McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide



Similar documents
McAfee Optimized Virtual Environments for Servers. Installation Guide

McAfee Host Data Loss Prevention 9.1 Cluster Installation Guide

McAfee epolicy Orchestrator 4.5 Cluster Installation Guide

McAfee VirusScan Enterprise for Linux Software

McAfee MOVE AntiVirus Multi-Platform 3.5.0

Release Notes McAfee Risk Advisor Software For use with epolicy Orchestrator and Software

Desktop Release Notes. Desktop Release Notes 5.2.1

McAfee Gateway 7.x Encryption and IronPort Integration Guide

McAfee Solidcore Change Reconciliation and Ticket-based Enforcement

Application Note. Configuring McAfee Firewall Enterprise for McAfee Web Protection Service

McAfee Agent Handler

Hardware Sizing and Bandwidth Usage Guide. McAfee epolicy Orchestrator Software

Release Notes for McAfee epolicy Orchestrator 4.5

McAfee Risk Advisor 2.7

epolicy Orchestrator Log Files

Installation Guide. McAfee Security for Microsoft Exchange Software

Recommended Recommended for all environments. Apply this update at the earliest convenience.

Total Protection Service

Product Guide Revision A. McAfee Secure Web Mail Client Software

McAfee Total Protection Service Installation Guide

Product Guide Revision A. McAfee Secure Web Mail Client Software

Release Notes for McAfee VirusScan Enterprise for Storage 1.0

Implementing McAfee Device Control Security

McAfee Security for Microsoft SharePoint User Guide

McAfee VirusScan Enterprise for Storage 1.0 Sizing Guide for NetApp Filer on Data ONTAP 7.x

Product Guide. McAfee Security-as-a-Service Partner SecurityDashboard 5.2.0

McAfee Host Data Loss Prevention Best Practices: Protecting against data loss from external devices

McAfee Endpoint Encryption for PC 7.0

McAfee MOVE AntiVirus 2.6.0

Data Center Connector for vsphere 3.0.0

Installation Guide. McAfee epolicy Orchestrator Software

McAfee MOVE AntiVirus (Agentless) 3.6.0

Application Note Configuring Department of Defense Common Access Card Authentication on McAfee. Firewall Enterprise

McAfee Cloud Identity Manager

Verizon Internet Security Suite Powered by McAfee User Guide

Installation Guide. McAfee SaaS Endpoint Protection 5.2.0

McAfee SiteAdvisor Enterprise 3.5 Patch 2

McAfee GTI Proxy Administration Guide

McAfee Solidcore Product Guide

Best Practices Guide. McAfee Endpoint Protection for Mac 1.1.0

McAfee Cloud Identity Manager

McAfee Public Cloud Server Security Suite

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version and earlier

Data Center Connector for OpenStack

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

McAfee SiteAdvisor Enterprise 3.5.0

Sophos Anti-Virus for NetApp Storage Systems startup guide

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1

For a list of supported environments for VirusScan Enterprise 8.7i on Microsoft Windows, see (McAfee) KnowledgeBase article KB51111.

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

McAfee epolicy Orchestrator

Setup Guide Revision B. McAfee SaaS Archiving for Microsoft Exchange Server 2010

Installation Guide. McAfee VirusScan Enterprise for Linux Software

Product Guide. McAfee Endpoint Protection for Mac 2.1.0

Product Guide. McAfee epolicy Orchestrator Software

McAfee Endpoint Security Software

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

Product Guide. McAfee SaaS Endpoint Protection 5.2.0

Setup Guide. Archiving for Microsoft Exchange Server 2010

McAfee Cloud Identity Manager

Pearl Echo Installation Checklist

McAfee VirusScan Enterprise 8.8 software Installation Guide

McAfee VirusScan Enterprise for Storage 1.1.0

Setup Guide. Archiving for Microsoft Exchange Server 2007

Installation Notes for Outpost Network Security (ONS) version 3.2

Core Protection for Virtual Machines 1

McAfee Content Security Reporter 2.0.0

Net Protector Admin Console

Sophos Enterprise Console server to server migration guide. Product version: 5.2

McAfee Client Proxy 2.0

Sophos for Microsoft SharePoint startup guide

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Release Notes for McAfee(R) VirusScan(R) Enterprise for Linux Version Copyright (C) 2014 McAfee, Inc. All Rights Reserved.

Release Notes for McAfee(R) GroupShield(TM) version Patch 1 for Microsoft Exchange. Copyright (C) 2011 McAfee, Inc. All Rights Reserved CONTENTS

Installing and Configuring vcenter Multi-Hypervisor Manager

Symantec AntiVirus Corporate Edition Patch Update

Antivirus Solution Guide for Clustered Data ONTAP 8.2.1: McAfee

McAfee VirusScan and epolicy Orchestrator Administration Course

McAfee MOVE / VMware Collaboration Best Practices

McAfee VirusScan Enterprise 8.8 software Product Guide

POC Installation Guide for McAfee EEFF v4.1.x using McAfee epo 4.6. New Deployments Only Windows Deployment

Quick Start Guide for VMware and Windows 7

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Product Guide. McAfee Endpoint Security for Mac Threat Prevention

Sophos Enterprise Console server to server migration guide. Product version: 5.1 Document date: June 2012

Product Guide. McAfee Endpoint Security 10

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2

McAfee UTM Firewall Control Center Product Guide. version 2.0

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started

Spector 360 Deployment Guide. Version 7

XenApp 7.7 Deployment ISO. 5 th January 2016

Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

Sophos Endpoint Security and Control standalone startup guide

Using McAfee VirusScan. Professional Edition Version 8.0. Software On a DX8000 DVR

McAfee Content Security Reporter Software

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Table of Contents. Introduction...9. Installation Program Tour The Program Components...10 Main Program Features...11

Transcription:

McAfee Optimized Virtual Environments - Antivirus for VDI Installation Guide

COPYRIGHT Copyright 2010-2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.. McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA Document Version: MOVE-AV-VDI_IG_1.0 Product Version: 1.6.0 Publication Date: January 20, 2011 iii

Table of Contents INTRODUCTION... 1 INSTALLATION OPERATIONS... 2 OVERVIEW... 2 PRODUCT COMPONENTS... 2 PREREQUISITES... 2 BEFORE YOU START... 3 INSTALLATION AND CONFIGURATION STEPS... 3 Download MOVE-AV for VDI Packages... 3 Install and Configure MOVE-AV for VDI Server... 3 Install the MOVE-AV for VDI Extension Package... 4 Add the MOVE-AV for VDI Agent Deployment Package to the epolicy Orchestrator Repository... 5 Install MOVE-AV Agent on Clients... 5 Configure MOVE-AV Policy... 6 PRODUCT UPGRADE... 8 Upgrade the MOVE-AV for VDI Server... 8 Upgrade the MOVE-AV for VDI Extension Package... 8 Upgrade the MOVE-AV Agent on Clients... 9 TESTING YOUR MOVE-AV AGENT INSTALLATION...10 UNINSTALL MOVE-AV COMPONENTS...11 Uninstall the MOVE-AV Extension...11 Uninstall MOVE-AV Agents from Virtual Machines...11 APPENDIX A: MOVE-AV FOR VDI WITH CITRIX XENDESKTOP AND PROVISIONING SERVER...13 APPENDIX B: TROUBLESHOOTING...14 iii

Introduction Traditional security solution for virtual environments needs an anti-virus application running on each virtual machine (VM) on a hypervisor, causing high usage of resources like disk, CPU and memory; resulting in a reduced VM density per hypervisor. McAfee Optimized Virtual Environments - Antivirus (MOVE-AV) solves this issue by offloading all On-access scanning to a dedicated VM that runs McAfee VirusScan Enterprise (VSE). So, the traditional anti-virus application is not required to be installed on each guest VM, resulting in improved performance and an increased VM density per hypervisor. The following figure summarizes the MOVE-AV deployment in a VDI environment: 1

Installation Operations Overview This chapter describes the installation of McAfee Optimized Virtual Environments - Antivirus for VDI (MOVE-AV for VDI). Product Components MOVE-AV for VDI requires the following components be installed and running to provide and manage operations: epolicy Orchestrator server and repository: The management tool that installs client software, pushes out new policies, monitors client activity, creates reports, and stores and sends out content and client updates. epolicy Orchestrator agent (CMA Agent): The server agent installed on a client computer that acts as the intermediary between the client and the epolicy Orchestrator console and database. It sends data to the client from the epolicy Orchestrator server and vice versa. MOVE-AV Extension: Provides the interface to the MOVE products in the epolicy Orchestrator console. MOVE-AV Server: This server is the dedicated VM machine that hosts VSE and all Onaccess virus scan requests of end-point virtual machines are served by this component. MOVE-AV Agent for Windows: The component which provides offloading of VSE On-access virus scans to the MOVE-AV Server. Prerequisites 1. An epolicy Orchestrator management server and database (epolicy Orchestrator 4.5 Patch 1 [Build 851] or later) For details on system requirements and instructions for setting up the epolicy Orchestrator environment, see the epolicy Orchestrator 4.5 Installation Guide. 2. A dedicated Windows 2008 (64-bit) virtual machine with McAfee VirusScan 8.7i Enterprise product package (version 8.7.0 Patch 3 or later) installed for MOVE-AV server installation with the following sizing: CPU One vcpu 2GHz or higher Memory 1 GB RAM or higher Free Disk Space 8 GB or higher 2

Other requirements Static IP address Note: MOVE-AV for VDI requires McAfee VirusScan 8.7i Enterprise engine version 5400 or later. Update the McAfee VirusScan 8.7i Enterprise installation to ensure the required engine version. 3. Windows XP SP2 or above (32-bit) or Windows 7 (32-bit and 64-bit) virtual machines as target virtual machines with epolicy Orchestrator 4.5 CMA installed Before You Start Ensure the following before starting installation and configuration of MOVE-AV for VDI: Remove any anti-virus software installed on the end-point virtual machines before deploying MOVE-AV. In case, VSE is installed, create a Product Deployment client task to remove VSE from every endpoint virtual machine. Installation and Configuration Steps Download MOVE-AV for VDI Packages Download the MOVE-AV for VDI software package (MOVE-AV-VDI_1.6.0.ZIP) and MOVE- AV for VDI documentation package (MOVE-AV-VDI_docs.ZIP) from the McAfee download site. The MOVE-AV for VDI software package (MOVE-AV-VDI-1.6.0.zip) contains the following: a) Installer for MOVE-AV Server (MOVE-AV-VDI_Server_Setup_x86.exe) b) MOVE-AV Agent Deployment Package (MOVE-AV-VDI_Agent_1600_WIN.zip) c) MOVE-AV Extension for epolicy Orchestrator (MOVE-AV-VDI_Ext_1.6.0.zip) Install and Configure MOVE-AV for VDI Server NOTE: For best performance in Virtual Desktop Infrastructure, we recommend an instance of the MOVE-AV Server to be installed for each hypervisor. Also, you can optionally configure a secondary MOVE-AV Server to create a High Availability configuration. Perform the following procedures at the virtual machine where the MOVE-AV Server is to be installed: 4. Install the MOVE-AV Server: a) Copy the MOVE-AV server installation file (MOVE-AV-VDI_Server_Setup_x86.exe) to the virtual machine where you want to install the MOVE-AV Server. b) Run the MOVE-AV server installation file. 3

c) Click on Accept license agreement. d) Enter customer information: user name and organization. e) Specify the preferred port where the MOVE-AV Server service will listen. By default, the service is configured to listen on port 9053. f) NOTE: MOVE-AV Server installer makes an exception entry in Windows Firewall settings on the MOVE-AV Server to allow communication on the specified port. In case any other firewall product is being used, please configure the firewall to allow communication on this port. g) Click Install. 5. Verify that the installation was successful: a) Confirm that the MOVE AV Server service is running from Services control panel. b) The following CLI access menu options have been added to the Start menu: Start > Programs > McAfee > MOVE AV Server Command Prompt 6. Make the following settings: Exclude the MOVE-AV scan items folder (C:\Program Files (x86)\mcafee\move AV Server\scanfiles) and its sub-folders in the VSE On-Access Scanner Exclusion List. It is recommended that you disable the option to scan processes on enable. Please refer to McAfee Knowledge Base Article for details: https://kc.mcafee.com/corporate/index?page=content&id=kb60651 Under VSE Access Protection, ensure that you do NOT choose the option common maximum protection->prevent creation of new executables files in program files folder Install the MOVE-AV for VDI Extension Package Use this procedure to install the MOVE-AV for VDI Extension package. The extension must be installed before epolicy Orchestrator can manage MOVE products. 1. Ensure that the extension file is in an accessible location on the network. 2. From the epolicy Orchestrator 4.5 console, select Menu Software Extensions. 3. The Extensions page opens, click Install Extension. 4. Browse to and select the MOVE-AV-VDI_Ext_1.6.0.zip file. 5. Click OK. 6. Verify that the MOVE-AV product name appears in the Extensions list. 4

Add the MOVE-AV for VDI Agent Deployment Package to the epolicy Orchestrator Repository Use the following procedure to add the MOVE-AV Agent deployment package into the epolicy Orchestrator software repository. 1. Select Menu Software Master Repository. The Packages in the Master Repository page appears. 2. Select Actions Check In Package. 3. Select the package type as Product or Update (.ZIP). 4. Browse to and select the MOVE-AV-VDI_Agent_1600_WIN.zip file. 5. Click Next. The Package Options page appears. 6. Confirm the following: Package Info: Confirm that this is the correct package. Branch: Select the desired branch - Current for new products. Package signing: This specifies if the package is signed by McAfee or is a thirdparty package. 7. Click Save to begin checking in the package. Wait while the package is checked in. The new package appears in Packages in Master Repository list on the Master Repository tab. Install MOVE-AV Agent on Clients This section assumes that you have added every virtual machine client on which the MOVE-AV software is to be installed to the System Tree in the epolicy Orchestrator console and have pushed the CMA agents to them. For details, refer to the epolicy Orchestrator Installation Guide and epolicy Orchestrator Product Guide. NOTE: This guide only specifies steps to perform on a single system. To perform these steps on multiple systems, please select the appropriate group in the system tree and choose Client Tasks. Use this procedure to install the MOVE-AV Agent on the virtual machine clients. 1. Select Menu Systems System Tree Client Tasks. Then click New Task. 2. The Client Task Builder - 1 Description page appears. 3. Type the name of the task, for example, Install MOVE-AV Agents on VM clients and add any descriptive information to the Notes field. 4. Select Product Deployment from the Type drop-down menu. Select Send this task to all computers. 5

5. Click Next. The Client Task Builder - 2 Configuration page appears. 6. Next to Target platforms, select Windows. 7. From the Products and components list, select the required version of the MOVE AV Agent and then: a) Set the Action to Install. b) Set the Language to English. c) Set Branch to Current. 8. Click Next. The Client Task Builder - 3 Schedule page appears. 9. Select Enabled for the schedule status. 10. From the Schedule type list, select the appropriate schedule. To deploy immediately, select Run Immediately. 11. Click Next. The Client Task Builder - 4 Summary page appears 12. Review and verify the details, then click Save. 13. If you scheduled the task to run immediately, perform an agent wake-up call. 14. To confirm that the MOVE-AV Agent has been successfully installed: a) Login to the MOVE-AV agent machine as a user with administrator privileges. b) Open the MOVE-AV agent Command Prompt and run: mvadm status You can also check that System Information and MOVE-AV properties are reported to the epolicy Orchestrator console. For details, see the epolicy Orchestrator Product Guide. Configure MOVE-AV Policy Perform the following steps to configure the MOVE-AV Policy: 1. Select Menu Policy Policy Catalog and then select MOVE AV. 2. Click New Policy. The Create New Policy dialog box appears. 3. Type a name for the new policy (for example, MOVE-AV Server Policy) and click OK. 4. The Policy Settings page opens. a) In the General tab: 6

Check the Enabled checkbox to ensure that the protection state is enabled. The protection state is disabled by default. Enter the Primary MOVE-AV Server s IP address, Secondary MOVE-AV Server s IP address (if any). Modify, if required, the Scan Timeout time: and Cache Scan Result of File Size Up to: settings. b) Click Save to save the policy. 5. Apply this policy on all target virtual machines. a) Click the appropriate group containing the virtual machines in the System Tree. b) Select Menu Systems System Tree Assigned Policies. c) Select MOVE-AV in Product. d) Under the Actions column of the McAfee Default policy, select Edit assignments. The Policy Assignments page opens. e) In Inherit from:, click Break inheritance and assign the policy and settings below option. f) In Assigned Policy:, select the MOVE-AV Server policy that you created earlier from the Assign Policy drop-down list. g) Click Save. h) To apply the policy immediately, perform an agent wake-up call. 6. To verify that the policy has been applied on a virtual machine, run the mvadm status command on the MOVE-AV agent CLI: C:\Program Files\McAfee\MOVE AV Agent>mvadm status Scan Configuration: Driver Status: Primary Server: Secondary Server: Protection Status: Enabled Driver is loaded 172.25.196.64:9054 [Active] 172.25.196.65:9053 [Standby] Enabled The output should list the IP Addresses of primary and secondary server and should show the various statuses as Enabled. 7

Product Upgrade Upgrade the MOVE-AV for VDI Server To upgrade the MOVE-AV server, complete the following steps on the virtual machine on which the server is installed: 1. Install the MOVE-AV Server: a) Copy the MOVE-AV server installation file (MOVE-AV-VDI_Server_Setup_x86.exe) to the virtual machine. b) Run the MOVE-AV server installation file. A message prompts you to confirm that you wish to upgrade the existing installation. c) Click Yes. d) Click Next. The wizard upgrades the server. e) Click Finish. 2. Verify that the upgrade was successful: a) Confirm that the MOVE AV Server service is running by using the Services control panel. b) Open the MOVE-AV Server Command Prompt and execute the following command to verify the MOVE-AV Server version: mvadm version Upgrade the MOVE-AV for VDI Extension Package Use this procedure to upgrade the MOVE-AV for VDI Extension package. 1. Ensure that the extension file is in an accessible location on the network. 2. From the epolicy Orchestrator 4.5 console, select Menu Software Extensions. 3. The Extensions page opens, click Install Extension. 4. Browse to and select the MOVE-AV-VDI_Ext_1.6.0.zip file. 5. Click OK. A warning message confirms that the selected extension replaces the existing extension package. 8

6. Click OK. 7. Optionally, if you are using the Citrix Profile Manager application, update the existing policies by adding UserProfileManager.exe to the Process Exclusions list (in the Scan Items tab). Save the policy and apply to the appropriate end points. Upgrade the MOVE-AV Agent on Clients Use this procedure to upgrade the MOVE-AV Agent on the virtual machine clients. 1. Disable the MOVE AV agent on the client by completing the following steps: a) Select Menu Policy Policy Catalog and then select MOVE AV. b) Update the existing policy applied on the client. c) On the General tab in the Policy Settings page, deselect that the Enabled checkbox to ensure that the protection state is disabled. d) Save and apply the policy to the clients. 2. Select Menu Systems System Tree Client Tasks. Then click New Task. 3. The Client Task Builder - 1 Description page appears. 4. Type the name of the task, for example, Install MOVE-AV Agents on VM clients and add any descriptive information to the Notes field. 5. Select Product Deployment from the Type drop-down menu. Select Send this task to all computers. 6. Click Next. The Client Task Builder - 2 Configuration page appears. 7. Next to Target platforms, select Windows. 8. From the Products and components list, select the required version of the MOVE AV Agent and then: a) Set the Action to Install. b) Set the Language to English. c) Set Branch to Current. 9. Click Next. The Client Task Builder - 3 Schedule page appears. 10. Select Enabled for the schedule status. 11. From the Schedule type list, select the appropriate schedule. To deploy immediately, select Run Immediately. 12. Click Next. The Client Task Builder - 4 Summary page appears 9

13. Review and verify the details, then click Save. 14. If you scheduled the task to run immediately, perform an agent wake-up call. 15. To confirm that the MOVE-AV Agent has been successfully upgraded: a) Login to the MOVE-AV agent machine as a user with administrator privileges. b) Open the MOVE-AV Agent Command Prompt and execute the following command to verify the MOVE-AV Agent version: mvadm version 16. Enable the MOVE AV agent on the client by completing the following steps: e) Select Menu Policy Policy Catalog and then select MOVE AV. f) Update the existing policy applied on the client. g) On the General tab in the Policy Settings page, select that the Enabled checkbox to ensure that the protection state is enabled. h) Save and apply the policy to the clients. You can also check that System Information and MOVE-AV properties are reported to the epolicy Orchestrator console. For details, see the epolicy Orchestrator Product Guide. Testing your MOVE-AV Agent installation Use this procedure to test whether the MOVE-AV Agent is installed correctly and can properly scan for malware: 1. On the virtual machine where the MOVE-AV Agent is installed and enabled, open an instance of Internet Explorer. 2. Open the following webpage: http://www.eicar.org/anti_virus_test_file.htm 3. Move down the webpage and locate the eicar.com.txt link. Click the link to download and execute the test virus file. NOTE: This test was developed by the European Institute for Computer Anti-Virus Research (EICAR). This file is not a virus it cannot spread, infect other files, or harm your system. 4. You should get a pop up message and the virus test file should be deleted from your system. This verifies that the anti-virus protection is enabled on the MOVE-AV Agent virtual machine. 10

Uninstall MOVE-AV Components Uninstall the MOVE-AV Extension Use the following steps to uninstall the MOVE-AV Extension: 1. Select Menu Software Extensions. The Extensions page opens. 2. From the Extensions tab under McAfee group, select MOVE-AV. 3. Click Remove. Uninstall MOVE-AV Agents from Virtual Machines To uninstall MOVE-AV Agents from virtual machines, you need to first modify the MOVE-AV policy to disable the MOVE-AV Agents and then create and apply a client task to uninstall the MOVE-AV Agents. Disable MOVE-AV Agents Use this procedure to disable the MOVE-AV Agents on the virtual machine clients. 1. Select Menu Policy Policy Catalog and then select MOVE AV. 2. In the Policy table, locate the MOVE-AV policy that was created to install MOVE-AV Agents on the virtual machine clients. Click Edit Settings. 3. In the Policy Details page, clear the Enabled checkbox. 4. Click Save. 5. To apply the policy immediately, perform an agent wake-up call. Uninstall MOVE-AV Agents Use this procedure to uninstall the MOVE-AV Agent on the virtual machine clients. 1. Select Menu Systems System Tree Client Tasks. Then click New Task. 2. The Client Task Builder - 1 Description page appears. 3. Type the name of the task, for example, Uninstall MOVE-AV Agents from VM clients and add any descriptive information to the Notes field. 4. Select Product Deployment from the Type drop-down menu. Select Send this task to all computers. 5. Click Next. The Client Task Builder - 2 Configuration page appears. 6. Next to Target platforms, select Windows. 11

7. From the Products and components list, select the MOVE AV Agent 1.0.0.xx and then: a) Set the Action to Remove. b) Set the Language to English. c) Set Branch to Current. 8. Click Next. The Client Task Builder - 3 Schedule page appears. 9. Select Enabled for the schedule status. 10. From the Schedule type list, select the appropriate schedule. To deploy immediately, select Run Immediately. 11. Click Next. The Client Task Builder - 4 Summary page appears 12. Review and verify the details, then click Save. 13. If you scheduled the task to run immediately, perform an agent wake-up call. 12

Appendix A: MOVE-AV for VDI with Citrix XenDesktop and Provisioning Server Steps to install MOVE-AV for VDI in a Provisioning Server-based Virtual desktop infrastructure deployment are as follows: 1. Boot the vdisk in Private Mode. 2. Install epolicy Orchestrator CMA agent on the vdisk, if not already installed. 3. Install MOVE-AV Agent from epolicy Orchestrator as described in Install MOVE-AV Agent on Clients. 4. Apply the MOVE-AV policy from epolicy Orchestrator as described in Configure MOVE- AV Policy and verify from epolicy Orchestrator that it has been applied successfully on vdisk. 5. Delete the Registry key named AgentGUID located under HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent (32-bit) or HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent (64-bit) 6. Shutdown the vdisk and re-configure the vdisk mode at Provisioning Server to bring vdisk back in the desired operational mode. 7. Power on all virtual machines with the updated vdisk. 13

Appendix B: Troubleshooting Common operating issues encountered in a MOVE-AV for VDI deployment can be resolved by performing the following checks: 1. Check that the MOVE-AV Server service is running and listening on the specified port. (Default port is 9053) 2. Check that the MOVE-AV agent is able to communicate with the MOVE-AV server on the specified port (default port is 9053). 3. Check the MOVE-AV Agent is enabled. You can confirm this by running the mvadm status command from MOVE-AV Agent CLI. Ensure that MOVE-AV Policy on epo is configured correctly Protection State is Enabled and MOVE-AV Server IP addresses are configured correctly. 4. Check that correct version of McAfee VirusScan Enterprise is installed and is working properly on the MOVE-AV Server virtual machine. 5. Check that MOVE-AV scan items folder and its sub-folders are excluded from McAfee VirusScan Enterprise On Access Scanner. 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information