Installation Guide. McAfee Vulnerability Manager 7.5

Transcription

1 Installation Guide McAfee Vulnerability Manager 7.5

2 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARKS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, epolicy Orchestrator, McAfee epo, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. Issued 5/22/ :01 / McAfee Vulnerability Manager Installation Guide

3 Contents Introducing McAfee Vulnerability Manager... 6 Installation checklist... 6 Components and what they do... 7 Audience... 8 Finding product documentation... 8 System Requirements and Architectures... 9 Number of servers required... 9 Hardware and software requirements Single server requirements Multiple server requirements Microsoft Windows Server 2003 support Browser requirements Disable Enhanced Security Configuration Network requirements Deployment architectures Dual-server architecture Three-server architecture More than three servers Installing on a Single Server Audience Process overview McAfee Vulnerability Manager architecture How the pieces fit together Installing and configuring McAfee Vulnerability Manager on a single server Creating your first vulnerability scan and report Post-installation activities Installing on Multiple Servers Before you install McAfee Vulnerability Manager McAfee Vulnerability Manager 7.5 components System component preparation Preparing the database server Preparing the scan engine server Preparing the web server McAfee Vulnerability Manager 7.5 installation Installing using a recommended installation type Adding an extra scan engine Installing using the custom installation type Installation setting descriptions Login information Hiding a Microsoft SQL Server 2005 instance Hiding a Microsoft SQL Server 2008 instance Changing the SQL instance name Uninstalling McAfee Vulnerability Manager Uninstalling a previous version of McAfee Vulnerability Manager Do NOT remove registry keys Configuring Your Servers McAfee Vulnerability Manager Update Setting up McAfee Vulnerability Manager Update Adding proxy information for connecting to the update server McAfee Vulnerability Manager 7.5 Installation Guide iii

4 Contents Running McAfee Vulnerability Manager Update as a service Troubleshooting the McAfee Vulnerability Manager Update service Register McAfee Vulnerability Manager Sending a registration request to McAfee Activate McAfee Vulnerability Manager Enable notifications Enabling SNMP notifications Enabling notifications Hardening your servers Update your servers with the latest patches Setting up SSL Add the enterprise manager trust site certificate Check the server_name in the CONFIG.INI file Installing the McAfee Vulnerability Manager Trust Site Certificate Upgrading to McAfee Vulnerability Manager Back up the SQL server database using SQL Server Management Studio Backing up the Windows registry Upgrading Microsoft SQL Server Microsoft SQL server 2005 installation settings Changing the Microsoft SQL memory settings Microsoft SQL server 2008 and 2008 R2 installation features Restoring the Windows registry Restoring the McAfee Vulnerability Manager database Upgrading from a previous version Merging the config.ini and php.ini files Starting and stopping the SQL server database Rerunning scans Microsoft Windows Server 2003 upgrade support Upgrading appliances Troubleshooting and Tips Finding the NetBIOS name Creating strong passwords Application Layer Gateway Message Performance issues when running a large number of reports SQL settings Changing the database authentication settings Optimize dynamic memory settings Setting the SA password in SQL Changing the TCP/IP protocol Optional enterprise manager settings Using McAfee VirusScan Enterprise 8.0i and later Setting up a logon message Allowing root organization administrators to switch to global administrator Setting up the CONFIG.INI and PHP.INI files Disabling SSL Turning off SSL in configuration manager Restarting the API server Modifying the CONFIG.INI file on the enterprise manager Turning off SSL on the enterprise manager Why does my Foundstone Configuration Agent system tray icon have an exclamation mark Installation error when FIPS is enabled Appendix Microsoft SQL 2005 Express Settings Microsoft SQL Server 2005 Express installation settings Internet access Microsoft SQL 2008 Express Settings Disabling Admin Approval Mode (Windows 2008 R2) Move the database Move the enterprise manager McAfee Vulnerability Manager 7.5 Installation Guide iv

5 Contents Changing the Foundstone Configuration Agent Settings Using the United States Federal Information Processing Standard McAfee Vulnerability Manager 7.5 Installation Guide v

6 Introducing McAfee Vulnerability Manager McAfee Vulnerability Manager is an agentless network scanner that helps you identify and protect the assets (systems) on your network. This allows managers to monitor and respond to changing risks in their environment. This installation guide contains system requirements and suggestions on how many servers to deploy based on the size of your network. This guide also contains the concepts and tasks for installing the product, what to do after installation, and upgrading from a previous version. Note: The Foundstone product is now known as McAfee Vulnerability Manager. For this release, some portions of the product retain the Foundstone label. Installation checklist These are the basic steps for preparing your network and installing McAfee Vulnerability Manager 7.5. Each step is explained in further detail later in this guide. Installing on a single server For users who want to install McAfee Vulnerability Manager on a single server. This section describes installing McAfee Vulnerability Manager, running your first scan, and reviewing the report. See Installing on a single server (page 24). Upgrade instructions For users who are upgrading from a previous version of the product, follow the instructions in Upgrading to McAfee Vulnerability Manager 7.5 (on page 63). Custom installation For users who want to install McAfee Vulnerability Manager on a more than one server. This installation process requires some planning and configuration for proper installation. Step 1: Pre-installation planning Scope out the size and shape of your network. Take special note of geographic challenges and firewalls. Determine which deployment architecture to use, based on the size and accessibility of the network. If a scan engine needs to access the entire network, are there any barriers? Using the system requirements guidelines for your chosen architecture, acquire systems and software to host the McAfee Vulnerability Manager servers. For details about pre-installation planning, see Before you install McAfee Vulnerability Manager (on page 31). Note: McAfee Vulnerability Manager does not support installation on a system with an underscore in the host name. Step 2: System component preparation Install Microsoft SQL Server (see "Preparing the database server" on page 32) and its latest service pack on the database server. Make sure that it is fully functional, and that the system administrator (SA) password is available. McAfee Vulnerability Manager 7.5 Installation Guide 6

7 Introducing McAfee Vulnerability Manager Components and what they do On the web server, install Microsoft IIS Web Server (see "Preparing the web server" on page 35) and its latest security patches. For details about preparing your servers, see System component preparation (on page 32). Step 3: Install McAfee Vulnerability Manager 7.5 Run the McAfee Vulnerability Manager 7.5 installation program on each server. For more information, see How to install McAfee Vulnerability Manager 7.5 (see "McAfee Vulnerability Manager 7.5 installation" on page 35). Post installation tasks On one scan engine, run the McAfee Vulnerability Manager 7.5 update program (see "McAfee Vulnerability Manager Update" on page 51) to get the latest vulnerability updates. This updates the database and any other scan engines connected to it. Register McAfee Vulnerability Manager 7.5 to activate it (see "Register McAfee Vulnerability Manager 7.5" on page 56). You have 60 days to use McAfee Vulnerability Manager 7.5 before the product ceases to function. Harden your servers (see "Hardening your servers" on page 61) to comply with your organization security policies. Maintain your database with regular backups and updated statistics to keep it running at optimal performance. For more information, see Configuring your servers (on page 51). Components and what they do McAfee Vulnerability Manager consists of components that work together to monitor your systems. Enterprise manager Uses Microsoft Internet Information Services (IIS) to provide authorized users with access to McAfee Vulnerability Manager through their web browsers. It allows them to manage and run the product from anywhere on the network. Access is protected by user identification and authentication. Set up Secure Socket Layers (SSL) through the web server to provide encrypted communication to browsers. Scan engine Scans the network environment. Depending on the logistics and size of your network, you might need more than one scan engine to scan the network. Scan controller Provides the communication between the scan engine and the database. Most network environments only need one scan controller. For a large network (class A) or segmented network (WAN), use multiple scan controllers. Database The data repository for the product. It uses Microsoft SQL Server to store everything from scan settings and results to user accounts and scan engine settings. It contains all of the information needed to track organizations and workgroups, manage users and groups, run scans, and generate reports. API server Provides the communication between the enterprise manager and the database. Notification service Provides SNMP and (SMTP) notification messages for integration with third-party help desk management systems and servers. Data synchronization service Gathers information from McAfee epo databases, LDAP servers, and other McAfee Vulnerability Manager 7.5 databases. For McAfee epo databases, it provides data to the product for host and OS identification. For LDAP servers, it provides assets you can add to scan configurations. For other McAfee Vulnerability Manager databases, it provides scan data. Report engine Generates scan-based and asset-based reports. Configuration manager Distributes initial certificates to the other product components and manages the updates to the product components. Web application scanner Provides a scan configuration, vulnerability checks, and scan reports for web applications. The web application scanner is a module that must be purchased. McAfee Vulnerability Manager 7.5 Installation Guide 7

8 Introducing McAfee Vulnerability Manager Finding product documentation Audience This information is intended for network administrator responsible for installing and configuring software on network servers. Finding product documentation McAfee provides the information you need during each phase of product implementation, from installing to using and troubleshooting. 1 Go to the McAfee Product Download site. 2 Type in your grant number, then click Submit. 3 Select McAfee Vulnerability Manager. After a product is released, information about the product is entered into the McAfee online KnowledgeBase at McAfee Vulnerability Manager 7.5 Installation Guide 8

9 System Requirements and Architectures Number of servers required System Requirements and Architectures These guidelines describe the McAfee Vulnerability Manager 7.5 system requirements for each component. Number of servers required The number, type, and placement of product servers depend on the total amount of address space, total number of live devices, network topology, desired scan performance, network constraints, and network policies. Note: McAfee Vulnerability Manager supports only servers running English-language operating systems. The following matrix provides guidelines for determining the number of McAfee Vulnerability Manager servers. Number of live IPs Number of servers Notes 0 2,500 One product server with an Allin-One configuration Ideal for small networks and product evaluations 2,500 10,000 10,001 20,000 Two product servers: One configured as enterprise manager web portal and the other configured as a database, API server, scan controller, and a scan engine with additional components. Two product servers: One configured as enterprise manager web portal and the other configured as database, API server, scan controller, and scan engine with additional components. One product server configured as a dedicated scan engine. Very common configuration for small to mid-sized deployments Well-suited for large, distributed environments McAfee Vulnerability Manager 7.5 Installation Guide 9

10 System Requirements and Architectures Number of servers required Number of live IPs 20,001 - >100,000 Number of servers Three product servers: One configured as enterprise manager web portal, one configured as database, and one configured as API server, scan controller, and scan engine with additional components. n product servers configured as dedicated secondary scan engines. Notes Ideal for large, global, distributed and diverse networks Consider these factors: Number of IP addresses to be scanned. The primary factor is the number of IP addresses to be scanned. Small to medium-sized networks, as well as installations for product evaluation purposes, can deploy a single product server. Larger networks are better accommodated with additional hardware. Network connectivity to, and reachability of, all desired target environments. A scan engine must be able to reach its targets for the results to provide value. When placing scan engines, consider the networks that are to be scanned and place the scan engine so that it is able to reach the maximum number of assets with as few firewalls or packet filtering devices as possible. Firewall traversing. The purpose of a firewall is to restrict traffic to legitimate users and prohibit traffic that might be malicious. Depending upon the nature of the vulnerability and the discovery methodology, vulnerability scanning signatures might resemble malicious traffic and be blocked or filtered by a firewall or port filter. The result of such well-intentioned security devices might be that the quality of data returned from a vulnerability scan is adversely affected. For example, hosts behind a firewall might not be discovered correctly or at all, or a firewall might make it appear that every host behind the firewall is present when they are not. Another possible effect is that discovery and assessments might take longer to complete when having to traverse a firewall compared to scans that do not have to traverse firewalls. A common technique to mitigate the impact is to either avoid sending the assessment traffic through a firewall altogether, or to create an exception rule in the firewall rule base to allow any and all packets to and from the scan engine to traverse the firewall unaltered. WAN links and latency. To ensure a manageable vulnerability assessment schedule, McAfee Vulnerability Manager employs various timing and monitoring components. Such components monitor the total time a thread has taken to run a check against a host. If a certain threshold is exceeded, the thread is terminated under the assumption that the host is down, or that packets have been lost in transit to or from the host. This technique is necessary to ensure that a scan is not in an infinite waiting state. Therefore, WAN links, or heavily congested networks in general, might need special consideration in a deployment. Tests have shown that scanning via WAN links with a latency of more than 150 milliseconds is likely to produce results of an improper quality. For example, a set of systems can only be reached via a WAN link, then consider placing a scan engine in the remote environment so scanning is done locally and not be subject to packet loss and timeouts that are common on a congested WAN link. McAfee Vulnerability Manager 7.5 Installation Guide 10

11 System Requirements and Architectures Hardware and software requirements Other network traffic (business-critical data/sessions). Any active scanning technology, such as McAfee Vulnerability Manager, sends some amount of data to assets on the network. This is an unavoidable consequence of any vulnerability scanning technology. McAfee Vulnerability Manager provides robust and detailed controls that allow customers to optimize the scanning behavior and speed of McAfee Vulnerability Manager. The product has default settings that have proved safe and effective in most networks. However, no matter how McAfee Vulnerability Manager is deployed and configured, you should always pay attention to network segments, WAN links, firewalls, and so on, where particularly important data is passing. Consider a remote site that is transmitting transactions from a website through a congested or slow WAN link during local business hours. Since this system only operates during certain hours, you should configure scans so that the environment is scanned while the web server is not processing transactions and not relying on bandwidth on the WAN link. Security or performance. When two product servers are used, McAfee recommends that you deploy the enterprise manager on one system and the other product components on the second system. This provides more security because the enterprise manager can be placed outside your firewall, so users can access it, while the second system can be placed inside the firewall to gather accurate data from scanned systems. However, having the scan engine and scan controller on the same system as the database can slow performance, based on the amount of data being processed. To improve performance when using two product servers, you could separate the scan engine and scan controller from the database. For example: the enterprise manager, scan engine, and scan controller on one system and the database and other McAfee Vulnerability Manager components on the second system. Hardware and software requirements This section covers the minimum hardware and software requirements for installing McAfee Vulnerability Manager. Note: When installing McAfee Vulnerability Manager on a server running Windows 2008 R2, you must either be logged in as the root administrator for the server or the Admin Approval Mode (see "Disabling Admin Approval Mode (Windows 2008 R2)" on page 101) must be disabled. Single server requirements These are the system requirements for installing McAfee Vulnerability Manager on a single server (Allin-One). If you are installing McAfee Vulnerability Manager on multiple servers, see Multiple Server requirements (page 12). Note: McAfee Vulnerability Manager components require an Internet Protocol version 4 (IPv4) address to properly communicate. Systems running product components must have an IPv4 address and can have an IPv6 address to facilitate scanning IPv6 targets. Single server system requirements Component Processor Memory Disk space Dedicated system Requirement Dual Xeon 2 GHz, Dual Core Xeon 2.33 GHz, or higher 4 GB RAM 160 GB Partition Yes Administrator account McAfee Vulnerability Manager 7.5 Installation Guide 11

12 System Requirements and Architectures Hardware and software requirements Component Disk partition formats Network card Requirement NTFS Ethernet Single server software requirements Microsoft Windows 2008 R2 Microsoft Windows 2008 R2 Service Pack 1 and later The Foundstone Configuration Agent requires administrator rights to start and stop services. If the logged in user does not have administrator rights, McAfee Vulnerability Manager might not function properly. Microsoft SQL Server Microsoft SQL Server 2005 Service Pack 4 and later (32-bit and 64-bit) Microsoft SQL Server 2008 Service Pack 1 and later (32-bit and 64-bit) Microsoft SQL Server 2008 R2 Service Pack 1 and later (32-bit and 64-bit) Microsoft SQL Express 2008 R2 Service Pack 1 and later (64-bit) Also: All Microsoft SQL and.net hotfixes and patches. McAfee recommends using 750 MB for the SQL memory setting. SQL Browser (SQL Express 2008 R2) Additional software (covered by default Microsoft Windows and Microsoft SQL installations) IIS 7.5, including current IIS security patches MDAC 2.8 World Wide Web Publishing must be running SQL Client Tools Note: McAfee Vulnerability Manager does not support installing the database with.net 4.0. If you must use.net 4.0, install the database first. Note: If you change the network settings on the server running the scan engine, the system should be restarted or the scan components must be restarted. Multiple server requirements McAfee Vulnerability Manager consists of several components. Any McAfee Vulnerability Manager component requiring a minimum amount of system resources are listed below. If you are installing multiple McAfee Vulnerability Manager components on a single server, use the highest minimum system requirements as your guide. Operating system requirements for all McAfee Vulnerability Manager 7.5 servers Windows Server 2008 R2, without a service pack, or with Service Pack 1 or later. McAfee Vulnerability Manager only supports English operating systems. The Foundstone Configuration Agent requires administrator rights to start and stop services. If the logged in user does not have administrator rights, McAfee Vulnerability Manager might not function properly. Note: To ensure scan accuracy and device communication, McAfee recommends specifying a static IP address. Note: McAfee Vulnerability Manager components require an Internet Protocol version 4 (IPv4) address to properly communicate. Systems running product components must have an IPv4 address and can have an IPv6 address to facilitate scanning IPv6 targets. McAfee Vulnerability Manager 7.5 Installation Guide 12

13 System Requirements and Architectures Hardware and software requirements Enterprise manager system requirements Component Processor Memory Disk space Additional software Dedicated system Disk partition formats Network card Requirement Dual Xeon 2 GHz, Dual Core Xeon 2.33 GHz, or higher 4 GB RAM 80 GB Partition IIS 7.5 Current IIS security patches World Wide Web Publishing must be running Yes Administrator account NTFS Ethernet Database system requirements Component Processor Disk space Requirement Dual Xeon 2 GHz, Dual Core Xeon 2.33 GHz, or higher 160 GB Partition Tip: 250 GB of disk space is recommended for large networks. Memory Additional software 4 GB Microsoft SQL Server 2005 SP4 and later (32-bit and 64-bit) Microsoft SQL Server 2008 SP1 and later (32-bit and 64-bit) Microsoft SQL Server 2008 R2 SP1 and later (32-bit and 64-bit) Also: All SQL hotfixes and patches All.NET hotfixes and patches Note: Microsoft SQL Server Express 2008 R2 is not recommended for a distributed environment. Dedicated system Virtual memory Disk partition formats SQL server memory settings Yes 4 GB minimum NTFS 900 MB McAfee Vulnerability Manager 7.5 Installation Guide 13

14 System Requirements and Architectures Hardware and software requirements Component Network card Requirement Ethernet SQL server memory recommendations McAfee recommends using the following SQL memory settings: When the database is the only component on the system, set the Maximum SQL memory to 1.4 GB. When the database and the Report Server are both running on the same system, use 900 MB. When the database and the scan engine are both running on the same system, use 750 MB. Note: McAfee Vulnerability Manager does not support installing the database with.net 4.0. If you must use.net 4.0, install the database first. Scan engine system requirements Component Processor Memory Disk space Requirements Dual Xeon 2 GHz, Dual Core Xeon 2.33 GHz, or higher 4 GB RAM 80 GB Partition Additional software MDAC 2.8 Dedicated system Virtual memory Disk partition formats Required services Network card Recommended when running large scans 4 GB minimum NTFS NetBIOS over TCP/IP Ethernet Note: Microsoft Windows does not allow the hostname and user name to be the same. Do not use FS as the hostname for the system running the scan engine. Note: If you change the network settings on the server running the scan engine, the system should be restarted or the scan components must be restarted. Scan controller system requirements Component Memory Disk space Additional software Dedicated system Network card Requirements 2 GB RAM 80 GB Partition MDAC 2.8 SQL Client Tools No Ethernet Note: The scan controller provides communication between the scan engines and the database. McAfee Vulnerability Manager 7.5 Installation Guide 14

15 System Requirements and Architectures Hardware and software requirements Configuration manager system requirements Component Memory Disk space Requirements 1 GB RAM 80 GB Partition Additional software MDAC 2.8 Dedicated system Network card No Ethernet API server system requirements Component Memory Disk space Requirements 1 GB RAM 80 GB Partition Additional software MDAC 2.8 Dedicated system Network card No Ethernet Notification service system requirements Component Memory Disk space Requirements 1 GB RAM 80 GB Partition Additional software MDAC 2.8 Dedicated system Network card No Ethernet Note: To provide notifications through , this server must have access to the relay server on your network. Data synchronization service system requirements Component Memory Disk space Requirements 1 GB RAM 80 GB Partition Additional software MDAC 2.8 McAfee Vulnerability Manager 7.5 Installation Guide 15

16 System Requirements and Architectures Browser requirements Component Dedicated system Network card Requirements No Ethernet Report engine system requirements Component Memory Disk space Requirements 2 GB RAM 80 GB Partition Additional software MDAC 2.8 Dedicated system Network card Recommended for report-intensive environments Ethernet Microsoft Windows Server 2003 support McAfee Vulnerability Manager 7.5 allows the use of Microsoft Windows Server 2003 for the scan controller and scan engine only, with some limitations. No support for scanning Internet Protocol version 6 (IPv6) targets. No support for McAfee epolicy Orchestrator or McAfee Policy Auditor integration. No support for McAfee Network Security Manager (NSM) integration. For installation information, see Adding an extra scan engine (page 38). For upgrade information, see Microsoft Windows Server 2003 upgrade support (page 75). Browser requirements Depending on the network settings, authorized users can access McAfee Vulnerability Manager through the web browser from anywhere. If you are upgrading to McAfee Vulnerability Manager 7.5, users should clear their web browser cache to ensure updated pages display properly. Individual browser requirements Microsoft Internet Explorer 8.0 or 9.0 running on a Microsoft Windows operating system. The recommended minimum screen resolution is 1024 x 768. Note: Searching for vulnerabilities in large reports might take a long time to complete. Use Microsoft Internet Explorer 9.0 for the best results. McAfee recommendations Install the latest service packs for your browser and operating system. Disable third-party pop-up blockers, web filters, and other extensions because these products can interfere with the ability to display certain pages in the enterprise manager. Install the Trusted Site Certificate (page 62) for all users accessing the enterprise manager. Turn off Display intranet sites in compatibility View. McAfee Vulnerability Manager 7.5 Installation Guide 16

17 System Requirements and Architectures Network requirements Note: Large fonts are not supported in Internet Explorer. Disable Enhanced Security Configuration If you are using Microsoft Internet Explorer 9 and Microsoft Windows Server 2008 (or Windows Server 2008 R2) to access the enterprise manager, Enhanced Security Configuration should be disabled. 1 Select Start Administrative Tools Server Manager. 2 Under Security Information, click Configure IE ESC. 3 Under Administrators, select Off. Note: Don't disable the Enhanced Security Configuration for Users, unless nonadministrators use the Microsoft Windows Server 2008 (or Windows Server 2008 R2) system for accessing the portal. 4 Click OK. 5 Close the Server Manager window. Network requirements McAfee Vulnerability Manager components use the network ports and protocols in the following tables. If there is a firewall separating components, these ports and protocols must be opened in your firewall configuration before installing McAfee Vulnerability Manager 7.5. The network requirements diagrams use a distributed deployment architecture to display communication paths. If you use a different deployment architecture, be sure to note which system is running a McAfee Vulnerability Manager component, and use the port number and communication path specified in the communication path tables. The network requirements diagrams are separated into two groups: connecting McAfee Vulnerability Manager components and connecting to external components. External components include other databases, McAfee epo databases, LDAP or Active Directory servers, and external ticketing or issue management systems. Connecting McAfee Vulnerability Manager components Figure 1: Network requirements McAfee Vulnerability Manager 7.5 Installation Guide 17

18 System Requirements and Architectures Network requirements McAfee Vulnerability Manager component communication paths # Title Description System 1 Enterprise manager System 2 API service, scan controller, and scan engine System 3 Database* System 4 Report server System 5 Scan Engine Authenticated User 1 Assessment management search results Enterprise manager Scan controller API server Scan engine Data synchronization service Notification service Database Configuration manager Report engine Scan engine Users log on to the enterprise manager. Ports: 443 or 80 SOAP over HTTPS or HTTP 2 Command and control Port: 3800 SOAP over HTTPS or HTTP 3 API service Port: 1433 (SSL over) TCP/IP 4 Scan data Port: 1433 (SSL over) TCP/IP 5 Data synchronization service** Port: 1433 (SSL over) TCP/IP 6 Notification service*** Port: 1433 (SSL over) TCP/IP 7 Scan data Port: 1433 (SSL over) TCP/IP 8 Report data Port: 1433 (SSL over) TCP/IP 9 Scan data (scan engine to scan controller) Ports: 3803 REST over HTTPS or HTTP McAfee Vulnerability Manager 7.5 Installation Guide 18

19 System Requirements and Architectures Network requirements 10 Generating reports or changing report templates Ports: 3802 REST over HTTPS or HTTP 11 Generated reports Ports: 443 or 80 REST over HTTPS or HTTP 12 Web browser traffic Ports: 443 or 80 HTTPS or HTTP *Changing the location of the configuration manager requires a communication path between the configuration manager and the database, using Port: 1433, (SSL over) TCP/IP. **Changing the location of the data synchronization service changes the communication path(s) displayed in this diagram. ***Changing the location of the notification service changes the communication path(s) displayed in this diagram. Note: All McAfee Vulnerability Manager components have an FCM Agent installed. The communication between each FCM Agent and the configuration manager server is Port: 3801, (SSL over) TCP/IP. Connecting external components Figure 2: External component communications External component communication paths # Title Description System 2 API service, scan controller, and scan engine Scan controller API server Scan engine Data synchronization service Notification service A B External ticketing or issue management External SMTP server McAfee Vulnerability Manager 7.5 Installation Guide 19

20 System Requirements and Architectures Deployment architectures C D External LDAP / Active Directory (AD) External McAfee epo Database 1 Notification service* Port: 162 SNMP 2 Notification service* Port: 161 SNMP 3 Notification service* Port: 25 SMTP 4 Data synchronization service** 5 Data synchronization service** Port: 389 LDAP Port: 1433 (SSL over) TCP/IP *Changing the location of the notification service changes the communication path(s) displayed in this diagram. **Changing the location of the data synchronization service changes the communication path(s) displayed in this diagram. McAfee Vulnerability Manager 7.5 Installation Guide 20

21 System Requirements and Architectures Deployment architectures Deployment architectures When installing McAfee Vulnerability Manager 7.5 components on multiple servers, use these general guidelines to help determine the best setup for your network: Dual-server architecture (on page 21) Three-server architecture (on page 22) Distributed server architecture (see "More than three servers" on page 23) Dual-server architecture This architecture is appropriate for small to medium (class C and class B) networks. The scan controller, scan engine and the database are installed on the same server; the enterprise manager is installed on its own server. This allows fast, efficient communication between the scan controller, scan engine, and database while a dedicated server runs the enterprise manager interface for your users. Figure 3: Dual server architecture System 1: Web portal Web portal Report engine System 2: Database and scan engine Scan controller Scan engine API server Notification service Data synchronization service Database Configuration Manager McAfee Vulnerability Manager 7.5 Installation Guide 21

22 System Requirements and Architectures Deployment architectures Three-server architecture This architecture is designed for large, global enterprises, and is appropriate for scanning multiple class B and class A networks. In this configuration, all three components reside on individual servers. Figure 4: Three server architecture System 1: Web portal Web portal System 2: Scan engine Scan controller Scan engine API server Notification service Data synchronization service System 3: Database Database Report engine Configuration manager McAfee Vulnerability Manager 7.5 Installation Guide 22

23 System Requirements and Architectures Deployment architectures More than three servers Larger, more complicated environments need multiple scan engines. Each engine generates scan traffic on their local network segments, and sends the resulting scan data back over the WAN to the database. This dramatically reduces the amount of traffic on the WAN resulting from network scans. Multiple scan engines can be added to this architecture. Figure 5: Distributed server architecture System 1: Web portal Web portal System 2: API server Scan controller Scan engine API server Notification service Data synchronization service System 4: Report server Report engine System 3: Database Database Configuration manager System 5: Scan engine Scan engine McAfee Vulnerability Manager 7.5 Installation Guide 23

24 Installing on a Single Server McAfee Vulnerability Manager architecture Installing on a Single Server The goal of this chapter is to give you an outline of the steps needed to conduct your first vulnerability scan with the McAfee Vulnerability Manager Software. This chapter is not intended to provide all of the detailed information you might need, rather simply provides a brief overview of the process. Later chapters in this guide contain more detailed information, including installing McAfee Vulnerability Manager on more than one server. This chapter takes a layered approach to help you better understand the overall McAfee Vulnerability Manager solution and how the pieces fit together. This chapter provides the following information: An outline of the overall process necessary to conduct your first vulnerability scan A high-level overview of the McAfee Vulnerability Manager architecture How the pieces fit together A checklist to help you install and configure McAfee Vulnerability Manager to run on a single appliance A checklist to help you conduct your first vulnerability scan and produce a report Note: McAfee Vulnerability Manager does not support installation on a system with an underscore in the host name. Audience This chapter is designed for the new user installing McAfee Vulnerability Manager on a single server (also known as Standard or an All-in-One). If you need to install McAfee Vulnerability Manager on more than one server, review later chapters in this document for more information. Process overview There are several steps necessary to set up and configure McAfee Vulnerability Manager and begin scanning. This list highlights the general steps: 1 Configure Microsoft SQL 2005 or Install and configure McAfee Vulnerability Manager 7.5 on a single system (All-in-One) 3 Set up your first scan and review the report McAfee Vulnerability Manager architecture McAfee Vulnerability Manager consists of several components. The three major components of McAfee Vulnerability Manager are: Enterprise Manager (web user interface) Database using Microsoft SQL Server (Microsoft SQL Server 2005, 2008 R2, 2005 Express, 2008, or 2008 Express) Scan Engines (there can be several scan engines per McAfee Vulnerability Manager instance and the scan engines can be remote) McAfee Vulnerability Manager 7.5 Installation Guide 24

25 Installing on a Single Server Installing and configuring McAfee Vulnerability Manager on a single server Other McAfee Vulnerability Manager configuration applications and services include a scan controller, an API service, a reporting service, a notification service, configuration manager, an update service, and data synchronization. In large enterprises, scanning hundreds of thousands of assets, these components and services should be installed on three to five separate appliances. This process is described in later sections of this guide, and is not be the focus of this chapter. However, for most customers not scanning hundreds of thousands of assets, a simpler approach is adequate. Either a single server or two servers (database separate) provides sufficient capacity. This chapter takes you through the process of installing McAfee Vulnerability Manager on a single server. How the pieces fit together After the initial system configuration, all vulnerability management functions (scanning, reporting, and remediation) are driven through the web portal. As McAfee Vulnerability Manager scans targets, the data is stored in the SQL database and reports are generated by the report server. Reports can be delivered by or viewed through the web portal. When deploying remote scanning engines (or other distributed McAfee Vulnerability Manager components) on other servers, the secure communication link between the distributed components is managed by the configuration manager. The configuration manager is mainly for infrastructure management, not for every day vulnerability management. Installing and configuring McAfee Vulnerability Manager on a single server You can install and configure McAfee Vulnerability Manager on a single server that uses Microsoft SQL Server as its database. The SQL settings are similar for both Microsoft SQL 2005 and SQL 2008, but the setting locations are different in each installation wizard. The SQL Server settings for both versions are included in this guide. For Microsoft SQL Express 2008 settings, see Using Microsoft SQL 2008 Express (page 101). Configuring Microsoft SQL 2005 (15-30 minutes) McAfee Vulnerability Manager 7.5 uses Microsoft SQL Server as its database. Install the Microsoft SQL Server database as directed by the SQL Server documentation. For information about installing Microsoft SQL Server Express 2005 or 2008, see the Appendix in this guide. Before installing the SQL Server, make sure your systems meet the minimum system requirements (see "System Requirements and Architectures" on page 9). Note: If you are upgrading from SQL Server 2000 to SQL Server 2005, go to Upgrading to SQL Server 2005 (page 67). SQL server installation suggested settings The following table shows the page names and recommended settings for each step of the installation. These settings are based on a typical Microsoft SQL Server 2005 installation. McAfee Vulnerability Manager 7.5 Installation Guide 25

26 Installing on a Single Server Installing and configuring McAfee Vulnerability Manager on a single server Installation Page Components to Install Instance Name Setting Select SQL Server Database Services and the Workstation components, Books Online and development tools. Select Default instance. Note: It is possible to give the instance a name. You must type this instance name when installing other McAfee Vulnerability Manager components. See Changing the SQL Instance Name (page 46). Service Account Select Use the built-in System account, then select Local system from the list. Select SQL Server under Start services at the end of setup. Authentication Mode Select Mixed mode. This mode is required to create or upgrade the database. See Changing the Database Authentication Settings (on page 77) for information on how to change this setting later. Create a password for the SA account. The maximum password length is 128 characters. Important: Remember the SA account password. You can use the SA account to access the database for maintenance or to back up the database. Collation Settings Error and Usage Report Settings Accept the defaults. Accept the defaults (none selected). After the installation has completed, McAfee recommends that you restart the computer before using SQL Server. Then, make sure the system has the latest SQL server service pack. Configuring SQL Server 2008 (15-30 minutes) The following lists show the recommended and minimum Microsoft SQL Server 2008 and 2008 R2 features for using McAfee Vulnerability Manager. Note: If you are upgrading from Microsoft SQL Server 2000 to Microsoft SQL Server 2008, go to Upgrading Microsoft SQL Server 2000 (page 67). SQL server installation (recommended) Database Engine Services, including all sub-features Client Tools Connectivity Client Tools Backward Compatibility SQL Server Books Online Management Tools (complete) SQL server installation (minimum) Database Engine Services Client Tools Connectivity Client Tools Backward Compatibility McAfee Vulnerability Manager 7.5 Installation Guide 26

27 Installing on a Single Server Installing and configuring McAfee Vulnerability Manager on a single server After the installation finishes, McAfee recommends that you restart the computer to begin using SQL Server. Then, make sure you have the latest SQL server service pack. Installing McAfee Vulnerability Manager (30 minutes - 1 hour) 1 Run the McAfee Vulnerability Manager installation program. The Welcome to McAfee Vulnerability Manager screen appears. Click Next. The end user license agreement appears. 2 Read the end user license agreement. Select Accept, then click Next. The Select Installation Type screen appears. 3 Select Standard, then click Next. 4 Select the database server where you want to install the database. Note: For 64-bit operating systems, you must type in the database server name. You must have administrative access to the SQL database to install the database. You can select Windows authentication or SQL Server authentication. If you select SQL Server authentication, type the SQL database credentials. Click Next. 5 Review the system checklist. The installation program runs a system check to ensure that all dependencies (critical and noncritical) are met. If any of the dependency checks fails, you must resolve the issue before you can install McAfee Vulnerability Manager. To resolve a dependency check, you must exit the installation program, fix the issue, then rerun the installation program. If all system checks pass, click Next. The Database Connection Information screen appears. 6 Type a McAfee Vulnerability Manager user password for the database. Type and re-type a password for the McAfee Vulnerability Manager user. The host name or IP address of this server is already entered in the field. The McAfee Vulnerability Manager user is used for connecting other McAfee Vulnerability Manager components to the database. Click Next. The Global Administrator Password page appears. 7 Create a password for the McAfee Vulnerability Manager Global Administrator. The McAfee Vulnerability Manager Global Administrator can create organizations and manage workgroups (sub-organizations) through the web interface. Type and re-type a password for the Global Administrator. There is only one global administrator per McAfee Vulnerability Manager deployment. Click Next to continue. When logging on as the Global Administrator, the organization name is fsglobal and the user name is globaladmin. 8 Create a new organization and type an administrator password. McAfee Vulnerability Manager uses organizations and workgroups (sub-organizations) as a way of managing access to the McAfee Vulnerability Manager web interface. Type the name of your first organization. Then type and re-type a password for the Administrator. Click Next. The Installation Settings page appears. 9 Click Install to install McAfee Vulnerability Manager. Since all components are installed on one server, there is no need to change any settings on the Installation Settings page. 10 When the installation process is complete, click Finish. A message states that a system restart is required. 11 Click OK to restart the system. Note: When installing McAfee Vulnerability Manager on Windows 2008 R2, a FS user account is created and appears on the logon screen. The FS account is reserved for the McAfee Vulnerability Manager scan engine and should not be used or modified. The McAfee Vulnerability Manager single server system is configured and you can create your first vulnerability scan, run it, and review the results. McAfee Vulnerability Manager 7.5 Installation Guide 27

28 Installing on a Single Server Creating your first vulnerability scan and report Note: Any changes made to the server hosting the McAfee Vulnerability Manager web portal (e.g. system name or domain name) after installation requires a manual change to the shortcut on the desktop. Creating your first vulnerability scan and report Once your McAfee Vulnerability Manager is installed and configured on a single server, you can create a Full Vulnerability scan and view the report. This section describes the steps required to set up your first vulnerability scan, run the scan, then review the results. Suggestions and tips are included to help you understand the workflow for McAfee Vulnerability Manager scans and scan data. More detailed information is available in the McAfee Vulnerability Manager product guide. McAfee Vulnerability Manager scans begin by creating a scan configuration through the web interface. A full vulnerability scan assesses your network for vulnerabilities using all existing non-intrusive vulnerability checks. The vulnerability scan report shows you the comprehensive data collected by the scan that provides an executive overview of the scan results and detailed information for each system scanned. It is recommended for your first scan to use a small set of the IP addresses available on your network. Full vulnerability scans require more time than other McAfee Vulnerability Manager scans due to the amount of data being assessed during the scan. By providing a small set of systems to scan, you can see the benefits of McAfee Vulnerability Manager scanning and reports in a shorter period of time. You can create your own scan configuration or select a pre-configured scan template. In a scan configuration you assign IP addresses or ranges to be scanned, type the credentials for accessing systems during scanning, select which vulnerabilities to scan for, select formats for your reports, and set up a schedule for running the scan. Providing credentials in a scan configuration allows the scan engine credentialed access to the systems being scanned, and returns a more accurate report on which systems are vulnerable and which are not. You can create a credential set which is a list of user credentials that can be used during a scan. A credential set can be used in multiple scan configurations and saves you time when user credentials change. You can update one credential set and have it applied to multiple scan configurations rather than having to update each scan configuration. Building your first vulnerability scan Create a Full Vulnerability scan to find asset vulnerabilities on your network. 1 Log on to the enterprise manager as an organizational administrator. Double-click the McAfee Vulnerability Manager icon on the desktop to open the logon page. Use the organization name, organization administrator name and password you created. For the organization you created during installation, the user name is Administrator. The home page displays key information about the systems scanned within an organization or workgroup. This page is populated with data once you have completed your first scan. 2 Open the new scan window and select a McAfee Vulnerability Manager template. Select Scans New Scan, the Scan Details window appears. Select Use a McAfee Vulnerability Manager template and a list of available McAfee Vulnerability Manager templates appears. Select Full Vulnerability Scan and click Next. The window displays the scan configuration tabs. McAfee Vulnerability Manager 7.5 Installation Guide 28

29 Installing on a Single Server Creating your first vulnerability scan and report 3 Give the scan configuration a name and select your scan targets. Type First Vuln Scan in the Name field. Type the IP address(es) you want to scan by either typing individual host names or IP addresses using the Host Name field, or type an IP range using the Starting IP Address and Ending IP Address fields. Click the plus icon (+) to include the IP addresses and host names to your scan configuration. Click Next and the Settings tab appears. Accept the defaults for your first scan. Click Next. The Reports tab appears. 4 Do not create remediation tickets for your first scan. Deselect Create remediation tickets. Remediation tickets are not covered in this section. More information about remediation tickets is available in the McAfee Vulnerability Manager product guide. Click Next and the Scheduler tab appears. Set Activation to Active and, under Schedule Type, select Immediate is selected under. Click Save and Scan Now. The vulnerability scan starts. To view the status of this scan, select Scans Scan Status. The Scan Status page appears. Depending on how many hosts you set for this scan, the scan could take several minutes to complete. Viewing the vulnerability scan report Once your first vulnerability scan is complete, you can view the results in the web browser. 1 Open the vulnerability report. From the Scan Status page, click the View Report button to display the scan report page. Or select Reports View Scan Reports. Click View Report to open the report in the browser. 2 Review the summary results of the vulnerability scan. The McAfee Vulnerability Manager Summary Report page provides an executive-level overview of the scan results. The FoundScore summary shows the amount of risk based on the FoundScore Risk Rating System. The rating system compares your environment against best practices to calculate your FoundScore value. A high FoundScore value (71-100) means your network is more secure, while a low FoundScore value (0-50) means your network has more security weaknesses. The Vulnerability Report Summary provides charts to represent the total number vulnerabilities and the percentage of vulnerabilities based on severity. Click Detailed Report in the Vulnerability Report Summary section header to view the Detailed Vulnerability Report. 3 Review the vulnerability report of the vulnerability scan. The McAfee Vulnerability Manager Detailed Vulnerability Report page contains more information about the vulnerabilities found on the targets you scanned. The Number of Vulnerabilities by Operating System chart shows how many vulnerabilities were discovered for each operating system on your network. Each bar in the chart has colored segments to show the high, medium, low, and informational levels of the vulnerabilities found for each operating system. This chart provides a quick view of which operating system has the highest total number of vulnerabilities and which operating system has the highest number of high-risk vulnerabilities. You can see which operating systems are the most vulnerable on your network. If the chart is difficult to read, there is a table with the same information just below the chart. The Top 15 Hosts with the Largest Number of Vulnerabilities chart shows which individual targets on your network have the most number of vulnerabilities discovered during the scan. This chart provides a quick view of which target has the highest total number of vulnerabilities and which target has the highest number of high-risk vulnerabilities. This allows you to prioritize which targets need immediate attention. Just below the hosts chart is a table that lists the 15 hosts represented in the chart, with links that take you to the target details page (Vulnerabilities By IP Report). Click on one of your host links in the Top 15 Hosts with Vulnerabilities table. 4 Review the vulnerabilities for a single target. The Vulnerabilities By IP Report is a paged report with vulnerability information found on each target scanned. By using the Top 15 Hosts with Vulnerabilities link, you can go directly to a high-risk target and review the vulnerability information for that target. McAfee Vulnerability Manager 7.5 Installation Guide 29

30 Installing on a Single Server Post-installation activities Each vulnerability information section has a short description, a recommendation on how to resolve the issue, an observation that explains how the vulnerability is used, and a link to the Common Vulnerabilities and Exposures (CVE) website (if a CVE exists for this vulnerability). Congratulations, you have just completed your first vulnerability scan and reviewed the report. What you learned in this quick start guide can be applied to the other McAfee Vulnerability Manager scan templates to help you gather the network information you need and review the results. For more information on scanning and other McAfee Vulnerability Manager functions, review the product guide or web portal help. Post-installation activities After McAfee Vulnerability Manager is installed and generating reports, review the Post Installation Activities (see "Configuring Your Servers" on page 51) to finalize your McAfee Vulnerability Manager configuration. Post installation activities include registering McAfee Vulnerability Manager, setting up McAfee Vulnerability Manager Update, and hardening your servers. McAfee Vulnerability Manager 7.5 Installation Guide 30

31 Installing on Multiple Servers Before you install McAfee Vulnerability Manager Installing on Multiple Servers The following preinstallation planning, system preparation, and McAfee Vulnerability Manager installation procedures are for users installing McAfee Vulnerability Manager components on more than one server. Before you install McAfee Vulnerability Manager Before you install McAfee Vulnerability Manager 7.5, read these instructions to ensure that your systems are prepared. You need to understand the type of architecture you are installing, and the system requirements for each server within that architecture. Note: McAfee Vulnerability Manager does not support installation on a system with an underscore in the host name. McAfee Vulnerability Manager 7.5 components McAfee Vulnerability Manager 7.5 consists of five main components: The enterprise manager uses Microsoft Internet Information Services (IIS) to provide authorized users with access to McAfee Vulnerability Manager 7.5 through their web browsers. It allows them to manage and run McAfee Vulnerability Manager 7.5 from anywhere on the network. Access is protected by user identification and authentication. Secure Socket Layers (SSL) can be set up through the web server to provide encrypted communications to browsers. One or more scan engines scan the network environment. Depending on the logistics and size of your network, you might need more than one scan engine to scan the network. Note: If you change the network settings on the server running the scan engine, the system should be restarted or the scan components must be restarted. The API server provides the communication between the enterprise manager and the database. It is recommended that the API server is installed on one of the scan engines. The scan controller provides the communication between the scan engine and the database. It is recommended that the scan controller is installed on one of the scan engines. The database is the data repository for the McAfee Vulnerability Manager system. It uses Microsoft SQL Server to store everything from scan settings and results to user accounts and scan engine settings. It contains all of the information needed to track organizations and workgroups, manage users and groups, run scans, and generate reports. Each component can be on its own dedicated server, although it is possible to combine the scan engine and database when installing on smaller networks. Each server should contain a fresh installation of the operating system with updated security patches. Do not run any other major applications on these servers. Users log onto the enterprise manager through their web browser to access the system. Note: To ensure scan accuracy and device communication, McAfee recommends specifying a static IP address. McAfee Vulnerability Manager 7.5 Installation Guide 31

32 Additional modules Installing on Multiple Servers System component preparation Four additional modules are available in McAfee Vulnerability Manager 7.5. These modules can be installed with other McAfee Vulnerability Manager components. See System requirements and architectures (on page 9) section for further details. The configuration manager distributes initial certificates to the other McAfee Vulnerability Manager components and manages updates to the various components of McAfee Vulnerability Manager. The notification service provides SNMP and (SMTP) notification messages for integration with third-party helpdesk management systems and servers. The notification service can be installed on any server that meets the system requirements it does not have to be installed on a server running other McAfee Vulnerability Manager components. The report engine generates both scan-based and asset-based reports. The data synchronization service gathers information from McAfee Vulnerability Manager databases, epo databases and LDAP servers. For McAfee Vulnerability Manager databases, it provides scan data and asset information to be imported from another McAfee Vulnerability Manager database. For epo databases, it provides data to McAfee Vulnerability Manager for host and OS identification. For LDAP servers, it provides assets that can be added to scan configurations. System component preparation Before installing McAfee Vulnerability Manager 7.5, prepare the servers that host the enterprise manager, database, API server, scan controller, and scan engine(s). These servers must contain the proper supporting software and service packs. The installation program verifies that these requirements have been met before installing McAfee Vulnerability Manager 7.5. Refer to the system requirements (see "System Requirements and Architectures" on page 9) before proceeding. Note: Before beginning the installation process, ensure that all systems on which McAfee Vulnerability Manager is installed have valid computer names. This includes ensuring that invalid characters are not used as part of the computer name, such as underscores (current operating systems no longer allow the underscore to be used as part of the computer name). Valid characters for the computer name are upper and lowercase alphabetic characters, numeric characters, and the dash. Preparing the database server McAfee Vulnerability Manager 7.5 uses Microsoft SQL Server as its database. Install the Microsoft SQL Server database as directed by the SQL Server documentation. For information about installing Microsoft SQL Server Express 2005 or 2008, see the Appendix in this guide. Before installing the SQL Server, make sure your systems meet the minimum system requirements (see "System Requirements and Architectures" on page 9). Microsoft SQL server 2005 installation settings The following table shows the page names and recommended settings for each step of the installation. These settings are based on a typical Microsoft SQL Server 2005 installation. If you are upgrading from Microsoft SQL Server 2000 to Microsoft SQL Server 2005, go to Upgrading Microsoft SQL Server 2000 (page 67). McAfee Vulnerability Manager 7.5 Installation Guide 32

33 Installing on Multiple Servers System component preparation Note: During installation, the database name is not automatically added to the database field on the Database Administrator page. You must type in the database name or the instance name. SQL server installation suggested settings Use the following settings to configure your SQL Server. Installation Page Components to Install Instance Name Setting Select SQL Server Database Services and the Workstation components, Books Online and development tools. Select Default instance. Note: It is possible to give the instance a name. You must type this instance name when installing other McAfee Vulnerability Manager components. See Changing the SQL Instance Name (page 46). Service Account Select Use the built-in System account, then select Local system from the list. Select SQL Server under Start services at the end of setup. Authentication Mode Select Mixed mode. This mode is required to create or upgrade the database. See Changing the Database Authentication Settings (on page 77) for information on how to change this setting later. Create a password for the SA account. The maximum password length is 128 characters. Important: Remember this password. You need it when you install the McAfee Vulnerability Manager Configuration Manager, scan controller, API server, notification service, data synchronization service, and report engine. Collation Settings Error and Usage Report Settings Accept the defaults. Accept the defaults (none selected). After the installation finishes, McAfee recommends that you restart the computer to begin using SQL Server. Then, make sure you have the latest SQL server service pack. Changing the Microsoft SQL memory settings Change the memory settings for Microsoft SQL Server to optimize performance for McAfee Vulnerability Manager. McAfee Vulnerability Manager 7.5 Installation Guide 33

34 Installing on Multiple Servers System component preparation 1 Select Start Programs Microsoft SQL Server SQL Server Management Studio. 2 Log on to SQL Server Management Studio. 3 Right-click the server and select Properties. 4 Select Memory. 5 Change the Maximum Server Memory to two-thirds the maximum server memory. 6 Click OK. Microsoft SQL server 2008 and 2008 R2 installation features The following lists show the recommended and minimum Microsoft SQL Server 2008 and 2008 R2 features for using McAfee Vulnerability Manager. Note: If you are upgrading from Microsoft SQL Server 2000 to Microsoft SQL Server 2008, go to Upgrading Microsoft SQL Server 2000 (page 67). SQL server installation (recommended) Database Engine Services, including all sub-features Client Tools Connectivity Client Tools Backward Compatibility SQL Server Books Online Management Tools (complete) SQL server installation (minimum) Database Engine Services Client Tools Connectivity Client Tools Backward Compatibility After the installation finishes, McAfee recommends that you restart the computer to begin using SQL Server. Then, make sure you have the latest SQL server service pack. Preparing the scan engine server Before you install McAfee Vulnerability Manager 7.5, make sure that the server on which you want to install the scan engine is properly prepared by doing the following: Make sure your systems meet the minimal system requirements. For more information, see System Requirements (see "System Requirements and Architectures" on page 9). If MDAC 2.8 is not installed on the scan engine, download and install the latest MDAC from the Microsoft website. McAfee Vulnerability Manager 7.5 does not install without this required component. Note: The installation program checks for the Microsoft Windows Script 5.7 and installs it if necessary. This program can be updated by the Windows Update Program through the Internet Explorer web browser. McAfee Vulnerability Manager 7.5 Installation Guide 34

35 Installing on Multiple Servers McAfee Vulnerability Manager 7.5 installation Preparing the web server McAfee Vulnerability Manager uses Microsoft Internet Information Services Web Server (IIS) to host the enterprise manager and make it available throughout the network. Windows 2003 On Windows Server 2003, IIS version 6.0 is installed by default. Windows 2008 R2 On Windows Server 2008 R2, IIS version 7.5 is not installed by default. 1 Open the Server Manager. If this does not open when you start Windows 2008 R2, select Start Administrative Tools Server Manager. 2 In the console tree (left pane), select Roles. 3 Select Add Roles. 4 Select Server Roles from the left pane. 5 Select Web Server (IIS) to install. 6 Select Role Services from the left pane. 7 Select CGI under Application Development. 8 Click Next, then click Install. 9 Once the installation is complete, click Close. McAfee Vulnerability Manager 7.5 installation The McAfee Vulnerability Manager installation contains a list of suggested architectural configurations. The suggested configurations have a predefined list of McAfee Vulnerability Manager components to install on a server. For more details about suggested architectural configurations and the McAfee Vulnerability Manager components installed on each server, review System Requirements and Architectures (on page 9). The McAfee Vulnerability Manager installation also contains a custom configuration setting so you can select which McAfee Vulnerability Manager components to install onto a server. Customizing your McAfee Vulnerability Manager installation can help if you have a large network, run a large number of scans, or generate a high volume of reports. Note: If you are hiding your Microsoft SQL server, see "Hiding an instance in Microsoft SQL Server" (page 45) for more installation information. Caution: The data synchronization service should only be installed on networks that use McAfee epolicy Orchestrator, LDAP, or multiple McAfee Vulnerability Manager databases. Installing using a recommended installation type McAfee Vulnerability Manager provides some recommended installation types when installing on more than one server. Tip: Before installing, close all other applications on the server. McAfee Vulnerability Manager 7.5 Installation Guide 35

36 Installing on Multiple Servers McAfee Vulnerability Manager 7.5 installation Note: When installing McAfee Vulnerability Manager on a server running Microsoft Windows 2008 R2, you must log on as the root administrator for the server or the Admin Approval Mode (see "Disabling Admin Approval Mode (Windows 2008 R2)" on page 101) must be disabled. 1 Run the McAfee Vulnerability Manager installation program. The McAfee Vulnerability Manager - Welcome screen appears. 2 Click Next. The end user license agreement appears. 3 Read the agreement, select Accept, then click Next. The Select Installation Type page appears. 4 Select Advanced, then click Next. The Select Installation Type page appears. 5 Select an Architecture type, then select the System you are installing onto the server. See Deployment Architectures (page 21) for suggestions on how to set up your servers. 6 Click Next. The System Checks page appears. 7 The installation program runs a system check to ensure that all critical and non-critical dependencies are met. If any of the dependency checks fails, you must resolve the issue before you can install McAfee Vulnerability Manager. To resolve a dependency check, you must exit the installation program, fix the issue, then rerun the installation program. 8 Click Next. The Architecture and System you selected to install determines what information you must create or provide. See Information needed during installation (page 36) table for the information you need. Type McAfee Vulnerability Manager information and click Next until the Installation Settings page appears. 9 Review the installation settings and make sure all settings are correct. To change a setting, double-click the setting. When you are finished modifying the setting, click Next to return to the Installation Settings screen. See Installation Setting Descriptions (on page 43) for more details about each setting. 10 Click Install. The McAfee Vulnerability Manager components are installed. 11 When the installation process is complete, click Finish. A message states that a system restart is required. 12 Click OK to restart the system. Note: When installing McAfee Vulnerability Manager on Microsoft Windows 2008 R2, a FS user account is created and appears on the logon screen. The FS account is reserved for the McAfee Vulnerability Manager scan engine and should not be used or modified. McAfee Vulnerability Manager sends updates to some components after the installation process is complete, like sending content updates to the scan engines. In most cases, these updates finish shortly after the installation is complete. If there are a large number of scan engines or there is low bandwidth communication to the scan engines, this update process could take longer. If McAfee Vulnerability Manager is not functioning properly right after an installation, the update process might not be complete. Tip: Any changes made to the server hosting the McAfee Vulnerability Manager web portal (e.g. system name or domain name) after installation requires a manual change to the shortcut on the desktop. Information needed during installation The following table shows the information you need to complete the installation process (based upon the suggested configuration selected). McAfee Vulnerability Manager 7.5 Installation Guide 36

37 Installing on Multiple Servers McAfee Vulnerability Manager 7.5 installation Information needed during installation: Configuration Dual server - Web portal Information needed Configuration manager IP address/host name and port number API server IP address/host name and port number Database IP address/host name Faultline database password You must decide: To enable or disable the ability of an organization administrator to switch to the Global Administrator user interface Note: This is not recommended when there are multiple organization administrators. Global Administrator settings affect all organizations, which could lead to negative results if too many users have access to the Global Administrator interface. Dual server - Scan engine/ Database Windows authentication to the SQL database, or database administrator user name and password Location of the enterprise manager (IP address, NetBIOS, or DNS-resolvable name) One-time synchronization with external remediation management system. Send notifications via SNMP, , or both methods Creating a new database or upgrading an existing database Whether or not to force protocol encryption You must create: Three server - Web portal Faultline database password Global Administrator password (by default, the organization is fsglobal and the user name is globaladmin) Your first McAfee Vulnerability Manager organization: create an organization name and create a password for the organization administrator Configuration manager IP address/host name and port number API server IP address/host name and port number Report server IP address/host name and port number You must decide: To enable or disable the ability of an organization administrator to switch to the Global Administrator user interface Note: This is not recommended when there are multiple organization administrators. Global Administrator settings affect all organizations, which could lead to negative results if too many users have access to the Global Administrator interface. McAfee Vulnerability Manager 7.5 Installation Guide 37

38 Installing on Multiple Servers McAfee Vulnerability Manager 7.5 installation Three server - Scan engine Three server - Database Configuration manager IP address/host name and port number Location of the enterprise manager (IP address, NetBIOS, or DNS-resolvable name) One-time synchronization with external remediation management system. Send notifications via SNMP, , or both methods Database IP address/host name Faultline database password Windows authentication to the SQL database, or database administrator user name and password Location of the enterprise manager (IP address, NetBIOS, or DNS-resolvable name) Report server IP address/host name and port number Creating a new database or upgrading an existing database Whether or not to force protocol encryption You must create: Faultline database password Global Administrator password (by default, the organization is fsglobal and the user name is globaladmin) Your first McAfee Vulnerability Manager organization: create an organization name and create a password for the organization administrator Adding an extra scan engine Add extra scan engines to your network to fit your organization's needs. Extra scan engines are part of the suggested Distributed Server architecture. You can install the scan engine and scan controller on a system running Microsoft Windows Server 2003, but there are limitations. See Microsoft Windows Server 2003 support (page 16). During installation, after accepting the end user license agreement, you have to option to install the scan controller and scan engine. All other McAfee Vulnerability Manager components must be installed on a system running Microsoft Windows Server 2008 R2. McAfee Vulnerability Manager 7.5 Installation Guide 38

39 Installing on Multiple Servers McAfee Vulnerability Manager 7.5 installation 1 Run the McAfee Vulnerability Manager installation program. The McAfee Vulnerability Manager - Welcome screen appears. 2 Click Next. The End User License Agreement page appears. 3 Select I accept the terms of this license agreement. Click Next. The Select Installation Type page appears. 4 Select Advanced. Click Next. 5 Under Architecture, select Custom. Click Next. 6 Select Scan Engine. Make sure all other McAfee Vulnerability Manager components are deselected. Click Next. 7 Review the system checks and make sure all dependencies have passed. If any dependencies have failed, exit the installation, correct the dependency, then restart the installation process. Click Next. 8 Type the IP address of the server hosting the configuration manager. If you want to change the port number for configuration manager, type the port number in the port field. Click Next. 9 Review the installation settings and make sure all settings are correct. To change a setting, double-click the setting. When you are finished modifying the setting, click Next to return to the Installation Settings screen. See Installation Setting Descriptions (on page 43) for more details about each setting. Click Next. 10 When the installation process is complete, click Finish. Installing using the custom installation type Customize your installation by installing individual components on a server. 1 Run the McAfee Vulnerability Manager installation program. The McAfee Vulnerability Manager - Welcome screen appears. 2 Click Next. The end user license agreement appears. 3 Select Accept, then click Next. The Select Installation Type page appears. 4 Select Advanced, then click Next. The Select Environment page is displayed. 5 Select Custom/Upgrade for the Architecture type. For descriptions about each McAfee Vulnerability Manager component, see Select Components (see "Select components for custom installation" on page 40). 6 Click Next. The System Checks page appears. 7 The installation program runs a system check to ensure that all dependencies (critical and noncritical) are met. If any of the dependency checks fails, you must resolve the issue before you can install McAfee Vulnerability Manager. To resolve a dependency check, you must exit the installation program, fix the issue, then rerun the installation program. 8 Click Next. The Architecture and System you selected to install determines what information you must create or provide. See the Component information needed (page 41) table when installing individual components. Type McAfee Vulnerability Manager information and click Next until the Installation Settings page appears. 9 Review the installation settings and make sure all settings are correct. To change a setting, double-click the setting. When you are finished modifying the setting, click Next to return to the Installation Settings screen. See Installation Setting Descriptions (on page 43) for more details about each setting. McAfee Vulnerability Manager 7.5 Installation Guide 39

40 10 Click Install. The McAfee Vulnerability Manager components are installed. Installing on Multiple Servers McAfee Vulnerability Manager 7.5 installation 11 When the installation process is complete, click Finish. A message states that a system restart is required. 12 Click OK to restart the system. McAfee Vulnerability Manager sends updates to some components after the installation process is complete, like sending content updates to the scan engines. In most cases, these updates finish shortly after the installation is complete. If there are a large number of scan engines or there is low bandwidth communication to the scan engines, this update process could take longer. If McAfee Vulnerability Manager is not functioning properly right after an installation, the update process might not be complete. Note: If your organization generates a high volume of reports, it is recommended that you install your report engine and your database onto separate servers. See Running a large number of reports (see "Performance issues when running a large number of reports" on page 77). Select components for custom installation This dialog box lets you select McAfee Vulnerability Manager component(s) to install on the current server. Figure 6: Select Components Enterprise manager components Component Database Description Stores information including organization settings, user account information, scan configurations, and scan results. McAfee Vulnerability Manager 7.5 Installation Guide 40

41 Installing on Multiple Servers McAfee Vulnerability Manager 7.5 installation Enterprise manager Provides web-interface to control scans, view reports, and manage McAfee Vulnerability Manager through your intranet. Note: IIS must be installed and World Wide Web Publishing Service must be running on the server for the enterprise manager component to be available. Notification service Configuration manager Report engine Data synchronization service API server Scan controller Scan engine Adds Simple Network Management Protocol (SNMP) integration for remediation tickets and provides support. Provides a centralized, uniform way to patch, update, configure, monitor, and otherwise manage an entire McAfee Vulnerability Manager deployment. Generates both scan-based reports and assetbased reports. Gathers information from McAfee epolicy Orchestrator, LDAP, or other McAfee Vulnerability Manager databases and provides it to McAfee Vulnerability Manager for host and OS identification. Provides the communication between the enterprise manager and the database. Provides the communication between the scan engine and the database. The scan engine scans the network. Component information needed for custom installation While McAfee Vulnerability Manager provides predefined configurations to meet most needs, some organizations require some custom configurations. McAfee Vulnerability Manager allows you to select which components to install. The following table lists the information needed when installing each component by itself. Information needed when installing components Component Scan Engine Scan Controller Information needed Configuration Manager IP address/host name and port number Configuration Manager IP address/host name and port number Database IP address/host name Faultline database password McAfee Vulnerability Manager 7.5 Installation Guide 41

42 Installing on Multiple Servers McAfee Vulnerability Manager 7.5 installation Database Windows authentication to the SQL database, or database administrator user name and password Configuration Manager IP address/host name and port number Creating a new database or upgrading an existing database Whether or not to force protocol encryption You must create: Enterprise Manager Faultline database password Global Administrator password Your first McAfee Vulnerability Manager organization: create an organization name and create a password for the organization administrator Configuration Manager IP address/host name and port number API Server IP address/host name and port number Report Engine IP address/host name and port number You must decide: To enable or disable the ability of an organization administrator to switch to the Global Administrator user interface Note: This is not recommended when there are multiple organization administrators. Global Administrator settings affect all organizations, which could lead to negative results if too many users have access to the Global Administrator interface. Notification Service Configuration Manager Report Engine Data synchronization API server Configuration Manager IP address/host name and port number Database IP address/host name Faultline database password Database IP address/host name Faultline database password Configuration Manager IP address/host name and port number Database IP address/host name Faultline database password Location of the enterprise manager (IP address, NetBIOS, or DNS-resolvable name) Configuration Manager IP address/host name and port number Database IP address/host name Faultline database password Configuration Manager IP address/host name and port number Database IP address/host name Faultline database password Location of the enterprise manager (IP address, NetBIOS, or DNS-resolvable name) McAfee Vulnerability Manager 7.5 Installation Guide 42

43 Installing on Multiple Servers McAfee Vulnerability Manager 7.5 installation Installation setting descriptions Before McAfee Vulnerability Manager starts installing components onto the server, the installer allows you to review McAfee Vulnerability Manager installation settings and make any changes necessary. The table below lists the installation settings and provides a brief description of what the setting does. Installation setting descriptions Option Enterprise Manager API Server API Server Port Allow Global/Org Admin Switching Report Server Report Server Port Scan Controller Port Description The IP address, NetBIOS name, or DNS name for the enterprise manager. The IP address, NetBIOS name, or DNS name for the API server. The port number used to communicate with the API server. The default port number is Allow Root Organization Administrators to switch to the Global Administrator user interface in the enterprise manager. The IP address, NetBIOS name, or DNS name for the report engine. The port number used to communicate with the report engine. The default port number is The port number used to communicate with the scan controller. The default port number is Engine Scan Controller Synchronize "Assigned to a User" remediation tickets Synchronize "Unassigned" remediation tickets Method of Notification Allow the configuration manager to automatically assign a scan engine to a scan controller. This is enabled by default. A one-time synchronization between the McAfee Vulnerability Manager Remediation system and your external change management system for tickets in the "Assigned to a User" state. A one-time synchronization between the McAfee Vulnerability Manager Remediation system and your external change management system for tickets in the "Unassigned" state. The choices are SNMP, , or Both. Requires proper configuration of the SNMP and/or Notifications. The Global Administrator must log on to the enterprise manager and select Manage Notifications. McAfee Vulnerability Manager 7.5 Installation Guide 43

44 Installing on Multiple Servers McAfee Vulnerability Manager 7.5 installation Database Server The host name of your database server. Note: If you changed the Instance Name when installing SQL Server, you must add the Instance Name for McAfee Vulnerability Manager to function properly. See Changing the SQL Instance Name (page 46). Faultline Password Database Installation Type Force protocol encryption on DB server Use DNS name to identify assets The password to the Faultline database. The password is encrypted. The maximum password length is 128 characters. Select to install a new McAfee Vulnerability Manager database or upgrade an existing McAfee Vulnerability Manager database. Select this checkbox only to accept encrypted traffic to the database. If you are installing a new, fresh database and are only using the database for McAfee Vulnerability Manager 7.5, McAfee recommends turning this on to protect the data between the scan controller and the database. Select this checkbox to have McAfee Vulnerability Manager use the DNS name to help identify your assets. DNS names generally do not change, so they can be used as unique identifiers for your assets. If DNS names change in your environment, do not select this option. Create New Organization Name New Organization Administrator Password Set Global Admin Password Program Location Reports Location Configuration Manager Server Configuration Manager Port The name of the organization to be created when McAfee Vulnerability Manager is installed. The password of the Root Organization Administrator to be created when McAfee Vulnerability Manager is installed. The password of the Global Administrator to be created when McAfee Vulnerability Manager is installed. The installation path for the McAfee Vulnerability Manager product. The folder location where your reports are saved. The IP address, NetBIOS name, or DNS name for the configuration manager. The port number used to communicate with your configuration manager server. The default port number is McAfee Vulnerability Manager 7.5 Installation Guide 44

45 Installing on Multiple Servers McAfee Vulnerability Manager 7.5 installation Login information The Global Administrator and the Organization Administrator (for the organization you created when installing the product) have some predefined login information. Global Administrator: Organization name: fsglobal User name: globaladmin Organization Administrator (for the organization you created during installation): User name: Administrator Hiding a Microsoft SQL Server 2005 instance If you are required to remove the TCP information regarding database instances in Microsoft SQL Server 2005, use the following steps before you install McAfee Vulnerability Manager. Note: This solution changes the TCP listening port of Microsoft SQL server to Applications that require SQL connections and/or access control lists might need to be reconfigured. 1 Select Start All Programs Microsoft SQL Server 2005 Configuration Tools SQL Server Configuration Manager. 2 Select an Instance to hide. 3 Select TCP/IP under Enabled Protocols. 4 Select Properties. The TCP/IP properties dialog box is displayed. 5 Select Hide Server. 6 Click OK. The TCP/IP properties dialog box closes. 7 Click OK. The Server Network Utility closes. 8 Restart the system. 9 Run McAfee Vulnerability Manager setup. 10 When prompted for the database server name, use the format server, If you are upgrading McAfee Vulnerability Manager, on the Installation Settings step, double-click the Database Server. Figure 7: Installation settings McAfee Vulnerability Manager 7.5 Installation Guide 45

46 Installing on Multiple Servers McAfee Vulnerability Manager 7.5 installation Hiding a Microsoft SQL Server 2008 instance If you are required to remove the TCP information regarding database instances in Microsoft SQL Server 2008, use the following steps before you install McAfee Vulnerability Manager. Note: This solution changes the TCP listening port of Microsoft SQL server to Applications that require SQL connections and/or access control lists might need to be reconfigured. 1 Select Start All Programs Microsoft SQL Server 2008 Configuration Tools SQL Server Configuration Manager. 2 Select SQL Server Network Configuration. 3 Right-click an instance and select Properties. 4 Select Hide. 5 Select Yes from the drop-down list. 6 Click OK. A message states that the service must be stopped and restarted. 7 Click OK. 8 Restart the system. 9 Run McAfee Vulnerability Manager setup. 10 When prompted for the database server name, use the format server, If you are upgrading McAfee Vulnerability Manager, on the Installation Settings step, double-click the Database Server. Figure 8: Installation settings Changing the SQL instance name If you change the instance name when installing SQL Server, there are some extra configuration steps you must do to ensure that McAfee Vulnerability Manager functions properly. Note: If you installed SQL Server and accepted the Default Instance Name, you do not have to do these steps. McAfee Vulnerability Manager 7.5 Installation Guide 46

47 McAfee Vulnerability Manager components Installing on Multiple Servers McAfee Vulnerability Manager 7.5 installation When installing McAfee Vulnerability Manager components that communicate with the database, you must modify the Database server setting during the installation process of the McAfee Vulnerability Manager component. On the Installation Settings step, modify the database server settings. Figure 9: Selecting the database 1 Double-click Database Server. 2 Click Modify. 3 Type the host name or IP address, type a backslash and type the instance name For example: ORCHID\Accounting or xxx.xxx.xxx.xxx\accounting To add a port number, type a comma and the port number. For example: ORCHID\Accounting,1533 or xxx.xxx.xxx.xxx\accounting,1533 Note: Although <Server Name>,<port> is a valid SQL Server reference when using a named instance, this is not a valid reference for McAfee Vulnerability Manager. The instance name must be included for McAfee Vulnerability Manager to function properly. Figure 10: Modifying the database connection information McAfee Vulnerability Manager 7.5 Installation Guide 47

48 Installing on Multiple Servers McAfee Vulnerability Manager 7.5 installation 4 Type and confirm a user password 5 Click Next 6 Finish the installation process Configuration manager The configuration manager might not accurately report the state of the SQL Server, or might fail to control (start, stop) the service correctly. See McAfee KnowledgeBase article KB for information on resolving this problem. McAfee Vulnerability Manager 7.5 Installation Guide 48

49 Uninstalling McAfee Vulnerability Manager Uninstalling a previous version of McAfee Vulnerability Manager Uninstalling McAfee Vulnerability Manager Whether you are uninstalling McAfee Vulnerability Manager 7.5 or a previous version, these steps show how to ensure that the product is removed. This is particularly useful when you want to run a "clean" installation, ensuring that settings from previous versions do not interfere. Note: The migration process retains any modifications you have made to the php.ini or config.ini settings on the enterprise manager, even though it creates a backup copy. See "Merging the config.ini and php.ini files" (see "Merging the config.ini and php.ini files" on page 74) for more information. Uninstalling a previous version of McAfee Vulnerability Manager You do not need to uninstall a previous version before installing McAfee Vulnerability Manager On each server running a McAfee Vulnerability Manager component, go to the Windows Control Panel and open Add/Remove Programs. 2 Select the version of McAfee Vulnerability Manager you want to remove and click Remove. 3 If any files are in use while being uninstalled, the program opens the Services window so you can stop any product services still running, then the uninstall completes. Caution: Do not delete the registry settings on any scan engine without having a good backup of the McAfee Vulnerability Manager registry settings. Doing so can cause database objects to become orphaned because the registry contains a unique identifier that ties the scan engine to the data. If you must delete the registry settings for any reason, contact customer support for help on restoring the database to the proper scan engine. McAfee Vulnerability Manager 7.5 depends upon the following registry keys from previous versions. For Windows 2003: HKEY_CURRENT_USER\SOFTWARE\Foundstone HKEY_LOCAL_MACHINE\SOFTWARE\Foundstone For Windows 2008 R2: HKEY_CURRENT_USER\SOFTWARE\Foundstone HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone McAfee Vulnerability Manager 7.5 Installation Guide 49

50 Uninstalling McAfee Vulnerability Manager Do NOT remove registry keys Do NOT remove registry keys Caution: Do not delete the registry settings on any scan engine without backing up the settings. Deleting McAfee Vulnerability Manager registry settings cause database objects to become orphaned because the registry contains a unique identifier that link the scan engine to the data. If you must delete the registry settings for any reason, contact customer support for help on restoring the database to the proper scan engine. McAfee Vulnerability Manager 7.5 looks for the following registry keys from previous versions. For Windows 2003: HKEY_CURRENT_USER\SOFTWARE\Foundstone HKEY_LOCAL_MACHINE\SOFTWARE\Foundstone For Windows 2008 R2: HKEY_CURRENT_USER\SOFTWARE\Foundstone HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone McAfee Vulnerability Manager 7.5 Installation Guide 50

51 Configuring Your Servers McAfee Vulnerability Manager Update Configuring Your Servers After McAfee Vulnerability Manager is installed, configure your servers to prepare them for use. McAfee Vulnerability Manager Update McAfee Vulnerability Manager Update lets you manually or automatically update McAfee Vulnerability Manager 7.5 with new program updates and vulnerability checks from McAfee. Update runs on the scan controller server. Running unattended, it automatically checks the McAfee update server for new information, downloads it, and updates the database. Note: If you are running more than one scan controller, only one needs to run McAfee Vulnerability Manager Update. The other scan controllers automatically detect updates in the database and retrieves the appropriate information. The latest information can include the following: FSL scripts, templates and vulnerability checks Threat Intelligence updates Operating System fingerprints and identifiers McAfee Vulnerability Manager 7.5 program updates Language Pack updates McAfee standard SCAP updates Before you begin If the scan controller is running on a different server than the database, you must install SQL Client Tools on the server to allow McAfee Vulnerability Manager Update to pass the information to the database. Procedures McAfee Vulnerability Manager Update lets you do the following tasks: Set up automatic updates Manually check for updates Type your McAfee Vulnerability Manager user name and password McAfee Vulnerability Manager 7.5 Installation Guide 51

52 Configuring Your Servers McAfee Vulnerability Manager Update Set up a proxy server (see "Adding proxy information for connecting to the update server" on page 54) Figure 11: McAfee Vulnerability Manager Update program - showing options McAfee Vulnerability Manager update settings Option Check for Updates License Usage Licensed For Options Username Password Description Click to connect to the update server and search for the latest updates. If an update is found, it automatically downloads and installs itself. Shows the number of live IP addresses you have scanned. Shows the number of IP addresses you are allowed to scan, according to your license. Click to open the update program options. Type the user name that McAfee sent you. This is the user name you used to access the McAfee download files. Type the password associated with the McAfee user name. McAfee Vulnerability Manager 7.5 Installation Guide 52

53 Configuring Your Servers McAfee Vulnerability Manager Update Option Proxy server requires authentication Username (proxy) Password (proxy) Use secure connection Digital Security Mode Description If you use a proxy server to access the update server, select this checkbox. Otherwise leave this box unchecked. If you use a proxy server to access the update server, type the user name for the proxy server. Type the password for the proxy server. Select this option to connect to the update server over a secure connection. Select an option for validating the update content files. Automatic McAfee Vulnerability Manager checks that the downloaded update package has been signed with the appropriate certificate. If the certificate is valid, the update is executed. Interactive You are prompted to validate the publisher and select to Run or Don't Run the update package. Disabled McAfee Vulnerability Manager doesn't validate that the update package has the appropriate certificate. Selecting this option displays a warning message that this option is not recommended. Selected item will be checked for updates every x day(s) x hour(s) Type the number of days and hours to wait before the next update check. Setting up McAfee Vulnerability Manager Update McAfee Vulnerability Manager Update uses secure HTTPS communication (TCP port 443) to download new updates from McAfee. The first time you run it, you are prompted to type your user name and password to connect to the McAfee Vulnerability Manager update server. (This is the user name provided by McAfee.) Once you have typed the user name and password, select the items you want to download. You can specify the amount of time that should pass before McAfee Vulnerability Manager Update checks again. Once this is set, the update program automatically checks for downloads according to the specified time. You must leave the update program running to allow automatic updates. The first time you run the update program, you need to type your user name and password to connect to the McAfee Vulnerability Manager update server. Once you've typed this information, the update program uses it to automatically check for updates. McAfee Vulnerability Manager 7.5 Installation Guide 53

54 Configuring Your Servers McAfee Vulnerability Manager Update 1 On the scan controller, select Start All Programs Foundstone Update McAfee Vulnerability Manager. 2 Click Options. 3 Type the user name and password you received from McAfee. 4 Click Check for Updates. 5 Watch the status area for update information. If the status window shows that the update failed, make sure that you have properly entered your user name and password. McAfee requires the proper authentication to the update server before you can download any updates. 6 To automatically check for updates, select the checkbox each package to update. 7 Type the number of hours to wait between update checks. 8 Leave the McAfee Vulnerability Manager Update program running. If you decide to exit, the program warns you that it must continue running if you want to automatically check for McAfee updates. 9 Select Proxy server requires authentication if updates are accessed using a proxy server. 10 Type the user name and password required to authenticate to your proxy server. Adding proxy information for connecting to the update server McAfee Vulnerability Manager Update reads the settings from Microsoft Internet Explorer to obtain the proxy web address and port to be used. 1 Open Microsoft Internet Explorer. 2 Select Tools Options. 3 Click the Connections tab. 4 Click LAN Settings. 5 In the Local Area Network (LAN) Settings dialog box, select Use a proxy server for your LAN... 6 Type the address and port settings. 7 Click OK. Running McAfee Vulnerability Manager Update as a service You can run McAfee Vulnerability Manager Update as a native Win32 service. The default installation of the scan controller configures the McAfee Vulnerability Manager Update service parameters but does not enable it to run automatically. Note: If you have previously enabled FSUpdate to run via the Start menu Startup folder, remove it from the folder to prevent running more than one copy of FSUpdate. 1 Select Start Administrative Tools Services. 2 Double-click Foundstone Update Service Proxy. 3 Under Service Status, click Start. If the service is disabled, change the Startup type to Manual, then click Apply. 4 To automatically start the update service, change the Startup type to Automatic, then click Apply. 5 To see the update user interface when it is running, click the Log On tab. 6 Select Local System Account and select Allow service to interact with desktop. 7 Click OK. McAfee Vulnerability Manager 7.5 Installation Guide 54

55 Configuring Your Servers McAfee Vulnerability Manager Update Troubleshooting the McAfee Vulnerability Manager Update service Certain settings or circumstances can prevent the McAfee Vulnerability Manager Update service from running properly. When you install McAfee Vulnerability Manager, the FSUpdate service is configured automatically. If the settings have been altered manually or the service was not installed by the product installer, you can reinstall any scan controller to reinstall the McAfee Vulnerability Manager Update service. Verifying that the correct service is being started Use the following task to make sure that the correct service is being started. 1 If the service is currently running, stop it from the services control panel. To do this, select Start Settings Control Panel, double-click Administrative Tools, then double-click Services. (You can also right-click My Computer and select Manage from the shortcut menu.) Locate Foundstone Update Service proxy and click Stop. 2 Locate the FSUpdateService.exe file and launch it. A small window appears at the bottom right of the screen. 3 Ensure that the edit field labeled Command line to start the application is pointing to the correct location of the FSUpdate.exe program. 4 Ensure that the parameter to this path is "-service" (for example, C:\Program Files\Foundstone\FSupdate.exe -service). 5 Click Apply (if needed) and close the application. Reinstalling the FSUpdate Service Use the following task to reinstall the update service. 1 On the scan controller server, locate the FSUpdateService.exe program (usually c:\program Files\Foundstone). 2 Open a command prompt window; select Start Run and type cmd. 3 Navigate to the directory containing the FSUpdateService.exe program and type: FSUpdateService -install. The file is stored in the installation directory (usually c:\program files\foundstone). This procedure does not show anything on the computer screen. Once you run it, the program silently reinstalls the service. Note: If the FSUpdateService install process shows an error that the service is already installed, disregard the error. Verifying that the local account is running the service Ensure that the Foundstone Update Service proxy Log on as checkbox is set to Local System account. 1 Select Start Run. 2 Type services.msc, then click OK. 3 Double-click Foundstone Update Service Proxy and click the Log On tab. 4 Make sure that the Local system account is selected. 5 Make sure that Allow service to interact with desktop is selected. 6 Click OK. Note: The FSUpdate icon might not always appear in the system tray area, but the process can still be running. McAfee Vulnerability Manager 7.5 Installation Guide 55

56 Configuring Your Servers Register McAfee Vulnerability Manager 7.5 Register McAfee Vulnerability Manager 7.5 McAfee Vulnerability Manager 7.5 comes with a trial license so you can try the full product for 60 days within your enterprise (unlimited IP range). After the trial period, you must register McAfee Vulnerability Manager 7.5 to continue using it. Note: You must send the registration request from the computer that runs the API server. Sending a registration request to McAfee Before you can activate McAfee Vulnerability Manager, you must send a registration request to McAfee. Your activation information is sent to you in an . 1 Select Start All Programs Foundstone Register McAfee Vulnerability Manager. 2 In the registration program, select a network card to bind to the registration. The network cards are listed in a drop-down box at the bottom of the McAfee Registration Key group. Figure 12: McAfee Vulnerability Manager Registration 3 Click Generate to create a unique registration key. The key appears in the text box. If a key already exists in the textbox, click Clear to remove it before clicking Generate. 4 Click Website to open a browser and connect to the Foundstone Registration Website. 5 Type your registration information and click Submit Registration. Organization - Type your organization or company name. Grant Number - Type your grant number. Contact Person - Type your own name, or the name of the person responsible for contacting McAfee regarding the product. Telephone - Type the contact s phone number. McAfee Vulnerability Manager 7.5 Installation Guide 56

57 Configuring Your Servers Enable notifications Your - Type the contact s address. Salesperson - Type the name of the McAfee Vulnerability Manager Sales Representative that you normally work with. Computer Name - Type the NetBIOS name of the computer running the product. Product Type - Select Foundstone Enterprise Evaluation if you are evaluating McAfee Vulnerability Manager 7.5. Select Foundstone Enterprise License if you have purchased McAfee Vulnerability Manager 7.5. Request Hash - Do not change this information. It is the key that was generated on your computer. Address Pool - Type the IP addresses you are allowed to scan. Your license is bound to these ranges. Notes - Type any notes that you need to send with your request. Activate McAfee Vulnerability Manager 7.5 Before you can use McAfee Vulnerability Manager, you must activate the product with your activation key, which you received via . 1 Select Start All Programs McAfee Vulnerability Manager Register FoundScan. 2 Type the activation key (unlock code) you received. 3 Click Register Now to complete the registration process. If you have any questions or problems with this process, contact McAfee Technical Support. Enable notifications The McAfee Vulnerability Manager Notification Service adds SNMP and integration for ticketing and scan related events, as well as system status, such as FCM updates available. Tickets are used to manage and track vulnerabilities in systems within your corporate network. The ticketing system is available through the enterprise manager and is integrated with other functions of the system, for example, asset management. Enabling SNMP notifications Use the SNMP Settings section of the Notification Settings page to specify the SNMP manager and agent. Figure 13: Notification settings SNMP settings McAfee Vulnerability Manager 7.5 Installation Guide 57

58 1 Log on to the enterprise manager as a Global Administrator. 2 Select Manage Notifications. 3 Select Enable SNMP Notifications to enable SNMP notifications. Configuring Your Servers Enable notifications 4 Complete the remaining information, specifying the SNMP version, and incoming and outgoing SNMP settings. SNMP general settings Option SNMP Version Community String Throttle Description Select 1 or 2c from the SNMP version list. Type the SNMP community string. Select the maximum number of messages per second from the Throttle list. Incoming SNMP settings Option Address Port Senders List Description Type the listening IP address, fully qualified domain name, or host name of the SNMP agent that is to receive incoming SNMP messages from an external SNMP manager. Type the listening port number. Type the names of authorized senders of SNMP messages. For example, you might want to type the name of the outgoing SNMP management node here, so that the McAfee Vulnerability Manager Notification Service listens to messages sent by that SNMP management node. If you do not type a name in this field, no messages are processed by the McAfee Vulnerability Manager Notification Service. Add Remove Allow Verify Vulnerability Click this button to add the name in the Senders List. Select a name from the Senders List and click this button to remove the name from the list. Select if you want McAfee Vulnerability Manager to respond to SNMP trap messages requesting verification of a vulnerability. Outgoing SNMP settings Option Address Port Description Type the IP address, fully qualified domain name, or host name of the SNMP management node McAfee Vulnerability Manager sends SNMP messages to. Type the port number of the SNMP management node. McAfee Vulnerability Manager 7.5 Installation Guide 58

59 Configuring Your Servers Enable notifications Enabling notifications Use the Settings section of the Notification Settings page to specify the server settings. Note: If you have McAfee VirusScan Enterprise On-Access Scanner enabled, the McAfee Vulnerability Manager Notification service fails to connect to your server. To receive notifications, exclude the Notification service from VirusScan Enterprise. See Using McAfee VirusScan Enterprise 8.0i and later (on page 80). Figure 14: Notification Settings Settings 1 Log on to the enterprise manager as a Global Administrator. 2 Select Manage Notifications. 3 Select Enable Notifications to enable notifications. 4 Complete the remaining information, specifying the server address, and the addresses of the sender/recipient. Note: notifications for updates applied via the McAfee Vulnerability Manager Configuration Manager are sent to the address listed for McAfee Vulnerability Manager Operations. If you have enabled notifications in the configuration manager Preferences, be sure to include an address in the McAfee Vulnerability Manager Operations field. server Option Address Port Description Type the address of the mail server. Use either the IP address, fully qualified domain name, or host name of the server (up to a maximum of 256 characters). Type the port number of the mail server to which notification messages are to be sent. McAfee Vulnerability Manager 7.5 Installation Guide 59

60 Configuring Your Servers Enable notifications Option Server Requires Authentication Username Password Description Select this checkbox to log on to the mail server with a user name and password. Type the user name required to log onto the mail server. The user name can be up to 64 characters long. Type the password associated with this user name. The password can be up to 128 characters long. messages Option Header Message Description Optional. Type your organization security banner here. While McAfee Vulnerability Manager 7.5 controls the bodies of these messages, you can configure an opening statement as needed. For example, you could include internal contact information or policy notices. The maximum number of characters allowed is 256. The header message can include alphanumeric characters plus underscores, periods, parentheses, hyphens, spaces, commas, slashes (/), and colons. Footer Message Optional. While McAfee Vulnerability Manager 7.5 controls the bodies of these messages, you can configure a closing statement as needed. For example, you could include internal contact information or policy notices. The maximum number of characters allowed is 256. The footer message can include alphanumeric characters plus underscores, periods, parentheses, hyphens, spaces, commas, slashes (/), and colons. Event and Address Settings The following settings apply to each notification type: Ticket Integration, McAfee Vulnerability Manager Operation, User Remediation, and User Scan Status. Option From Name From Address To Name Description Type the name of the sender. This is the person or organization that the appears to be coming from. Use up to 64 characters. Type the address of the person or organization sending the . If the recipient replies, the reply is sent to this address. Use up to 256 characters using a proper format (for example, [email protected]). Type the name of the person or organization receiving the notification for this type. Use up to 64 characters. McAfee Vulnerability Manager 7.5 Installation Guide 60

61 Configuring Your Servers Add the enterprise manager trust site certificate To Address Type the address of the recipient that is to receive event notifications. Use up to 256 characters using a proper format (for example, [email protected]). Hardening your servers McAfee recommends that you take security measures to harden the systems running McAfee Vulnerability Manager 7.5. Follow your company hardening policies. McAfee Vulnerability Manager also provides a Hardening Guide, available from McAfee Technical Support. Here are some suggestions that can help secure your servers. Update your servers with the latest patches Prior to hardening an IIS server, verify that the latest security fixes and patches have been installed on the IIS server. This can be verified by running Hfnetchk.exe. Download it from Shavlik Security products. Microsoft also provides security updates and patches, although its coverage is not the same as Hfnetchek's. Microsoft has provided the Windows Critical Update Notification Utility to ensure that critical updates are announced. The instructions for installing this tool are located on the Microsoft website. Qchain chains hot-fixes together to allow several fixes to be installed at once, reducing the number of system restarts required. More information is available from Microsoft. Setting up SSL McAfee Vulnerability Manager 7.5 installs and uses default SSL Certificates to communicate between its servers. The installation program creates the certificates and installs them. However, canned certificates are vulnerable to spoofing, which could allow someone to see the information as it is sent between servers. To increase the security, and to add authentication to the SSL Certificates, you must set up customized SSL Certificates. The necessity of using customized SSL Certificates varies widely from company to company. If you decide to use customized SSL Certificates, McAfee Vulnerability Manager provides the McAfee Vulnerability Manager Configuration Manager, a separate program that you can use to create custom SSL certificates (this tool also manages updates to the McAfee Vulnerability Manager components). For more information, refer to the configuration manager online help or the product guide. Add the enterprise manager trust site certificate A certificate error occurs when using Internet Explorer 8.0 or 9.0. This results in Internet Explorer blocking the enterprise manager. Adding the enterprise manager to the trusted sites list does not resolve this issue. To add the enterprise manager certificate to Microsoft Internet Explorer 8.0 or 9.0, review the following requirements. McAfee Vulnerability Manager 7.5 Installation Guide 61

62 Configuring Your Servers Add the enterprise manager trust site certificate The portal address in the CONFIG.INI file must match the FQDN, NetBIOS, or IP address used in the SSL certificate for the enterprise manager. See Check the server_name in the CONFIG.INI file (page 62)..Net 2.0 or 3.0 must be installed on each user system accessing the enterprise manager. Use the Installing the McAfee Vulnerability Manager Trust Site certificate (page 62) task on each user system accessing the enterprise manager. Check the server_name in the CONFIG.INI file Use this task to ensure the server_name in the CONFIG.INI file matches the FQDN, NetBIOS name, or IP address used in the SSL certificate. 1 Open configuration manager. 2 Expand the Foundstone SSL Certificates and select the SSL certificate issued to the enterprise manager. Example: myhost.domain.com. 3 In the Subject information, under Certificate Summary, find the FQDN, NetBIOS, or IP address. This is the information after CN=. 4 On the server running the enterprise manager, open the CONFIG.INI file. The default location in Microsoft Windows 2003 is: C:\Program Files\Foundstone\Portal\include. The default location in Microsoft Windows 2008 R2 is: C:\Program Files (x86)\foundstone\portal\include. 5 Make sure the server_name matches the FQDN, NetBIOS name, or IP address used in the SSL certificate. 6 Save the CONFIG.INI file. Installing the McAfee Vulnerability Manager Trust Site Certificate McAfee Vulnerability Manager allows you to install a product-specific Trust Certificate. 1 Double-click the Enterprise Manager icon. The McAfee Vulnerability Manager logon page appears. Note: If necessary, add the enterprise manager to the Trusted Sites list. 2 Click Trust Site Certificate. A warning message appears. 3 Click Yes. An import successful message appears when the certificate import is completed. 4 Click Quit. 5 Close Microsoft Internet Explorer. 6 Double-click the Enterprise Manager icon. McAfee Vulnerability Manager 7.5 Installation Guide 62

63 Upgrading to McAfee Vulnerability Manager 7.5 Add the enterprise manager trust site certificate Upgrading to McAfee Vulnerability Manager 7.5 This product supports upgrading from McAfee Vulnerability Manager version 6.8 or 7.0 to McAfee Vulnerability Manager 7.5. If you are upgrading a system that meets the system requirements (see "System Requirements and Architectures" on page 9), you can upgrade directly to McAfee Vulnerability Manager 7.5. If you need to upgrade your operating system or your SQL server, you must take additional steps, including backing up your McAfee Vulnerability Manager database. Caution: Backing up your database is recommended before doing any upgrades. Note: McAfee Vulnerability Manager components require an internet protocol version 4 (IPv4) address to properly communicate. Systems running product components must have an IPv4 address and can have an IPv6 address to facilitate scanning IPv6 targets. If you are upgrading the operating system and the database, you need to do the following: 1 Back up your existing database (Faultline). 2 Back up your McAfee Vulnerability Manager Windows Registry settings. 3 Upgrade the Windows operating system. 4 Upgrade the Microsoft SQL database. 5 Restore the McAfee Vulnerability Manager Windows Registry settings. 6 Restore the database (Faultline). 7 Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability Manager content is up-to-date. 8 Upgrade to McAfee Vulnerability Manager Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5 content is up-to-date. 10 Users should clear their web browser cache to ensure updated pages display properly. If you are upgrading the operating system on the server running the database to Microsoft Windows Server 2008 R2, you need to do the following: 1 Back up your existing database (Faultline). 2 Back up your McAfee Vulnerability Manager Windows Registry settings. 3 Upgrade the Windows operating system. 4 Restore the McAfee Vulnerability Manager Windows Registry settings. 5 If necessary, restore the database (Faultline). 6 Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability Manager content is up-to-date. 7 Upgrade to McAfee Vulnerability Manager Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5 content is up-to-date. 9 Users should clear their web browser cache to ensure updated pages display properly. McAfee Vulnerability Manager 7.5 Installation Guide 63

64 Upgrading to McAfee Vulnerability Manager 7.5 Add the enterprise manager trust site certificate If you are upgrading the database only (not the OS), you need to do the following: 1 Back up your existing database (Faultline). 2 Back up your McAfee Vulnerability Manager Windows Registry settings. 3 Upgrade the Microsoft SQL database. 4 Restore the database (Faultline). 5 Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability Manager content is up-to-date. 6 Upgrade to McAfee Vulnerability Manager Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5 content is up-to-date. 8 Users should clear their web browser cache to ensure updated pages display properly. If you attached your database to a server that does not have McAfee Vulnerability Manager installed: 1 Run the McAfee Vulnerability Manager installer. 2 Select the McAfee Vulnerability Manager components you want to install on the server. 3 On the McAfee Vulnerability Manager - Installation Settings page, double-click Database installation type = Create New. 4 Select Upgrade an existing database, then click Next. The McAfee Vulnerability Manager 7.5 installation program might not recognize the attached database because McAfee Vulnerability Manager has not been installed on this server. 5 Continue with the upgrade installation. If you moved your database to a different server, when you upgrade the server that formerly hosted your database: 1 Run the McAfee Vulnerability Manager installer. 2 Select the McAfee Vulnerability Manager components you want to install on the server. 3 On the McAfee Vulnerability Manager - Installation Settings page, double-click Database server = server_name. 4 Type the host name or IP address of the server hosting the database. 5 Type the McAfee Vulnerability Manager user password and then click Next. 6 Continue with the upgrade installation. If you are upgrading the enterprise manager or a scan engine to Microsoft Windows Server 2008 R2, you need to do the following: Note: If the database is installed with any other McAfee Vulnerability Manager component, you must follow the steps for upgrading the database. 1 Back up your McAfee Vulnerability Manager Windows Registry settings. 2 Upgrade the Windows operating system. 3 Restore the McAfee Vulnerability Manager Windows Registry settings. 4 Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability Manager content is up-to-date. 5 Upgrade to McAfee Vulnerability Manager Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5 content is up-to-date. 7 Users should clear their web browser cache to ensure updated pages display properly. McAfee Vulnerability Manager 7.5 Installation Guide 64

65 Upgrading to McAfee Vulnerability Manager 7.5 Back up the SQL server database using SQL Server Management Studio Back up the SQL server database using SQL Server Management Studio Before performing an upgrade, create a backup of your McAfee Vulnerability Manager database in case you need to restore it after the upgrade. 1 Open SQL Server Management Studio. To do this, select Start All Programs Microsoft SQL Server SQL Server Management Studio. 2 Connect to the server by providing the proper authentication. 3 Expand the Databases in the Object Explorer. 4 Right-click the Faultline database and select All Tasks Backup Database from the shortcut menu. Figure 15: SQL Enterprise Manager Getting to the Backup menu 5 In the Back Up Database dialog box, the backup destination is entered automatically. To add a different location, click Add to specify where to create the backup file. McAfee Vulnerability Manager 7.5 Installation Guide 65

66 Upgrading to McAfee Vulnerability Manager 7.5 Backing up the Windows registry 6 Optionally, in the Back up Database dialog box, select Options and select Verify Backup on finished to have SQL ensure that the backup is correct. 7 On the Back up Database dialog, click OK to begin the backup process. A message appears when the backup is complete. Figure 16: SQL Backup - complete Backing up the Windows registry 1 Open the Windows Registry. To do this, select Start Run. Type regedit as the name of the program to run, and click OK. Back up the registry keys, from the following locations in Microsoft Windows Server 2003: HKEY_LOCAL_MACHINE\SOFTWARE\FOUNDSTONE\, and HKEY_CURRENT_USER\SOFTWARE\FOUNDSTONE. Back up the registry keys, from the following locations in Microsoft Windows Server 2008 R2: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FOUNDSTONE\, and HKEY_CURRENT_USER\SOFTWARE\FOUNDSTONE. McAfee Vulnerability Manager 7.5 Installation Guide 66

67 Upgrading to McAfee Vulnerability Manager 7.5 Upgrading Microsoft SQL Server Select File Export. 3 Type a file name for the registry backup file, and select the folder where you want to save it. 4 Click OK. Upgrading Microsoft SQL Server 2000 Caution: Before you can upgrade Microsoft SQL Server 2000, you must remove the existing registry values for SQL certificates or you cannot install the database. Modifying registry values 1 Open the Registry Editor. The registry location of the SQL Server (for a default instance) is: HKEY_LOCAL_MACHINE\Software\Microsoft\MSSQLServer\MSSQLServer\SuperSocketNetLib. Note: For a named instance of the SQL Server, the values are under the key: HKLM\Software\Microsoft\Microsoft SQL Server\INSTANCENAME\MSSQLServer\SuperSocketNetLib. 2 Right-click Certificate and select Rename. 3 Rename Certificate to Certificate_. 4 Right-click Encrypt and select Rename. 5 Rename Encrypt to Encrypt_. 6 Close the Registry Editor. 7 Install Microsoft SQL 2005 or Microsoft SQL 2008 R2. A system restart might be required after installation. 8 Install the latest service pack for Microsoft SQL Server. If necessary, restart the server. 9 Install McAfee Vulnerability Manager 7.5. Once the McAfee Vulnerability Manager 7.5 installation is complete, you must restart the system. 10 After the system restarts, McAfee Vulnerability Manager 7.5 prompts you for database logon information. Just close this dialog box. Note: After McAfee Vulnerability Manager 7.5 is installed and running, you should redistribute the certificates to turn encryption on for communication between the database and the scan engine. Redistributing certificates 1 Open configuration manager console. 2 Select Tools Recreate Certificate Authority. 3 Change the name of the CA. 4 Select Recreate Certificate Authority. Once the certificates are distributed to the database, encryption is enabled. You can now start the scan controller(s) without being prompted for any database information. Changing the compatibility level of an upgraded SQL Server 2000 database After upgrading SQL Server 2000, you must change the database compatibility level. McAfee Vulnerability Manager 7.5 Installation Guide 67

68 Upgrading to McAfee Vulnerability Manager 7.5 Microsoft SQL server 2005 installation settings 1 Select Start All Programs Microsoft SQL Server SQL Server Management Studio. 2 Connect to the appropriate Database Engine server in the Object Explorer. 3 Open the Database node. 4 Right-click on the database. The default name is Faultline. 5 Select Properties. 6 Select Options under Select a Page. 7 Select SQL Server 2005(90) from the Compatibility Level list for Microsoft SQL Select SQL Server 2008(100) from the Compatibility Level list for Microsoft SQL Click OK. Microsoft SQL server 2005 installation settings The following table shows the page names and recommended settings for each step of the installation. These settings are based on a typical Microsoft SQL Server 2005 installation. If you are upgrading from Microsoft SQL Server 2000 to Microsoft SQL Server 2005, go to Upgrading Microsoft SQL Server 2000 (page 67). Note: During installation, the database name is not automatically added to the database field on the Database Administrator page. You must type in the database name or the instance name. SQL server installation suggested settings Use the following settings to configure your SQL Server. Installation Page Components to Install Instance Name Setting Select SQL Server Database Services and the Workstation components, Books Online and development tools. Select Default instance. Note: It is possible to give the instance a name. You must type this instance name when installing other McAfee Vulnerability Manager components. See Changing the SQL Instance Name (page 46). Service Account Select Use the built-in System account, then select Local system from the list. Select SQL Server under Start services at the end of setup. McAfee Vulnerability Manager 7.5 Installation Guide 68

69 Upgrading to McAfee Vulnerability Manager 7.5 Microsoft SQL server 2008 and 2008 R2 installation features Authentication Mode Select Mixed mode. This mode is required to create or upgrade the database. See Changing the Database Authentication Settings (on page 77) for information on how to change this setting later. Create a password for the SA account. The maximum password length is 128 characters. Important: Remember this password. You need it when you install the McAfee Vulnerability Manager Configuration Manager, scan controller, API server, notification service, data synchronization service, and report engine. Collation Settings Error and Usage Report Settings Accept the defaults. Accept the defaults (none selected). After the installation finishes, McAfee recommends that you restart the computer to begin using SQL Server. Then, make sure you have the latest SQL server service pack. Changing the Microsoft SQL memory settings Change the memory settings for Microsoft SQL Server to optimize performance for McAfee Vulnerability Manager. 1 Select Start Programs Microsoft SQL Server SQL Server Management Studio. 2 Log on to SQL Server Management Studio. 3 Right-click the server and select Properties. 4 Select Memory. 5 Change the Maximum Server Memory to two-thirds the maximum server memory. 6 Click OK. Microsoft SQL server 2008 and 2008 R2 installation features The following lists show the recommended and minimum Microsoft SQL Server 2008 and 2008 R2 features for using McAfee Vulnerability Manager. Note: If you are upgrading from Microsoft SQL Server 2000 to Microsoft SQL Server 2008, go to Upgrading Microsoft SQL Server 2000 (page 67). SQL server installation (recommended) Database Engine Services, including all sub-features Client Tools Connectivity Client Tools Backward Compatibility SQL Server Books Online Management Tools (complete) McAfee Vulnerability Manager 7.5 Installation Guide 69

70 Upgrading to McAfee Vulnerability Manager 7.5 Restoring the McAfee Vulnerability Manager database SQL server installation (minimum) Database Engine Services Client Tools Connectivity Client Tools Backward Compatibility After the installation finishes, McAfee recommends that you restart the computer to begin using SQL Server. Then, make sure you have the latest SQL server service pack. Restoring the Windows registry If you move or restore a McAfee Vulnerability Manager system, you must restore backed up product registry settings. The McAfee Vulnerability Manager registry settings contain a unique identifier for the scan engine. 1 Open the Windows Registry. To do this, select Start Run. Type regedit as the name of the program to run, and click OK. 2 Select File Import. 3 Select the file that contains your McAfee Vulnerability Manager Windows Registry settings. 4 Click OK to restore registry settings. Restoring the McAfee Vulnerability Manager database If you move or restore a McAfee Vulnerability Manager system, you need to restore a database backup. McAfee also recommends that you regularly test a database backup for integrity. 1 Stop all scan engines using the configuration manager. To do this, open configuration manager, expand the McAfee Vulnerability Manager tree in the left pane, select a scan engine and click Stop. You must do this for each scan engine. 2 Select Start All Programs Microsoft SQL Server SQL Server Management Studio. 3 Log on to SQL Server Management Studio. 4 Right-click Databases, then select Restore Database. 5 In the Restore Database dialog box, type Faultline in the To database field. McAfee Vulnerability Manager 7.5 Installation Guide 70

71 Upgrading to McAfee Vulnerability Manager 7.5 Restoring the McAfee Vulnerability Manager database Figure 17: SQL Server Back up You do not have to use Faultline as the McAfee Vulnerability Manager database name. If you use a database name other than Faultline, you must add a string to the HKEY_LOCAL_MACHINE\SOFTWARE\Foundstone\Foundscan registry key for Microsoft Windows 2003 or HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Foundstone\Foundscan registry key for Microsoft Windows 2008 R2. The string must be DBName with the value of the name created for the McAfee Vulnerability Manager database. If you use a database name other than Faultline, you should add the DBName registry key to any system that runs one or more of the following McAfee Vulnerability Manager applications or services: Scan controller API server Report engine Notification service Data synchronization service Configuration manager 6 Select From device, then click Select Devices. 7 In the Choose Restore Devices dialog box, click Add. 8 Type file name and location where the backup files are located, then click OK. 9 Click OK. 10 If necessary, on the Options tab, you can edit the rows in the Move to physical file name column to specify the location and names of the physical files of the restored McAfee Vulnerability Manager database. McAfee Vulnerability Manager 7.5 Installation Guide 71

72 Upgrading to McAfee Vulnerability Manager 7.5 Upgrading from a previous version Figure 18: Restore database If the database is version 6.0 through 6.8, you can also restore the database by using a T-SQL script, which might reduce the manual work of changing the physical file locations. See "Restoring the database using T-SQL" in the McAfee Vulnerability Manager Product Guide. 11 Click OK to begin restoring the database. 12 When the restoring process is complete, a message appears. Click OK to close the message. Upgrading from a previous version Upgrade the database first, when possible. Some McAfee Vulnerability Manager components connect to the database to complete the upgrade process. If you attached your database to a server that does not have McAfee Vulnerability Manager installed and you want to upgrade your database, there are some extra steps you must take to properly upgrade your database. See Upgrading to McAfee Vulnerability Manager 7.5 (on page 63) for more information. Tip: McAfee recommends that you back up the Faultline database (see "Back up the SQL server database using SQL Server Management Studio" on page 65) on the computer running the SQL Server database. It is also recommended that you back up the daily log files on your scan engine. The log files are named by date and can be found in the Foundstone\Logs folder. The process for upgrading your scan engines is different from other product components. After upgrading, the configuration manager automatically updates your engines to McAfee Vulnerability Manager 7.5. If you have a system running a scan engine and other McAfee Vulnerability Manager components, when you upgrade this system, you must upgrade the scan engine, even if the engine has already been updated by the configuration manager. Deselecting the engine from the upgrade removes the engine and the scan controller from this system. The McAfee Vulnerability Manager 7.5 installer automatically selects the API server component. Only install the API server component on one scan engine. Deselect the API server component when upgrading all other scan engines. McAfee Vulnerability Manager 7.5 Installation Guide 72

73 Upgrading to McAfee Vulnerability Manager 7.5 Upgrading from a previous version Note: When upgrading, multiple active sessions on the server can cause the upgrade to fail. You can close all running McAfee Vulnerability Manager components using the Task Manager or you can restart the server. Upgrading to McAfee Vulnerability Manager 7.5 Use the following task to upgrade the database, enterprise manager, and API server (or primary scan engine) to McAfee Vulnerability Manager Do not uninstall McAfee Vulnerability Manager. 2 Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability Manager content is up-to-date. 3 Notify all users to log off the McAfee Vulnerability Manager system. Note: If you want to change the password for the Faultline user, you must do it in the SQL Server Management Studio. 4 On any McAfee Vulnerability Manager component, run the McAfee Vulnerability Manager 7.5 installation program. The installation program detects McAfee Vulnerability Manager components already installed on the server. Review the list of selected McAfee Vulnerability Manager components to upgrade or update the list, if necessary. The installer terminates all product services before upgrading. If the installer cannot terminate any of the product services, a message appears asking you to terminate the product service manually. You must terminate any product services still running before continuing with the installation. 5 Make sure that all of your scan engines are online. 6 On the system where you installed the configuration manager Server, start the configuration manager Console. 7 Keep the configuration manager running long enough for all of your scan engines to connect to the configuration manager server. When the engines have connected, exit the McAfee Vulnerability Manager Configuration Manager. 8 On the computer running the database, start the McAfee Vulnerability Manager 7.5 installation program to upgrade your database. By default, your database is upgraded to McAfee Vulnerability Manager 7.5. If you want to install a new database, you must modify the Database installation type on the Installation Settings step of the installation wizard. 9 On the enterprise manager web server, run the McAfee Vulnerability Manager 7.5 installation program and install the enterprise manager. 10 On the computer on which you want to run the Notification Module, run the McAfee Vulnerability Manager 7.5 installation program and install the Notification Module. The Notification Module does not have to be installed on a system running a McAfee Vulnerability Manager component. 11 On systems that only have a scan engine installed, the scan engine is upgraded automatically by the McAfee Vulnerability Manager Configuration Manager. Any system with a scan engine and other McAfee Vulnerability Manager components installed, must be manually upgraded. Verify all scan engines are upgraded by checking the version of each scan engine in the configuration manager Console. During an automatic upgrade, a scan controller is installed with each scan engine. During a manual upgrade, the scan controller is selected when upgrading a system with a scan engine. 12 Upgrade all other McAfee Vulnerability Manager components. 13 Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5 content is up-to-date. Once you have upgraded the database and enterprise manager, and installed the Notification Module, the upgrade process is completed. McAfee Vulnerability Manager sends updates to some components after the upgrade process is complete, like sending content updates to the scan engines. In most cases, these updates finish shortly after the upgrade is complete. If there are a large number of scan engines or there is low McAfee Vulnerability Manager 7.5 Installation Guide 73

74 Upgrading to McAfee Vulnerability Manager 7.5 Upgrading from a previous version bandwidth communication to the scan engines, this update process could take longer. If McAfee Vulnerability Manager is not functioning properly right after an upgrade, the update process might not be complete. Upgrading an All-in-One system Note: If you are using additional scan engines outside the All-in-One system, see the above instructions under "Upgrading to McAfee Vulnerability Manager 7.5." 1 Run McAfee Vulnerability Manager Update before upgrading, to ensure your McAfee Vulnerability Manager content is up-to-date. 2 Notify all users to log off the McAfee Vulnerability Manager system. Note: If you want to change the password for the Faultline user, you must do it in the SQL Server Management Studio. 3 Stop and cancel all scan jobs before exiting the API server. 4 Run the McAfee Vulnerability Manager 7.5 installation program, installing all components. 5 If SQL server is not running, start the database (see "Starting and stopping the SQL server database" on page 74). 6 Run McAfee Vulnerability Manager Update to ensure your McAfee Vulnerability Manager 7.5 content is up-to-date. Merging the config.ini and php.ini files During the upgrade process, your existing config.ini and php.ini files are renamed to config.fsorig and php.fsorig. If you made any changes to either.ini file, you must manually merge the changed sections into the new config.ini and php.ini files. 1 Open both the new.ini file and the original (.fsorig) file in Notepad. 2 Copy the sections from the original file to the new one. 3 Save the file. Starting and stopping the SQL server database Sometimes it might be necessary to stop and restart the SQL Server service. If you are unable to connect to the database even after entering the correct server name and credentials, make sure the database is running. Using the SQL database service On the database server, you must open the SQL Server Management Studio to check the status of the SQL server. The server icon in the System Tray has been removed for Microsoft SQL Server 2005 and Select Start Programs Microsoft SQL Server SQL Server Management Studio. 2 If the database icon shows a red square, right-click the icon and click Start. When the icon shows a green triangle, the database is running. 3 If the database icon shows a green triangle, right-click the icon and click Stop. When the icon shows a red square, the database has stopped. McAfee Vulnerability Manager 7.5 Installation Guide 74

75 Upgrading to McAfee Vulnerability Manager 7.5 Upgrading appliances Rerunning scans After upgrading McAfee Vulnerability Manager, some information for existing scans doesn't display until the scan is run. This includes Scan Details information (new for McAfee Vulnerability Manager 7.5), and the Vulnerability by IP port information in reports. Microsoft Windows Server 2003 upgrade support If you are upgrading the operating system on a server that previously ran McAfee Vulnerability Manager components other than the scan controller and scan engine, you must uninstall the previous version before you can install McAfee Vulnerability Manager 7.5. You must install the other components on a server running Microsoft Windows Server 2008 R2. Note: Back up your database before you uninstall it. If you are upgrading on a server that only ran the scan controller and scan engine, your McAfee Vulnerability Manager information is retained and used for the upgrade.. During the upgrade, some McAfee Vulnerability Manager services must be stopped before the upgrade process can begin. Upgrading appliances If you have a McAfee Vulnerability Manager appliance with a previous version of the product, you can upgrade your appliance to McAfee Vulnerability Manager 7.5. The upgrade guidelines work with the MVM 2100 (scan controller and scan engine only), MVM 3000, and MVM McAfee Vulnerability Manager 7.5 Installation Guide 75

76 Troubleshooting and Tips Application Layer Gateway Message Troubleshooting and Tips This section includes some additional procedures and suggestions that can help you install McAfee Vulnerability Manager 7.5. Finding the NetBIOS name Use the hostname command to identify a system by its host name and domain name. 1 Select Start Run. 2 Type CMD, then click OK. 3 Type host name and press Enter. The name of the host appears. Creating strong passwords Although many tools exist to guess or brute-force passwords, creating a good password still adds an additional layer of security that helps deter potential attackers. Use each of the following elements in your password to create a strong password: Use 8 or more characters Use lower-case characters (a-z) Use upper-case characters (A-Z) Use numeral characters (0-9) Use non-alpha-numeric characters (`~!@#$%^&*()-_=+) Note: McAfee Vulnerability Manager 7.5 requires passwords that are at least 8 characters long, has at least three of the four remaining requirements (lower-case, upper-case, numeral, and non-alphanumeric), and does not contain the user name. Application Layer Gateway Message The install program might display the following message regarding the Application Layer Gateway: The "Application Layer Gateway Service" is currently running on this system. There are known issues with this service adversely affecting scan results. As such, it is highly recommended that you stop this service prior to scanning. This message appears under the following conditions: All service pack requirements are met for Microsoft Windows XP or Microsoft Windows 2003 The update labeled "MS05-019" is not applied The Application Layer Gateway Service is running McAfee Vulnerability Manager 7.5 Installation Guide 76

77 Troubleshooting and Tips SQL settings Stopping the Application Layer Gateway 1 Click Start Administrative Tools Services. 2 Click Application Layer Gateway Service. 3 Click Stop. Performance issues when running a large number of reports If you plan on running a large number of reports, McAfee recommends installing the report engine on a separate system from the database. Both the report engine and database can consume a lot of resources, potentially causes a system to slow down. You can separate these components by doing a custom installation for the report engine and doing a custom installation for the database on a different system. See Custom Install (see "Installing using the custom installation type" on page 39). SQL settings This section provides some procedures for setting up your SQL server after you have installed the database. Changing the database authentication settings During the installation process, the McAfee Vulnerability Manager install program sets the Authentication to SQL Server and Windows. This mode is required to create a new database or to upgrade the existing database. If your network database policy requires a different setting, it is okay to change them until you need to update your database again. You can either change the authentication settings by editing the Windows Registry or through the SQL Server Management Studio. Changing SQL authentication using the Windows registry 1 Open the Windows Registry editor. 2 Find the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\loginmode 3 Change the value to 2. Changing SQL authentication using SQL Server Management Studio 1 Open the SQL Server Management Studio. To do this, select Start Programs Microsoft SQL Server SQL Server Management Studio. Note: You might be required to connect to the server. Type the appropriate information and click Connect. McAfee Vulnerability Manager 7.5 Installation Guide 77

78 Troubleshooting and Tips SQL settings 2 In the Object Explorer, expand the server list until you get to the server you are configuring. 3 Right-click the server, and select Properties. 4 Click the Security page. 5 Change the Authentication setting as desired. Figure 19: SQL Authentication 6 Click OK and exit the program. Optimize dynamic memory settings McAfee Vulnerability Manager recommends that you use dynamic memory allocation for SQL Servers and cap it at 40% of the total system memory. Setting the SQL dynamic memory 1 Select Start Programs Microsoft SQL Server 2005 SQL Server Management Studio. 2 Log on to SQL Server Management Studio. 3 In the Object Explorer, expand the server list until you get to the server you are configuring. 4 Right-click the server, and select Properties. 5 Click the Memory page. 6 Set the Index Creation Memory to 40% of the total system memory. For example, set the Index Creation Memory to 400 MB if the system has 1 GB of memory and to 800 MB if the systems has 2 GB memory. 7 Click OK. Setting the SA password in SQL McAfee Vulnerability Manager 7.5 requires the SQL SA Password so that it can create or upgrade the database (named Faultline). The SA password is not revealed in the McAfee Vulnerability Manager 7.5 product. However, if you want to set a temporary password before installation, or change the SA password after the installation, follow these steps to make the change. McAfee Vulnerability Manager 7.5 Installation Guide 78

79 Troubleshooting and Tips SQL settings Changing the SQL database SA password 1 Select Start Programs Microsoft SQL Server SQL Server Management Studio. 2 Log on to SQL Server Management Studio. 3 Expand the Security folder and click Logins. 4 Double-click sa. Figure 20: SQL Server Management Studio 5 Under SQL Server Authentication (non-selectable), type the new sa password. Changing the TCP/IP protocol During installation, McAfee Vulnerability Manager creates a database connection alias with the database server information and TCP/IP protocol. If you change or disable the TCP/IP protocol, McAfee Vulnerability Manager might not function properly. To modify the alias, you can use the SQL Server Client Network Utility or change the alias value in the registry. Using the SQL server client network utility 1 Select Start Run. 2 Type cliconfg and press Enter. The SQL Server Client Network Utility appears. 3 Click the Alias tab, edit the Server alias, then click OK. McAfee Vulnerability Manager 7.5 Installation Guide 79

80 Troubleshooting and Tips Optional enterprise manager settings Optional enterprise manager settings After having installed McAfee Vulnerability Manager 7.5, there are several steps you can take to customize the way that McAfee Vulnerability Manager 7.5 is used in your company. This includes setting up logon messages (post messages to all users on the logon page (see "Setting up a logon message" on page 80)). Using McAfee VirusScan Enterprise 8.0i and later If you are running McAfee VirusScan Enterprise (VSE) 8.0i or later, you must exclude the McAfee Vulnerability Manager executables from the Port Blocking rules in VSE. The Port Blocking rule is intended to stop mass mailings that target SMTP port 25. Certain scanning techniques employed by McAfee Vulnerability Manager are considered to be malicious activities by VSE. This results in inaccurate vulnerabilities reported when scanning. To exclude FSScanCtrl.exe in the port blocking rule 1 Open the Virus Scan Enterprise Console by right-clicking the icon in the Windows taskbar. 2 Right-click Access Protection and select Properties from the shortcut menu. 3 Select the Antivirus Standard Protection category. 4 Select the rule to Prevent mass mailing worms from sending mail and click Edit. 5 Add FSScanCtrl.exe to the Excluded Process list. 6 Click OK, then click Apply. 7 Select the rule to Prevent IRC Communication and click Edit. 8 Add FSScanCtrl.exe to the Excluded Process list. 9 Close the VSE 8.0i console. Note: If VSE is installed on the mail server, repeat these steps on the mail server. McAfee suggests that you add all of the applications and processes of McAfee Vulnerability Manager to this exclusion list in VSE in order to avoid conflicts between VSE and McAfee Vulnerability Manager. Repeat the above steps to exclude the following: FSScanCtrl.exe (excluded in the steps above) FSUpdate.exe FSNotifications.exe LCDServices.exe RegFS.exe FCAgent.exe FCServer.exe FSAPI.exe FSAssessment.exe FSDiscovery.exe FSLogToDiskSvc.exe ReportServer.exe Setting up a logon message If you have access to the enterprise manager server, you can add a message that appears on the enterprise manager logon page for all users. To add this message, you must have created text files with specific names and copied the files to the enterprise manager home directory. McAfee Vulnerability Manager 7.5 Installation Guide 80

81 Troubleshooting and Tips Optional enterprise manager settings Adding a logon message Create a text file named mod.txt, and place it in the enterprise manager home directory. The default location for Microsoft Windows 2008 R2 is c:\program Files (x86)\foundstone\portal. Removing the logon message If the mod.txt file is not found or does not contain any data, the message of the day does not appear. Remove this file from the enterprise manager home directory. Creating a logon message file Using a text editing program like Notepad, type the message you want to display. You can embellish the message with some HTML tags, but they are not required. Available HTML tags You can use the following HTML tags to customize these messages: <a><br><b><h1><h2><h3><h4><i> <img><li><ol><p><strong><table> <tr><td><th><u><ul> Adding a blank line in the mod.txt file automatically adds the appropriate.html code to create a new line. Message titles Use the tags <mod_title> and </mod_title> to change the title of the message. If no title has been entered, the title displays "Message of the Day". SAMPLE mod.txt FILE The following is an example of possible content for the Message of the Day file. <mod_title>security Notice</mod_title> The following network segments <i>should not be scanned</i> until further notice. <ul> <li> </li> <li> </li> </ul> Contact Sue at extension 630 if you have any questions. It results in the following message: Figure 21: Logon Page - Message of the Day McAfee Vulnerability Manager 7.5 Installation Guide 81

82 Troubleshooting and Tips Optional enterprise manager settings Allowing root organization administrators to switch to global administrator McAfee Vulnerability Manager 7.5 can allow root organization administrators to switch between Root Organization Administrator and Global Administrator in the enterprise manager. This can be useful in organizations that use single sign-on since a separate sign-on account is not required. Warning: If this feature is enabled, all root organization administrators have access to the Global Administrator and can make changes to the enterprise manager. It is possible for one root organization administrator to undo the settings established by another. This feature might not be ideal for environments with multiple root organization administrators. Allowing root organization administrators to switch to global administrator 1 Open the config.ini file on the system running the enterprise manager. The default location for Microsoft Windows 2008 R2 is c:\program Files (x86)\foundstone\portal\include. 2 Set allow_ga_switch to true. 3 Save and close the config.ini file. Using the global administrator switch 1 Log on to the enterprise manager as a Root Organization Administrator. 2 Click the Global Admin link. The Global Administrator user-interface appears. Note: Only one active session is allowed. Using Open in New Tab on the Global Admin link terminates the organization administrator session. Using Open in New Tab also terminates the session if the Org Admin link is clicked in the global administrator session. 3 Click the Org Admin link to switch back to the Root Organization Administrator user-interface. Note: If you log on using the Global Administrator credentials, you don't see the ORG ADMIN link in the user-interface. The switch only functions when you log on as a Root Organization Administrator. Setting up the CONFIG.INI and PHP.INI files This section provides information on the settings found in the CONFIG.INI and PHP.INI files, located on the enterprise manager server. Use caution when changing the settings in these files. The wrong settings can prevent McAfee Vulnerability Manager 7.5 from functioning properly. CONFIG.INI The config.ini file contains basic configuration settings for McAfee Vulnerability Manager 7.5. The default location for Microsoft Windows 2003 is c:\program Files\Foundstone\Portal\include\config.ini. The default location for Microsoft Windows 2008 R2 is c:\program Files (x86)\foundstone\portal\include\config.ini. PHP.INI PHP is a scripting language used by enterprise manager. The php.ini file contains PHP settings in enterprise manager. This file contains many sections and settings, though this document addresses only those settings that McAfee recommends for customers to change if necessary. The default location for Microsoft Windows 2003 is c:\program Files\Foundstone\PHP\php.ini. The default location for Microsoft Windows 2008 R2 is c:\program Files (x86)\foundstone\php\php.ini. McAfee Vulnerability Manager 7.5 Installation Guide 82

83 Troubleshooting and Tips Optional enterprise manager settings Opening the CONFIG.INI file The CONFIG.INI file is located on the web server that hosts the enterprise manager. 1 On the enterprise manager server, navigate to \Portal\include\config.ini. It is located under the folder where you installed McAfee Vulnerability Manager 7.5. The default location for Microsoft Windows 2003 is c:\program Files\Foundstone\Portal\include\config.ini. The default location for Microsoft Windows 2008 R2 is c:\program Files (x86)\foundstone\portal\include\config.ini. 2 Double-click the file to open it. 3 Edit the file using NOTEPAD.EXE or another text editor. Opening the PHP.INI file The PHP.INI file is located on the web server that hosts the enterprise manager. 1 On the enterprise manager server, navigate to \PHP\Config.ini. It is located under the folder where you installed McAfee Vulnerability Manager 7.5. The default location for Microsoft Windows 2003 is c:\program Files\Foundstone\PHP\php.ini. The default location for Microsoft Windows 2008 R2 is c:\program Files (x86)\foundstone\php\php.ini. 2 Double-click the file to open it. 3 Edit the file using NOTEPAD.EXE or another text editor. Common Tasks The following list shows the most common tasks that can be performed by changing the CONFIG.INI and PHP.INI settings. Disabling the option to verify a vulnerability ticket In the CONFIG.INI file, change the value disable_verify under the Remediation section to 1 and save the file. To verify the setting, log onto the enterprise manager. Navigate to Remediation New Tickets. The Verify button should not be available when this value is set to 1. Disabling the Quick Scan feature in the enterprise manager In the CONFIG.INI file, search for the following string and remove the ; at the beginning of the line: ;disable_quickscan=1 To verify the setting, log onto the enterprise manager. The Quick Scan feature is disabled when this value is set to 1. Disabling the Customer Feedback Link in the enterprise manager In the CONFIG.INI file, change the value submit_feedback under the [Optional] section to 0 and save the file. McAfee Vulnerability Manager 7.5 Installation Guide 83

84 Troubleshooting and Tips Optional enterprise manager settings To verify the setting, log onto the enterprise manager. The customer feedback link at the bottom of the page should not appear, or is otherwise disabled. Config.ini The config.ini file contains basic configuration settings for McAfee Vulnerability Manager 7.5. The default location for Microsoft Windows 2003 is c:\program Files\Foundstone\Portal\include\config.ini. The default location for Microsoft Windows 2008 R2 is c:\program Files (x86)\foundstone\portal\include\config.ini. Sections in this configuration file include: first run flag (page 84) [server] (page 85) [API Server] (page 86) [session] (page 87) [report server] (page 88) [optional] (page 88) [look_and_feel] (page 89) [ipranges] (page 90) [mvas] (page 90) [debug] (page 91) [fcgi] (page 91) [reports] (page 91) [l18n] (page 91) [threats] (page 92) [RADIUS_server_options] (page 93) [single signon] [java] (page 94) [fs-850 options] [remediation] (page 94) first run flag Entry Default Description first_run 1 until you log onto the enterprise manager 0 after a successful logon to the enterprise manager The first time you log onto the enterprise manager, if this value is set to 1, the server_name value is sent to the engine as the "default" portal server. McAfee Vulnerability Manager 7.5 Installation Guide 84

85 Troubleshooting and Tips Optional enterprise manager settings [server] Entry Default Description server_url / Base URL used to access the enterprise manager. server_root Windows 2003 C:\Program Files\Foundstone\Po rtal\ Install path for the enterprise manager. Windows 2008 R2 C:\Program Files (x86)\foundstone\po rtal\ server_cache Windows 2003 C:\Program Files\Foundstone\Te mp\ Path for temporary files. Windows 2008 R2 C:\Program Files (x86)\foundstone\te mp\ reports_dir Windows 2003 C:\Program Files\Foundstone\Re ports\ The report engine uploads scan reports to this directory. Windows 2008 R2 C:\Program Files (x86)\foundstone\re ports\ custom_reports_dir Windows 2003 C:\Program Files\Foundstone\Re ports_custom\ The report engine uploads custom reports to this directory. Windows 2008 R2 C:\Program Files (x86)\foundstone\re ports_custom\ font_dir C:\Windows\Fonts Path for Windows fonts. server_name COMPUTERNAME Name of this server. This should be the name used to access the system, such as the DNS or NetBIOS name of the system. McAfee Vulnerability Manager 7.5 Installation Guide 85

86 Troubleshooting and Tips Optional enterprise manager settings Entry Default Description server_protocol server_cert_dir portal_id http or https Depends on install options. %installdirectory%\ Foundstone\Configur ation Protocol used to access the enterprise manager. Either http or https. Directory containing the SSL certificates. Internal system identification; do not change this setting. [API Server] Entry Default Description API_primary API_secure API_proxy_host API_proxy_port API_connection_ timeout API_response_time out Server that hosts the API server (including the port to access the API server). "1" indicates that a SSL connection should be made to the API server. Proxy information if a proxy is required for connecting to the API server. 5 The number of seconds to wait for a connection to the API server. 180 The number of seconds to wait for a response to a query from the API server. API_authenticate 1 "1" indicates the use of certificates to authenticate a connection to the API server. API_authenticate_ cn Indicates whether or not to verify against the CN value of a certificate. No value - Turns off CN verification. hostname - The web portal gets the host name of the server and verifies it against the CN value. Any other value is verified against the CN value. McAfee Vulnerability Manager 7.5 Installation Guide 86

87 Troubleshooting and Tips Optional enterprise manager settings Entry Default Description API_reconnect_ interval API_stream_select_ timeout 180 The number of seconds required before a reconnection to the API server can be made. 3 The number of seconds PHP waits for the stream notification events before quitting and trying again. api_authenticate_ca Windows 2003 C:\Program Files\Foundstone\Co nfiguration\customt rustedca.pem Path for the Certificate Authority file. api_authenticate_ client Windows 2008 R2 C:\Program Files (x86)\foundstone\co nfiguration\customt rustedca.pem Windows 2003 C:\Program Files\Foundstone\Co nfiguration\customp ortal.pem Windows 2008 R2 C:\Program Files (x86)\foundstone\co nfiguration\customp ortal.pem Path for the certificate file the API server uses to communicate with the enterprise manager. [session] Entry Default Description session_validate_ip true Validates that the current web browser IP address is the same as it was when authenticated at logon time. Either true or false. McAfee Vulnerability Manager 7.5 Installation Guide 87

88 Troubleshooting and Tips Optional enterprise manager settings session_validate_browser Validates that the current browser session is the same as it was when authenticated at logon time. Either true or false. Not implemented by default. [report_server] Entry Default Description report_server [hostname of report engine server]:port Type the host name or IP address, colon (:), port number for the report engine server. Example: MYHOST.XYZ.COM:3802 report_server_secure 1 Type 1 to use SSL, otherwise type 0. report_push_check 1 Only allows file transfers from the report_server and API_primary addresses. [optional] Entry Default Description enable_dashboard_ configuration_applet enable_organization_ applet true false Not used. Not used. alerts_max 100 Maximum number of alerts to display at one time. scan_pulldown_alpha false How to sort pull-down scan list. true = sort alphabetically by scan name false = sort in reverse chronological order by scan date short_chars 30 Number of characters before the scan name is truncated in the Dashboard and menus. McAfee Vulnerability Manager 7.5 Installation Guide 88

89 Troubleshooting and Tips Optional enterprise manager settings Entry Default Description string_chunk_len 100 When FSL scripts retrieve information from a host, this number determines how many characters long each line should be before being truncated. string_chunk_delimiter " " Type the character (or space) to be used to break the information from the host into individual lines. scan_config_dropdown 30 Determines the number of scans to be displayed on the Scan drop-down box on the Home page. tree_expansion_default On pages other than the Organization Management or asset management (containing Java interfaces), this number determines how many levels of the organization tree are shown. There is no default value assigned as of McAfee Vulnerability Manager 7.5. A value of 3 indicates that an organization tree shows the root level, 1st child level, and 2nd child level of workgroups. disable_quickscan 1 Disables the Quick Scan feature from the enterprise manager. This is disabled by default. submit_feedback 1 Displays the Product Updates, Release News, and Feedback link in the enterprise manager. auto_refresh_rate 10 The number of seconds before the web page is automatically refreshed. To disable, set the value to 0. [look_and_feel] Entry Default Description color_buttonf ; Enterprise manager color scheme setting. McAfee Vulnerability Manager 7.5 Installation Guide 89

90 Troubleshooting and Tips Optional enterprise manager settings Entry Default Description color_buttonb ; Enterprise manager color scheme setting. color_headerf ;FFFFFF Enterprise manager color scheme setting. color_headerb ; Enterprise manager color scheme setting. color_grey1 ;e3e3e3 Enterprise manager color scheme setting. color_grey2 ;cccccc Enterprise manager color scheme setting. color_grey3 ;3581cd Enterprise manager color scheme setting. font verdana Enterprise manager typeface setting. font_size 1 Enterprise manager font size setting. [ipranges] Entry Default Description enable_ipranges true Enable the entry of IP ranges through the enterprise manager. When set to False, IP ranges can only be entered through the API server. max_ipranges 8000 Maximum number of IP ranges to import from a text file before truncating. [mvas] Entry Default Description enable_mvas_options false Managed Service use only. Either true or false. threats false Managed Service use only. Either true or false. McAfee Vulnerability Manager 7.5 Installation Guide 90

91 Troubleshooting and Tips Optional enterprise manager settings [debug] Entry Default Description debug 0 Enterprise manager debug mode. on=1 and off=0 debug_soap 0 Enterprise manager debug mode: include soap events in the output. on=1 and off=0 debug_report_server 0 Enterprise manager debug mode: used to test report uploads. on=1 and off=0 debug_msi_server 0 Create log files when language packs are pushed on the server that executes them. Enable log=1; Disable log =0 [fcgi] This section is used for debugging the FastCGI components in McAfee Vulnerability Manager 7.5. It might be used in a support call situation when additional logging needs to be turned on to help identify a problem. [reports] Entry Default Description report_server_timeout 1200 Number of seconds to wait between attempts to upload reports to the server. [il8n] Entry Default Description il8n_language Determines which language to display in the product. cs = Chinese Simplified ct = Chinese Traditional de = German en = English es = Spanish fr = French ja = Japanese kr = Korean il8n_bullet Determines the default bullet character used throughout the enterprise manager. McAfee Vulnerability Manager 7.5 Installation Guide 91

92 Troubleshooting and Tips Optional enterprise manager settings [threats] Entry Default Description max_threats 6 Determines the number of threats that can be viewed at one time on the Threat Correlation page. McAfee Vulnerability Manager 7.5 supports showing up to 19 threats at a time. max_intervals 4 Determines the number of business units that can be viewed at one time on the Threats by Business Unit page. tcv_enable_default_bu 1 0 disables this feature. If there is a default business unit, it comes from the administrator. 1 enables users to see a default business unit containing all scans that the user can access. tcv_select_default _bu 1 0 disables this feature. If there is a default business unit available, it is not automatically selected when opening the Threat Correlation page. 1 enables this feature. The default business unit is selected by default when you view the Threat Correlation page. The default business unit contains data for all scans and workgroups that the user can access. McAfee Vulnerability Manager 7.5 Installation Guide 92

93 Troubleshooting and Tips Optional enterprise manager settings Entry Default Description tcv_central_admin_default_bu 0 0 disables this feature. A default business unit containing all workgroups is not created for the Root Organization Administrator. 1 enables this feature. A default business unit containing the organization and all workgroups is created for the Root Organization Administrator. Note: Since the default business unit contains data for all organizations and workgroups, the Threat Correlation page can take a long time to load all of the data. [RADIUS_server_options] Entry Default Description use_radius_auth Set to "1" to turn on RADIUS authentication. This is disabled by default. radius_primary_ address radius_primary_ secret radius_primary_port radius_type_options IP address for the IAS server or TekRADIUS server. Type the secret used during IAS or TekRADIUS set up. The authentication port used. The type of protocol used. Examples: PAP, CHPA_MD5, and MSCHAPv2. McAfee Vulnerability Manager 7.5 Installation Guide 93

94 Troubleshooting and Tips Optional enterprise manager settings [java] Entry Default Description java_use_dynamic_jre_ versioning false Enables you to use the Sun Java Runtime Engine version 1.4 or later for computers on which the enterprise manager is running. To use a different version, change this entry to true. The version of the JRE is then managed by Sun via their web server. Changing this setting to true allows you to use a version of the JRE on which you have standardized that might differ from the current version (1.6.0_07). Note: Version 1.6.0_07 or later of the JRE is required. Earlier versions might appear to be accepted, but they are unsupported and the enterprise manager might not display properly. [remediation] Entry Default Description disable_verify 0 Specifies whether you want to disable verification of tickets: 0 = do not disable verification 1 = disable verification Compress a single PDF report Entry Default Description zip_single_pdf By default, this entry is not in the config.ini file. Specifies whether a single PDF report is delivered uncompressed (default) or compressed. true = compress single PDF reports false = do not compress single PDF reports McAfee Vulnerability Manager 7.5 Installation Guide 94

95 Troubleshooting and Tips Optional enterprise manager settings Php.ini PHP is a scripting language used by enterprise manager. The php.ini file contains PHP settings in enterprise manager. This file contains many sections and settings, though this document addresses only those settings that McAfee recommends for customers to change if necessary. The default location for Microsoft Windows 2003 is c:\program Files\Foundstone\PHP\php.ini. The default location for Microsoft Windows 2008 R2 is c:\program Files (x86)\foundstone\php\php.ini. Caution: The majority of the settings in this file should not be modified for use with McAfee Vulnerability Manager 7.5. PHP Settings Entry Default Description max_execution_time 300 Maximum execution time of each script, in seconds. This determines how long to continue running a script on a particular host before moving onto the next. max_input_time 600 Maximum amount of time each script can spend parsing request data, in seconds. This can be adjusted to allow for larger file uploads that time-out prematurely. memory_limit 32M Maximum amount of memory, in megabytes, that a script can consume. display_errors Off on Displays error messages to web users. Use this setting only for diagnostic purposes. Caution: When this setting is On, users might be able to view security information, such as file paths and database schema. off Hides error messages. post_max_size = 200M upload_max_filesize = 200M 200M (200 MB) 200M (200 MB) Maximum size of POST data supported by PHP. The maximum size of files that can be uploaded to the enterprise manager McAfee Vulnerability Manager 7.5 Installation Guide 95

96 Troubleshooting and Tips Disabling SSL Disabling SSL Secure communication between the enterprise manager and the API server are set by default when McAfee Vulnerability Manager is installed. If you are required to disable SSL, you must do the following: 1 Turn off SSL in the configuration manager. a Open the configuration manager and select Tools Preferences API Server. b On the API Server tab, deselect both Use SSL options (under Incoming Connection and Enterprise Manager). c Click OK. The settings are not applied until the API server is restarted. 2 Restart the API server. a In the left pane of the configuration manager, expand Foundstone Systems, then expand system that hosts the API server. b Select API server. Click Stop to stop the server. c Once the server has stopped, click Start to start the server. 3 Modify the config.ini file on the enterprise manager. a On the server running the enterprise manager, open the config.ini file. The default location for Microsoft Windows 2003 is c:\program Files\Foundstone\Portal\include. The default location for Microsoft Windows 2008 R2 is c:\program Files (x86)\foundstone\portal\include. b Set the following parameters: server_protocol =http API_secure =0 report_server_secure =0 4 Turn off SSL in the enterprise manager. On the server running the enterprise manager, select Start All Programs Administrative Tools Internet Information Services (IIS) Manager. In the left pane, expand the enterprise manager and select Web Sites (Windows 2003) or Sites (Windows 2008 R2). For Microsoft Windows 2003: In the right pane, right-click the website and select Properties. Select Directory Security, then click Edit under Secure communications. Deselect Require secure channel (SSL). Click OK. Close the Properties dialog box. For Microsoft Windows 2008 R2: In the right pane, double-click the website. Double-click SSL Settings. Deselect Require SSL. Click OK. Restart the IIS server. Right-click the local computer, select All Tasks, then select Restart IIS. Select Restart IIS, then click OK. After IIS restarts, close the IIS manager window. McAfee Vulnerability Manager 7.5 Installation Guide 96

97 Troubleshooting and Tips Disabling SSL Turning off SSL in configuration manager 1 Open the configuration manager and select Tools Preferences API Server. 2 On the API Server tab, deselect both Use SSL options (under Incoming Connection and Enterprise Manager). 3 Click OK. The settings are not applied until the API server is restarted. Restarting the API server 1 In the left pane of the configuration manager, expand Foundstone Systems, then expand system that hosts the API server. 2 Select API server. Click Stop to stop the server. 3 Once the server has stopped, click Start to start the server. Modifying the CONFIG.INI file on the enterprise manager 1 On the server running the enterprise manager, open the config.ini file. The default location for Microsoft Windows 2003 is c:\program Files\Foundstone\Portal\include. The default location for Microsoft Windows 2008 R2 is c:\program Files (x86)\foundstone\portal\include. 2 Set the following parameters: server_protocol =http API_secure =0 report_server_secure =0 Turning off SSL on the enterprise manager Microsoft Windows On the server running the enterprise manager, select Start All Programs Administrative Tools Internet Information Services (IIS) Manager. 2 In the left pane, expand the enterprise manager and select Web Sites. 3 In the right pane, right-click the website and select Properties. 4 Select Directory Security, then click Edit under Secure communications. 5 Deselect Require secure channel (SSL). 6 Click OK. Close the Properties dialog box. 7 Restart the IIS server. Right-click the local computer, select All Tasks, then select Restart IIS. Select Restart IIS, then click OK. 8 After IIS restarts, close the IIS manager window. McAfee Vulnerability Manager 7.5 Installation Guide 97

98 Troubleshooting and Tips Installation error when FIPS is enabled Microsoft Windows 2008 R2 1 On the server running the enterprise manager, select Start All Programs Administrative Tools Internet Information Services (IIS) Manager. 2 In the left pane, expand the enterprise manager and select Sites. 3 In the right pane, double-click the website. 4 Under IIS, double-click SSL. 5 Deselect Require SSL. 6 Click Apply. 7 In the left pane, right-click the local computer and click Stop. 8 Right-click the local computer and click Start. 9 Close the IIS manager window. Why does my Foundstone Configuration Agent system tray icon have an exclamation mark An exclamation mark appears on a system tray icon when something is not functioning properly. A common solution is to make sure the user logging into the server has administrator rights. The Foundstone configuration agent must be able to query service status and start or stop services. Since the agent is a desktop application, it runs under the permissions of the logged in user. If the user does not have administrator rights, the configuration agent tool might not function properly. Installation error when FIPS is enabled If you try installing McAfee Vulnerability Manager 7.5 on a system that has the Federal Information Processing Standard (FIPS) security setting enabled, the installation fails. To resolve this issue, disable the FIPS security setting, install the product, and then re-enable the FIPS security setting (if necessary). 1 Open the Local Security Policy, under Administrative Tools. 2 Select Start Control Panel Administrative Tools, then select Local Security Policy. 3 In the left pane, expand Local Policies, then select Security Options. 4 In the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing. 5 In the dialog box, select Disabled, select Apply, then click OK. 6 Close the Local Security Settings window. McAfee Vulnerability Manager 7.5 Installation Guide 98

99 Appendix Microsoft SQL 2005 Express Settings Appendix Microsoft SQL 2005 Express Settings Installation: McAfee recommends that you install Microsoft SQL 2005 Express on a Microsoft Windows 2003 system. Note: If you are installing SQL 2005 Express on a virtual system, the virtual system must be on an IDE disk drive. See the VMware website or documentation for further information. Suggested Usage: Only for class C networks. Microsoft SQL Server 2005 Express installation settings The following table shows the recommended settings for each step of the installation. These settings are based on a typical Microsoft SQL Server 2005 Express installation. Use the following settings when setting up Microsoft SQL Server Express. SQL Server Express installation suggested settings Installation Page Registration Information Feature Selections Instance Name Setting Make sure Hide advanced configuration options is not selected. Accept the defaults. Select Default instance. Note: It is possible to give the instance a name. You must type this instance name when installing other McAfee Vulnerability Manager components. See Changing the SQL instance name (page 46). Service Account Select Use the built-in System account, then select Local system from the list. Select SQL Server under Start services at the end of setup. Note: If you are using a Named Instance, select SQL Browser under Start services at the end of setup. McAfee Vulnerability Manager 7.5 Installation Guide 99

100 Appendix Microsoft SQL 2005 Express Settings Authentication Mode Select Mixed mode. This mode is required to create or upgrade the database. See Changing the Database Authentication Settings (on page 77) for information on how to change this setting later. Create a password for the SA account. The maximum password length is 128 characters. Important: Remember this password. You need it when you install the McAfee Vulnerability Manager Configuration Manager, scan controller, API server, notification service, data synchronization service, and report engine. Collation Settings User Instances Error and Usage Report Settings Accept the defaults. Accept the defaults. Accept the defaults. After the installation has completed, McAfee recommends that you restart the computer to begin using Microsoft SQL Server Express. Then, make sure you have the latest Microsoft SQL Server Express Service Pack. Enabling TCP/IP By default, TCP/IP is disabled in Microsoft SQL Express TCP/IP must be enabled for McAfee Vulnerability Manager to function properly. 1 Open the SQL Server 2005 Surface Area Configuration wizard Select Start All Programs Microsoft SQL Server 2005 Configuration Tools SQL Server 2005 Surface Area Configuration. 2 Select Surface Area Configuration for Services and Connections. 3 Select Remote Connections under Database Engine. 4 Select Local and remote connections and select a TCP/IP option. 5 Click OK. 6 Restart the Database Engine service for the change to take effect. Internet access If a system is blocked from accessing the internet, the time service might no longer synchronize and cannot provide the time to other clients or upgrade the system clock. This might cause McAfee Vulnerability Manager services to not respond within an expected amount of time, causing a failure to start. To resolve this, either let the system access the internet or add the ServicesPipeTimeout registry entry. ServicePipeTimeout registry entry 1 Select Start Run. 2 Type regedit and click OK. 3 Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\. 4 If ServicePipeTimeout does not exist, create a DWORD data type and label it ServicePipeTimeout. 5 Assign a value larger than (milliseconds). For example: (milliseconds). McAfee Vulnerability Manager 7.5 Installation Guide 100

101 Appendix Move the database Microsoft SQL 2008 Express Settings Installation: McAfee recommends that you accept the default settings during installation. You might need to run the SQL Browser. Suggested Usage: Only for class C networks. Note: McAfee Vulnerability Manager does not support the use of Microsoft SQL Express 2008 R2. Disabling Admin Approval Mode (Windows 2008 R2) Microsoft Windows 2008 R2 has Admin Approval Mode enabled by default. With Admin Approval Mode enabled, only the root administrator can successfully install McAfee Vulnerability Manager. All other administrators might run into errors when trying to run or manage McAfee Vulnerability Manager. 1 Log on to the server as an administrator. 2 Select Start Run. 3 Type secpol.msc and click OK. The Local Security Policy window appears. 4 From the tree (left pane), double-click Local Policies. 5 Double-click Security Options. 6 Scroll down and double-click User Account Control: Run all administrators in Admin Approval Mode. 7 Select Disable, then click OK. 8 Close the Local Security Policy window. 9 Restart the server for the policy change to take effect. Move the database If you have moved your database, there are some additional steps that must be done for McAfee Vulnerability Manager to function properly. This also applies to moving your database during an upgrade. 1 On the system that ran the database: Stop the SQL service. You can also set the SQL service to Manual to free up some resources on this server, but this is optional. Delete or rename the database.ccf file. Default location: C:\Program Files\Foundstone\Configuration. Remove the database service dependencies for other McAfee Vulnerability Manager components running on the server. See the McAfee KnowledgeBase article KB60408 for detailed information. 2 After installing the database on the new server, open configuration manager and update the database information. In configuration manager, select Tools, then select Preferences. Select the Database tab and update the database information. McAfee Vulnerability Manager 7.5 Installation Guide 101

102 Appendix Using the United States Federal Information Processing Standard 3 Run McAfee Vulnerability Manager Update to ensure that McAfee Vulnerability Manager content has the latest information. Move the enterprise manager If you change the server the enterprise manager is running on, your existing report links no longer appear because the reports are stored on the enterprise manager server. After you move the enterprise manager, you should regenerate your reports to see them in the new portal. Changing the Foundstone Configuration Agent Settings All McAfee Vulnerability Manager components have a Foundstone Configuration Agent installed. The communication between each FCM Agent and the FCM Server is Port: 3801, (SSL over) TCP/IP. Some configuration agent settings can be changed using the Foundstone Configuration Agent Settings dialog box. Using the United States Federal Information Processing Standard The United States Federal Information Processing Standard (FIPS) is a security requirement for computers used by the United States federal government. The FIPS standard defines cryptographic algorithms and requirements for generating keys. McAfee Vulnerability Manager supports the use of the FIPS standard. Configuring IIS and SQL to be FIPS compliant For further information, see the Microsoft KB article about FIPS compliant mode. Note: FIPS requires Microsoft SQL 2005 SP1 or a later version of SQL server on a Windows 2003 based server. 1 Open the Local Security Policy, under Administrative Tools. 2 Select Start Control Panel Administrative Tools, then select Local Security Policy. 3 In the left pane, expand Local Policies, then select Security Options. 4 In the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing. 5 In the dialog box, select Enabled, select Apply, then click OK. 6 Close the Local Security Settings window. When the server operating system is configured for FIPS 140 compliant mode, McAfee Vulnerability Manager users cannot access the enterprise manager if TLS 1.0 is not enabled in their web browser. See the Enable TLS 1.0 on the client system procedure below for setting up client browsers. Enabling TLS 1.0 on the client system For further information, see the Microsoft KB article about FIPS security settings in Windows XP and later versions. McAfee Vulnerability Manager 7.5 Installation Guide 102

103 1 In Internet Explorer, select Tools, then select Internet Options. 2 Select the Advanced tab and navigate to Security. 3 Make sure the following checkboxes are selected: Use SSL 2.0 Use SSL 3.0 Use TLS Select Apply, then click OK. Appendix Using the United States Federal Information Processing Standard McAfee Vulnerability Manager 7.5 Installation Guide 103