across reboots Global Scan Settings: Enable Artemis background queries On-Access Default Processes Policies Scan Items: Include files with no extension under Default + additional file types On-Access General Policies General: Floppy during shutdown ScriptScan: Process in ScriptScan exclusions Blocking: Send the specified message to the network user when a threat is detected Blocking: Message text settings 46 McAfee Endpoint Security Migration Guide

47 Changes to migrated settings Changes to VirusScan Enterprise settings C Blocking: Block the connection settings Messages: Remove messages from the list Messages: Clean files Messages: Delete files Reports: all settings On-Access High-Risk Processes Policies Scan Items: Include files with no extension under Default + additional file types On-Access Low-Risk Policies Scan Items: Include files with no extension under Default + additional file types On Delivery Scan Policies All settings Unwanted Programs Policies Scan Items: Select categories of unwanted programs to detect On-Demand Scan client tasks Scan Locations: Registry Scan Items: Include files with no extension under Default + additional file types Reports: all settings Task: Run this task on servers (migrated as part of task assignment) Task: Run this task on workstations (migrated as part of task assignment) Moved, renamed, and merged settings These VirusScan Enterprise settings are moved, renamed, or merged with other settings during migration. Table C-1 Access Protection Rules VirusScan Enterprise settings Anti-spyware Maximum Protection: Prevent execution of scripts from the Temp folder Anti-spyware Maximum Protection: Prevent installation of new CLSIDs, APPIDs and TYPELIBs Anti-spyware Maximum Protection: Prevent all programs from running files from the Temp folder Anti-virus Maximum Protection: Prevent alteration of all file extension registrations Anti-virus Outbreak Control: Block read and write access to all shares Anti-virus Outbreak Control: Make all shares read-only Anti-virus Standard Protection: Prevent user rights policies from being altered Endpoint Security settings Executing scripts by Windows script host (CScript.exe or Wscript.exe) from any temp folder Installing new CLSIDs, APPIDs, and TYPELIBs Running files from any temp folder Altering any file extension registrations Remotely accessing local files or folders Remotely creating or modifying files or folders Altering user rights policies McAfee Endpoint Security Migration Guide 47

48 C Changes to migrated settings Changes to VirusScan Enterprise settings Table C-1 Access Protection Rules (continued) VirusScan Enterprise settings Anti-virus Standard Protection: Prevent registry editor and Task Manager from being disabled Anti-virus Standard Protection: Prevent remote creation of autorun files Anti-virus Standard Protection: Prevent remote creation/modification of executable and configuration files Anti-virus Standard Protection: Prevent hijacking of.exe and other executable extensions Anti-virus Standard Protection: Prevent Windows Process spoofing Common Maximum Protection: Prevent creation of new executable files in the Program Files folder Common Maximum Protection: Prevent creation of new executable files in the Windows folder Common Maximum Protection: Prevent launching of files from the Downloaded Program Files folder Common Maximum Protection: Prevent programs registering to autorun Common Standard Protection: Prevent installation of Browser Helper Objects and Shell Extensions Common Standard Protection: Protect Internet Explorer settings Common Standard Protection: Protect network settings Common Standard Protection: Prevent common programs from running files from the Temp folder Endpoint Security settings Disabling Registry Editor and Task Manager Remotely creating autorun files Remotely creating or modifying files or folders and Remotely accessing local files or folders Hijacking.EXE and other executable extensions Modifying core Windows Processes Creating new executable files in the Program Files folder Creating new executable files in the Windows folder Internet Explorer launching files from the Downloaded Program Files folder Registering of programs to autorun Installing Browser Helper Objects or Shell Extensions Modifying Internet Explorer settings Modifying network settings Running files from the Temp folder by common programs Table C-2 Alert Policies VirusScan Enterprise settings Alert Manager Alerts: On-Access Scan and Additional Alerting Options:Severity Filter Alert Manager Alerts: On-Demand Scan and scheduled scans and Additional Alerting Options: Severity Filter Alert Manager Alerts: Access Protection and Additional Alerting Options: Severity Filter Additional Alerting Options: Log to local application event log Endpoint Security settings Common module, Threat Prevention events to log: On-Access Scan Common Threat Prevention events to log: On-Demand Scan Common Threat Prevention events to log: Access Protection Common Log events to Windows Application log 48 McAfee Endpoint Security Migration Guide

49 Changes to migrated settings Changes to VirusScan Enterprise settings C Table C-3 Buffer Overflow Protection Policies VirusScan Enterprise settings Warning mode Protection mode Threat Prevention settings Exploit Prevention policy: Action: Report Exploit Prevention policy: Action: Block Action: Report Table C-4 General Options Policies VirusScan Enterprise settings Display Options: Console language settings Display Options: Display managed tasks in the client console Global Scan Settings: Allow On-Demand Scans to utilize the scan cache Endpoint Security and Threat Prevention settings Common Client Interface Language Common Display managed custom tasks On-Demand Scan policy: Full Scan: Use the scan cache Quick Scan: Use the scan cache Right-Click Scan: Use the scan cache Table C-5 On-Access General Policies VirusScan Enterprise settings General: Processes on enable General: Enable on-access scanning when the policy is enforced Threat Prevention settings On-Access Scan policy: Scan processes on service startup and content update On-Access Scan policy: Enable On-Access Scan Table C-6 On-Access Default Processes Policies VirusScan Enterprise settings Scan Items: Find unknown unwanted programs and Trojans Scan Items: Find unknown macro threats Threat Prevention settings On-Access Scan policy: Additional scan options: Detect unknown program threats On-Access Scan policy: Additional scan options: Detect unknown macro threats McAfee Endpoint Security Migration Guide 49

50 C Changes to migrated settings Changes to VirusScan Enterprise settings Table C-7 On-Access High-Risk Processes Policies VirusScan Enterprise settings High Risk Processes: Processes Scan Items: Find unknown unwanted programs and Trojans Scan Items: Find unknown macro threats Threat Prevention settings On-Access Scan policy: Configure different settings for High Risk and Low Risk processes: Process On-Access Scan policy: Additional scan options: Detect unknown program threats On-Access Scan policy: Additional scan options: Detect unknown macro threats Table C-8 On-Access Low-Risk Processes Policies VirusScan Enterprise settings Low-Risk Processes Scan Items: Find unknown unwanted programs and Trojans Scan Items: Find unknown macro threats Threat Prevention settings On-Access Scan policy: Configure different settings for High Risk and Low Risk processes: Process On-Access Scan policy: Additional scan options: Detect unknown program threats On-Access Scan policy: Additional scan options: Detect unknown macro threats Table C-9 Quarantine Manager Policies VirusScan Enterprise settings Quarantine Directory Automatically delete quarantined data after the specified number of days and Number of days to keep backed-up data in the quarantine directory Threat Prevention settings Quarantine folder Specify the maximum number of days to keep quarantine data Table C-10 Unwanted Programs Policies VirusScan Enterprise settings Scan Items: Specify exclusions by detection name User-Defined Items Threat Prevention settings Detection Name Potentially Unwanted Program Detections Table C-11 On-Demand Scan client tasks VirusScan Enterprise settings Scan Locations: Include subfolders Scan Items: Find unknown program threats Threat Prevention settings Custom On-Demand Scan client task: Scan subfolders Custom On-Demand Scan client task: Detect unknown program threats 50 McAfee Endpoint Security Migration Guide

51 Changes to migrated settings Changes to Firewall settings C Table C-11 On-Demand Scan client tasks (continued) VirusScan Enterprise settings Scan Items: Find unknown macro threats Performance: Defer scan when using battery power Performance: Defer scan during presentations Performance: User may defer scheduled scans Performance: Defer at most hours Performance: System utilization Performance: Artemis: Sensitivity level Threat Prevention settings Custom On-Demand Scan client task: Detect unknown macro threats Custom On-Demand Scan client task: Do not scan when the system is on battery power Custom On-Demand Scan client task: Scan anytime: Do not scan when the system is in presentation mode Custom On-Demand Scan client task: Scan anytime: User can defer scans Custom On-Demand Scan client task: Scan anytime: User can defer scans: Maximum number of times user can defer for one hour Custom On-Demand Scan client task: Performance: System utilization Custom On-Demand Scan client task: McAfee GTI: Sensitivity level Changes to Firewall settings As part of the migration process from Host Intrusion Prevention 8.0 Firewall to Endpoint Security Firewall, these settings are removed, moved, renamed, or merged with other settings. Removed settings These Host Intrusion Prevention Firewall settings are not migrated. Host Intrusion Prevention 8:0:Firewall: Firewall Options Learn mode Host Intrusion Prevention 8:0:General: Client UI General Settings: Show tray icon General Settings: Flash tray icon General Settings: Play sound General Settings: Capture trace General Settings: Show this custom message General Settings: Allow user to notify administrator of false positives General Settings: SMTP server name General Settings: Send to Advanced Options: Product integrity check enabled McAfee Endpoint Security Migration Guide 51

52 C Changes to migrated settings Changes to Firewall settings Advanced Options: Manual creation of client rules (for all features) enabled Advanced Options: Administrator password to unlock the UI Advanced Options: Disabling features settings Advanced Options: Time-based password settings Troubleshooting: Activity log size Troubleshooting: IPS logging settings Troubleshooting: Enable IPS engines settings Host Intrusion Prevention 8:0:General: Trusted Applications Application name Mark trusted for IPS Notes Host Intrusion Prevention 8:0:General: Trusted Networks Trust for IPS Moved, renamed, and merged settings These Host Intrusion Prevention Firewall settings are moved, renamed, or merged with other settings during migration. Table C-12 Host Intrusion Prevention 8:0:Firewall: DNS Blocking Host Intrusion Prevention settings DNS Blocking: Blocked Domains Endpoint Security Firewall settings DNS Blocking: Domain name Table C-13 Host Intrusion Prevention 8:0:Firewall: Firewall Options Host Intrusion Prevention settings Firewall status: Enabled Firewall status: Adaptive mode Firewall status: Allow traffic for unsupported protocols Firewall status: Allow bridged traffic Firewall client rules: Retain existing client rules when this policy is enforced Endpoint Security Firewall settings Enable Firewall Tuning Options: Enable Adaptive mode Protection Options: Allow traffic for unsupported protocols Protection Options: Allow bridged traffic Tuning Options: Retain existing user added rules and Adaptive mode rules when this policy is enforced 52 McAfee Endpoint Security Migration Guide

53 Changes to migrated settings Changes to SiteAdvisor Enterprise settings C Table C-13 Host Intrusion Prevention 8:0:Firewall: Firewall Options (continued) Host Intrusion Prevention settings Startup Protection: Allow only outgoing traffic until the Host IPS service has started Protection options: Send events to epo for Trusted Source violations Endpoint Security Firewall settings Protection Options: Allow only outgoing traffic until firewall services have started McAfee GTI Network Reputation: Log matching traffic Table C-14 Host Intrusion Prevention 8:0:General: Client UI Host Intrusion Prevention settings Endpoint Security Firewall and Endpoint Security settings Display pop-up alert Tuning Options: Enable firewall intrusion alerts Client UI language setting Firewall logging Common Client Interface Language Common Debug Logging: Enable for Firewall Table C-15 Host Intrusion Prevention 8:0:General: Trusted Applications Host Intrusion Prevention settings Fingerprint Endpoint Security Firewall settings Trusted Executables: MD5 Hash Table C-16 Host Intrusion Prevention 8:0:General: Trusted Networks Host Intrusion Prevention settings Include local subnet automatically: Enabled Trusted networks Endpoint Security Firewall settings Defined Networks: Local subnet entry is added Defined Networks: Trusted Changes to SiteAdvisor Enterprise settings As part of the migration process from SiteAdvisor Enterprise 3.5 to Web Control, these settings are removed, moved, renamed, or merged with other settings. Removed settings These SiteAdvisor Enterprise settings are not migrated. Authorize List Block phishing pages McAfee Endpoint Security Migration Guide 53

54 C Changes to migrated settings Changes to SiteAdvisor Enterprise settings Enable/Disable SiteAdvisor menu option: Enable SiteAdvisor menu option: Only allow with password Enforcement Messaging Site: Allow message (all languages) Site: Enter explanation messages to display when users attempt to access sites you have configured content filtering actions for: Warn explanation (all languages) Authorize and Prohibit Lists: Allow message (all languages) Authorize and Prohibit Lists: Allow explanation (all languages) Zero Day Protection: Allow message (all languages) Event Tracking Domains and downloads: Track Capture logged-on user name in events General Action Enforcement: Allow Warn sites Action Enforcement: Enable Artemis scan Action Enforcement Private IP range: Enable Control Panel Option: Enable Hardening Self Protection: Protect SiteAdvisor resources: all settings Moved, renamed, and merged settings These SiteAdvisor Enterprise settings are moved, renamed, or merged with other settings during migration. Table C-17 Authorize List SiteAdvisor Enterprise settings Test Site Patterns Track events and request information from the SiteAdvisor server Give this Authorize list precedence over Prohibit lists Web Control settings Block and Allow List policy: Test Pattern button Block and Allow List policy: Enforce actions for file downloads based on their rating Log events for allowed sites configured in the Block and Allow List Block and Allow List policy: Enable allowed sites to take precedence over blocked sites 54 McAfee Endpoint Security Migration Guide

55 Changes to migrated settings Changes to SiteAdvisor Enterprise settings C Table C-18 Content Actions SiteAdvisor Enterprise settings Action for Green and Action for Unrated Phishing Web Control settings Content Actions policy: Block rating action Content Actions policy: Phishing web category Block phishing pages for all sites Table C-19 Enable/Disable SiteAdvisor Enterprise settings SiteAdvisor policy enforcement: Enable SiteAdvisor toolbar: Enable Web Control settings Enable Web Control Hide the toolbar on the client browser Table C-20 Enforcement Messaging SiteAdvisor Enterprise settings Site: Enter short messages (up to 50 characters) to display when users attempt to access sites you have configured actions for Site: Enter explanation messages (up to 1000 characters) to display when users attempt to access sites you have configured rating actions for Site: Enter explanation messages (up to 1000 characters) to display when users attempt to access sites you have configured content filtering actions for Site Resources: Enter short messages (up to 50 characters) to display when users attempt to download a file that is warned or blocked Site Resources: Enter a short message (up to 50 characters) to display when users attempt to access a blocked phishing page Authorize and Prohibit Lists: On Prohibit Lists Fail Close: Enter short messages (up to 50 characters) to display when users attempt to access sites you have configured actions for Fail Close: Enter explanation messages (up to 1000 characters) to display when users attempt to access sites you have configured rating actions for Web Control settings Enforcement Messaging policy: Site: Messages for sites blocked by Rating Actions Enforcement Messaging policy: Site: Explanations for sites blocked by Rating Actions Enforcement Messaging policy: Site: Explanation for sites blocked by Web Category Blocking Enforcement Messaging policy: Site Downloads: Messages for site downloads blocked by Rating Actions Enforcement Messaging policy: Block List: Message for sites blocked by Phishing Pages Enforcement Messaging policy: Site Downloads: Message for sites on the Block List Enforcement Messaging policy: McAfee GTI Unreachable: Message for sites blocked when McAfee GTI ratings server is not reachable Enforcement Messaging policy: McAfee GTI Unreachable: Explanation for sites blocked when McAfee GTI ratings server is not reachable McAfee Endpoint Security Migration Guide 55

56 C Changes to migrated settings Changes to SiteAdvisor Enterprise settings Table C-20 Enforcement Messaging (continued) SiteAdvisor Enterprise settings Zero Day Protection: Enter short messages (up to 50 characters) to display when users attempt to access sites you have configured actions for Zero Day Protection: Enter explanation messages (up to 1000 characters) to display when users attempt to access sites you have configured rating actions for Image Web Control settings Enforcement Messaging policy: Unverified Site Protection: Messages for sites not yet verified by McAfee GTI Enforcement Messaging policy: Unverified Site Protection: Explanations for sites not yet verified by McAfee GTI Enforcement Messaging policy: Image for Warn and Block Pages Table C-21 Event Tracking SiteAdvisor Enterprise settings Web Control settings Track content categories for all green sites Enable Web Control Page views and downloads: Track Content Security Reporter Configuration Send browser page views and downloads to Web Reporter Web Reporter configuration Table C-22 General SiteAdvisor Enterprise settings HTTP proxy server HTTP proxy authentication: Use authentication Block Malicious and Warn sites in an iframe Enable epo event tracking for iframe URL navigation Zero Day Protection: Level Fail Close: Enable Accept Warn action at domain level: Enable Observe mode: Enable Endpoint Security and Web Control settings Common Proxy Server for McAfee GTI Common Enable HTTP proxy authentication Enable HTML iframes support Log Web Control iframe events Apply this action to sites not yet verified by McAfee GTI Block sites by default if McAfee GTI ratings server is not reachable Allow warn action at domain level Enable Observe mode 56 McAfee Endpoint Security Migration Guide

57 Changes to migrated settings Changes to SiteAdvisor Enterprise settings C Table C-22 General (continued) SiteAdvisor Enterprise settings File download enforcement: Enable Artemis enforcement level Enable browser-based annotations Enable non-browser-based annotations Web gateway interlock: Enable Client is using one of your organization's default gateways Web gateway enforcement is detected Enter the DNS name for the Internal Landmark Secure Search: Enable Search Engine Block links to risky sites Endpoint Security and Web Control settings Enable file scanning for file downloads McAfee GTI sensitivity level Enable annotations in browser-based Enable annotations in non browser-based Stand down if a web gateway appliance is detected Use your organization's default gateway Detect web gateway enforcement Specify internal landmark to use and DNS name for internal landmark Enable Secure Search Set the default engine in supported browsers Block links to risky sites in search results Table C-23 Hardening SiteAdvisor Enterprise settings Protect SiteAdvisor browser plugin: Enable Web Control settings Prevent user from uninstalling or disabling browser plug-in Table C-24 Prohibit List SiteAdvisor Enterprise settings Test Site Patterns Web Control settings Block and Allow List policy: Test Pattern button McAfee Endpoint Security Migration Guide 57

58 C Changes to migrated settings Changes to SiteAdvisor Enterprise settings 58 McAfee Endpoint Security Migration Guide

59 Index A about this guide 5 Access Protection port-blocking rules not migrated 28, 39 Self Protection settings 28 assignments migrating 14 migration paths and 10 verifying migration 16 automatic migration Common Options policy 17 comparing to manual 10 how to migrate client tasks 14 how to migrate Host IPS Catalog 14 how to migrate policies 14 overview 13 repeat migrations 17 target policy names and notes 25 verifying migrated objects 16 B buffer overflow protection, See Exploit Prevention C checklist, pre-migration 11 client software, deployment 10 Client Task Catalog pre-migration review 11 verifying migration 16, 23 client tasks migrating assignments 14 migrating automatically 14 migrating manually 22 pre-migration review 11 repeat migrations 17, 23 verifying migration 16, 23 Common Options policy automatic migrations 17 repeat migrations 17 compatible products 7 conventions and icons used in this guide 5 D default settings in migrated policies 25 deployment, product 10 documentation audience for this guide 5 product-specific, finding 6 typographical conventions and icons 5 E Endpoint Security Client, deployment 10 Endpoint Security Firewall compatibility with Host IPS Firewall 32 creating port-blocking rules 28, 39, 41, 43 migration details 32 policies, migrated 31, 32 policies, migration changes 51 policies, multiple-instance 32 trusted networks 32 error messages 37 exclusions, root-level folders 28 Exploit Prevention, migrated settings 28 F Firewall, See Endpoint Security Firewall Firewall Catalog migrating 14 pre-migration review 11 repeat migrations 17 verifying migration 16 firewall rules, creating port-blocking rules 28, 39, 41, 43 H Host Intrusion Prevention changes to migrated Host Intrusion Prevention settings 32 compatibility with Endpoint Security Firewall 32 migrating Host IPS Catalog with policies 32 migration details 32 policies, migrated 31, 32 policies, migration changes 51 Host IPS Catalog migrating 14, 32 pre-migration review 11 repeat migrations 17 McAfee Endpoint Security Migration Guide 59

60 Index Host IPS Catalog (continued) verifying migration 16 I installation, Migration Assistant 12 L legacy products, supported 7 M managed systems, product deployment 10 manual migration comparing to automatic 10 how to migrate client tasks 22 how to migrate policies 20 overview 19 repeat migrations 23 target policy names and notes 25 verifying migrated objects 23 McAfee Agent, deployment 10 McAfee Default policy 25 McAfee ServicePortal, accessing 6 migration choosing automatic or manual 10 error messages 37 overview 9 overview, automatic 13 overview, manual 19 pre-migration tasks 11 repeat migrations 17, 23 supported legacy products 7 verifying migrated assignments 16 verifying migrated objects 16, 23 Migration Assistant automatic migration task 14 automatically migrating settings 14 installing 12 manually migrating client tasks 22 manually migrating policies 20 repeat migrations 17, 23 multi-slot policies, See multiple-instance policies multiple-instance policies 26, 34 O on-demand scan exclusions, root-level folders 28 overview automatic migration 13 manual migration 19 migration 9 product deployment 10 P policies changes, overview 8 default settings 25 merging 26 migrating assignments 14 migrating automatically 14 migrating manually 20 multiple-instance, migrating 26, 34 pre-migration review 11 repeat migrations 17, 23 server settings, VirusScan Enterprise 28 target policy names 25 target policy notes 25 verifying migration 16, 23 workstation settings, VirusScan Enterprise 28 policies, migrated changes to migrated Host Intrusion Prevention settings 32 changes to migrated SiteAdvisor Enterprise settings 34 changes to migrated VirusScan Enterprise settings 28 Endpoint Security Firewall 31, 51 Host Intrusion Prevention 31, 51 SiteAdvisor Enterprise 33, 53 Threat Prevention 27, 45 VirusScan Enterprise 27, 45 Web Control 33, 53 Policy Catalog pre-migration review 11 verifying migration 16, 23 policy mapping Endpoint Security Firewall 31, 51 Host Intrusion Prevention 31, 51 overview 8 SiteAdvisor Enterprise 33, 53 Threat Prevention 27, 45 VirusScan Enterprise 27, 45 Web Control 33, 53 port-blocking rules not migrated 28, 39 re-creating as firewall rules 39, 41, 43 pre-migration tasks 11 Q quarantine folder path 28 R requirements Migration Assistant, installing 12 pre-migration tasks 11 supported legacy products 7 S Self Protection, migrated settings 28 server and workstation settings, VirusScan Enterprise McAfee Endpoint Security Migration Guide

61 Index ServicePortal, finding product documentation 6 SiteAdvisor Enterprise migration details 34 policies, migrated 33, 34 policies, migration changes 53 T tasks, migrated Threat Prevention 45 VirusScan Enterprise 45 technical support, finding product information 6 Threat Prevention changes to migrated VirusScan Enterprise settings 28 exclusions, root-level folders 28 migration details 28 on-demand scan exclusions 28 policies, merged 28 policies, migrated 27, 28 policies, migration changes 45 quarantine folder path 28 Self Protection settings 28 tasks, migration changes 45 workstation and server policy settings 28 troubleshooting, error messages 37 V verification (continued) migrated objects 16, 23 Migration Assistant installation 12 VirusScan Enterprise Access Protection port-blocking rules not migrated 28, 39 buffer overflow protection 28 exclusions, root-level folders 28 migration details 28 on-demand scan exclusions 28 policies, migrated 27, 28 policies, migration changes 45 Self Protection settings 28 tasks, migration changes 45 workstation and server policy settings 28 W Web Control Block and Allow List 34 changes to migrated SiteAdvisor Enterprise settings 34 Content Actions 34 migration details 34 policies, merged 34 policies, migrated 33, 34 policies, migration changes 53 policies, multiple-instance 34 workstation and server settings, VirusScan Enterprise 28 verification migrated assignments 16 McAfee Endpoint Security Migration Guide 61

62 0-00