Product Guide. McAfee Endpoint Security for Mac Threat Prevention 10.1.0

Product Guide McAfee Endpoint Security for Mac Threat Prevention 10.1.0

COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, epolicy Orchestrator, McAfee epo, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence, McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfee Total Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Contents Preface 7 About this guide.................................. 7 Audience.................................. 7 Conventions................................. 7 Find product documentation.............................. 8 1 Introduction 9 Why you need security for Mac............................. 9 Product features.................................. 10 Protecting your standalone Mac 2 Installing the software on a standalone Mac 13 Hardware and software requirements......................... 13 Install the software................................. 14 Install the software using wizard........................ 14 Install the software from the command line (silent installation)............ 14 Supported upgrades on a standalone Mac........................ 15 Upgrade the software on a standalone Mac.................... 16 Test the installation................................. 16 Test the Threat Prevention feature........................ 16 Default settings.................................. 16 Recommended post-installation tasks......................... 18 Uninstall the software from a standalone Mac...................... 18 3 Using the software on a standalone Mac 21 Security status................................... 21 View your Mac security status............................. 21 Recent events summary............................... 22 View event log................................... 22 Remove event log................................. 22 View the quarantined items............................. 23 Remove or restore the quarantined item........................ 23 Update the DAT and Engine............................. 24 Run a system scan................................. 24 Configure custom scan tasks............................. 24 Create a scan task.............................. 25 Change settings in an existing scan task..................... 25 Remove an existing scan schedule........................ 26 4 Configuring protection settings on a standalone Mac 27 General protection options.............................. 27 Enable or disable protection features...................... 27 Threat Prevention................................. 27 How Threat Prevention works.......................... 28 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 3

Contents Types of scan................................ 28 Configure on-access scan preferences...................... 30 Configure on-demand scan preferences...................... 31 Exclude files or directories from scanning..................... 32 Best practices for Threat Prevention....................... 33 Configure an update schedule............................. 34 Configure the repository list.......................... 34 Configure proxy settings............................ 35 Configure the DAT update schedule....................... 35 Debug logging................................... 36 Enable or disable debug logging......................... 36 5 Troubleshooting 37 Run the repairmsc utility.............................. 37 Protecting your managed Mac 6 Installing the software on a Mac managed with McAfee epo 41 System requirements................................ 41 Check in the package to the McAfee epo server..................... 42 Check in the package using Software Manager................... 42 Check in the package manually......................... 42 Install the extensions to the McAfee epo server..................... 42 Install the extensions using Software Manager................... 43 Install the extensions manually......................... 43 Install the client software on a managed Mac using the installation URL............ 43 Create an installation URL........................... 43 Install the software with an installation URL on a managed Mac............ 44 Deploy the software from McAfee epo......................... 44 Test the installation................................. 45 Remove the software from a managed Mac....................... 45 Remove the software extensions........................ 45 Remove the software............................. 46 7 Installing the software on a Mac managed with McAfee epo Cloud 47 McAfee epo Cloud components............................ 47 System requirements................................ 48 Installation overview................................ 48 Accessing the McAfee epo Cloud account........................ 49 Install the client software on a managed Mac using the installation URL............ 49 Create an installation URL........................... 49 Install the software with an installation URL.................... 50 Deploy the client software from McAfee epo Cloud.................... 50 8 Managing the software with McAfee epo and McAfee epo Cloud 51 Using Endpoint Security extensions as common extensions................. 51 Manage policies.................................. 51 Create or modify policies........................... 52 Assign policies................................ 52 Threat Prevention policy............................... 52 Configure On-Access Scan policy........................ 53 Configure On-Demand Scan policy (Full Scan)................... 55 Configure an On-Demand Scan policy (Quick Scan)................. 56 Exclude files or directories from scanning..................... 58 Schedule a full or quick scan on managed Mac................... 59 Schedule a custom on-demand scan....................... 60 4 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Contents Schedule the DAT update........................... 60 Queries and reports................................. 61 Queries for Threat Prevention.......................... 61 Other queries................................ 62 Index 63 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 5

Contents 6 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Preface This guide provides the information you need to work with your McAfee product. Contents About this guide Find product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who implement and enforce the company's security program. Users People who use the computer where the software is running and can access some or all of its features. Conventions This guide uses these typographical conventions and icons. Book title, term, emphasis Bold User input, code, message Interface text Hypertext blue Title of a book, chapter, or topic; a new term; emphasis. Text that is strongly emphasized. Commands and other text that the user types; a code sample; a displayed message. Words from the product interface like options, menus, buttons, and dialog boxes. A link to a topic or to an external website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 7

Preface Find product documentation Find product documentation After a product is released, information about the product is entered into the McAfee online Knowledge Center. 1 Go to the Knowledge Center tab of the McAfee ServicePortal at http://support.mcafee.com. 2 In the Knowledge Base pane, click a content source: Product Documentation to find user documentation Technical Articles to find KnowledgeBase articles 3 Select Do not clear my filters. 4 Enter a product, select a version, then click Search to display a list of documents. 8 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

1 Introduction 1 McAfee Endpoint Security for Mac Threat Prevention protects your Mac from viruses, spyware, trojan horses, and other malware threats. You can use the software on standalone and managed Mac systems. For a standalone Mac You or your Mac administrator can install the software and configure settings using the interface. For a managed Mac Your system administrator sets up and configures security policies using these servers. McAfee epolicy Orchestrator (McAfee epo ) McAfee epolicy Orchestrator Cloud (McAfee epo Cloud) Contents Why you need security for Mac Product features Why you need security for Mac Systems without protection might result in a security breach such as data loss, misuse of personal and business information, and system disorder. New products and technologies broaden opportunities for new security threats and challenges. The motive behind these threats is to interrupt and espionage your system or destruct the data and the system functionality completely. The targeted security threats devised by cyber criminals and hackers are evolving consistently and increasing the risk consistently. The analyst reports say that the overall malware samples reached more than 350 million implying the importance of securing your Mac from the threats. The list of threats and reported vulnerabilities that can harm your Mac are: Threat category Malware Spyware Potential threat Directs the user to access malicious items that can infect the Mac. Examples: Flashback Trojan, Fake AV Tracks every key you type to access sensitive information, such as user name and password and other personal details. Example: Keyloggers Botnet breakdowns Infects your system or network and controls it remotely to spread malware. Based on the modules that you have installed and enabled, McAfee Endpoint Security for Mac protects your Mac from malware, network threats, and web-based threats. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 9

1 Introduction Product features Product features These are the main features of McAfee Endpoint Security for Mac. Threat Prevention On-Access Scan Scans files and directories for threats whenever users access them. On-Demand Scan Schedules a scan on files and directories at specific times. Each on-demand scan contains its own policy settings. You can also run Full Scan or Quick Scan on a Mac. Exclusion of files and directories from scanning Excludes specific files and directories from on-access scanning and on-demand scanning using criteria such as file type, extension, file age, or wildcards. Option to scan network volumes, compressed files, and Apple emails Exclude or include mounted network volumes, compressed files, and Apple emails from scanning. Option to retain client-side exclusions Overwrites or retains the client exclusion list for on-access scanning in a managed environment. 5800 Engine support Pre-packaged with the latest 5800 engine that provides enhanced detection capabilities. Common Policy Self Protection Protects the security software files and folders from malware and from being changed or deleted. Password protection for client interface Configure different access levels for users as needed. You can also prevent users from changing the protection preferences. Password protection for uninstallation Set password protection for the client software to prevent removal of the software from the Mac. General Common extensions to manage Windows and Macintosh systems Use Endpoint Security extensions as common extensions to manage policies for your Windows and Mac systems. Common McAfee epo Dashboard and queries Use the McAfee epo dashboard to view the status of managed Mac and Windows systems. Turn off protection using the command-line option during product deployment You can disable Threat Prevention protection using the command-line option from the McAfee epo server when deploying the software on managed Mac systems. For more information about using the command-line option, see McAfee KnowledgeBase article KB85505. Support for McAfee epo Cloud Support for McAfee epo Cloud to manage policies for your Mac. Option to select protection modules You can install one or all protection modules on a standalone Mac as needed. Menulet for easy access of the software interface Easy access to the user interface by clicking the McAfee menulet from the status bar. Enable debug logging from client interface Enable debug logging for the modules that you have installed using the client interface. 10 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Protecting your standalone Mac Install the software, analyze the default settings, and configure protection preferences for your standalone Mac. Chapter 2 Chapter 3 Chapter 4 Chapter 5 Installing the software on a standalone Mac Using the software on a standalone Mac Configuring protection settings on a standalone Mac Troubleshooting McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 11

Protecting your standalone Mac 12 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

2 Installing the software on a standalone Mac Install the software on a standalone Mac using the wizard or from the command line. Contents Hardware and software requirements Install the software Supported upgrades on a standalone Mac Test the installation Default settings Recommended post-installation tasks Uninstall the software from a standalone Mac Hardware and software requirements Make sure that your standalone Mac meets these requirements for successful installation. Component Hardware Requirement Mac that can run the supported operating system configuration. Operating system El Capitan 10.11.x (client and server) If you are using McAfee Agent 5.x on your Mac, you must upgrade it to McAfee Agent 5.0.2 with Hotfix HF1085179 before upgrading the operating system to El Capitan. Otherwise, the communication between the McAfee epolicy Orchestrator (McAfee epo ) server and the Mac fails, and you would be unable to manage the Mac from the McAfee epo server. For more information about the McAfee Agent 5.0.2 known issues with El Capitan, see McAfee KnowledgeBase article KB83895. Yosemite 10.10.x (client and server) Mavericks 10.9.x (client and server) Browser Safari 7.1.x, 8.0.x, and 9.0.x McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 13

2 Installing the software on a standalone Mac Install the software Install the software Install the software on a standalone Mac using the wizard or the command line. s Install the software using wizard on page 14 The wizard guides you through the steps to install the software on your standalone Mac. Install the software from the command line (silent installation) on page 14 You can use the command line to install the software without user intervention. Install the software using wizard The wizard guides you through the steps to install the software on your standalone Mac. 1 Download McAfee-Endpoint-Security-for-Mac-<version>-standalone-<build_number.dmg to a temporary location on your Mac, then double-click it to mount. 2 Double-click McAfee-Endpoint-Security-for-Mac-<version>-standalone-<build_number.pkg to open the wizard. During the installation, the installer prompts you to select modules for installation. You can select one or multiple modules. To install a module later, you must start the installation wizard. If the modules are grayed out, it indicates that the installer has detected the competitor software on your Mac. You must uninstall it before installing the module. For more information, see McAfee Knowledgebase article KB78192. 3 Follow the prompts to install the software. To install the module that you have already installed, you must start the installation wizard, then select the module as needed. When you re-install the module, the protection settings that you configured previously are retained. Install the software from the command line (silent installation) You can use the command line to install the software without user intervention. 1 Download McAfee-Endpoint-Security-for-Mac-<version>-standalone-<build_number.dmg to a temporary location on your Mac, then double-click it to mount McAfee-Endpoint-Security-for-Mac-<version>-standalone-<build_number.pkg. 2 Copy the McAfee-Endpoint-Security-for-Mac-<version>-standalone-<build_number>.pkg file to a temporary location on your Mac. 3 Open a Terminal window and change the working directory to the one where you saved the McAfee-Endpoint-Security-for-Mac-<version>-standalone-<build_number>.pkg file. 14 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Installing the software on a standalone Mac Supported upgrades on a standalone Mac 2 4 Type the following command, then press return. sudo installer -pkg McAfee-Endpoint-Security-for-Mac-<version>-standalone-<build_number>.pkg.pkg target / 5 Type the administrator password, then press return. The following message appears. The Install was successful. To install individual protection module using the command-line, see McAfee KnowledgeBase article KB84772. Supported upgrades on a standalone Mac McAfee Endpoint Security for Mac supports upgrading the software and migrating the preferences from the previous versions of the software. You can upgrade the software from: McAfee Endpoint Protection for Mac 2.x McAfee Endpoint Security for Mac 10.0 McAfee VirusScan for Mac 9.x Upgrading from McAfee Endpoint Protection for Mac 2.x When you upgrade the software, the respective preferences are migrated according to the modules you select. When you upgrade the software from the previous version, the existing software is removed completely but the preferences for all modules are saved. When you install a module, the respective preferences are migrated. For example: If you select... Threat Prevention Migrated preferences... Anti-malware Since Application Protection module is not part of McAfee Endpoint Security for Mac, the Application Protection preferences are migrated only when you install the McAfee Application Protection 2.3 software. For more information, see McAfee Application Protection product guide. When you migrate the preferences from McAfee Endpoint Protection for Mac or McAfee VirusScan for Mac, the Quarantine scan action is migrated to Delete, and the Notify scan action is migrated to Deny. Upgrading from McAfee Endpoint Security for Mac 10.0 When you upgrade the software, the respective existing preferences are migrated according to the module you select. For example: If you select... Threat Prevention Migrated preferences... Threat Prevention Upgrading from McAfee VirusScan for Mac 9.x When you upgrade the software, the existing anti-malware preferences are migrated. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 15

2 Installing the software on a standalone Mac Test the installation Upgrade the software on a standalone Mac You can upgrade the software and migrate the existing configuration settings. Before you begin Before upgrading the software, make sure that your system meets all requirements. 1 Install the software using the wizard. For more information, see Install the software using wizard. 2 Make sure that all existing preferences are migrated to the new version. Test the installation Test the software to make sure that it is installed properly and can protect your Mac. s Test the Threat Prevention feature on page 16 Access the EICAR standard anti-virus test file to test the Threat Prevention feature. Test the Threat Prevention feature Access the EICAR standard anti-virus test file to test the Threat Prevention feature. This file is the combined effort by anti-virus vendors to implement one standard that customers can use to validate the anti-virus software. 1 Go to the EICAR website http://www.eicar.org. 2 Click DOWNLOAD ANTI MALWARE TESTFILE, then click DOWNLOAD. 3 From the Download area using the standard protocol http section, click the file eicar.com.txt. For the test to be successful, McAfee Endpoint Security for Mac displays a Notification 1 detection(s) found on your system. with the relevant details. Default settings Once installed, McAfee Endpoint Security for Mac starts protecting the Mac immediately based on the default configurations defined. Refer to these default settings, and configure them for your environment. General Feature Threat Prevention Default settings Enabled 16 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Installing the software on a standalone Mac Default settings 2 Threat Prevention Feature Threat Prevention Default settings On-Access Scan: Scan files while Write Maximum scan time for a file 45 seconds for a file. When a virus is found Clean If clean fails Delete When a spyware is found Clean If clean fails Delete Also scan: Archives & Compressed Files Disabled Apple Mail messages Disabled Network Volumes Disabled On-Demand Scan: When a virus is found Clean If clean fails Delete When a spyware is found Clean If clean fails Delete Archives & Compressed Files Enabled Apple Mail messages Enabled Network Volumes Disabled Exclusions None Update Feature Update Default settings In Repository List Repository Name McAfeeHttp, McAfeeFtp In Proxy Settings Proxy settings Do not use a proxy In Schedule Schedule Daily at 4:45 PM (local time) Logging Feature Logging Default settings In Enable Debug Logging Threat Prevention Disabled McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 17

2 Installing the software on a standalone Mac Recommended post-installation tasks Recommended post-installation tasks Perform these tasks to make sure that the protection configuration does not affect the business routines. Update the content files Perform an on-demand scan Threat Prevention Description After installation, McAfee Endpoint Security for Mac automatically updates the content files to protect the Mac from the latest threats. By default, this update is scheduled at 4.45 pm local time every day. When the files are updated for the first time, it may take longer time to download the full content. The subsequent updates will be incremental. You can view the content files last update details in the Console page. Run an on-demand-scan to scan the local volumes, after you install the software to clean the infected files that are not accessed by but reside in the Mac. Configure the On-Demand Scan task to define: The items to scan (files, folders, and drives) Set frequency of scan (daily, weekly, monthly, or immediately) Define the action when malware is found (Delete or Clean) McAfee Endpoint Security for Mac comes with the default settings. Verify that the default settings are consistent with your organization policies and provides complete protection against malware. Uninstall the software from a standalone Mac You can uninstall the software or specific modules from a Mac using the command line. Before you begin You must have administrator rights to uninstall the software. 18 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Installing the software on a standalone Mac Uninstall the software from a standalone Mac 2 1 Open a Terminal window. 2 Type the following command, then press return. To remove... All modules Threat Prevention module Use this command... sudo /usr/local/mcafee/uninstall EPM sudo /usr/local/mcafee/uninstall ThreatPrevention The uninstallation command is case sensitive. 3 Type the administrator password when prompted. When Uninstallation is enabled in Endpoint Security Common policy, uninstalling the software using the command line prompts you to type the password set by your McAfee epo server administrator. When the software is uninstalled, the following message appears: Product has been uninstalled successfully. When you uninstall the software, the McAfee Agent is not uninstalled from the system. This is because that it might be used by other products. Refer to the product guide of your McAfee Agent version for more information. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 19

2 Installing the software on a standalone Mac Uninstall the software from a standalone Mac 20 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

3 Using 3 the software on a standalone Mac Access the McAfee Endpoint Security for Mac Console page to view your Mac security status and events details. You can also view the quarantined items, configure scan schedules, and update the DAT and engine. Contents Security status View your Mac security status Recent events summary View event log Remove event log View the quarantined items Remove or restore the quarantined item Update the DAT and Engine Run a system scan Configure custom scan tasks Security status View the security status and the protection features that are enabled or disabled on your Mac. Use the dashboard to know the status of: Threat Prevention Firewall Web Control View your Mac security status The Status page displays the security status of your Mac, the protection modules installed, and their status. You can view recent events summary and the last successful DAT or Engine update time. The events that appear in the Status page are read-only. To view your Mac security status and the protection modules installed: 1 click the McAfee menulet on the status bar, select Console Status. The Status page also displays the protection modules that are installed on you Mac and their status. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 21

3 Using the software on a standalone Mac Recent events summary Recent events summary You can view the summary of recent five events in Status page. The events summary includes: Details of malware detected from on-access scan. Status of scan task with number of malware detected from on-demand scan. Threat Prevention update status with DAT version details. Recent events displays only the summary of events. To view the complete details of events, navigate to the Event Log page, then double-click the particular event. View event log View and analyze event log to understand the software activity information. The Event Log page displays all events with details for malware detection, scan schedules, and Threat Prevention update. 1 Click the McAfee menulet on the status bar, then select Console. 2 On the console dashboard, click Event Log. Twenty events are listed per page and you can use arrow keys to navigate through pages. 3 Double-click the event you want to view. Threat Prevention Update Displays the DAT version, engine version, and the status of the update. On-Access Scan Displays the application that accessed the malware, status of detection found, and total number of detections with the details. On-Demand Scan Displays number of files scanned, name and location of infected files, if found, and action taken. You can sort events based on Event, Type or Date & Time. Remove event log Remove event log from the History page. 1 Click the McAfee menulet on the status bar, then select Console. 2 On the console dashboard, click Event Log. 3 Click, type the administrator password, then click OK 4 Select the event, then click Delete. 22 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Using the software on a standalone Mac View the quarantined items 3 5 Click OK to remove the events. You can't restore the events once you remove them from the list. 6 Click to prevent further changes. View the quarantined items The Quarantine feature isolates dangerous or suspicious malware that could harm your Mac otherwise. 1 Click the McAfee menulet on the status bar, then select Console. 2 On the console dashboard, click Quarantine. The quarantine page displays the original path of items quarantined with date and time of the event. Remove or restore the quarantined item The Quarantine page displays the list of quarantined items with the path, date, and time. You can restore the quarantined items, only if you are sure that they are non-malicious items, otherwise you can remove them. Before you begin You must have administrator rights to remove or restore the quarantined item from the list. Before restoring an item, we recommend that you send it to McAfee Labs for testing. To submit a sample to McAfee Labs, see McAfee KnowledgeBase article KB68030. 1 Click the McAfee menulet on the status bar, then select Console. 2 On the console dashboard, click Quarantine. 3 Click, type the administrator password, then click OK. To restore, select the quarantined item, click Restore, then click OK to confirm. To remove, select the quarantined item, click Delete, then click OK to confirm. You can't restore the items that are deleted from the quarantined list. 4 Click to prevent further changes. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 23

3 Using the software on a standalone Mac Update the DAT and Engine Update the DAT and Engine Always keep the DAT and Engine up to date to protect your Mac from the latest threats. 1 Click the McAfee menulet on the status bar, then select Console. 2 On the console dashboard, click Update Now. 3 Click Start Update to initiate the DAT update task. Upon completion, the update summary appears with the engine version, DAT version, update status, and DAT creation date in the Threat Prevention Update section. You can view the status and details of Threat Prevention update event in the Event Log page. Run a system scan Perform an on-demand scan on specific files, directories, and local or network-mounted volumes immediately. 1 Click the McAfee menulet on the status bar, then select Console. 2 On the console, click Scan Now. 3 From the What to scan drop-down list, select items, then click Start Scan. You can select multiple items by clicking. Configure custom scan tasks Schedule and customize scan tasks based on your requirements, to scan specific files, folders, and volumes periodically. You can also modify or remove the existing schedule. For example, to scan your download folder and music library folder more frequently, you can define a scan schedule for only these two folders. s Create a scan task on page 25 Create scan tasks that automatically run at scheduled periods with the defined parameters. Change settings in an existing scan task on page 25 Change an existing scan schedule to add or remove locations or change the date and time. Remove an existing scan schedule on page 26 Remove the scan schedule when you no longer need it. 24 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Using the software on a standalone Mac Configure custom scan tasks 3 Create a scan task Create scan tasks that automatically run at scheduled periods with the defined parameters. 1 Click the McAfee menulet on the status bar, then select Console. 2 Click in the bottom left corner. 3 In the Scan Name field, type a name, then click Create. 4 From the What to scan drop-down list, select the items you want scan. Click or - to remove the location. Documents Scans the user documents folder. Desktop Scans files and folders in desktop. Users Scans the user directory. Applications Scans the applications folders. Localhost Scans the local host. Choose Allows you to select folder or file location to scan. 5 In the When to scan section, select a schedule for the scan task, then click Schedule Scan. Immediately Starts a scan task immediately. If you select to scan items immediately, click Start Scan. Once Scans the defined locations once at the scheduled date and time. Daily Scans the defined locations every day at the scheduled time. You can define the number of occurrence to run the daily scan task or select No End Date to run the schedule without any limit. Weekly Scans the defined locations on a scheduled day and time of every week. You can define the number of occurrence to run the weekly scan task or select No End Date to run the schedule without any limit. Monthly Scans the defined locations on a scheduled date and time of every month. You can define the duration or select No End Date to continue the schedule without any limit. 6 When you see a message that the scan task is scheduled, click OK. 7 Click Schedule Scan. Change settings in an existing scan task Change an existing scan schedule to add or remove locations or change the date and time. 1 Click the McAfee menulet on the status bar, then select Console. 2 On the console dashboard under Activity, click the scheduled task you want to modify. The scheduled task displays the Last Scan Time and Next Scan Time. 3 Click Modify Scan, make the needed changes, then click Schedule Scan. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 25

3 Using the software on a standalone Mac Configure custom scan tasks Remove an existing scan schedule Remove the scan schedule when you no longer need it. 1 Click the McAfee menulet on the status bar, then select Console. 2 On the console dashboard, select an existing scan schedule in the left pane. 3 In the bottom left corner of the console, click to remove the selected item. 26 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

4 Configuring 4 protection settings on a standalone Mac Use Preferences to configure protection settings for the installed modules. Contents General protection options Threat Prevention Configure an update schedule Debug logging General protection options Use the General tab options to enable the required protection preferences on your self-managed Mac. You can enable or disable protection for the modules that you have installed. Threat Prevention Firewall Web Control Enable or disable protection features Enable the protection feature as required for your environment. 1 Click the McAfee menulet on the status bar, then select Preferences. 2 On the General tab, click. 3 Type the password when prompted. 4 Enable or disable the protection as required. 5 Click to prevent further changes. Threat Prevention Threat Prevention protects your Mac from malware threats. Configure the Threat Prevention settings to define actions for on-access scanning and on-demand scanning, and to exclude files and paths from scanning. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 27

4 Configuring protection settings on a standalone Mac Threat Prevention How Threat Prevention works Threat Prevention protects your Mac from malware threats and unwanted programs by scanning items on your Mac. When enabled, the software scans files, folders on local, network-mounted volumes, and removable media whenever you access or create an item. McAfee Endpoint Security for Mac uses the latest engine that: Performs complex analysis using the malware definition files (DATs) Decodes the contents of the item you access Compares them with the known signatures stored in the DAT files to identify malware Use Threat Prevention preferences to configure actions for on-access scan, on-demand scan, or to exclude files or paths from scanning. Types of scan The software scans files on Mac in two ways, on-demand and on-access. On-access scan Scans files and folders for malware threats and unwanted programs whenever you access them, and takes actions according to the configuration. On-demand scan Scans files and folders for malware threats and unwanted programs at any time or at scheduled time. You can run on-demand scan in two ways. Scan all files Scans files and directories immediately for the locations you have selected in What to Scan. Schedule Scan Scans files and directories configured in What to Scan at the scheduled time. 28 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Configuring protection settings on a standalone Mac Threat Prevention 4 How on-access scan works This diagram shows how on-access scan works. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 29

4 Configuring protection settings on a standalone Mac Threat Prevention How on-demand scan works This diagram shows how on-demand scan works. Configure on-access scan preferences The on-access scan protects your Mac from threats in real time. It scans for malware whenever an item is read from or written to the hard disk, and takes action according to the configuration. 1 Click the McAfee menulet on the status bar, then select Preferences. 2 On the Threat Prevention tab, click, type the administrator password, then click OK. 30 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Configuring protection settings on a standalone Mac Threat Prevention 4 3 From the Scan files while drop-down list, select one of these options: Read Scans items when they are read from the hard disk. Write Scans items when they are written to the hard disk. Read & Write Scans items when they are read from or written to the hard disk. 4 In Maximum scan time (in seconds), specify the duration allowed to scan each file. You can specify a value between 10 and 9999. The default value is 45. When scanning exceeds the defined time, the software stops scanning the file. 5 From the When a virus is found drop-down list, select one of these options: Clean Clean the item that contains malware. Use the If clean fails drop-down list, to select a secondary action (Delete or Deny). Delete Deletes the item that contains malware. Deny Prevents the user from accessing files with detected threats. Although the software denies access to the file, it still resides in the system. Whenever you select the primary action as Clean or Delete, the item is quarantined by default. 6 From the When a spyware is found drop-down list, select one of these options: Clean Cleans the item that contains spyware. Use the If clean fails drop-down list, to select a secondary action (Deny, Delete, or Allow). Delete Deletes the item that contains spyware. Deny Prevents the user from accessing files with detected threats. Although the software denies access to the file, it still resides in the system. Allow Allows the user to access files with detected threats. Whenever you select the primary action as Clean or Delete, the item is quarantined by default. 7 In Also scan, select where you want to enable scanning: Archives & Compressed Files Apple Mail Messages Network Volumes When these options are selected, McAfee Endpoint Security for Mac detects the threat. But, the primary and secondary actions might vary depending on the options selected. 8 Click to prevent further changes. Configure on-demand scan preferences Schedule an on-demand scan to run immediately, at a scheduled time, or at regular intervals. For information about creating a scan task, see Create a scan task. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 31

4 Configuring protection settings on a standalone Mac Threat Prevention 1 Click the McAfee menulet on the status bar, then select Preferences. 2 On the Threat Prevention tab, click On-Demand Scan. 3 Click, type the administrator password, then click OK to open the On-Demand Scan page. 4 From the When a virus is found drop-down list, select one of these options: Clean Cleans the item that contains malware. Use the If clean fails drop-down list, to select a secondary action (Delete, Continue scanning) Delete Deletes the item that contains malware. Continue Scanning Continues scanning when a threat is detected. The detected threat still resides in the Mac. 5 From the When a spyware is found drop-down, select one of these options: Clean Cleans the item that contains spyware. Use the If clean fails drop-down list, to select a secondary action (Delete, Continue scanning). Delete Deletes the item that contains spyware. Continue scanning Continues scanning when a threat is detected. The detected threat still resides in the Mac. 6 In Also scan, select where you want to enable scanning: Archives & Compressed Files Apple Mail Messages Network Volumes 7 Click to prevent further changes. Exclude files or directories from scanning Exclude files and folder paths from an on-access scan or on-demand scan. 1 Click the McAfee menulet on the status bar, then select Preferences. 2 Click Threat Prevention, then click Exclusions. 3 Click, type the administrator password, then click OK. 4 Click in the bottom left corner. 5 Select the path of the required files and folders, then click Open. 32 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Configuring protection settings on a standalone Mac Threat Prevention 4 6 Select or deselect the On-Access Scan and On-Demand Scan options as needed. Double-click an item to change the name or path that appears in the exclusion list. Use regular expressions to exclude items from scanning. For example, to exclude all files in the desktop from scanning, specify the path as /Users/user/Desktop/* To remove the item from the exclusions list, select it, then click in the bottom left corner of the page (or press fn+delete). If you deselect the On-Access Scan and On-Demand Scan options for a path added to the exclusion list, the path is removed from the exclusion list immediately. 7 Click to prevent further changes. Best practices for Threat Prevention This section describes the best practices to define the preferences for scheduling an on-access scan and an on-demand scan. On-access scan preferences Always enable On-access-Scan because it checks every file the user accesses, and detects malware before it runs. Enable the scan option for the Network Volumes when needed, to scan files copied from or written to any network volumes. On-demand scan preferences Always enable the scan for Archives & Compressed Files while performing on-demand scan. This is recommended if you may have disabled scanning option for these files. On-demand scan schedule Schedule an on-demand scan during non-peak hours (for example, during weekends or maintenance period). When scheduling an on-demand scan for the first time, schedule a full on-demand scan of your entire hard disk. Exclusions You can add regular expressions that match required patterns to exclude multiple files and folders from being scanned. Here are some recommended exclusions: Microsoft Outlook database files Thunderbird database files Encrypted files Generic plist files such as Info.plist or version.plist for on-access scanning Here are some recommended exclusion examples using wildcards: To exclude files with the extension mdb, use *.mdb To exclude each user's Outlook Database files of different Microsoft Office versions, use /Users/*/ Documents/Microsoft\ User\ Data/Office\ *\ Identities/*\ Identity/* McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 33

4 Configuring protection settings on a standalone Mac Configure an update schedule To exclude all Info.plist under /Applications, use /Applications/*/Contents/Info.plist To exclude all version.plist under /Applications, use /Applications/*/Contents/version.plist To exclude files with the extensions jar, rar, or war under /private/var/tmp, use / private/var/tmp/*.?ar Configure an update schedule Configure the repository list that needs to be accessed to update the DAT or Engine, the proxy connection settings, and the update schedule. s Configure the repository list on page 34 Always keep your DAT file up to date to secure your Mac from the latest threats. Configure proxy settings on page 35 Configure Proxy settings if you use proxy servers to connect to the Internet for retrieving packages. Configure the DAT update schedule on page 35 Periodic DAT updates secure your Mac from latest threats. Configure the repository list Always keep your DAT file up to date to secure your Mac from the latest threats. The software is shipped with the configuration that allows access to the McAfee FTP server and HTTP server to download the latest DAT file while your Mac is connected to the Internet. 1 Click the McAfee menulet on the status bar, then select Preferences. 2 Click Update. 3 Click, type the administrator password, then click OK. 4 In Repository Name list box, on the Repository List tab: To add a repository. To delete an existing repository. To deprioritize repositories. To prioritize repositories. 5 In Repository Type, select FTP, HTTP, or a Local repository from where the latest DATs can be downloaded. 6 Specify a Repository URL, Port, User Name, and Password for the repository. 7 On the Schedule tab, define the schedule, then click Apply. 8 Click to prevent further changes. 34 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Configuring protection settings on a standalone Mac Configure an update schedule 4 Configure proxy settings Configure Proxy settings if you use proxy servers to connect to the Internet for retrieving packages. 1 Click the McAfee menulet on the status bar, then select Preferences. 2 Click Update, then click the Proxy Settings tab. 3 Click, type the administrator password, then click OK. 4 Select whether to use a proxy. Do not use a proxy Configure proxy settings manually 5 Select Use these settings for all proxy types to specify the same IP address and port number for all proxy types. 6 Select FTP or HTTP server, then type the IP address and port number of the selected server. 7 Select Use authentication, then type the user name and password for the server. 8 To bypass a proxy server for specific domains, select the Specify exceptions, then type the domain name. 9 Click to prevent further changes. Configure the DAT update schedule Periodic DAT updates secure your Mac from latest threats. 1 Click the McAfee menulet on the status bar, then select Preferences. 2 On the Update tab, click Schedule. 3 Click, type the administrator password, then click OK. 4 Click the drop-down list to select the update frequency, then click Apply. Never Never run the update We recommend not to use this option. Always keep your DAT and Engine up-to-date to protect your Mac from latest threats. Hourly To run the update on the selected hours. Daily To run the update daily at a specific time. Weekly To run the update weekly at a specified time on weekdays. Monthly To run the update once in a month at a specified time. 5 Click to prevent further changes. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 35

4 Configuring protection settings on a standalone Mac Debug logging Debug logging Debug logs provide important information that you can use for troubleshooting purposes. Enabling debug logs for a module logs details for all components of the module. For example, if you enable logging for Threat Prevention, logs are stored for on-access scanning and on-demand scanning activity. You can find the Threat Prevention logs at /var/log/system.log and /var/log/ McAfeeSecurity.log. You can identify and filter the Threat Prevention logs by its name MFE_AV. You can find the Firewall logs at /var/log/system.log. You can identify and filter the firewall logs by its name MFE_FW. You can find the Web Control logs at /var/log/mcafeesecurity.log. You can identify and filter the Web Control specific log by its name MFE_WC. Enable or disable debug logging Configure the debug logging option for the installed modules. 1 Click the McAfee menulet on the status bar, then select Preferences. 2 Click the Logging tab. 3 Click, type the administrator password, then click OK. 4 Select the modules as required. 5 Click to prevent further changes. 36 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

5 Troubleshooting Identify and troubleshoot issues when using McAfee Endpoint Security for Mac. Run the repairmsc utility Use the repairmsc utility to troubleshoot McAfee Endpoint Security for Mac issues. It generates diagnostic reports, which can be uploaded to the McAfee server for analysis. 1 Open a Terminal window, type the following command, then press return. /usr/local/mcafee/repairmsc 2 Type the administrator password when prompted, then press return. 3 Type Y to continue, then press return. A consolidated diagnostic report is generated in home directory for issue analysis. A list of issues appears with each category relating to a number from 1 to 8. 4 Type a number that best describes the issue, then press return. The repairmsc runs a repair utility based on the number selected and provides a solution. 5 Type y or n to confirm whether the issue was fixed, then follow the on-screen instructions. The report file repairmsc.zip is available in your home directory. (Users/<user>). Contact McAfee support for troubleshooting assistance. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 37

5 Troubleshooting Run the repairmsc utility 38 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Protecting your managed Mac Install the required extensions and deploy a security strategy to protect your managed Mac systems from threats. Chapter 6 Chapter 7 Chapter 8 Installing the software on a Mac managed with McAfee epo Installing the software on a Mac managed with McAfee epo Cloud Managing the software with McAfee epo and McAfee epo Cloud McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 39

Protecting your managed Mac 40 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

6 Installing the software on a Mac managed with McAfee epo Install the software on the McAfee epo server and deploy it to your managed Mac. Contents System requirements Check in the package to the McAfee epo server Install the extensions to the McAfee epo server Install the client software on a managed Mac using the installation URL Deploy the software from McAfee epo Test the installation Remove the software from a managed Mac System requirements Make sure that these requirements are met and you have administrator permission. Component Hardware Operating system Requirements Mac that can run with the supported operating system configuration. El Capitan 10.11.x (client and server) If you are using McAfee Agent 5.x on your Mac, you must upgrade it to McAfee Agent 5.0.2 with Hotfix HF1085179 before upgrading the operating system to El Capitan. Otherwise, the communication between the McAfee epolicy Orchestrator (McAfee epo ) server and the Mac fails, and you would be unable to manage the Mac from the McAfee epo server. For more information about the McAfee Agent 5.0.2 known issues with El Capitan, see McAfee KnowledgeBase article KB83895. Yosemite 10.10.x (client and server) Mavericks 10.9.x (client and server) Browser McAfee Agent McAfee epolicy Orchestrator Safari 7.1.x, 8.0.x, and 9.0.x McAfee Agent 5.0.2 with Hotfix HF1085179 and later 5.1.1 and later McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 41

6 Installing the software on a Mac managed with McAfee epo Check in the package to the McAfee epo server Check in the package to the McAfee epo server You can check in the package using the Software Manager or check in the package manually. s Check in the package using Software Manager on page 42 Check in, update, or remove McAfee Endpoint Security for Mac using the Software Manager. Check in the package manually on page 42 Check in the McAfee Endpoint Security for Mac deployment package to the epolicy Orchestrator Master Repository. Check in the package using Software Manager Check in, update, or remove McAfee Endpoint Security for Mac using the Software Manager. For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Software Software Manager. 3 From the Product Categories list under Software (By Label), select Endpoint Security, select the package file, then click Check in All. 4 On the summary page, accept the McAfee End User License Agreement, then click OK. Check in the package manually Check in the McAfee Endpoint Security for Mac deployment package to the epolicy Orchestrator Master Repository. For option definitions, click? in the interface. 1 Download the.zip file to a temporary location on the McAfee epo server. 2 Log on to the McAfee epo server as an administrator. 3 Select Menu Software Master Repository Check In Package. a For Package type, select Product or Update (.ZIP). b Click Choose File, select the file, click Choose, then click Next. 4 Select Current, then click Save. Install the extensions to the McAfee epo server Install the software on the McAfee epo server to configure and deploy policies for managed Mac. s Install the extensions using Software Manager on page 43 Install the extensions using the Software Manager. Install the extensions manually on page 43 Install Endpoint Security extensions on the McAfee epo server manually. 42 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Installing the software on a Mac managed with McAfee epo Install the client software on a managed Mac using the installation URL 6 Install the extensions using Software Manager Install the extensions using the Software Manager. For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu, Software, then click Software Manager. 3 From the Software Manager Product Categories Software (By Label), select Endpoint Security McAfee Endpoint Security 10.1.0, select from the right pane, then check in the extensions. Install the extensions manually Install Endpoint Security extensions on the McAfee epo server manually. You must install the extensions to enable the features of the product. For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Software Extensions, then click Install Extension. 3 Click Choose File and select the file that contains the extension, then click OK. When you install Endpoint Security extensions, policies and tasks from McAfee Endpoint Protection for Mac 2.x or McAfee VirusScan for Mac 9.x are not migrated. However, McAfee Endpoint Security for Mac 10.0 policies and tasks are migrated. Install the client software on a managed Mac using the installation URL McAfee epo administrators can create an installation URL to install Endpoint Security for Mac client software on managed Mac. s Create an installation URL on page 43 Create an installation URL and send it to the user to install McAfee Agent on a managed Mac. Install the software with an installation URL on a managed Mac on page 44 The Mac user can access the URL to install the client software on a managed Mac. Create an installation URL Create an installation URL and send it to the user to install McAfee Agent on a managed Mac. For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Dashboards, then select Getting Started with epolicy Orchestrator from the drop-down list. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 43

6 Installing the software on a Mac managed with McAfee epo Deploy the software from McAfee epo 3 On the Product Deployment page, click Start Deployment, define these settings, then click Deploy. System Tree Group McAfee Agent Software and Policies Auto Update 4 On the Initial Product Deployment Summary page, click OK. On the Dashboard page, the installation URL appears under Product Deployment section. 5 Email the URL with instructions to install the client software on the Mac to the user. After successful installation, McAfee Agent checks back with the McAfee epo server for assigned tasks for that system group, then installs the software accordingly. Install the software with an installation URL on a managed Mac The Mac user can access the URL to install the client software on a managed Mac. Before you begin Make sure that your managed Mac meets the hardware and software requirements. You must have an installation URL that you created or received from your administrator. For option definitions, click? in the interface. 1 Open a browser window, paste the installation URL in the address bar, then press Enter. 2 Follow the on screen instructions. If the installation does not start automatically, click Install. Deploy the software from McAfee epo Use McAfee epo to deploy the client software to systems in your network that are managed. For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Systems System Tree, then select a group or systems. 3 On the Assigned Client s tab, click Actions, then click New Client Assignment. 4 Complete these options, then click Create New : a For Product, select McAfee Agent. b For Type, select Product Deployment. 44 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Installing the software on a Mac managed with McAfee epo Test the installation 6 5 On the Client Catalog page: a Type a name for the task. b c Select Mac as the target platform. In Products and components, select the product, select Install as the action, then click Save. You can add more products by using. 6 In the Client Assignment Builder page: a Select the task, then click Next. b Schedule the task to run immediately, click Next to view a summary of the task, then click Save. 7 In the System Tree, select the systems or groups where you assigned the task, then click Wake Up Agents. 8 Select Force complete policy and task update, then click OK. Test the installation After deploying the software, verify that the client software is installed and updated correctly on managed Mac systems. For option definitions, click? in the interface. 1 Wait for client systems to report back to the McAfee epo server (typically after an hour). 2 On the McAfee epo console, select Menu Dashboards, then select Endpoint Security: Installation Status for a complete list of managed Mac and their installation status. Remove the software from a managed Mac Remove the client software from the managed Mac systems and remove the extensions from the McAfee epo server. s Remove the software extensions on page 45 Remove the McAfee Endpoint Security for Mac extensions from the McAfee epo server. Remove the software on page 46 Create a client task on the McAfee epo server to remove McAfee Endpoint Security for Mac from the managed Mac. Remove the software extensions Remove the McAfee Endpoint Security for Mac extensions from the McAfee epo server. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 45

6 Installing the software on a Mac managed with McAfee epo Remove the software from a managed Mac For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Software Extensions. 3 In the left pane, select the extension and click Remove. 4 Select Force removal, bypassing any checks or errors, then click OK. Remove the software Create a client task on the McAfee epo server to remove McAfee Endpoint Security for Mac from the managed Mac. For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Systems System Tree, then select a group or systems. 3 Click the Assigned Client s tab, then click New Client Assignment. 4 Complete these options, then click Create New. a For Products, select McAfee Agent. b For Type, select Product Deployment. 5 On the Client Catalog page: a Type a name for the task. b c Select Mac as the Target platform. In Products and components, select the product, select Remove as the action, then click Save. 6 On the Client Assignment Builder page: a Select the task, then click Next. b Schedule the task to run immediately. Click Next to view a summary of the task, then click Save. 7 In the System Tree, select the systems or groups for which you assigned the task, then click Wake Up Agents. 8 Select Force complete policy and task update, then click OK. 46 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

7 7 Installing the software on a Mac managed with McAfee epo Cloud Install and manage the software on a Mac that is managed with McAfee epo Cloud. McAfee epo Cloud is an extensible management platform that enables centralized policy management and enforcement of your security products and the systems where they are installed. It also provides comprehensive reporting and product deployment capabilities, all through a single point of control. Using McAfee epo Cloud, you can deploy security products, patches, and service packs to the managed systems in your network. Contents McAfee epo Cloud components System requirements Installation overview Accessing the McAfee epo Cloud account Install the client software on a managed Mac using the installation URL Deploy the client software from McAfee epo Cloud McAfee epo Cloud components These components make up McAfee epo Cloud software. McAfee epo Cloud The center of your managed environment. McAfee epo Cloud delivers security policies and tasks, controls updates, and processes events for all managed Mac. McAfee Agent A vehicle of information and enforcement between the McAfee epo Cloud and each managed Mac. The agent retrieves updates, ensures task implementation, enforces policies, and forwards events for each managed Mac. Master Repository The central location for all McAfee updates and signatures, residing on McAfee epo Cloud. The Master Repository retrieves user-specified updates and signatures from McAfee. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 47

7 Installing the software on a Mac managed with McAfee epo Cloud System requirements System requirements Make sure that your managed Mac meet these requirements, and you have a valid account with the McAfee epo Cloud. Component Hardware Requirements Mac that can run with the supported operating system configuration. Operating system El Capitan 10.11.x (client and server) If you are using McAfee Agent 5.x on your Mac, you must upgrade it to McAfee Agent 5.0.2 with Hotfix HF1085179 before upgrading the operating system to El Capitan. Otherwise, the communication between the McAfee epolicy Orchestrator (McAfee epo ) server and the Mac fails, and you would be unable to manage the Mac from the McAfee epo server. For more information about the McAfee Agent 5.0.2 known issues with El Capitan, see McAfee KnowledgeBase article KB83895. Yosemite 10.10.x (client and server) Mavericks 10.9.x (client and server) Browser Safari 7.1.x, 8.0.x, and 9.0.x Installation overview In McAfee epo Cloud environment, administrators can deploy the software remotely to managed Mac, or ask users to install it locally. McAfee sets up each McAfee epo Cloud account on an offsite management server and notifies the local administrator when products are ready to install on managed Mac systems. Administrators then typically create and send an installation URL to epolicy Orchestrator administrators for installation of client software on Mac systems. McAfee sends the credentials to you through registered email. If you have not previously activated and configured an account, see the McAfee epo Cloud product guide for instructions. McAfee Endpoint Security for Mac supports both URL installation and deployment tasks. As an administrator, you can choose the method that best suits your needs. 1 Make sure that all managed Mac systems meet the hardware and software requirements. 2 Open the management console. Open a browser and log on to your McAfee epo Cloud account. 3 Create the installation URL. 4 Send the installation URL to all Mac users to install the McAfee Agent and product software. 5 Deploy the client software with default or custom settings to managed Mac in one of these ways. Schedule product deployment tasks Run product deployment tasks to deploy the software on managed Mac. Create an installation URL Create an installation URL, then email it to users with instructions about installing the product on their Mac. Verify that the client software is installed and up to date on all managed Mac. 48 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Installing the software on a Mac managed with McAfee epo Cloud Accessing the McAfee epo Cloud account 7 Accessing the McAfee epo Cloud account These are the high level actions to set up the McAfee epo Cloud account. 1 The enterprise administrator requests access to use McAfee epo Cloud. 2 McAfee emails the McAfee epo Cloud URL and logon information to the enterprise administrator. 3 Log on to the McAfee epo Cloud server. Install the client software on a managed Mac using the installation URL epolicy Orchestrator administrators create an installation URL and send it to users to install the client software on managed Mac. s Create an installation URL on page 49 Create an installation URL to install the software on managed Mac. Install the software with an installation URL on page 50 The managed Mac user can install the software on a local Mac with an installation URL. Create an installation URL Create an installation URL to install the software on managed Mac. For option definitions, click? in the interface. 1 Log on to McAfee epo Cloud as an administrator. 2 Click Menu Getting Started Customize. 3 On the Customize Software Installation page, define these settings, then click Done. Group Name Type a name of the group. Operating System Select McAfee Agent for Mac. Software and Policies Select McAfee Endpoint Security software modules as required. Auto Update Select this option to download updates for the software. The default policies and tasks of the module are selected by default. 4 Click Done. 5 From the Dashboards drop-down list, select Getting Started with epolicy Orchestrator. On the right side pane under Getting Started, the URL that you created appears. 6 Email the URL with installation instructions to the Mac users. After successful installation, McAfee Agent checks back with the McAfee epo server for assigned tasks for that system group, then installs the software accordingly. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 49

7 Installing the software on a Mac managed with McAfee epo Cloud Deploy the client software from McAfee epo Cloud Install the software with an installation URL The managed Mac user can install the software on a local Mac with an installation URL. Before you begin Make sure that your Mac meets the hardware and software requirements. You must have an installation URL that you created or received from your administrator. For option definitions, click? in the interface. 1 Open a browser window, paste the installation URL in the address bar, then press Enter. 2 Follow the on-screen instructions. Deploy the client software from McAfee epo Cloud Deploy the client software to Mac systems in your network that are managed. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Select Menu Software Product Deployment 3 In the Product Deployment page, define these settings, then click Save. Name Language Description Branch Type Command line Auto Update Select the systems Package Select a start time 50 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

8 Managing 8 the software with McAfee epo and McAfee epo Cloud Integrate and manage McAfee Endpoint Security for Mac using McAfee epo or McAfee epo Cloud. The primary differences in managing policies in two environments are: McAfee epo Organizations maintain epolicy Orchestrator server in their premises and administrators check in and install the software on the server, create policy settings, and enforce them on multiple managed Mac systems using deployment tasks. McAfee epo Cloud McAfee or the service provider maintains the epo server including checking in and installing the software. After setting up the cloud account from McAfee or other service providers, local administrators create policies and enforce them on managed Mac systems using deployment tasks. For instructions about setting up and using epolicy Orchestrator and McAfee Agent, see the product guide for your version of the product. Contents Using Endpoint Security extensions as common extensions Manage policies Threat Prevention policy Queries and reports Using Endpoint Security extensions as common extensions Use Endpoint Security 10.1.0 or later extensions as common extensions to manage your Microsoft Windows and Macintosh systems. You can use Endpoint Security extensions to configure and deploy policies for your Macintosh and Windows systems. On each policy page, a tag Windows only indicates that the option is applicable only for Windows based systems. The policy options that don't contain any tag are applicable for both Windows and Mac systems. To view the Windows only tag in the policy and task options, you must have installed the licensing extension on your McAfee epo. For the list of features supported for Microsoft Windows and Macintosh operating system, see McAfee KnowledgeBase article KB84410. Manage policies McAfee Endpoint Security for Mac policies provide options to configure features, feature administration, and to log details on a managed Mac. You can find these policies on the Policy Catalog page under Product: McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 51

8 Managing the software with McAfee epo and McAfee epo Cloud Threat Prevention policy Endpoint Security Threat Prevention Endpoint Security Firewall Endpoint Security Web Control Endpoint Security Common Configure these policies with your preferences, then assign them to groups of the managed Mac. For generic information about policies, see the product guide for your version of epolicy Orchestrator. Create or modify policies You can create and edit policies for a specific group in the System Tree. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 From the Policy Catalog, select a Product and Category. 3 Perform these steps to create or modify a policy. To create a policy 1 Click New Policy. 2 Type the Policy Name. To modify a policy 1 Click the policy you want to modify. 2 Modify the settings. 3 Click OK. 4 Configure the settings. 4 Click Save. Assign policies When you have created or modified policies, assign them to the systems that are managed by epolicy Orchestrator. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Navigate to System Tree, select a group or systems, then click the Assigned Policies tab. 3 Select a product from the product list, select a policy, then click Edit Assignment. 4 Select the policy to assign, select appropriate inheritance options, then click Save. Threat Prevention policy Threat Prevention checks for malware and other threats by scanning items on your managed Mac systems. Use Endpoint Security Threat Prevention policy to configure scanning settings for your managed Mac. 52 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Managing the software with McAfee epo and McAfee epo Cloud Threat Prevention policy 8 Product Category Available options Endpoint Security Threat Prevention On-Access Scan Enable or disable on-access scanning on managed Mac. Specify time limit to scan each file. Specify when to scan files. Scan specific types of files. Define actions for detected items and unwanted programs. Exclude files and directories. On-Demand Scan Run full scan and quick scan on managed Mac. Scan specific directories and their subdirectories. Scan specific types of files. Define actions for detected items and unwanted programs. Exclude files and directories from scanning. For the list of features supported for Microsoft Windows and Macintosh operating system, see McAfee KnowledgeBase article KB84410. Configure On-Access Scan policy Create an on-access policy to enable or disable on-access scan, define scanning time limit for each file, and to define exclusions. For option definitions, click? in the interface. 1 Log on to epolicy Orchestrator server as an administrator. 2 From the Policy Catalog, select Endpoint Security Threat Prevention as the product, then select On-Access Scan as the category. 3 Click New Policy, type a name for the policy, then click OK. 4 Click the policy that you created, click Show Advanced. 5 In the On-Access Scan section, define these settings. In... On-Access Scan Process Settings Configure... Enable On-Access Scan Enables or disables on-access scanning on managed Mac. Specify maximum number of seconds for each file scan Specify the scan timeout value to scan each item. If you unselect this option, the value is set to 45 seconds. Use Standard settings for all processes Applies standard settings when performing on-access scanning. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 53

8 Managing the software with McAfee epo and McAfee epo Cloud Threat Prevention policy In... Configure... In the Standard process type: In Specify when to scan: When writing to disk Scans files when they are written to. When reading from disk Scans all files when they are read. Let McAfee decide Scans files when written to or read. On network drives Scans files in mounted-network volumes. In File type to scan: All files Scans files with any extension. Default and specified file types Scans files with extensions defined in the software, and the extensions you specify. For the list of the default file types, see McAfee KnowledgeBase article KB 84411. Also scan for macros in all files Scans macros in the files. Specified file types only Scans only files with extensions that you specify, and optionally, files with no extension. In Specify what to scan: Compressed archive files Scans the contents of compressed archive files. Scanning compressed archive files requires additional time. Compressed MIME-encoded files Scans Apple email messages. Detect unwanted programs Enables the scanner to detect potentially unwanted programs. In Actions Threat detection first response: Deny access to files Prevents users from accessing any files with potential threats. Delete files Deletes files that contain malware. Clean files Removes threats from the detected file. You can also configure a secondary response using the If first response fails option, in case the primary response is unsuccessful. In Unwanted program first response: Clean files Removes the threat from the detected file. Delete files Deletes the file that contains threats. Deny access to files Prevents users from accessing files with potential threats. Allow access to files Allows users to access the detected file. You can also configure a secondary response using the If first response fails option, in case the primary response is unsuccessful. In the Exclusions section, click: Add To add files to the exclusion list. Edit To edit the exclusion settings. Delete To remove the selected item from the exclusion list. Clear All To remove all items from the exclusion list. 54 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Managing the software with McAfee epo and McAfee epo Cloud Threat Prevention policy 8 In... Configure... Enable Overwrite exclusions configured on the client to overwrite the exclusions list created by the managed Mac user. For more information about configuring exclusions, see Exclude files or directories from scanning. 6 Click Save. Configure On-Demand Scan policy (Full Scan) Configure On-Demand Full Scan policy settings for your managed Mac. For option definitions, click? in the interface. 1 Log on to epolicy Orchestrator as an administrator. 2 From the Policy Catalog, select Endpoint Security Threat Prevention as the product, then select On-Demand Scan as the category. 3 Click New Policy, type a name for the policy, then click OK. 4 Click the policy that you created, click the Full Scan tab, then define these settings. In... Full Scan Configure... Detect unwanted programs Enables the scanner to detect potentially unwanted programs. Decode MIME encoded files Scans Apple mail messages. Scan inside archives Scans the contents of compressed archive files. Scanning compressed archive files requires additional time. Find unknown program threats Detects files that contain code resembling malware. Find unknown macro threats Detects unknown macro threats. Scan Locations Scan subfolders Examines all subfolders in the specified volumes when any of these options are selected. Home folder Temp folder User profile folder File or folder All local drives All fixed drives All removable drives All mapped drives You can add locations by clicking. Click to remove the locations from scanning. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 55

8 Managing the software with McAfee epo and McAfee epo Cloud Threat Prevention policy In... File Types to Scan Configure... All files Scans all files regardless of extension. McAfee strongly recommends that you enable All files to make sure that no malware threat resides in your managed Mac systems. Default and specified file types Scans files with extensions defined in the software and extensions you specify. For the list of the default file types, see McAfee KnowledgeBase article KB 84411. Also scan for macros in all files Enables scanning for macros in all files. Specified file types only Scans only files with extensions that you specify. Select Include files with no extension to scan files that contains no extension. Exclusions Actions In the Exclusions section, click: Add To add files to the exclusion list. Edit To edit the exclusion settings. Delete To remove the selected item from the exclusion list. Clear All To remove all items from the exclusion list. For more information about configuring exclusions, see Exclude files or directories from scanning. In Threat detection first response: Continue scanning Continues scanning files when a threat is detected. The scanner doesn't move items to the quarantine. Clean files Removes the threat from the detected file. Delete files Delete the file that contains malware. You can also configure a secondary response using the If first response fails option, in case the primary response is unsuccessful. In Unwanted program first response: Continue scanning Continues scanning files when a threat is detected. The scanner doesn't move items to the quarantine. Clean files Removes the threat from the detected file. Delete files Delete the file that contains malware. You can also configure a secondary response using the If first response fails option, in case the primary response is unsuccessful. 5 Click Save. For scheduling the task, see the product guide for your version of McAfee epolicy Orchestrator. Endpoint Security for Mac does not support the Right-Click Scan option. Configure an On-Demand Scan policy (Quick Scan) Configure an On-Demand Quick Scan policy settings for your managed Mac. 56 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Managing the software with McAfee epo and McAfee epo Cloud Threat Prevention policy 8 For option definitions, click? in the interface. 1 Log on to the McAfee epo server as an administrator. 2 From the Policy Catalog, select Endpoint Security Threat Prevention as the product, then select On-Demand Scan as the category. 3 Click New Policy, type a name for the policy, then click OK. 4 Click the policy that you created, click the Quick Scan tab, then define these settings. In... Quick Scan Configure... Detect unwanted programs Enables the scanner to detect potentially unwanted programs. Decode MIME encoded files Scans Apple mail messages. Scan inside archives Scans the contents of compressed archive files. Scanning compressed archive files requires additional time. Find unknown program threats Detects files that contain code resembling malware. Find unknown macro threats Detects unknown macro threats. Scan Locations File Types to Scan Scan subfolders Examines all subfolders in the specified volumes when any of these options are selected. Home folder Temp folder File or folder All removable drives Select the directory from the Specify locations drop-down list. You can add directories by clicking. Click to remove the directory from scanning. All files Scans all files regardless of extension. McAfee strongly recommends that you enable All files to make sure that no malware threat resides in your managed Mac. Default and specified file types Scans files with extensions defined in the software and extensions you specify. For the list of the default and specified file types, see McAfee KnowledgeBase article KB 84411. Also scan for macros in all files Enables scanning for macros in all files. Specified file types only Scans only files with extensions that you specify. Select Include files with no extension to scan files that contains no extension. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 57

8 Managing the software with McAfee epo and McAfee epo Cloud Threat Prevention policy In... Exclusions Actions Configure... In the Exclusions section, click Add To add files to the exclusion list. Edit To edit the exclusion settings. Delete To remove the selected item from the exclusion list. Clear All To remove all items from the exclusion list. For more information on configuring exclusions, see Exclude files or directories from scanning. In Threat detection first response: Continue scanning Continues scanning files when a threat is detected. The scanner doesn't move items to the quarantine. Clean files Removes the threat from the detected file. Delete files Deletes the file that contains malware. You can also configure a secondary response using the If first response fails option, in case the primary response is unsuccessful. In Unwanted program first response: Continue scanning Continues scanning files when a threat is detected. The scanner doesn't move items to the quarantine. Clean files Removes the threat from the detected file. Delete files Deletes the file that contains malware. You can also configure a secondary response using the If first response fails option, in case the primary response is unsuccessful. 5 Click Save. For scheduling the task, see the product guide of your version of McAfee epolicy Orchestrator. Endpoint Security for Mac does not support the Right-Click Scan option. Exclude files or directories from scanning Exclude files or directories from on-access scanning and on-demand scanning. For option definitions, click? in the interface. 1 Log on to epolicy Orchestrator as an administrator. 2 From the Policy Catalog, select Endpoint Security Threat Prevention as the product, then select On-Access Scan or On-Demand Scan as required. 3 Click the policy, then click Show Advanced. If you haven't created a policy, click New Policy, type a name for the policy, then click OK. 4 In the Exclusion area under Process Settings, click Add and define these settings as required, then click Save. 58 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Managing the software with McAfee epo and McAfee epo Cloud Threat Prevention policy 8 In... What to exclude Configure... Pattern (can include wildcards * or?) Specifies the file pattern to exclude. For example, to exclude all files in the desktop from scanning, specify the path as / Users/user/Desktop/* Also exclude subfolders Excludes files and directories from the specified location. File type (can include wildcard?) Excludes files that contains the extension. File Age Excludes files based on their age in terms of creation date and modified date. Modified Excludes files that were edited earlier to the days specified in the Minimum age in days field. Created Excludes files that were created earlier to the days specified in the Minimum age in days field. Accessed Excludes files that were accessed earlier to the days specified in the Minimum age in days field. The Accessed option is applicable for On-Demand Scan policies only. Select the option Overwrite exclusions configured on the client to overwrite the client exclusion list. You can apply this option for On-Access Scan policies only. When to exclude On read Excludes from scanning when the file is accessed. On write Excludes from scanning when the file is changed. These two options are applicable for On-Access Scan policies only. Schedule a full or quick scan on managed Mac Schedule an on-demand scan to detect malware threats in the managed Mac. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Click Menu Systems System Tree, then select a group or systems. 3 Click the Assigned Client s tab, then click Actions New Client Assignment. a For Product, select Endpoint Security Threat Prevention. b For Type, select Policy Based On-Demand Scan, then select the task from the Name list. 4 Click Next. 5 Define these parameters, then click Next. Schedule status Start time Schedule type runs according to Effective period Options 6 In the Summary page, click Save. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 59

8 Managing the software with McAfee epo and McAfee epo Cloud Threat Prevention policy 7 In the System Tree, select the systems or groups where you assigned the task. 8 In the right pane, click the Group Details tab, then click Wake Up Agents. 9 In Force policy update, select Force complete policy and task update, then click OK. Schedule a custom on-demand scan Schedule a custom on-demand scan for managed Mac. For option definitions, click? in the interface. 1 Log on to epolicy Orchestrator as an administrator. 2 Click Menu Client Catalog. 3 In Client Types, expand Endpoint Security Threat Prevention, select Custom On-Demand Scan, then click New. 4 Select Custom On-Demand Scan from the Type drop-down list. 5 Define these settings, then click Save. Name File Types to Scan Description Exclusions Scan Options Actions Scan Locations 6 In the Client Catalog page, select the custom scan that you created, click Assign, select a group to assign the task, then click OK. 7 In the Select page, define the settings, then click Next. 8 In the Schedule page, define the settings, then click Next. 9 In the Summary page, review the settings, then click Save. Schedule the DAT update Schedule an update to keep the content files and engine up to date. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Click Menu Systems System Tree, then select a group or systems. 3 On the Assigned Client s tab, click Actions, then select New Client Assignment. a For product, select McAfee Agent. b c For Type, select Product Update. Click Create New to open the Client Catalog. 60 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Managing the software with McAfee epo and McAfee epo Cloud Queries and reports 8 d e Type a name for the task, select Mac Engine and DAT in Signatures and engines from Package types, then click Save. The task is listed under Name. Select the task, then click Next. 4 On the Schedule page, define the schedule for the task. a In the System Tree, select the systems or groups where you want to assign the task. b Set these values, then click Next. Schedule status Start time Schedule type runs according to Effective period Options 5 On the Summary page, click Save. 6 In the right pane, select Group Details, then click Wake Up Agents. 7 In Force policy update, select Force complete policy and task update, then click OK. Queries and reports Run predefined queries to generate reports, or modify them to generate custom reports. Queries for Threat Prevention Here is the list of queries that you can view or customize for Threat Prevention. Query... Endpoint Security Threat Prevention: Hotfixes Installed Endpoint Security Threat Prevention: On-Access Scan Compliance Status Endpoint Security Threat Prevention: Duration of Completed Full Scans in the Last 7 Days Endpoint Security Threat Prevention: Systems Not Completed a Full Scan in the Last 7 Days Endpoint Security Threat Prevention: Systems Not Completed a Full Scan in the Last Month Endpoint Security Threat Prevention: Duration of Completed Quick Scans in the Last 7 Days Endpoint Security Threat Prevention: Detection Response Summary Endpoint Security Threat Prevention: Threats Detected Over the Previous 2 Quarters Endpoint Security Threat Prevention: Threat Count by Severity Endpoint Security Threat Prevention: Top 10 Detected Threats Endpoint Security Threat Prevention: Top 10 Threat Sources Displays... The hotfixes installed for the software. This is the On-Access Scan compliance status. The duration of completed Full Scan in the last seven days. The number of systems that have not completed a Full Scan in the last seven days but within the last month. The number of systems that have not completed a Full Scan in the last month. The duration of completed Quick Scan in the last seven days. The number of threats on which an action was taken (Clean, or Delete), versus the number threats on which no action was taken, in the last three months. The threats detected in the previous two quarters. No cookies. Slice count is the number of events. Slices are the different event severities. All in the last three months. The top ten detected items in the last three months. The top ten computers which are the source for a threat in the last three months. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 61

8 Managing the software with McAfee epo and McAfee epo Cloud Queries and reports Query... Endpoint Security Threat Prevention: Top 10 Computers with the Most Detections Endpoint Security Threat Prevention: Top 10 Threats Per Threat Category Endpoint Security Threat Prevention: Top 10 Users with the Most Detections Displays... The top ten computers with the most detections in the last three months. The top ten threats per threat category in the last three months, grouped by threat category then by threat name. The top ten users with the most detections in the last three months. Other queries Run these queries to generate reports, or modify them to generate custom reports. Query.. Endpoint Security: Top Infected Users in the Last 7 Days Endpoint Security: Primary Vectors of Attack in the Last 7 Days Endpoint Security: Top Threats in the Last 48 Hours Endpoint Security: Threats Detected in the Last 24 Hours Endpoint Security: Threats Detected in the Last 7 Days Endpoint Security: Summary of Threats Detected in the Last 24 Hours Endpoint Security: Summary of Threats Detected in the Last 7 Days Endpoint Security: Currently Enabled Technology Endpoint Security: Policy Compliance by Computer Name Endpoint Security: Policy Compliance by Policy Name Endpoint Security: Self Protection Compliance Status Endpoint Security Platform: Hotfixes Installed Endpoint Security: Installation Status Report Displays... The list of top infected users in the last seven days. The list of Primary Vectors of Attack in the last seven days. The list of top threats in the last forty-eight hours. The number of threat events generated in the last twenty-four hours. The number of threat events generated in the last seven days. The summary of threats detected in the last twenty-four hours. The summary of threats detected in the last seven days. The list of technology that are currently enabled on each managed Mac. Two lists of computers which do and do not have the latest policy applied. A boolean pie chart showing which policies have and have not been updated on the client Mac. The list of self-protection compliance status report. The list of hot fixes installed for the software. The stacked bar chart of multiple modules and their installation status. 62 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

Index A about this guide 7 anti-malware best practices 33 configuring anti-malware 33 defining exclusions 32 B browser supported versions 41 C check-in package, epolicy Orchestrator checking in package 42 client software installation 49 installing using url 44 installing with URL 50 command-line installation 14 configuration proxy settings 35 repository list 34 scan task 24 scheduling anti-malware engine update 35 content files update, epolicy Orchestrator scheduling 60 conventions and icons used in this guide 7 creation installation url 49 D DAT update, epolicy Orchestrator scheduling 60 debug log enabling debug log 36 default settings firewall 16 general 16 repository list 16 threat prevention 16 web control 16 deployment, epolicy Orchestrator 44 detection status viewing detection details 22 documentation audience for this guide 7 product-specific, finding 8 typographical conventions and icons 7 E events viewing summary 22 F features product 10 protection, viewing status 21 I installation client software 43, 44, 49 command line 14 extensions 42 silent 14 testing 16 using software manager 43 using url 44 using URL 50 using urls 43 using wizard 14 installation URLs McAfee epo cloud 49 installation, standalone Mac command line 14 wizard 14 M malware quarantine 23 removing quarantined items 23 restoring quarantined items 23 managed environment hardware requirements 41 software requirements 41 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide 63

Index McAfee ServicePortal, accessing 8 N need for security 9 O on-access scan 30 on-demand scan 24 configuring preferences 31 creating a task 25 removing scan task 26 scheduling custom scans 60 scheduling for standalone Mac 25 scheduling from epolicy Orchestrator 59 on-demand-scan viewing detection details 22 P package checking in 42 packages checking in 42 policies assign 52 create 52 management 51 modify 52 post installation tasks 18 Q quarantine malware 23 removing malware 23 restoring malware 23 R removal of quarantined item 23 removal of software 46 removal of software extension 45 requirements browser 13 requirements (continued) hardware 13, 41 operating system 13 software 41 S scan scheduling custom scans 60 scan task create 25 modify 25 ServicePortal, finding product documentation 8 silent installation 14 software repair 37 updating DAT files 24 status scan task 22 viewing events summary 21 viewing protections enabled 21 viewing security status 21 summary viewing recent events 21 system requirements managed Mac 48 T technical support, finding product information 8 U urls installing client software 43 W workflow on-access scanning 29 on-demand scanning 30 64 McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide

0-00