1 MCAFEE APPLICATION CONTROL / CHANGE CONTROL BEST PRACTICES GUIDE Version December 2011
2 About This Guide The purpose of this guide is to provide best practices for initial usage of the three main Solidcore products, McAfee Application Control, McAfee Integrity Monitor & McAfee Change Control. Topics addressed in this document include: Pre-Installation Requirements and Guidelines (Setting up for Success) MAC/MCC Install and Initial Deployment MAC/MCC/MIM Use Cases for Evaluation Planning Policy and configuration guidance Dashboards and Reporting Post Evaluation Considerations Intended Audience This guide is intended to assist McAfee customers with the initial setup of McAfee Application Control, McAfee Change Control, and/or McAfee File Integrity Monitoring. Assumptions To successfully use this guide it is assumed that: A fully functional epo 4.6 infrastructure is available, including the required SQL database. Local or Domain Administrator credentials for the epo server, sa level credentials for the SQL database All installation packages have been downloaded.
3 Core Functionality McAfee Application Control / Whitelisting (MAC) Current Version 6.x McAfee Application Control can technically enforce control over system and application code to ensure that only authorized code can run; unauthorized cannot run (both via Dynamic Whitelisting); authorized code cannot be tampered with (via Application Control); and vulnerabilities in authorized code cannot be exploited (via Memory Protection). Application code not only includes traditional executables but also scripts and interpreted languages. Authorized updating mechanisms allow granular change control, so that, for example, Windows patches can be approved automatically, whereas changes to lockeddown applications will be prevented. Authorized updating can occur by opening an update window, authorizing a user or application to make changes. No file system scanning is required for this solution, so system performance overhead and resource constraint concerns are eliminated. In addition, Application Control also provides Image Deviation which compares all the code resident on a machine or group of machines to a Gold Master standard, and also compares all the code to McAfee s Global Threat Intelligence Blacklist in a cloud security data Please Note: Review the attached Matrix of supported operating systems (below) McAfee Integrity Monitoring (MIM) Current Version 6.x McAfee Real-time Integrity Monitoring can monitor changes update, delete, rename, move, copy operations on files, directories and registry keys, and track as they happen in real time. This even allows identification of transient changes (when a file is changed inappropriately, and then changed back). The monitoring includes rich information capture that records the user and the program that made the change, the object that was changed, and the exact time when the change was made. Please Note: Review the attached Matrix of supported operating systems (below) McAfee Change Control (MCC) Current Version 6.x McAfee Change Control can provide tamper-proofing by technically enforcing that no changes can be made to selected files, directories and registry keys, so that they cannot be modified in any way. In addition it tracks any authorized changes in real-time allowing automatic and accurate monitoring and reporting of actual changes. Protection is linked directly to policy, and changes are verified against the change source, time window, or approved change ticket. Changes that are attempted outside of policy on enabled servers are not allowed and logged. aplease Note: Review the attached Matrix of supported operating systems (below) Operating System Matrix Operating Systemsupport-matrix.pdf
4 Core Functionality Matrix Table 1 - Evaluation Description MAC MCC Scenarios -includes File Integrity Monitoring- Whitelist software & confirm unauthorized software is not permitted to run 1 - Application Control and Reporting Explore trusted update sources and mechanisms 2 - Trusted Updaters Image Deviation -Gold system image comparison- 3- Gold Image Configuration Comparison Monitor critical configuration files and registry for changes Protect critical configuration files from reading and writing and registry settings from writing 4 - File System and Registry Monitoring 5- File System and Registry Protection Manage systems locally and remotely epo Management
5 Helpful Guides : EPO 4.6 Product Guide : epo_460_product_g uide_en-us.pdf EPO 4.6 Installation Guide: epo_460_install_guid e_en-us.pdf EPO 4.6 Sizing Guide for McAfee Application Control / Change Control epo Database Sizing Estimation Guide for MAC_MCC_MIC.pdf McAfee Application Control Emergency back out procedure McAfee Application Control Emergency Backout Procedure.pdf McAfee Application Control / Change Control Stand alone to EPO managed instructions: McAfee Solidcore Agent Standalone to epo Managed.pdf
6 Getting Started with EPO 4.6 Summary of Initial setup tasks Initial Communication: (required) 01-: MFE: Create EPO Systems Tree Infrastructure 02-: MFE: Setup Communication between EPO and the McAfee Agent (Client). 03-: MFE: Install Application Control/ Change control Extension 04-: MFE: Check in Client Application Control/ Change control software packages Application / Change Control Initial Tasks : (required) 10-:SC: Deploy Application / Change Control software module 11:-SC: Enable Application / Change Control 12:-SC: Pull Inventory 13:-SC: Get Diagnostics for Programs
7 Initial Communication Setup : ( setup communication between EPO and client systems. EPO Setup System Tree: The System Tree groups represent a collection of systems. Deciding which systems to group together depends on the unique needs of your network and business. You can group systems based on machine-type (e.g. laptops, servers, desktops), geography (e.g. North America, Europe), political boundaries (e.g. Finance, Development), or any other criteria that supports your needs. Note: An efficient and well-organized System Tree can simplify maintenance. Many administrative, network, and political realities of each environment can affect how your System Tree is structured. Plan the organization of the System Tree before you build and populate it. Especially for a large network, you want to build the System Tree only once. Because every network is different and requires different policies and possibly different management McAfee recommends planning your System Tree before implementing the McAfee epo software. Regardless of the methods you choose to create and populate the System Tree, consider your environment while planning the System Tree.
8 2. Deploy the McAfee Agent to the identified systems and verify connectivity. Log in to EPO and navigate to Menu Systems System Tree. To add systems or subgroups to the system tree and click on the lower left of the EPO screen. From this form you may add systems and create the containers to organize your identified devices in the system tree. Note: Throughout this document, Identified systems is used to represent the devices in the system tree.
9 Options to deploy the McAfee Agent are : Options 1 and 2 Will deploy the agent by mapping a windows share (Credentials are required), copying the agent to the client and then executing the framepkg.exe to install the agent. This package will contain all pertinent information regarding the EPO to client connection. Option 4 Will create a deployable package (Credentials are optional). This package will contain all pertinent information regarding the EPO to client connection.
10 Verify Communication between the client and EPO Server : Install Application Control/ Change control Extension 3. Navigate to install the McAfee Solidcore Extension under MENU Software Extensions then click the button on the lower left of the form.
11 Add the licenses for your products : Licensing Options are : Change Control : To Activate the File Integrity Monitoring and Change Control functionality : Application Control Integrity Control: To Activate the combination suite of Application Control and Change Control to be used on POS, Manufacturing and ATM systems. Application Control: To Activate the Application Whitelisting protection coupled with memory protection. Reconciliation: To Activate the reconciliation functionality. (To be used with Remedy 7 exclusively) 4. Navigate to and click on the text on the left and the licenses:
12 Add the Solidcore Agent module to EPO : Navigate to Menu Software Master Repository Actions ****EPO Infrastructure Setup Completed****
13 Client McAfee Application/ Change Control Deployment Task : BEST PRACTICE TIP: create logical groups in the epo System Tree of machines that have Application Control/Change Control and deploy these tasks at a group level Setup a client task to deploy the McAfee Solidcore component to the identified systems. From the systems tree: 1.Navigate to the 2. Click on tab 3. Click on
14 5. Choose the Product : 6. Choose the task type: 7. Create the Task Name :
15 BEST PRACTICE TIP: Consider creating and using Tags to identify systems with Application Control/Change Control on them. This will assist with both administration and policy application 8. Choose your deployment time. (NOTE: most common method is to run immediately ) The options are : 9. Then to force a task completion
16 Verify that the Solidcore Client is installed :
17 McAfee Application /Change Control Enable Task : Enable McAfee Application Control / Change Control and ***Whitelist the System This task will set a flag in the software to enable (engage) whitelisting protection and/or Change Control with file integrity monitoring. It can also create the whitelist automatically if the application control option is selected. *** The Whitelisting functionality is only for use with the McAfee Application Control license. McAfee Change Control does not require a whitelist to function. Setup a client task to deploy the McAfee Solidcore component to the Identified systems : From the systems tree: 1.Navigate to the 2. Click on tab 3. Click on
18 Enable Options explained :
19 Name your task : BEST PRACTICE TIP: use a naming convention that relates to the product. (for example: SC: Enable, SC: Begin Update Mode ) Pick your version : and Earlier, or 6.0 and Later versions Pick your licensed Product: Initial Scan CPU throttle options: This option sets the process priority for the single scan that Application Control performs only once to build the initial whitelist. BEST PRACTICE TIP: for machines that are in Production mode use Low priority to ensure the least amount of impact from an I/O perspective especially if the machine cannot be rebooted. If the machine can be rebooted and you want the initial scan to occur as quickly as possible then set the priority to High. Activation Options : Application Control Only!!
20 Full Feature Mode: (requires an immediate reboot) Application whitelisting with Memory Protection. This will enable the full protection capabilities of Application Control following a forced reboot that will occur 5 minutes after the machine receives the task. BEST PRACTICE TIP: if at all possible use Full Feature Mode to ensure the highest level of security, especially if the machine does not have another Memory Protection mechanism such as is sometimes provided by Anti-Virus or HIPS software. Limited Feature Mode: (delayed reboot) Application Whitelisting without memory protection enabled until a reboot. Start in Observation Mode: This option is to start the system in learning mode. Use this functionality to identify updating mechanisms and sources of change. Policy suggestions will be provided by the epo console when the endpoint machine is in Observe Mode. BEST PRACTICE TIP: for all systems it is beneficial to use Observe Mode and put systems through a full functionality testing/production cycle after which the policy suggestions can be reviewed. ** BREAK OUT FURTHER *** Change Control Activation : (Does not require a reboot) Activation options are not available or needed while using activating Change Control
21 Environment Specific Configuration Best Practices: Using Change Control to monitor Trusted Directories When using a trusted directory policy mounted from a server, use Change Control on the server to monitor who/what/when/how files are modified in the trusted directory. This helps to prevent mis-use of the Trusted Directory policy Recommendations for POS Environments Comments regarding PCI compliance o Compensating control for AV requirement Configurations often required given use of 3 rd party outsourcers Issues with network bandwidth how to get effective information and security while not interrupting normal business operations Effective grouping of systems in epo for efficient management Recommendations for ATM Environments Configurations often required given use of 3 rd party outsourcers NCR/Diebold/Wincor specific recommendations Windows Embedded Systems The only catch you might encounter is the write filter. If it is enabled you will have problems managing SC via epo. This is due to the write filter (if configured to do so) protecting the registry
22 key where we store our configs. There is a work around that excludes the registry from being written to. Please add the path 'c:\windows\system32\config' to the exclusion list for FBWF/EWF. >fbwfmgr /addexclusion c:\windows\system32\config Reboot Advice on configuring & why to use features such as: Read Protection Anti-debugging Mon UAT Client Installation and Deployment Tasks Complete
23 Management : Application Control NOTE: Protection Functionality Recap : Application Control creates an inventory of all executables, scripts, drivers and dynamic link library files (.dll) via the initial scan and only allows that authorized code to execute. Once the whitelist is created nothing on the whitelist can be modified except by an authorized source, hence the requirement for updating mechanisms that are typically found using Observe Mode and built in profiles provided with Application Control. These mechanisms include processes, people or code that is given the authority to change the whitelist contents. Application Control gates all processes to ensure they are run off of disk (not purely in memory) and includes memory protection to protect against memory based attacks such as Buffer Overflows, Stack Exploits, etc. Developing Policies - Initial Policy questions to manage McAfee Application Control: How do you make change today (programs, tools, users and processes)? Do you have a formal change process? Do you (or could you easily) develop what constitutes authorized change vs. unauthorized change (one example could be: we don t want changes during production hours )? How do you make change (manual updates, automatic software, agent based push, etc.)? How homogeneous (or not) is the environment (number of system images)? Security Policies and Rule groups : Since Application control only allows execution of applications that are in the inventory it needs to allow permitted mechanisms to make software changes. The process of dynamically updating the whitelist is identified in Application Control Policy. In addition to updating mechanisms, applications that spawn new processes need to be identified as updaters as well. BEST PRACTICE TIP: All policies should utilize rule groups to manage policies. A Rule group is a categorization system of application updating mechanisms.
24 To manage policies navigate to the policy catalog.
25 Create a new Policy: BEST PRACTICE TIP: create new policies based on the Blank Template to ensure that only the updater mechanisms you want are configured as part of your policy. Label the policy utilizing best practice naming conventions:
26 BEST PRACTICE TIPS: 1. Create policies for groups of similar machines (i.e. policies for Domain Controllers, policies for Oracle Servers, etc) 2. Machines can have multiple policies so consider having more granular policies rather than one large policy with many rule entities 3. Consider carefully the impact of a policy type some policies are more loose or restrictive than others. The following table outlines the relative degree of restriction of each element a policy could have: Updater Method Level of Restriction Business Use Case Notes Update Window Low Emergency Changes to system(s) Two epo Client Tasks One to Open and one to Close Trusted Users Low Help desk user ability to remotely login for break fix, administration of systems that are geographically distant
27 Updater Method Level of Restriction Business Use Case Notes Publishers Medium Customer can be their own CA and allow only their code to update a system regardless of how the code enters the system, or use signed code from a vendor. More flexibility than a hashed Installer Authorized Updater Program High Update Existing Whitelisted Applications based on a program that can make change Most common updating method Binary High Allow or block program execution based on name or hash. Allow Scripts created on dynamically, i.e. by end of day/closing process on a kiosk for back office reporting Block - block installed programs that shouldn t run, i.e. itunes OR reduce the risk exposure of a server of admin tool misuse, i.e. ban net.exe, msconfig.exe, runas.exe, netstat.exe, etc. Used to control execution, not change on a system Installers High A non whitelisted standalone executable that is identified by hash to install applications on a controlled system Useful for software distribution based on approved applications Trusted Directory High Printer drivers on remote share, corporate approved applications on share, start-up scripts Easier to manage than hash or cert, but not as secure 4. Application Control will not allow code to be run in temporary directories (i.e. C:\temp). To allow code that exists in these directories to run you may need to create a Binary Allow policy specifically for the executable name or hash 5. When using Updaters (i.e. specific application processes that will be allowed to modify the whitelist) consider the implications of using full path names vs. just the name of the executable itself. For example, when creating an updater for Firefox if you specify that Firefox.exe is an authorized updater, then any version of Firefox currently on the machine could make updates (i.e. if both C:\Firefox.exe and C:\Program Files\Firefox.exe, exist they are both updaters). Consequently if you specify in the Updater field C:\Program Files\Firefox.exe then only that instance of Firefox will be an updater. 6. Updater mechanisms, regardless of whether it s a Updater, Trusted User, Publisher etc. are global. It is not possible to specify that a particular application can only modify a specific set of code.
28 7. When you create an Updater type of policy you are authorizing a specific process on the machine to be allowed to make changes to existing code and add new code to the whitelist. If the process is running when you create the policy and assign it updater privileges it will NOT inherit those rights until the process is restarted. 8. Consider using Installers policies rather than Trusted Directory policies. Installer policies are based on the name of the installer package (e.g. an MSI program installer) or it s binary hash. Because it is more specific an Installer policy is more secure than a Trusted Directory policy The Application Control Policy Explained: = A rule group is a categorization system the will assist with policy management. Rule groups include updaters, binary, trusted users, publishers and installers. Best Practices : are to utilize rule groups in policies as opposed to adding updaters to the policy itself. Rule Groups are created at :
29 = A mechanism to allow updates automatically.these whitelisted applications are permitted to update the system. It is the plumbing for Client/Server updating mechanisms. Example: SCCM Server: Update Update CLIENT: ccmexec.exe Update Typical examples are: Software provisioning systems that download install and run new code, e.g., Microsoft SCCM, Microsoft SUS, Tivoli, Altiris, custom scripts. Self-updating applications, e.g. Anti-virus, Adobe Acrobat, Google Update. Applications that create executable code at run time, e.g., anti-virus, custom applications. Applications that write to existing system or application code on disk (binaries, DLL s, scripts etc), e.g., backup agents, anti-virus. =Explicitly allows a binary to run. It will also give the ability to ban or blacklist applications. =A trusted user has the ability to dynamically update the whitelist while logged into a system. This privileged user can install and uninstall software. ( User must also have windows domain or local admin rights). = A trusted publisher is a digitally signed software application. McAfee Application Control can traverse software directories and extract these certificates. To identify Publishers :Navigate to :
30 Extract the certificates from the signed applications.
32 Add the publishers to the Application Control Policy: Pick the publisher to apply to the policy:
33 Save the policy: = Application installer identified by its checksum (SHA1) hash that is allowed to install or update software. When a program (or an installer) is configured as an authorized installer, it gets both the attributes - authorized binary and updater. Hence, regardless of whether the installer was originally present on the endpoint or not, it is allowed to execute and update software on the endpoint. To identify Installers :Navigate to :
34 NOTE : Use the embedded application Hashtab to extract the sha1 hash value of the desired installer. Determine you application and collect the hash value :
35 Define the Installer:
36 Now apply the installer to your policy:
37 = Some applications (as part of their day-to-day processing) run code in this way and hence are prevented from running. To allow such applications to run, define appropriate bypass rules. Note that a bypassed file or application is no longer considered by the memoryprotection features of Application Control. Bypassing a file should be the last-resort to allow an application to run and should be used wisely. Note: Memory Protection Components: MP-CASP (32-bit) and MP-NX (64-bit Best Practice tip: For software such as PSEXEC and DameWare you will need an exception.
38 What are Attributes? See Appendix A for Memory trouble Shooting Always authorized attribute- This memory attribute allows the user to configure a supported file as always authorized to execute. A File configured under this attribute will be allowed to execute whether whitelisted or not. Bypassed from memory control attribute -This attribute allows user to configure a process to run bypassed from MP-mangling and MP-decoying. This is one of the memory protection technique provided by application control but it is disabled by default. Bypassed from Critical Address Space Protection attribute-critical Address Space Protection is the latest and most effective memory protection technique provided by Application Control. It is enabled by default. This attribute configures a process to run bypassed from MP-CASP. Bypassed from process stack randomization attribute This bypass is an attribute under MP-VASR protection which is enabled only on special request from customer. Rebase DLL attribute- Change the base address of a DLL. The technique which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space Bypassed from DLL relocation attribute- A DLL configured bypassed from DLL relocation provided by MP-VASR. This attribute is part of the VASR memory protection technique. This feature is disabled by default as CASP is enabled. Full crawl attribute This memory attribute belongs to MP-mangling and MP-decoying memory protection. This feature is disabled by default. Crawling is the process by which a system accesses and parses content and its properties, sometimes called metadata, to build a content index from which search queries can be served. Bypassed from installer detection- -Belongs to PKG-CTRL feature which tracks for the installation and un-installation of MSI based packages. Any installer name that is bypassed from installer detection is configured to be bypassed from installer detection functionality. Always unauthorized attribute- A Binary/script configured that is blocked from execution even if whitelisted. Process Context registry bypass- Application Control will not track any registry operations for the process configured under this attribute. All the registry operations in context of the configured process will be bypassed from Application Control. Bypassed from DEP- DEP is the Data Execution Prevention. It is a Memory protection technique MP-NX, provided by Application Control for 64 bit machines. Memory protection check will not apply on the process configured as Bypassed from DEP. MP-CASP and MP- NX
39 =A shared folder on the internal network or a local defined path on every system where installers for authorized and licensed applications are kept. Such network shares are within the security perimeter, they are known.this policy allowsall users to run any software present on a Trusted Directory identified by its UNC pathname Best Practice tip : Windows group policy needs to have a trusted directory defined to allow login scripts. Example: \\contoso.com\sysvol \\contoso.com\netlogon = Refers to event filtering. Advanced filters are used to exclude changes by using combination of conditions. Advanced exclusion filters are typically used to prune routine system-generated change events that are not relevant for your monitoring or auditing needs. Example: This policy example below will exclude events by the file c:\logs\web.log with the event of File Modified and using the program equals Apache.exe and the user equals system. Best Practice tip: Use this to filter common approved day to day events that do not provide useful information.
40 Managing the inventory By creating an inventory with McAfee Application Control you now have the ability manage your whitelist. The software inventory from an endpoint contains information about the executable binaries, drivers, dll files, script files that reside on each endpoint. The information stored in the inventory metadata includes the complete file name, file size, SHA1 checksum, file type, embedded application name and version. The software inventory metadata information can be imported and managed via the McAfee epo console. You can manage the whitelist with tasks that include: allow or ban specific binary files, inspect application or binary file reputation with the McAfee Global Threat Intelligence Cloud, and also compare the endpoint inventory with a gold system to view image deviation. Contents Fetching the inventory Interpreting the inventory Managing the inventory Comparing the inventory Retrieving the inventory metadata Application Control provides multiple methods to help you fetch the software inventory for an endpoint. 1 Use the SC: Enable client task to fetch the inventory for endpoints when you place the endpoints in Enabled mode. For more information, see the Enabling Application Control section. Use the Fetch Inventory link on the Menu Application Control Inventory Inventory
41 By Systems page to fetch the inventory for selected endpoints. Use the Fetch Inventory action for a selected endpoint on Menu Systems System Tree Systems page to fetch the inventory for an endpoint. 4 Using the SC: Pull Inventory client task you can fetch the inventory for one or more endpoints. NOTE: Application Control also allows you to import inventory details for endpoints not connected to the McAfee epo console. Execute the sadmin ls -lax > <XML file name> command on the
42 endpoint using the CLI to generate an XML file with inventory details. On the McAfee epo console, select the endpoint on the Menu Systems System Tree Systems page and click Actions Import Inventory. The inventory for the selected endpoint is updated based on the inventory details included in the XML file. GTI Integration to interrogate the inventory Application Control software is integrated with the McAfee Global Threat Intelligence (GTI) file reputation service. For each binary file, GTI can indicate if the file is a good, bad, or unknown. Based on reputation information retrieved from GTI, the application and binary files in the inventory are sorted into Good, Bad, and Unclassified categories. GTI Trust Levels - Indicates the reliability or credibility of each binary. The assigned value ranges between 1 to 5. A value of 1 or 2 represents known bad files, such as Trojan, virus, and pup files. A value of 3 GTI Trust Score indicates an Unclassified file. A value between 4 or 5 represents known and trusted good files. GTI Value Description 5 Known Clean 4 Assumed Clean 3 Unknown 2 Suspicious 1 Malicious
43 In addition to the above values, Application Control also tracks the Enterprise Trust Level value for each binary file. By default, the enterprise trust level for a file is the same as the cloud trust level. When edited, the enterprise trust level for a file overrides the cloud trust level for the file. Note: An Unclassified application is unknown because it may be specific to your organization. However, you can categorize it as a Good file by editing the enterprise trust level. To edit the enterprise trust level for a file, select the file and select Actions Change Enterprise Trust Level.
44 Software Inventory Actions 1 Select Menu Application Control Inventory. Available Tasks All Ban Binaries Allowed Bad Binaries Allowed Unclassified Signed Binaries Allowed Unclassified Unsigned Binaries Banned Good Binaries Review the binary files. When you view files sorted by applications or vendors, the Applications or Vendors pane is displayed. The pane provides a tree structure to help you navigate and view the files under each category. Select a node in the tree to review associated binary files in the Binaries pane. For all other views, only the Binaries pane is displayed. For each file, the Binaries pane lists the name, version, trust score, trust level (cloud and enterprise), allowed system count, and banned system count. View binary details. a Click a binary file. The Binary Details page displays. b Click the cloud trust score to view the details fetched from the GTI server for the binary file. c Review the endpoints listed in the System for this Binary pane. d Click View Events for an endpoint to view events generated for the endpoint. e Click Ban to ban the binary file from an endpoint. f Click Close.
45 Comparing the inventory Image deviation is used to compare the inventory of an endpoint with the inventory that is fetched from a designated gold system. This helps you to track the inventory present on an endpoint and identify any differences that occur. To accomplish this, complete the following steps. 1 Fetch the inventory for your gold host. For detailed information, see the Fetching the inventory section. 2 Fetch the inventory for the endpoint. For detailed information, see the Fetching the inventory section. 3 Review the Menu Automation Solidcore Client Task Log page to ensure that both client tasks completed successfully. 4 Compare the inventory of gold host with the inventory of the endpoint. This is known as Image Deviation. 5 Review the comparison results.
46 Running the inventory comparison Use this task to compare the inventory of the gold host with the inventory of an endpoint. Before you begin Make sure that you have recently fetched the inventory for the gold host and endpoint. Task Select Menu Automation Server Tasks. Click New Task.
47 The Server Task Builder wizard opens. 3 Type the task name and click Next. 4 Select Solidcore: Run Image Deviation from the Actions drop-down list. 5 Specify the gold system. 6 Configure these options to select the endpoint to compare with the gold system. System to compare with Gold System Click Add to search for the endpoint that you want to compare with the gold system. Type the name of the endpoint in the System Name field and click Search. Groups to compare with Gold System Click Add to search for the group that you want to compare with the gold system. Type the name of the group in the Group Name field and click Search. Include Systems with Tags Click Add to search for endpoints based on their tag names. Type the tag name in the Tag Name field and click Search. Exclude Systems with Tags Click Add to search for endpoints based on their tag names. Type the tag name in the Tag Name field and click Search. Select the required tag from the search result. All endpoints with the selected tags are excluded from comparison with the gold system.
48 Click Next. The Schedule page appears. Specify the schedule for the task. Click Next. The Summary page appears. Review the task summary and click Save. Run the server task immediately to instantly review the comparison results. Reviewing the comparison results Use this task to review the results of inventory comparison (image deviation). 1 Select Menu Application Control Image Deviation. 2 Locate the comparison of the gold host and endpoint. To quickly find the corresponding row, enter the endpoint name in the Search Target System field and click Search. 3 Click Show Deviations. 4 Review the comparison details. Select the view type. You can organize the results based on applications or binary files. Use the available filters to sort the results. Using the filters, you can view new (added), modified, and removed (missing) files. Use the Execution Allowed Mismatch filter to view files with changes to the execution status. Use the path filter to sort the results based on the file path.
50 McAfee Change Control Explained : NOTE: Please use the embedded document below to prepare your servers for the amount of data disk required. epo Database Sizing Estimation Guide for MAC_MCC_MIC.pdf Change control is comprised of two components 1. File Integrity Monitoring 2. Change configuration protection File Integrity Monitoring will monitor changes to the file system, registry, and user accounts. It maintains a comprehensive and up-to-date database (on McAfee epolicy Orchestrator ) that logs all attempts to modify files, registry keys, and local user accounts. File Integrity provides the following information: 1. Who made the change 2. When the change was made ( time stamp in real time) 3. What program was used to make the change 4. Where the change was made ( what system ) 5. How the change was made. 6. If the change was made by an approved change process
51 Event Example : The Event Components Explained : Agent GUID Unique assigned id from EPO Event Display Name - What Action took place Event File Name What file or registry key was effected Event Generated Time- Timestamp of the change ( in real time) Event Id EPO generated id of the change Event Name- What action took place ( same as Event display Name) Event Seq Number Generated by an Updater If the change was made by an approved change application Generated in an Update Window If the change took place in in authorized change window Object Name What was effected Performed by- What user performed this change Program Name- What program was used to make the change Reconciliation Status- ( Additional Optional License Needed) Will report if the change was reconciled to your BMC Remedy change ticketing system Reconciliation Ticket- ( Additional Optional License Needed) Ticket number assigned by BMC Remedy Severity- System Name- What system the change took place on User Name- Who performed the change Workflow ID Notification of what updater was used to make the change
52 What is being Tracked? Below is a table of tracked items: Files and Folders: File creation File modification (file contents and attributes, such as permissions or owner) File deletion File rename Stream creation Stream modification Stream deletion Registry key Registry key creation Registry key modification Registry key deletion User account User account creation User account modification User account deletion User log on User log off Managing McAfee Change Control Change configuration Protection ( Change Control) -provides protection to identified critical configuration files and the registry: 1. Write protection of critical configuration files 2. Read protection of critical files. If read protection is enabled then the files cannot be copied off of the system 3. Write protection of critical registry keys NOTE: trusted programs or users can be defined to allow updates to protected files and registry keys. NOTE: This is a user defined policy and has no pre-defined protection rules. This was created by design.
53 NOTE: Read Protection is disabled by default. To activate this functionality a client task must be run against the identified systems
54 Change Content Management : Navigate to the McAfee File Integrity policy: Identify the file you want to track :
55 View the results from the events: Appendix A. Solving Memory Discrepancies Identifying bypass candidates for MP-CASP and MP-NX Issue: System performance decreases or application does not work properly with Solidifier and MP enabled. Resolution: Disable the memory protection feature and check the behavior after MP-CASP (32-bit) and MP-NX (64-bit) disabled.
56 If issue is not observed with MP disabled: Run sadmin loglevel enable pst info. Check the issue with MP-disabled. Enable MP Reproduce the issue Run sadmin loglevel disable pst info. Run gatherinfo.bat and collect the logs for analysis
57 sadmin loglevel enable pst info enabled the more informative logging for process tracking module of solidifier. Solidcore logs starts recording the process creation, DLL loading and termination to let the analyzer know about the life of a process like when it is created or terminated. Extract the Application Control logs from gatherinfo.bat and compare the logs for MP disabled versus MP enabled. Scan and compare each process and the operations happening in its context. Check for any differences between MP disabled and MP enabled states like any process terminating abruptly, DLL loading failed, process taking more time to complete its operations etc, with MP-enabled. Look for any erroneous condition recorded or logs marked with ERROR or WARNING. It is relatively easy to identify the process if certain application is not running over system wide impact as the focus is limited to the processes running or launched in context of that application. But many a times bypassing application processes does not help as there may be some windows process or compiler dependency etc involved. In cases where MP is causing a system wide impact like system hang, performance degraded, area of focus broadens to all processes and logs recorded. Analyzer should try to zero down the condition that may be leading to the issue. For e.g, any continuously running service is hung, backup process is failing etc. Once the analyzer probes out such conditions and suspects a process to be culprit, the process needs to be configured under relevant MP bypass attribute and check the issue again. Make sure that the process gets re-launched to make the configurations effective. Above mentioned allows the user to perform a first level analysis of the MP related issues. But these are not very straight forward to track down. In many cases, code analysis needs to be done in close mapping with the logs. Analyzer has to be extra cautious while bypassing the process from MP as it may open a security hole. It is highly recommended that system or any critical processes are not bypassed without discussing with McAfee.
59 Appendix B. Emergency Back out Procedure McAfee Application Control/ Change Control Emergency Back Out Procedure Boot Windows into Safe Mode : Navigate to HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services swin Parameters
60 Navigate to Parameters: Edit the RTEModeonReboot and change the value from 1 to 0
62 Appendix B: NON-EPO Manual Application Control Install Environment Microsoft Windows (all supported versions) Summary The document provide steps to connect Solidicore to epo when deployed using third party tools. Solution Step 1 - Deploy the McAfee Agent and modify the registry for epo management Deploy the Common Management Agent (CMA) or McAfee Agent to the system that hosts Solidifier. Use Remote Desktop to access the Solidifier system and log in with an Administrator account. Click Start, Run, type regedit, and click OK. Navigate to the registry key below: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swin\Parameters Right click Parameters and select New, DWORD value. Name the new value IsSystemControllerEPO. Right click the IsSystemControllerEPO value and select Modify. Click the Decimal radio button and change the Value data to 1. Click OK. Step 2 - Copy scormapl.dll to the S3 directory Click Start, Programs, McAfee, Solidifier, McAfee Solidifier Command Line. Execute sadmin lockdown. Navigate to the folder that contains SOLIDCOR<version_number>-<build_number>_WIN.zip. Extract scormapl.dll.x86 to the C:\Program Files\Solidcore\S3 directory.
63 Rename scormapl.dll.x86 to scormapl.dll. Step 3 - Modify the Solidifier Application Plugin registry key Click Start, Run, type regedit, and click OK. Navigate to the registry key below: HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\SOLIDCOR5000_WIN 1. Add the appropriate string values below: String name Value data Version <version_number.<build_number> Plugin Path C:\Program Files\Solidcore\S3\scormapl.dll Software ID SOLIDCOR5000_WIN Product Name McAfee Solidifier Language 0000 Step 4 - For 64-bit systems, use link_na_reg.exe to link the 64-bit and 32-bit versions of the epo registry entries Navigate to the directory that contains SOLIDCOR<version_number>-<build_number>_WIN.zip. Extract link_na_reg.exe from the.zip file. Click Start, Run, type cmd, and click OK. Change directory to the location of extracted link_na_reg.exe.
64 Type the command below and press ENTER: link_na_reg.exe" /s "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Network Associates" "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates" Send an agent wakeup call (with get full properties) from epo. Appendix D: Configuring a syslog server You can access additional servers by registering them with your McAfee epo server. Registered servers allow you to integrate your software with other external servers. Use this task to add the syslog server as a registered server and send information (responses or Solidcore events) to the syslog server. Task For option definitions, click? in the interface. 1 Add the syslog server as a registered server.
65 a Select Registered Servers and click New Server. The Registered Server Builder wizard opens. b Select Solidcore Syslog Sever from the Server type list.
66 c Specify the server name, add any notes, and click Next. d Optionally, modify the syslog server port (McAfee epo 4.6 only). NOTE: If you are using McAfee epo 4.5, the default port (514) is used. You cannot alter the port when using McAfee epo 4.5. e Enter the server address. You can choose to specify the DNS name, IPV4 address, or IPv6 address. f Select the type of logs the server is configured to receive by selecting a value from the Syslog Facility list. g Click Test Syslog send to verify the connection to the server. h Click Save. You can choose to send specific responses to the syslog server (complete step 2) or use
McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course The McAfee University Application Control / Change Control Administration course enables
McAfee Solidcore 5.1.0 Product Guide COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or
Addendum McAfee Application Control and Change Control 6.1.1 About this release For use with epolicy Orchestrator 4.6 5.0 Software This document is an addendum to the McAfee Change Control and Application
Configuration Guide McAfee VirusScan Enterprise for Linux 1.7.0 Software For use with epolicy Orchestrator 4.5.0 and 4.6.0 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication
POC Installation Guide for McAfee EEFF v4.1.x using McAfee epo 4.6 New Deployments Only Windows Deployment 1 Table of Contents 1 Introduction 4 1.1 System requirements 4 1.2 High level process 5 1.3 Troubleshooting
NetWrix USB Blocker Version 3.6 Administrator Guide Table of Contents 1. Introduction...3 1.1. What is NetWrix USB Blocker?...3 1.2. Product Architecture...3 2. Licensing...4 3. Operation Guide...5 3.1.
Sophos for Microsoft SharePoint startup guide Product version: 2.0 Document date: March 2011 Contents 1 About this guide...3 2 About Sophos for Microsoft SharePoint...3 3 System requirements...3 4 Planning
Version 3.2 User Guide Copyright 2002-2009 Snow Software AB. All rights reserved. This manual and computer program is protected by copyright law and international treaties. Unauthorized reproduction or
GFI LANguard 9.0 ReportPack Manual By GFI Software Ltd. http://www.gfi.com E-mail: firstname.lastname@example.org Information in this document is subject to change without notice. Companies, names, and data used in examples
Product Guide McAfee Application Control 6.1.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee CleanBoot,
HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION Version 1.1 / Last updated November 2012 INTRODUCTION The Cloud Link for Windows client software is packaged as an MSI (Microsoft Installer)
K7 Business Lite User Manual About the Admin Console The Admin Console is a centralized web-based management console. The web console is accessible through any modern web browser from any computer on the
Product Guide McAfee MOVE AntiVirus Multi-Platform 3.5.0 For use with epolicy Orchestrator 4.6.7, 4.6.8, 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS
Product Guide McAfee Endpoint Protection for Mac 2.1.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee
Product Guide Data Center Connector 3.0.0 for OpenStack For use with epolicy Orchestrator 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,
Installing and Administering VMware vsphere Update Manager Update 1 vsphere Update Manager 5.1 This document supports the version of each product listed and supports all subsequent versions until the document
Product Guide Data Center Connector for vsphere 3.0.0 For use with epolicy Orchestrator 4.6.0, 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS
Release Notes for McAfee epolicy Orchestrator 4.5 About this document New features Known Issues Installation, upgrade, and migration considerations Considerations when uninstalling epolicy Orchestrator
GFI LANguard 9.0 ReportPack Manual By GFI Software Ltd. http://www.gfi.com E-mail: email@example.com Information in this document is subject to change without notice. Companies, names, and data used in examples
Management Center Installation and Upgrade Guide Version 8 FR4 APPSENSE MANAGEMENT CENTER INSTALLATION AND UPGRADE GUIDE ii AppSense Limited, 2012 All rights reserved. part of this document may be produced
Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...
Best Practice Configurations for OfficeScan (OSCE) 10.6 Applying Latest Patch(es) for OSCE 10.6 To find out the latest patches for OfficeScan, click here. Enable Smart Clients 1. Ensure that Officescan
Change Reconciliation and Ticket-based Enforcement COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval
Moving the TRITON Reporting Databases Topic 50530 Web, Data, and Email Security Versions 7.7.x, 7.8.x Updated 06-Nov-2013 If you need to move your Microsoft SQL Server database to a new location (directory,
Idera SQL Diagnostic Manager Management Pack Guide for System Center Operations Manager Install Guide Idera Inc., Published: April 2013 Contents Introduction to the Idera SQL Diagnostic Manager Management
Product Guide McAfee Database Activity Monitoring 5.0.0 For use with epolicy Orchestrator 4.6.3-5.0.1 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS
Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses 2004 Microsoft Corporation. All rights reserved. This document is for informational purposes only.
McAfee Change Control and Application Control 6.0.0 Product Guide For use with epolicy Orchestrator 4.5.0 and 4.6.0 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication
SysPatrol Server Security Monitor User Manual Version 2.2 Sep 2013 www.flexense.com www.syspatrol.com 1 Product Overview SysPatrol is a server security monitoring solution allowing one to monitor one or
AuthAnvil User Guide Version R91 English August 25, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from
Installation Guide McAfee Public Cloud Server Security Suite For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
Trend Micro KASEYA INTEGRATION GUIDE INTRODUCTION Trend Micro Worry-Free Business Security Services is a server-free security solution that provides protection anytime and anywhere for your business data.
McAfee Host Data Loss Prevention Administration Intel Security Education Services Administration Course The McAfee Host Data Loss Prevention (DLP) Administration course provides attendees with in-depth
Administrator Guide Reference Outpost Network Security Office Firewall Software from Agnitum Abstract This document provides information on deploying Outpost Network Security in a corporate network. It
Metalogix SharePoint Backup Publication Date: August 24, 2015 All Rights Reserved. This software is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this
Best Practice Configurations for OfficeScan 10.0 Applying Latest Patch(es) for OSCE 10.0 To find out the latest patches, refer to http://www.trendmicro.com/download/product.asp?productid=5 NOTE : There
rat Comodo One Software Version 1.8 Patch Management Module Administrator Guide Guide Version 1.8.100915 Comodo Security Solutions 1255 Broad Street STE 100 Clifton, NJ 07013 Table of Contents 1 Introduction
Providing Patch Management With N-central Version 7.2 Contents Patch Management 3 Introduction 3 Monitoring for Missing Patches 3 Setting up Patch Management in N-central 4 Adding a WSUS Server to N-central
HP IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW102-20120420 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this
Time Billing and Project Management Software Built With Your Industry Knowledge BillQuick Agent 2010 Getting Started Guide BQE Software, Inc. 2601 Airport Drive Suite 380 Torrance CA 90505 Support: (310)
Installation Guide Lenel OnGuard 2009 Installation Guide, product version 6.3. This guide is item number DOC-110, revision 1.038, May 2009 Copyright 1992-2009 Lenel Systems International, Inc. Information
New features in BackupAssist v6... 2 VSS application backup (Exchange, SQL, SharePoint)... 3 System State backup... 3 Restore files, applications, System State and mailboxes... 4 Fully cloud ready Internet
TANDBERG MANAGEMENT SUITE 10.0 Installation Manual Getting Started D12786 Rev.16 This document is not to be reproduced in whole or in part without permission in writing from: Contents INTRODUCTION 3 REQUIREMENTS
Administration GUIDE SharePoint Server idataagent Published On: 11/19/2013 V10 Service Pack 4A Page 1 of 201 Getting Started - SharePoint Server idataagent Overview Deployment Configuration Decision Table
Trend Micro OfficeScan 11.0 Best Practice Guide for Malware Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned
Enterprise Remote Control 5.6 Manual Solutions for Network Administrators Copyright 2015, IntelliAdmin, LLC Revision 3/26/2015 http://www.intelliadmin.com Page 1 Table of Contents What is Enterprise Remote
HP A-IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW101-20110805 Legal and notice information Copyright 2011 Hewlett-Packard Development Company, L.P. No part of this
Authoring for System Center 2012 Operations Manager Microsoft Corporation Published: November 1, 2013 Authors Byron Ricks Applies To System Center 2012 Operations Manager System Center 2012 Service Pack
QUICK START GUIDE FOR CORE AND SELECT SECURITY CENTER 10 ENDPOINT SECURITY 10 About This Guide The intention of this guide is to provide a step through of the initial installation of Kaspersky Security
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
Migration Guide McAfee Endpoint Encryption for PC 7.0 For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,
NETWRIX EVENT LOG MANAGER QUICK-START GUIDE FOR THE ENTERPRISE EDITION Product Version: 4.0 July/2012. Legal Notice The information in this publication is furnished for information use only, and does not
Using the new features in BackupAssist v6... 2 VSS application backup (Exchange, SQL, SharePoint)... 2 Backing up VSS applications... 2 Restoring VSS applications... 3 System State backup and restore...
Shavlik Patch for Microsoft System Center User s Guide For use with Microsoft System Center Configuration Manager 2012 Copyright and Trademarks Copyright Copyright 2014 Shavlik. All rights reserved. This
Mirage 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
IBM Endpoint Manager Version 9.1 Patch Management for Red Hat Enterprise Linux User's Guide IBM Endpoint Manager Version 9.1 Patch Management for Red Hat Enterprise Linux User's Guide Note Before using
VERITAS Backup Exec TM 10.0 for Windows Servers Quick Installation Guide N134418 July 2004 Disclaimer The information contained in this publication is subject to change without notice. VERITAS Software
Unicenter Patch Management Best Practices for Managing Security Updates R11 This documentation (the Documentation ) and related computer software program (the Software ) (hereinafter collectively referred
Desktop Release Notes Desktop Release Notes 5.2.1 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval
Sophos Anti-Virus for NetApp Storage Systems user guide Product version: 3.0 Document date: May 2014 Contents 1 About this guide...3 2 About Sophos Anti-Virus for NetApp Storage Systems...4 3 System requirements...5
Application Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions 1 Agenda What is Application Whitelisting (AWL) Protection provided by Application
HDA Integration Guide Help Desk Authority 9.0 2011ScriptLogic Corporation ALL RIGHTS RESERVED. ScriptLogic, the ScriptLogic logo and Point,Click,Done! are trademarks and registered trademarks of ScriptLogic
LabTech Commands COMMANDS 1 Overview... 1 Default Commands... 2 Creating a Script from a Command... 10 Document Revision History... 10 Overview Commands in the LabTech Control Center send specific instructions
Installation Guide McAfee Endpoint Security 10.0.0 Software For use with epolicy Orchestrator 5.1.1 5.2.0 software and the McAfee SecurityCenter COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without
www.novell.com/documentation Administration Quick Start ZENworks 11 Support Pack 3 February 2014 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of
IBM Security QRadar Vulnerability Manager Version 7.2.1 User Guide Note Before using this information and the product that it supports, read the information in Notices on page 61. Copyright IBM Corporation
File Share Navigator Online 1 User Guide Service Pack 3 Issued November 2015 Table of Contents What s New in this Guide... 4 About File Share Navigator Online... 5 Components of File Share Navigator Online...
Trademarks & Patents Prism Suite Quick Start Guide published June, 2011 This publication could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein;
WhatsUp Gold v16.2 Database Migration and Management Guide Contents CHAPTER 1 How to use this guide CHAPTER 2 Migrating the WhatsUp Gold Microsoft SQL Server 2008 R2 Express Edition database to Microsoft
safend a w a v e s y s t e m s c o m p a n y SAFEND Data Protection Suite Installation Guide Version 3.4.5 Important Notice This guide is delivered subject to the following conditions and restrictions:
Spector 360 Deployment Guide Version 7.3 January 3, 2012 Table of Contents Deploy to All Computers... 48 Step 1: Deploy the Servers... 5 Recorder Requirements... 52 Requirements... 5 Control Center Server
Docufide Client Installation Guide for Windows This document describes the installation and operation of the Docufide Client application at the sending school installation site. The intended audience is
Product Guide McAfee Endpoint Encryption for Files and Folders 4.2 For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS
Reference Guide epolicy Orchestrator Log Files For use with epolicy Orchestrator 4.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced,
Complete Patch Management Complete - Flexible Unique In- Depth Secunia CSI 7 Corporate Software Inspector Take control of the vulnerability threat and optimize your IT security investments. The Secunia
Sophos Enterprise Console Help Product version: 5.1 Document date: June 2012 Contents 1 About Enterprise Console...3 2 Guide to the Enterprise Console interface...4 3 Getting started with Sophos Enterprise
Freshservice Discovery Probe User Guide 1. What is Freshservice Discovery Probe? 1.1 What details does Probe fetch? 1.2 How does Probe fetch the information? 2. What are the minimum system requirements
Installation Guide McAfee Security for Microsoft Exchange 7.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,
Application Server Installation Guide ARGUS Enterprise 11.0 11/25/2015 ARGUS Software An Altus Group Company Application Server Installation ARGUS Enterprise Version 11.0 11/25/2015 Published by: ARGUS
Sophos Anti-Virus for NetApp Storage Systems startup guide Runs on Windows 2000 and later Product version: 1 Document date: April 2012 Contents 1 About this guide...3 2 About Sophos Anti-Virus for NetApp
Providing Patch Management with N-central Version 9.1 Contents Patch Management 4 Introduction 4 Monitoring for Missing Patches 4 Setting up Patch Management in N-central 5 Adding a WSUS Server to N-central
McAfee Web Gateway Administration Intel Security Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction