BEST PRACTICES GUIDE

Size: px
Start display at page:

Download "BEST PRACTICES GUIDE"

Transcription

1 MCAFEE APPLICATION CONTROL / CHANGE CONTROL BEST PRACTICES GUIDE Version December 2011

2 About This Guide The purpose of this guide is to provide best practices for initial usage of the three main Solidcore products, McAfee Application Control, McAfee Integrity Monitor & McAfee Change Control. Topics addressed in this document include: Pre-Installation Requirements and Guidelines (Setting up for Success) MAC/MCC Install and Initial Deployment MAC/MCC/MIM Use Cases for Evaluation Planning Policy and configuration guidance Dashboards and Reporting Post Evaluation Considerations Intended Audience This guide is intended to assist McAfee customers with the initial setup of McAfee Application Control, McAfee Change Control, and/or McAfee File Integrity Monitoring. Assumptions To successfully use this guide it is assumed that: A fully functional epo 4.6 infrastructure is available, including the required SQL database. Local or Domain Administrator credentials for the epo server, sa level credentials for the SQL database All installation packages have been downloaded.

3 Core Functionality McAfee Application Control / Whitelisting (MAC) Current Version 6.x McAfee Application Control can technically enforce control over system and application code to ensure that only authorized code can run; unauthorized cannot run (both via Dynamic Whitelisting); authorized code cannot be tampered with (via Application Control); and vulnerabilities in authorized code cannot be exploited (via Memory Protection). Application code not only includes traditional executables but also scripts and interpreted languages. Authorized updating mechanisms allow granular change control, so that, for example, Windows patches can be approved automatically, whereas changes to lockeddown applications will be prevented. Authorized updating can occur by opening an update window, authorizing a user or application to make changes. No file system scanning is required for this solution, so system performance overhead and resource constraint concerns are eliminated. In addition, Application Control also provides Image Deviation which compares all the code resident on a machine or group of machines to a Gold Master standard, and also compares all the code to McAfee s Global Threat Intelligence Blacklist in a cloud security data Please Note: Review the attached Matrix of supported operating systems (below) McAfee Integrity Monitoring (MIM) Current Version 6.x McAfee Real-time Integrity Monitoring can monitor changes update, delete, rename, move, copy operations on files, directories and registry keys, and track as they happen in real time. This even allows identification of transient changes (when a file is changed inappropriately, and then changed back). The monitoring includes rich information capture that records the user and the program that made the change, the object that was changed, and the exact time when the change was made. Please Note: Review the attached Matrix of supported operating systems (below) McAfee Change Control (MCC) Current Version 6.x McAfee Change Control can provide tamper-proofing by technically enforcing that no changes can be made to selected files, directories and registry keys, so that they cannot be modified in any way. In addition it tracks any authorized changes in real-time allowing automatic and accurate monitoring and reporting of actual changes. Protection is linked directly to policy, and changes are verified against the change source, time window, or approved change ticket. Changes that are attempted outside of policy on enabled servers are not allowed and logged. aplease Note: Review the attached Matrix of supported operating systems (below) Operating System Matrix Operating Systemsupport-matrix.pdf

4 Core Functionality Matrix Table 1 - Evaluation Description MAC MCC Scenarios -includes File Integrity Monitoring- Whitelist software & confirm unauthorized software is not permitted to run 1 - Application Control and Reporting Explore trusted update sources and mechanisms 2 - Trusted Updaters Image Deviation -Gold system image comparison- 3- Gold Image Configuration Comparison Monitor critical configuration files and registry for changes Protect critical configuration files from reading and writing and registry settings from writing 4 - File System and Registry Monitoring 5- File System and Registry Protection Manage systems locally and remotely epo Management

5 Helpful Guides : EPO 4.6 Product Guide : epo_460_product_g uide_en-us.pdf EPO 4.6 Installation Guide: epo_460_install_guid e_en-us.pdf EPO 4.6 Sizing Guide for McAfee Application Control / Change Control epo Database Sizing Estimation Guide for MAC_MCC_MIC.pdf McAfee Application Control Emergency back out procedure McAfee Application Control Emergency Backout Procedure.pdf McAfee Application Control / Change Control Stand alone to EPO managed instructions: McAfee Solidcore Agent Standalone to epo Managed.pdf

6 Getting Started with EPO 4.6 Summary of Initial setup tasks Initial Communication: (required) 01-: MFE: Create EPO Systems Tree Infrastructure 02-: MFE: Setup Communication between EPO and the McAfee Agent (Client). 03-: MFE: Install Application Control/ Change control Extension 04-: MFE: Check in Client Application Control/ Change control software packages Application / Change Control Initial Tasks : (required) 10-:SC: Deploy Application / Change Control software module 11:-SC: Enable Application / Change Control 12:-SC: Pull Inventory 13:-SC: Get Diagnostics for Programs

7 Initial Communication Setup : ( setup communication between EPO and client systems. EPO Setup System Tree: The System Tree groups represent a collection of systems. Deciding which systems to group together depends on the unique needs of your network and business. You can group systems based on machine-type (e.g. laptops, servers, desktops), geography (e.g. North America, Europe), political boundaries (e.g. Finance, Development), or any other criteria that supports your needs. Note: An efficient and well-organized System Tree can simplify maintenance. Many administrative, network, and political realities of each environment can affect how your System Tree is structured. Plan the organization of the System Tree before you build and populate it. Especially for a large network, you want to build the System Tree only once. Because every network is different and requires different policies and possibly different management McAfee recommends planning your System Tree before implementing the McAfee epo software. Regardless of the methods you choose to create and populate the System Tree, consider your environment while planning the System Tree.

8 2. Deploy the McAfee Agent to the identified systems and verify connectivity. Log in to EPO and navigate to Menu Systems System Tree. To add systems or subgroups to the system tree and click on the lower left of the EPO screen. From this form you may add systems and create the containers to organize your identified devices in the system tree. Note: Throughout this document, Identified systems is used to represent the devices in the system tree.

9 Options to deploy the McAfee Agent are : Options 1 and 2 Will deploy the agent by mapping a windows share (Credentials are required), copying the agent to the client and then executing the framepkg.exe to install the agent. This package will contain all pertinent information regarding the EPO to client connection. Option 4 Will create a deployable package (Credentials are optional). This package will contain all pertinent information regarding the EPO to client connection.

10 Verify Communication between the client and EPO Server : Install Application Control/ Change control Extension 3. Navigate to install the McAfee Solidcore Extension under MENU Software Extensions then click the button on the lower left of the form.

11 Add the licenses for your products : Licensing Options are : Change Control : To Activate the File Integrity Monitoring and Change Control functionality : Application Control Integrity Control: To Activate the combination suite of Application Control and Change Control to be used on POS, Manufacturing and ATM systems. Application Control: To Activate the Application Whitelisting protection coupled with memory protection. Reconciliation: To Activate the reconciliation functionality. (To be used with Remedy 7 exclusively) 4. Navigate to and click on the text on the left and the licenses:

12 Add the Solidcore Agent module to EPO : Navigate to Menu Software Master Repository Actions ****EPO Infrastructure Setup Completed****

13 Client McAfee Application/ Change Control Deployment Task : BEST PRACTICE TIP: create logical groups in the epo System Tree of machines that have Application Control/Change Control and deploy these tasks at a group level Setup a client task to deploy the McAfee Solidcore component to the identified systems. From the systems tree: 1.Navigate to the 2. Click on tab 3. Click on

14 5. Choose the Product : 6. Choose the task type: 7. Create the Task Name :

15 BEST PRACTICE TIP: Consider creating and using Tags to identify systems with Application Control/Change Control on them. This will assist with both administration and policy application 8. Choose your deployment time. (NOTE: most common method is to run immediately ) The options are : 9. Then to force a task completion

16 Verify that the Solidcore Client is installed :

17 McAfee Application /Change Control Enable Task : Enable McAfee Application Control / Change Control and ***Whitelist the System This task will set a flag in the software to enable (engage) whitelisting protection and/or Change Control with file integrity monitoring. It can also create the whitelist automatically if the application control option is selected. *** The Whitelisting functionality is only for use with the McAfee Application Control license. McAfee Change Control does not require a whitelist to function. Setup a client task to deploy the McAfee Solidcore component to the Identified systems : From the systems tree: 1.Navigate to the 2. Click on tab 3. Click on

18 Enable Options explained :

19 Name your task : BEST PRACTICE TIP: use a naming convention that relates to the product. (for example: SC: Enable, SC: Begin Update Mode ) Pick your version : and Earlier, or 6.0 and Later versions Pick your licensed Product: Initial Scan CPU throttle options: This option sets the process priority for the single scan that Application Control performs only once to build the initial whitelist. BEST PRACTICE TIP: for machines that are in Production mode use Low priority to ensure the least amount of impact from an I/O perspective especially if the machine cannot be rebooted. If the machine can be rebooted and you want the initial scan to occur as quickly as possible then set the priority to High. Activation Options : Application Control Only!!

20 Full Feature Mode: (requires an immediate reboot) Application whitelisting with Memory Protection. This will enable the full protection capabilities of Application Control following a forced reboot that will occur 5 minutes after the machine receives the task. BEST PRACTICE TIP: if at all possible use Full Feature Mode to ensure the highest level of security, especially if the machine does not have another Memory Protection mechanism such as is sometimes provided by Anti-Virus or HIPS software. Limited Feature Mode: (delayed reboot) Application Whitelisting without memory protection enabled until a reboot. Start in Observation Mode: This option is to start the system in learning mode. Use this functionality to identify updating mechanisms and sources of change. Policy suggestions will be provided by the epo console when the endpoint machine is in Observe Mode. BEST PRACTICE TIP: for all systems it is beneficial to use Observe Mode and put systems through a full functionality testing/production cycle after which the policy suggestions can be reviewed. ** BREAK OUT FURTHER *** Change Control Activation : (Does not require a reboot) Activation options are not available or needed while using activating Change Control

21 Environment Specific Configuration Best Practices: Using Change Control to monitor Trusted Directories When using a trusted directory policy mounted from a server, use Change Control on the server to monitor who/what/when/how files are modified in the trusted directory. This helps to prevent mis-use of the Trusted Directory policy Recommendations for POS Environments Comments regarding PCI compliance o Compensating control for AV requirement Configurations often required given use of 3 rd party outsourcers Issues with network bandwidth how to get effective information and security while not interrupting normal business operations Effective grouping of systems in epo for efficient management Recommendations for ATM Environments Configurations often required given use of 3 rd party outsourcers NCR/Diebold/Wincor specific recommendations Windows Embedded Systems The only catch you might encounter is the write filter. If it is enabled you will have problems managing SC via epo. This is due to the write filter (if configured to do so) protecting the registry

22 key where we store our configs. There is a work around that excludes the registry from being written to. Please add the path 'c:\windows\system32\config' to the exclusion list for FBWF/EWF. >fbwfmgr /addexclusion c:\windows\system32\config Reboot Advice on configuring & why to use features such as: Read Protection Anti-debugging Mon UAT Client Installation and Deployment Tasks Complete

23 Management : Application Control NOTE: Protection Functionality Recap : Application Control creates an inventory of all executables, scripts, drivers and dynamic link library files (.dll) via the initial scan and only allows that authorized code to execute. Once the whitelist is created nothing on the whitelist can be modified except by an authorized source, hence the requirement for updating mechanisms that are typically found using Observe Mode and built in profiles provided with Application Control. These mechanisms include processes, people or code that is given the authority to change the whitelist contents. Application Control gates all processes to ensure they are run off of disk (not purely in memory) and includes memory protection to protect against memory based attacks such as Buffer Overflows, Stack Exploits, etc. Developing Policies - Initial Policy questions to manage McAfee Application Control: How do you make change today (programs, tools, users and processes)? Do you have a formal change process? Do you (or could you easily) develop what constitutes authorized change vs. unauthorized change (one example could be: we don t want changes during production hours )? How do you make change (manual updates, automatic software, agent based push, etc.)? How homogeneous (or not) is the environment (number of system images)? Security Policies and Rule groups : Since Application control only allows execution of applications that are in the inventory it needs to allow permitted mechanisms to make software changes. The process of dynamically updating the whitelist is identified in Application Control Policy. In addition to updating mechanisms, applications that spawn new processes need to be identified as updaters as well. BEST PRACTICE TIP: All policies should utilize rule groups to manage policies. A Rule group is a categorization system of application updating mechanisms.

24 To manage policies navigate to the policy catalog.

25 Create a new Policy: BEST PRACTICE TIP: create new policies based on the Blank Template to ensure that only the updater mechanisms you want are configured as part of your policy. Label the policy utilizing best practice naming conventions:

26 BEST PRACTICE TIPS: 1. Create policies for groups of similar machines (i.e. policies for Domain Controllers, policies for Oracle Servers, etc) 2. Machines can have multiple policies so consider having more granular policies rather than one large policy with many rule entities 3. Consider carefully the impact of a policy type some policies are more loose or restrictive than others. The following table outlines the relative degree of restriction of each element a policy could have: Updater Method Level of Restriction Business Use Case Notes Update Window Low Emergency Changes to system(s) Two epo Client Tasks One to Open and one to Close Trusted Users Low Help desk user ability to remotely login for break fix, administration of systems that are geographically distant

27 Updater Method Level of Restriction Business Use Case Notes Publishers Medium Customer can be their own CA and allow only their code to update a system regardless of how the code enters the system, or use signed code from a vendor. More flexibility than a hashed Installer Authorized Updater Program High Update Existing Whitelisted Applications based on a program that can make change Most common updating method Binary High Allow or block program execution based on name or hash. Allow Scripts created on dynamically, i.e. by end of day/closing process on a kiosk for back office reporting Block - block installed programs that shouldn t run, i.e. itunes OR reduce the risk exposure of a server of admin tool misuse, i.e. ban net.exe, msconfig.exe, runas.exe, netstat.exe, etc. Used to control execution, not change on a system Installers High A non whitelisted standalone executable that is identified by hash to install applications on a controlled system Useful for software distribution based on approved applications Trusted Directory High Printer drivers on remote share, corporate approved applications on share, start-up scripts Easier to manage than hash or cert, but not as secure 4. Application Control will not allow code to be run in temporary directories (i.e. C:\temp). To allow code that exists in these directories to run you may need to create a Binary Allow policy specifically for the executable name or hash 5. When using Updaters (i.e. specific application processes that will be allowed to modify the whitelist) consider the implications of using full path names vs. just the name of the executable itself. For example, when creating an updater for Firefox if you specify that Firefox.exe is an authorized updater, then any version of Firefox currently on the machine could make updates (i.e. if both C:\Firefox.exe and C:\Program Files\Firefox.exe, exist they are both updaters). Consequently if you specify in the Updater field C:\Program Files\Firefox.exe then only that instance of Firefox will be an updater. 6. Updater mechanisms, regardless of whether it s a Updater, Trusted User, Publisher etc. are global. It is not possible to specify that a particular application can only modify a specific set of code.

28 7. When you create an Updater type of policy you are authorizing a specific process on the machine to be allowed to make changes to existing code and add new code to the whitelist. If the process is running when you create the policy and assign it updater privileges it will NOT inherit those rights until the process is restarted. 8. Consider using Installers policies rather than Trusted Directory policies. Installer policies are based on the name of the installer package (e.g. an MSI program installer) or it s binary hash. Because it is more specific an Installer policy is more secure than a Trusted Directory policy The Application Control Policy Explained: = A rule group is a categorization system the will assist with policy management. Rule groups include updaters, binary, trusted users, publishers and installers. Best Practices : are to utilize rule groups in policies as opposed to adding updaters to the policy itself. Rule Groups are created at :

29 = A mechanism to allow updates automatically.these whitelisted applications are permitted to update the system. It is the plumbing for Client/Server updating mechanisms. Example: SCCM Server: Update Update CLIENT: ccmexec.exe Update Typical examples are: Software provisioning systems that download install and run new code, e.g., Microsoft SCCM, Microsoft SUS, Tivoli, Altiris, custom scripts. Self-updating applications, e.g. Anti-virus, Adobe Acrobat, Google Update. Applications that create executable code at run time, e.g., anti-virus, custom applications. Applications that write to existing system or application code on disk (binaries, DLL s, scripts etc), e.g., backup agents, anti-virus. =Explicitly allows a binary to run. It will also give the ability to ban or blacklist applications. =A trusted user has the ability to dynamically update the whitelist while logged into a system. This privileged user can install and uninstall software. ( User must also have windows domain or local admin rights). = A trusted publisher is a digitally signed software application. McAfee Application Control can traverse software directories and extract these certificates. To identify Publishers :Navigate to :

30 Extract the certificates from the signed applications.

31

32 Add the publishers to the Application Control Policy: Pick the publisher to apply to the policy:

33 Save the policy: = Application installer identified by its checksum (SHA1) hash that is allowed to install or update software. When a program (or an installer) is configured as an authorized installer, it gets both the attributes - authorized binary and updater. Hence, regardless of whether the installer was originally present on the endpoint or not, it is allowed to execute and update software on the endpoint. To identify Installers :Navigate to :

34 NOTE : Use the embedded application Hashtab to extract the sha1 hash value of the desired installer. Determine you application and collect the hash value :

35 Define the Installer:

36 Now apply the installer to your policy:

37 = Some applications (as part of their day-to-day processing) run code in this way and hence are prevented from running. To allow such applications to run, define appropriate bypass rules. Note that a bypassed file or application is no longer considered by the memoryprotection features of Application Control. Bypassing a file should be the last-resort to allow an application to run and should be used wisely. Note: Memory Protection Components: MP-CASP (32-bit) and MP-NX (64-bit Best Practice tip: For software such as PSEXEC and DameWare you will need an exception.

38 What are Attributes? See Appendix A for Memory trouble Shooting Always authorized attribute- This memory attribute allows the user to configure a supported file as always authorized to execute. A File configured under this attribute will be allowed to execute whether whitelisted or not. Bypassed from memory control attribute -This attribute allows user to configure a process to run bypassed from MP-mangling and MP-decoying. This is one of the memory protection technique provided by application control but it is disabled by default. Bypassed from Critical Address Space Protection attribute-critical Address Space Protection is the latest and most effective memory protection technique provided by Application Control. It is enabled by default. This attribute configures a process to run bypassed from MP-CASP. Bypassed from process stack randomization attribute This bypass is an attribute under MP-VASR protection which is enabled only on special request from customer. Rebase DLL attribute- Change the base address of a DLL. The technique which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space Bypassed from DLL relocation attribute- A DLL configured bypassed from DLL relocation provided by MP-VASR. This attribute is part of the VASR memory protection technique. This feature is disabled by default as CASP is enabled. Full crawl attribute This memory attribute belongs to MP-mangling and MP-decoying memory protection. This feature is disabled by default. Crawling is the process by which a system accesses and parses content and its properties, sometimes called metadata, to build a content index from which search queries can be served. Bypassed from installer detection- -Belongs to PKG-CTRL feature which tracks for the installation and un-installation of MSI based packages. Any installer name that is bypassed from installer detection is configured to be bypassed from installer detection functionality. Always unauthorized attribute- A Binary/script configured that is blocked from execution even if whitelisted. Process Context registry bypass- Application Control will not track any registry operations for the process configured under this attribute. All the registry operations in context of the configured process will be bypassed from Application Control. Bypassed from DEP- DEP is the Data Execution Prevention. It is a Memory protection technique MP-NX, provided by Application Control for 64 bit machines. Memory protection check will not apply on the process configured as Bypassed from DEP. MP-CASP and MP- NX

39 =A shared folder on the internal network or a local defined path on every system where installers for authorized and licensed applications are kept. Such network shares are within the security perimeter, they are known.this policy allowsall users to run any software present on a Trusted Directory identified by its UNC pathname Best Practice tip : Windows group policy needs to have a trusted directory defined to allow login scripts. Example: \\contoso.com\sysvol \\contoso.com\netlogon = Refers to event filtering. Advanced filters are used to exclude changes by using combination of conditions. Advanced exclusion filters are typically used to prune routine system-generated change events that are not relevant for your monitoring or auditing needs. Example: This policy example below will exclude events by the file c:\logs\web.log with the event of File Modified and using the program equals Apache.exe and the user equals system. Best Practice tip: Use this to filter common approved day to day events that do not provide useful information.

40 Managing the inventory By creating an inventory with McAfee Application Control you now have the ability manage your whitelist. The software inventory from an endpoint contains information about the executable binaries, drivers, dll files, script files that reside on each endpoint. The information stored in the inventory metadata includes the complete file name, file size, SHA1 checksum, file type, embedded application name and version. The software inventory metadata information can be imported and managed via the McAfee epo console. You can manage the whitelist with tasks that include: allow or ban specific binary files, inspect application or binary file reputation with the McAfee Global Threat Intelligence Cloud, and also compare the endpoint inventory with a gold system to view image deviation. Contents Fetching the inventory Interpreting the inventory Managing the inventory Comparing the inventory Retrieving the inventory metadata Application Control provides multiple methods to help you fetch the software inventory for an endpoint. 1 Use the SC: Enable client task to fetch the inventory for endpoints when you place the endpoints in Enabled mode. For more information, see the Enabling Application Control section. Use the Fetch Inventory link on the Menu Application Control Inventory Inventory

41 By Systems page to fetch the inventory for selected endpoints. Use the Fetch Inventory action for a selected endpoint on Menu Systems System Tree Systems page to fetch the inventory for an endpoint. 4 Using the SC: Pull Inventory client task you can fetch the inventory for one or more endpoints. NOTE: Application Control also allows you to import inventory details for endpoints not connected to the McAfee epo console. Execute the sadmin ls -lax > <XML file name> command on the

42 endpoint using the CLI to generate an XML file with inventory details. On the McAfee epo console, select the endpoint on the Menu Systems System Tree Systems page and click Actions Import Inventory. The inventory for the selected endpoint is updated based on the inventory details included in the XML file. GTI Integration to interrogate the inventory Application Control software is integrated with the McAfee Global Threat Intelligence (GTI) file reputation service. For each binary file, GTI can indicate if the file is a good, bad, or unknown. Based on reputation information retrieved from GTI, the application and binary files in the inventory are sorted into Good, Bad, and Unclassified categories. GTI Trust Levels - Indicates the reliability or credibility of each binary. The assigned value ranges between 1 to 5. A value of 1 or 2 represents known bad files, such as Trojan, virus, and pup files. A value of 3 GTI Trust Score indicates an Unclassified file. A value between 4 or 5 represents known and trusted good files. GTI Value Description 5 Known Clean 4 Assumed Clean 3 Unknown 2 Suspicious 1 Malicious

43 In addition to the above values, Application Control also tracks the Enterprise Trust Level value for each binary file. By default, the enterprise trust level for a file is the same as the cloud trust level. When edited, the enterprise trust level for a file overrides the cloud trust level for the file. Note: An Unclassified application is unknown because it may be specific to your organization. However, you can categorize it as a Good file by editing the enterprise trust level. To edit the enterprise trust level for a file, select the file and select Actions Change Enterprise Trust Level.

44 Software Inventory Actions 1 Select Menu Application Control Inventory. Available Tasks All Ban Binaries Allowed Bad Binaries Allowed Unclassified Signed Binaries Allowed Unclassified Unsigned Binaries Banned Good Binaries Review the binary files. When you view files sorted by applications or vendors, the Applications or Vendors pane is displayed. The pane provides a tree structure to help you navigate and view the files under each category. Select a node in the tree to review associated binary files in the Binaries pane. For all other views, only the Binaries pane is displayed. For each file, the Binaries pane lists the name, version, trust score, trust level (cloud and enterprise), allowed system count, and banned system count. View binary details. a Click a binary file. The Binary Details page displays. b Click the cloud trust score to view the details fetched from the GTI server for the binary file. c Review the endpoints listed in the System for this Binary pane. d Click View Events for an endpoint to view events generated for the endpoint. e Click Ban to ban the binary file from an endpoint. f Click Close.

45 Comparing the inventory Image deviation is used to compare the inventory of an endpoint with the inventory that is fetched from a designated gold system. This helps you to track the inventory present on an endpoint and identify any differences that occur. To accomplish this, complete the following steps. 1 Fetch the inventory for your gold host. For detailed information, see the Fetching the inventory section. 2 Fetch the inventory for the endpoint. For detailed information, see the Fetching the inventory section. 3 Review the Menu Automation Solidcore Client Task Log page to ensure that both client tasks completed successfully. 4 Compare the inventory of gold host with the inventory of the endpoint. This is known as Image Deviation. 5 Review the comparison results.

46 Running the inventory comparison Use this task to compare the inventory of the gold host with the inventory of an endpoint. Before you begin Make sure that you have recently fetched the inventory for the gold host and endpoint. Task Select Menu Automation Server Tasks. Click New Task.

47 The Server Task Builder wizard opens. 3 Type the task name and click Next. 4 Select Solidcore: Run Image Deviation from the Actions drop-down list. 5 Specify the gold system. 6 Configure these options to select the endpoint to compare with the gold system. System to compare with Gold System Click Add to search for the endpoint that you want to compare with the gold system. Type the name of the endpoint in the System Name field and click Search. Groups to compare with Gold System Click Add to search for the group that you want to compare with the gold system. Type the name of the group in the Group Name field and click Search. Include Systems with Tags Click Add to search for endpoints based on their tag names. Type the tag name in the Tag Name field and click Search. Exclude Systems with Tags Click Add to search for endpoints based on their tag names. Type the tag name in the Tag Name field and click Search. Select the required tag from the search result. All endpoints with the selected tags are excluded from comparison with the gold system.

48 Click Next. The Schedule page appears. Specify the schedule for the task. Click Next. The Summary page appears. Review the task summary and click Save. Run the server task immediately to instantly review the comparison results. Reviewing the comparison results Use this task to review the results of inventory comparison (image deviation). 1 Select Menu Application Control Image Deviation. 2 Locate the comparison of the gold host and endpoint. To quickly find the corresponding row, enter the endpoint name in the Search Target System field and click Search. 3 Click Show Deviations. 4 Review the comparison details. Select the view type. You can organize the results based on applications or binary files. Use the available filters to sort the results. Using the filters, you can view new (added), modified, and removed (missing) files. Use the Execution Allowed Mismatch filter to view files with changes to the execution status. Use the path filter to sort the results based on the file path.

49

50 McAfee Change Control Explained : NOTE: Please use the embedded document below to prepare your servers for the amount of data disk required. epo Database Sizing Estimation Guide for MAC_MCC_MIC.pdf Change control is comprised of two components 1. File Integrity Monitoring 2. Change configuration protection File Integrity Monitoring will monitor changes to the file system, registry, and user accounts. It maintains a comprehensive and up-to-date database (on McAfee epolicy Orchestrator ) that logs all attempts to modify files, registry keys, and local user accounts. File Integrity provides the following information: 1. Who made the change 2. When the change was made ( time stamp in real time) 3. What program was used to make the change 4. Where the change was made ( what system ) 5. How the change was made. 6. If the change was made by an approved change process

51 Event Example : The Event Components Explained : Agent GUID Unique assigned id from EPO Event Display Name - What Action took place Event File Name What file or registry key was effected Event Generated Time- Timestamp of the change ( in real time) Event Id EPO generated id of the change Event Name- What action took place ( same as Event display Name) Event Seq Number Generated by an Updater If the change was made by an approved change application Generated in an Update Window If the change took place in in authorized change window Object Name What was effected Performed by- What user performed this change Program Name- What program was used to make the change Reconciliation Status- ( Additional Optional License Needed) Will report if the change was reconciled to your BMC Remedy change ticketing system Reconciliation Ticket- ( Additional Optional License Needed) Ticket number assigned by BMC Remedy Severity- System Name- What system the change took place on User Name- Who performed the change Workflow ID Notification of what updater was used to make the change

52 What is being Tracked? Below is a table of tracked items: Files and Folders: File creation File modification (file contents and attributes, such as permissions or owner) File deletion File rename Stream creation Stream modification Stream deletion Registry key Registry key creation Registry key modification Registry key deletion User account User account creation User account modification User account deletion User log on User log off Managing McAfee Change Control Change configuration Protection ( Change Control) -provides protection to identified critical configuration files and the registry: 1. Write protection of critical configuration files 2. Read protection of critical files. If read protection is enabled then the files cannot be copied off of the system 3. Write protection of critical registry keys NOTE: trusted programs or users can be defined to allow updates to protected files and registry keys. NOTE: This is a user defined policy and has no pre-defined protection rules. This was created by design.

53 NOTE: Read Protection is disabled by default. To activate this functionality a client task must be run against the identified systems

54 Change Content Management : Navigate to the McAfee File Integrity policy: Identify the file you want to track :

55 View the results from the events: Appendix A. Solving Memory Discrepancies Identifying bypass candidates for MP-CASP and MP-NX Issue: System performance decreases or application does not work properly with Solidifier and MP enabled. Resolution: Disable the memory protection feature and check the behavior after MP-CASP (32-bit) and MP-NX (64-bit) disabled.

56 If issue is not observed with MP disabled: Run sadmin loglevel enable pst info. Check the issue with MP-disabled. Enable MP Reproduce the issue Run sadmin loglevel disable pst info. Run gatherinfo.bat and collect the logs for analysis

57 sadmin loglevel enable pst info enabled the more informative logging for process tracking module of solidifier. Solidcore logs starts recording the process creation, DLL loading and termination to let the analyzer know about the life of a process like when it is created or terminated. Extract the Application Control logs from gatherinfo.bat and compare the logs for MP disabled versus MP enabled. Scan and compare each process and the operations happening in its context. Check for any differences between MP disabled and MP enabled states like any process terminating abruptly, DLL loading failed, process taking more time to complete its operations etc, with MP-enabled. Look for any erroneous condition recorded or logs marked with ERROR or WARNING. It is relatively easy to identify the process if certain application is not running over system wide impact as the focus is limited to the processes running or launched in context of that application. But many a times bypassing application processes does not help as there may be some windows process or compiler dependency etc involved. In cases where MP is causing a system wide impact like system hang, performance degraded, area of focus broadens to all processes and logs recorded. Analyzer should try to zero down the condition that may be leading to the issue. For e.g, any continuously running service is hung, backup process is failing etc. Once the analyzer probes out such conditions and suspects a process to be culprit, the process needs to be configured under relevant MP bypass attribute and check the issue again. Make sure that the process gets re-launched to make the configurations effective. Above mentioned allows the user to perform a first level analysis of the MP related issues. But these are not very straight forward to track down. In many cases, code analysis needs to be done in close mapping with the logs. Analyzer has to be extra cautious while bypassing the process from MP as it may open a security hole. It is highly recommended that system or any critical processes are not bypassed without discussing with McAfee.

58

59 Appendix B. Emergency Back out Procedure McAfee Application Control/ Change Control Emergency Back Out Procedure Boot Windows into Safe Mode : Navigate to HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services swin Parameters

60 Navigate to Parameters: Edit the RTEModeonReboot and change the value from 1 to 0

61 NOTE: Values: 0 = Disable, 1 = Enable, 2 = Update Mode

62 Appendix B: NON-EPO Manual Application Control Install Environment Microsoft Windows (all supported versions) Summary The document provide steps to connect Solidicore to epo when deployed using third party tools. Solution Step 1 - Deploy the McAfee Agent and modify the registry for epo management Deploy the Common Management Agent (CMA) or McAfee Agent to the system that hosts Solidifier. Use Remote Desktop to access the Solidifier system and log in with an Administrator account. Click Start, Run, type regedit, and click OK. Navigate to the registry key below: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swin\Parameters Right click Parameters and select New, DWORD value. Name the new value IsSystemControllerEPO. Right click the IsSystemControllerEPO value and select Modify. Click the Decimal radio button and change the Value data to 1. Click OK. Step 2 - Copy scormapl.dll to the S3 directory Click Start, Programs, McAfee, Solidifier, McAfee Solidifier Command Line. Execute sadmin lockdown. Navigate to the folder that contains SOLIDCOR<version_number>-<build_number>_WIN.zip. Extract scormapl.dll.x86 to the C:\Program Files\Solidcore\S3 directory.

63 Rename scormapl.dll.x86 to scormapl.dll. Step 3 - Modify the Solidifier Application Plugin registry key Click Start, Run, type regedit, and click OK. Navigate to the registry key below: HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\SOLIDCOR5000_WIN 1. Add the appropriate string values below: String name Value data Version <version_number.<build_number> Plugin Path C:\Program Files\Solidcore\S3\scormapl.dll Software ID SOLIDCOR5000_WIN Product Name McAfee Solidifier Language 0000 Step 4 - For 64-bit systems, use link_na_reg.exe to link the 64-bit and 32-bit versions of the epo registry entries Navigate to the directory that contains SOLIDCOR<version_number>-<build_number>_WIN.zip. Extract link_na_reg.exe from the.zip file. Click Start, Run, type cmd, and click OK. Change directory to the location of extracted link_na_reg.exe.

64 Type the command below and press ENTER: link_na_reg.exe" /s "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Network Associates" "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates" Send an agent wakeup call (with get full properties) from epo. Appendix D: Configuring a syslog server You can access additional servers by registering them with your McAfee epo server. Registered servers allow you to integrate your software with other external servers. Use this task to add the syslog server as a registered server and send information (responses or Solidcore events) to the syslog server. Task For option definitions, click? in the interface. 1 Add the syslog server as a registered server.

65 a Select Registered Servers and click New Server. The Registered Server Builder wizard opens. b Select Solidcore Syslog Sever from the Server type list.

66 c Specify the server name, add any notes, and click Next. d Optionally, modify the syslog server port (McAfee epo 4.6 only). NOTE: If you are using McAfee epo 4.5, the default port (514) is used. You cannot alter the port when using McAfee epo 4.5. e Enter the server address. You can choose to specify the DNS name, IPV4 address, or IPv6 address. f Select the type of logs the server is configured to receive by selecting a value from the Syslog Facility list. g Click Test Syslog send to verify the connection to the server. h Click Save. You can choose to send specific responses to the syslog server (complete step 2) or use

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course The McAfee University Application Control / Change Control Administration course enables

More information

McAfee Solidcore 5.1.0 Product Guide

McAfee Solidcore 5.1.0 Product Guide McAfee Solidcore 5.1.0 Product Guide COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or

More information

About this release. McAfee Application Control and Change Control 6.1.1. Addendum. Content change tracking. Configure content change tracking rule

About this release. McAfee Application Control and Change Control 6.1.1. Addendum. Content change tracking. Configure content change tracking rule Addendum McAfee Application Control and Change Control 6.1.1 About this release For use with epolicy Orchestrator 4.6 5.0 Software This document is an addendum to the McAfee Change Control and Application

More information

McAfee VirusScan Enterprise for Linux 1.7.0 Software

McAfee VirusScan Enterprise for Linux 1.7.0 Software Configuration Guide McAfee VirusScan Enterprise for Linux 1.7.0 Software For use with epolicy Orchestrator 4.5.0 and 4.6.0 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication

More information

McAfee DAT Reputation Implementation Guide. Version 1.0 for Enterprise

McAfee DAT Reputation Implementation Guide. Version 1.0 for Enterprise McAfee DAT Reputation Implementation Guide Version 1.0 for Enterprise McAfee DAT Reputation... 2 What is McAfee DAT Reputation?... 2 Rollout phases: Elective Download, AutoUpdate & AutoEnable... 3 DAT

More information

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work. Deployment Guide Revision C McAfee Web Protection Hybrid Introduction Web Protection provides the licenses and software for you to deploy Web Gateway, SaaS Web Protection, or a hybrid deployment using

More information

POC Installation Guide for McAfee EEFF v4.1.x using McAfee epo 4.6. New Deployments Only Windows Deployment

POC Installation Guide for McAfee EEFF v4.1.x using McAfee epo 4.6. New Deployments Only Windows Deployment POC Installation Guide for McAfee EEFF v4.1.x using McAfee epo 4.6 New Deployments Only Windows Deployment 1 Table of Contents 1 Introduction 4 1.1 System requirements 4 1.2 High level process 5 1.3 Troubleshooting

More information

EVENT LOG MANAGEMENT...

EVENT LOG MANAGEMENT... Event Log Management EVENT LOG MANAGEMENT... 1 Overview... 1 Application Event Logs... 3 Security Event Logs... 3 System Event Logs... 3 Other Event Logs... 4 Windows Update Event Logs... 6 Syslog... 6

More information

NetWrix USB Blocker. Version 3.6 Administrator Guide

NetWrix USB Blocker. Version 3.6 Administrator Guide NetWrix USB Blocker Version 3.6 Administrator Guide Table of Contents 1. Introduction...3 1.1. What is NetWrix USB Blocker?...3 1.2. Product Architecture...3 2. Licensing...4 3. Operation Guide...5 3.1.

More information

Kaseya Server Instal ation User Guide June 6, 2008

Kaseya Server Instal ation User Guide June 6, 2008 Kaseya Server Installation User Guide June 6, 2008 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's

More information

User Guide. Version 3.2. Copyright 2002-2009 Snow Software AB. All rights reserved.

User Guide. Version 3.2. Copyright 2002-2009 Snow Software AB. All rights reserved. Version 3.2 User Guide Copyright 2002-2009 Snow Software AB. All rights reserved. This manual and computer program is protected by copyright law and international treaties. Unauthorized reproduction or

More information

Sophos for Microsoft SharePoint startup guide

Sophos for Microsoft SharePoint startup guide Sophos for Microsoft SharePoint startup guide Product version: 2.0 Document date: March 2011 Contents 1 About this guide...3 2 About Sophos for Microsoft SharePoint...3 3 System requirements...3 4 Planning

More information

Product Guide. McAfee Application Control 6.1.0

Product Guide. McAfee Application Control 6.1.0 Product Guide McAfee Application Control 6.1.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee CleanBoot,

More information

McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide

McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide McAfee Optimized Virtual Environments - Antivirus for VDI Installation Guide COPYRIGHT Copyright 2010-2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION Version 1.1 / Last updated November 2012 INTRODUCTION The Cloud Link for Windows client software is packaged as an MSI (Microsoft Installer)

More information

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd.

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd. GFI LANguard 9.0 ReportPack Manual By GFI Software Ltd. http://www.gfi.com E-mail: info@gfi.com Information in this document is subject to change without notice. Companies, names, and data used in examples

More information

K7 Business Lite User Manual

K7 Business Lite User Manual K7 Business Lite User Manual About the Admin Console The Admin Console is a centralized web-based management console. The web console is accessible through any modern web browser from any computer on the

More information

System Administration Training Guide. S100 Installation and Site Management

System Administration Training Guide. S100 Installation and Site Management System Administration Training Guide S100 Installation and Site Management Table of contents System Requirements for Acumatica ERP 4.2... 5 Learning Objects:... 5 Web Browser... 5 Server Software... 5

More information

McAfee MOVE AntiVirus Multi-Platform 3.5.0

McAfee MOVE AntiVirus Multi-Platform 3.5.0 Product Guide McAfee MOVE AntiVirus Multi-Platform 3.5.0 For use with epolicy Orchestrator 4.6.7, 4.6.8, 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Product Guide. McAfee Endpoint Protection for Mac 2.1.0

Product Guide. McAfee Endpoint Protection for Mac 2.1.0 Product Guide McAfee Endpoint Protection for Mac 2.1.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Installing and Administering VMware vsphere Update Manager

Installing and Administering VMware vsphere Update Manager Installing and Administering VMware vsphere Update Manager Update 1 vsphere Update Manager 5.1 This document supports the version of each product listed and supports all subsequent versions until the document

More information

Data Center Connector 3.0.0 for OpenStack

Data Center Connector 3.0.0 for OpenStack Product Guide Data Center Connector 3.0.0 for OpenStack For use with epolicy Orchestrator 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

Release Notes for McAfee epolicy Orchestrator 4.5

Release Notes for McAfee epolicy Orchestrator 4.5 Release Notes for McAfee epolicy Orchestrator 4.5 About this document New features Known Issues Installation, upgrade, and migration considerations Considerations when uninstalling epolicy Orchestrator

More information

Management Center. Installation and Upgrade Guide. Version 8 FR4

Management Center. Installation and Upgrade Guide. Version 8 FR4 Management Center Installation and Upgrade Guide Version 8 FR4 APPSENSE MANAGEMENT CENTER INSTALLATION AND UPGRADE GUIDE ii AppSense Limited, 2012 All rights reserved. part of this document may be produced

More information

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...

More information

Best Practice Configurations for OfficeScan (OSCE) 10.6

Best Practice Configurations for OfficeScan (OSCE) 10.6 Best Practice Configurations for OfficeScan (OSCE) 10.6 Applying Latest Patch(es) for OSCE 10.6 To find out the latest patches for OfficeScan, click here. Enable Smart Clients 1. Ensure that Officescan

More information

Data Center Connector for vsphere 3.0.0

Data Center Connector for vsphere 3.0.0 Product Guide Data Center Connector for vsphere 3.0.0 For use with epolicy Orchestrator 4.6.0, 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd.

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd. GFI LANguard 9.0 ReportPack Manual By GFI Software Ltd. http://www.gfi.com E-mail: info@gfi.com Information in this document is subject to change without notice. Companies, names, and data used in examples

More information

McAfee Solidcore Change Reconciliation and Ticket-based Enforcement

McAfee Solidcore Change Reconciliation and Ticket-based Enforcement Change Reconciliation and Ticket-based Enforcement COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

McAfee Database Activity Monitoring 5.0.0

McAfee Database Activity Monitoring 5.0.0 Product Guide McAfee Database Activity Monitoring 5.0.0 For use with epolicy Orchestrator 4.6.3-5.0.1 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses 2004 Microsoft Corporation. All rights reserved. This document is for informational purposes only.

More information

Moving the TRITON Reporting Databases

Moving the TRITON Reporting Databases Moving the TRITON Reporting Databases Topic 50530 Web, Data, and Email Security Versions 7.7.x, 7.8.x Updated 06-Nov-2013 If you need to move your Microsoft SQL Server database to a new location (directory,

More information

McAfee Change Control and Application Control 6.0.0 Product Guide For use with epolicy Orchestrator 4.5.0 and 4.6.0

McAfee Change Control and Application Control 6.0.0 Product Guide For use with epolicy Orchestrator 4.5.0 and 4.6.0 McAfee Change Control and Application Control 6.0.0 Product Guide For use with epolicy Orchestrator 4.5.0 and 4.6.0 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication

More information

Comodo Endpoint Security Manager SME Software Version 2.1

Comodo Endpoint Security Manager SME Software Version 2.1 Comodo Endpoint Security Manager SME Software Version 2.1 Quick Start Guide Guide Version 2.1.111114 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Endpoint Security Manager - SME Quick

More information

SysPatrol - Server Security Monitor

SysPatrol - Server Security Monitor SysPatrol Server Security Monitor User Manual Version 2.2 Sep 2013 www.flexense.com www.syspatrol.com 1 Product Overview SysPatrol is a server security monitoring solution allowing one to monitor one or

More information

McAfee Public Cloud Server Security Suite

McAfee Public Cloud Server Security Suite Installation Guide McAfee Public Cloud Server Security Suite For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,

More information

AV Management Dashboard

AV Management Dashboard LabTech AV Management Dashboard AV MANAGEMENT DASHBOARD... 1 Overview... 1 Requirements... 1 Dashboard Overview... 2 Clients/Groups... 2 Offline AV Agents... 3 Threats... 3 AV Product... 4 Sync Agent Data

More information

Windows Operating Systems. Basic Security

Windows Operating Systems. Basic Security Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System

More information

Trend Micro KASEYA INTEGRATION GUIDE

Trend Micro KASEYA INTEGRATION GUIDE Trend Micro KASEYA INTEGRATION GUIDE INTRODUCTION Trend Micro Worry-Free Business Security Services is a server-free security solution that provides protection anytime and anywhere for your business data.

More information

Outpost Network Security

Outpost Network Security Administrator Guide Reference Outpost Network Security Office Firewall Software from Agnitum Abstract This document provides information on deploying Outpost Network Security in a corporate network. It

More information

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015 Metalogix SharePoint Backup Publication Date: August 24, 2015 All Rights Reserved. This software is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this

More information

Best Practice Configurations for OfficeScan 10.0

Best Practice Configurations for OfficeScan 10.0 Best Practice Configurations for OfficeScan 10.0 Applying Latest Patch(es) for OSCE 10.0 To find out the latest patches, refer to http://www.trendmicro.com/download/product.asp?productid=5 NOTE : There

More information

Comodo One Software Version 1.8

Comodo One Software Version 1.8 rat Comodo One Software Version 1.8 Patch Management Module Administrator Guide Guide Version 1.8.100915 Comodo Security Solutions 1255 Broad Street STE 100 Clifton, NJ 07013 Table of Contents 1 Introduction

More information

Providing Patch Management With N-central. Version 7.2

Providing Patch Management With N-central. Version 7.2 Providing Patch Management With N-central Version 7.2 Contents Patch Management 3 Introduction 3 Monitoring for Missing Patches 3 Setting up Patch Management in N-central 4 Adding a WSUS Server to N-central

More information

BillQuick Agent 2010 Getting Started Guide

BillQuick Agent 2010 Getting Started Guide Time Billing and Project Management Software Built With Your Industry Knowledge BillQuick Agent 2010 Getting Started Guide BQE Software, Inc. 2601 Airport Drive Suite 380 Torrance CA 90505 Support: (310)

More information

LogLogic Trend Micro OfficeScan Log Configuration Guide

LogLogic Trend Micro OfficeScan Log Configuration Guide LogLogic Trend Micro OfficeScan Log Configuration Guide Document Release: September 2011 Part Number: LL600065-00ELS090000 This manual supports LogLogic Trend Micro OfficeScan Release 1.0 and later, and

More information

Portions of this product were created using LEADTOOLS 1991-2009 LEAD Technologies, Inc. ALL RIGHTS RESERVED.

Portions of this product were created using LEADTOOLS 1991-2009 LEAD Technologies, Inc. ALL RIGHTS RESERVED. Installation Guide Lenel OnGuard 2009 Installation Guide, product version 6.3. This guide is item number DOC-110, revision 1.038, May 2009 Copyright 1992-2009 Lenel Systems International, Inc. Information

More information

McAfee Host Data Loss Prevention Administration Intel Security Education Services Administration Course

McAfee Host Data Loss Prevention Administration Intel Security Education Services Administration Course McAfee Host Data Loss Prevention Administration Intel Security Education Services Administration Course The McAfee Host Data Loss Prevention (DLP) Administration course provides attendees with in-depth

More information

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide Product overview... 3 Vulnerability scanning components... 3 Vulnerability fix and patch components... 3 Checklist... 4 Pre-installation

More information

TANDBERG MANAGEMENT SUITE 10.0

TANDBERG MANAGEMENT SUITE 10.0 TANDBERG MANAGEMENT SUITE 10.0 Installation Manual Getting Started D12786 Rev.16 This document is not to be reproduced in whole or in part without permission in writing from: Contents INTRODUCTION 3 REQUIREMENTS

More information

BackupAssist v6 quickstart guide

BackupAssist v6 quickstart guide New features in BackupAssist v6... 2 VSS application backup (Exchange, SQL, SharePoint)... 3 System State backup... 3 Restore files, applications, System State and mailboxes... 4 Fully cloud ready Internet

More information

QUICK START GUIDE FOR CORE AND SELECT SECURITY CENTER 10 ENDPOINT SECURITY 10

QUICK START GUIDE FOR CORE AND SELECT SECURITY CENTER 10 ENDPOINT SECURITY 10 QUICK START GUIDE FOR CORE AND SELECT SECURITY CENTER 10 ENDPOINT SECURITY 10 About This Guide The intention of this guide is to provide a step through of the initial installation of Kaspersky Security

More information

Trend Micro OfficeScan 11.0. Best Practice Guide for Malware

Trend Micro OfficeScan 11.0. Best Practice Guide for Malware Trend Micro OfficeScan 11.0 Best Practice Guide for Malware Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned

More information

Idera SQL Diagnostic Manager Management Pack Guide for System Center Operations Manager. Install Guide. Idera Inc., Published: April 2013

Idera SQL Diagnostic Manager Management Pack Guide for System Center Operations Manager. Install Guide. Idera Inc., Published: April 2013 Idera SQL Diagnostic Manager Management Pack Guide for System Center Operations Manager Install Guide Idera Inc., Published: April 2013 Contents Introduction to the Idera SQL Diagnostic Manager Management

More information

HP IMC Firewall Manager

HP IMC Firewall Manager HP IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW102-20120420 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this

More information

User Guide. Version R91. English

User Guide. Version R91. English AuthAnvil User Guide Version R91 English August 25, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from

More information

Unprecedented Malware Growth

Unprecedented Malware Growth McAfee epolicy Orchestrator 4.5 Best Practices Sumeet Gohri Mid-Atlantic Sales Engineer McAfee User Group meeting organized by MEEC Agenda 9:30 am 9:45 am Welcome 9:45 am - 11:00 am epo 11:00 am 11:15

More information

IBM Endpoint Manager Version 9.2. Patch Management for SUSE Linux Enterprise User's Guide

IBM Endpoint Manager Version 9.2. Patch Management for SUSE Linux Enterprise User's Guide IBM Endpoint Manager Version 9.2 Patch Management for SUSE Linux Enterprise User's Guide IBM Endpoint Manager Version 9.2 Patch Management for SUSE Linux Enterprise User's Guide Note Before using this

More information

McAfee Endpoint Encryption for PC 7.0

McAfee Endpoint Encryption for PC 7.0 Migration Guide McAfee Endpoint Encryption for PC 7.0 For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

NETWRIX EVENT LOG MANAGER

NETWRIX EVENT LOG MANAGER NETWRIX EVENT LOG MANAGER QUICK-START GUIDE FOR THE ENTERPRISE EDITION Product Version: 4.0 July/2012. Legal Notice The information in this publication is furnished for information use only, and does not

More information

Administration GUIDE. SharePoint Server idataagent. Published On: 11/19/2013 V10 Service Pack 4A Page 1 of 201

Administration GUIDE. SharePoint Server idataagent. Published On: 11/19/2013 V10 Service Pack 4A Page 1 of 201 Administration GUIDE SharePoint Server idataagent Published On: 11/19/2013 V10 Service Pack 4A Page 1 of 201 Getting Started - SharePoint Server idataagent Overview Deployment Configuration Decision Table

More information

BackupAssist v6 quickstart guide

BackupAssist v6 quickstart guide Using the new features in BackupAssist v6... 2 VSS application backup (Exchange, SQL, SharePoint)... 2 Backing up VSS applications... 2 Restoring VSS applications... 3 System State backup and restore...

More information

Enterprise Remote Control 5.6 Manual

Enterprise Remote Control 5.6 Manual Enterprise Remote Control 5.6 Manual Solutions for Network Administrators Copyright 2015, IntelliAdmin, LLC Revision 3/26/2015 http://www.intelliadmin.com Page 1 Table of Contents What is Enterprise Remote

More information

Administration Quick Start

Administration Quick Start www.novell.com/documentation Administration Quick Start ZENworks 11 Support Pack 3 February 2014 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of

More information

IBM Endpoint Manager Version 9.1. Patch Management for Red Hat Enterprise Linux User's Guide

IBM Endpoint Manager Version 9.1. Patch Management for Red Hat Enterprise Linux User's Guide IBM Endpoint Manager Version 9.1 Patch Management for Red Hat Enterprise Linux User's Guide IBM Endpoint Manager Version 9.1 Patch Management for Red Hat Enterprise Linux User's Guide Note Before using

More information

VERITAS Backup Exec TM 10.0 for Windows Servers

VERITAS Backup Exec TM 10.0 for Windows Servers VERITAS Backup Exec TM 10.0 for Windows Servers Quick Installation Guide N134418 July 2004 Disclaimer The information contained in this publication is subject to change without notice. VERITAS Software

More information

Detecting rogue systems

Detecting rogue systems Product Guide Revision A McAfee Rogue System Detection 4.7.1 For use with epolicy Orchestrator 4.6.3-5.0.0 Software Detecting rogue systems Unprotected systems, referred to as rogue systems, are often

More information

Desktop Release Notes. Desktop Release Notes 5.2.1

Desktop Release Notes. Desktop Release Notes 5.2.1 Desktop Release Notes Desktop Release Notes 5.2.1 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0 Sophos Anti-Virus for NetApp Storage Systems user guide Product version: 3.0 Document date: May 2014 Contents 1 About this guide...3 2 About Sophos Anti-Virus for NetApp Storage Systems...4 3 System requirements...5

More information

Application Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions

Application Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions Application Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions 1 Agenda What is Application Whitelisting (AWL) Protection provided by Application

More information

HP A-IMC Firewall Manager

HP A-IMC Firewall Manager HP A-IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW101-20110805 Legal and notice information Copyright 2011 Hewlett-Packard Development Company, L.P. No part of this

More information

McAfee Endpoint Security 10.0.0 Software

McAfee Endpoint Security 10.0.0 Software Installation Guide McAfee Endpoint Security 10.0.0 Software For use with epolicy Orchestrator 5.1.1 5.2.0 software and the McAfee SecurityCenter COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without

More information

HDA Integration Guide. Help Desk Authority 9.0

HDA Integration Guide. Help Desk Authority 9.0 HDA Integration Guide Help Desk Authority 9.0 2011ScriptLogic Corporation ALL RIGHTS RESERVED. ScriptLogic, the ScriptLogic logo and Point,Click,Done! are trademarks and registered trademarks of ScriptLogic

More information

New Boundary Technologies, Inc. 1300 Godward Street N.E. Suite 3100 Minneapolis, MN 55413

New Boundary Technologies, Inc. 1300 Godward Street N.E. Suite 3100 Minneapolis, MN 55413 Trademarks & Patents Prism Suite Quick Start Guide published June, 2011 This publication could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein;

More information

IBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide

IBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide IBM Security QRadar Vulnerability Manager Version 7.2.1 User Guide Note Before using this information and the product that it supports, read the information in Notices on page 61. Copyright IBM Corporation

More information

safend a w a v e s y s t e m s c o m p a n y

safend a w a v e s y s t e m s c o m p a n y safend a w a v e s y s t e m s c o m p a n y SAFEND Data Protection Suite Installation Guide Version 3.4.5 Important Notice This guide is delivered subject to the following conditions and restrictions:

More information

File Share Navigator Online 1

File Share Navigator Online 1 File Share Navigator Online 1 User Guide Service Pack 3 Issued November 2015 Table of Contents What s New in this Guide... 4 About File Share Navigator Online... 5 Components of File Share Navigator Online...

More information

WhatsUp Gold v16.2 Database Migration and Management Guide

WhatsUp Gold v16.2 Database Migration and Management Guide WhatsUp Gold v16.2 Database Migration and Management Guide Contents CHAPTER 1 How to use this guide CHAPTER 2 Migrating the WhatsUp Gold Microsoft SQL Server 2008 R2 Express Edition database to Microsoft

More information

Docufide Client Installation Guide for Windows

Docufide Client Installation Guide for Windows Docufide Client Installation Guide for Windows This document describes the installation and operation of the Docufide Client application at the sending school installation site. The intended audience is

More information

Best Practices for Deploying Behavior Monitoring and Device Control

Best Practices for Deploying Behavior Monitoring and Device Control Best Practices for Deploying Behavior Monitoring and Device Control 1 Contents Overview... 3 Behavior Monitoring Overview... 3 Malware Behavior Blocking... 3 Event Monitoring... 4 Enabling Behavior Monitoring...

More information

Spector 360 Deployment Guide. Version 7.3 January 3, 2012

Spector 360 Deployment Guide. Version 7.3 January 3, 2012 Spector 360 Deployment Guide Version 7.3 January 3, 2012 Table of Contents Deploy to All Computers... 48 Step 1: Deploy the Servers... 5 Recorder Requirements... 52 Requirements... 5 Control Center Server

More information

epolicy Orchestrator Log Files

epolicy Orchestrator Log Files Reference Guide epolicy Orchestrator Log Files For use with epolicy Orchestrator 4.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced,

More information

Pcounter Web Report 3.x Installation Guide - v2014-11-30. Pcounter Web Report Installation Guide Version 3.4

Pcounter Web Report 3.x Installation Guide - v2014-11-30. Pcounter Web Report Installation Guide Version 3.4 Pcounter Web Report 3.x Installation Guide - v2014-11-30 Pcounter Web Report Installation Guide Version 3.4 Table of Contents Table of Contents... 2 Installation Overview... 3 Installation Prerequisites

More information

Shavlik Patch for Microsoft System Center

Shavlik Patch for Microsoft System Center Shavlik Patch for Microsoft System Center User s Guide For use with Microsoft System Center Configuration Manager 2012 Copyright and Trademarks Copyright Copyright 2014 Shavlik. All rights reserved. This

More information

VMware Mirage Web Manager Guide

VMware Mirage Web Manager Guide Mirage 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,

More information

Unicenter Patch Management

Unicenter Patch Management Unicenter Patch Management Best Practices for Managing Security Updates R11 This documentation (the Documentation ) and related computer software program (the Software ) (hereinafter collectively referred

More information

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012 Sophos Enterprise Console Help Product version: 5.1 Document date: June 2012 Contents 1 About Enterprise Console...3 2 Guide to the Enterprise Console interface...4 3 Getting started with Sophos Enterprise

More information

Installation Guide. McAfee Security for Microsoft Exchange 7.6.0 Software

Installation Guide. McAfee Security for Microsoft Exchange 7.6.0 Software Installation Guide McAfee Security for Microsoft Exchange 7.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

Lumension Endpoint Management and Security Suite

Lumension Endpoint Management and Security Suite Lumension Endpoint Management and Security Suite Platform Evaluation Guide July 2012 v1.2 Copyright 2012, Lumension Table of Contents Lumension Endpoint Management and Security Suite... 1 Platform Evaluation

More information

Sophos Anti-Virus for NetApp Storage Systems startup guide

Sophos Anti-Virus for NetApp Storage Systems startup guide Sophos Anti-Virus for NetApp Storage Systems startup guide Runs on Windows 2000 and later Product version: 1 Document date: April 2012 Contents 1 About this guide...3 2 About Sophos Anti-Virus for NetApp

More information

Providing Patch Management with N-central. Version 9.1

Providing Patch Management with N-central. Version 9.1 Providing Patch Management with N-central Version 9.1 Contents Patch Management 4 Introduction 4 Monitoring for Missing Patches 4 Setting up Patch Management in N-central 5 Adding a WSUS Server to N-central

More information

Authoring for System Center 2012 Operations Manager

Authoring for System Center 2012 Operations Manager Authoring for System Center 2012 Operations Manager Microsoft Corporation Published: November 1, 2013 Authors Byron Ricks Applies To System Center 2012 Operations Manager System Center 2012 Service Pack

More information

GFI White Paper PCI-DSS compliance and GFI Software products

GFI White Paper PCI-DSS compliance and GFI Software products White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption

More information

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training McAfee Web Gateway Administration Intel Security Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction

More information

COMMANDS 1 Overview... 1 Default Commands... 2 Creating a Script from a Command... 10 Document Revision History... 10

COMMANDS 1 Overview... 1 Default Commands... 2 Creating a Script from a Command... 10 Document Revision History... 10 LabTech Commands COMMANDS 1 Overview... 1 Default Commands... 2 Creating a Script from a Command... 10 Document Revision History... 10 Overview Commands in the LabTech Control Center send specific instructions

More information

Core Protection for Virtual Machines 1

Core Protection for Virtual Machines 1 Core Protection for Virtual Machines 1 Comprehensive Threat Protection for Virtual Environments. Installation Guide e Endpoint Security Trend Micro Incorporated reserves the right to make changes to this

More information

Silect Software s MP Author

Silect Software s MP Author Silect MP Author for Microsoft System Center Operations Manager Silect Software s MP Author User Guide September 2, 2015 Disclaimer The information in this document is furnished for informational use only,

More information

Storage Sync for Hyper-V. Installation Guide for Microsoft Hyper-V

Storage Sync for Hyper-V. Installation Guide for Microsoft Hyper-V Installation Guide for Microsoft Hyper-V Egnyte Inc. 1890 N. Shoreline Blvd. Mountain View, CA 94043, USA Phone: 877-7EGNYTE (877-734-6983) www.egnyte.com 2013 by Egnyte Inc. All rights reserved. Revised

More information