THE CHINESE UNIVERSITY OF HONG KONG Installation Procedure For McAfee Agent Prepared by Information Technology Services Centre The Chinese University of Hong Kong Version 1.1 August 2014 For enquiries, please write to ITSC Service Desk http://servicedesk.itsc.cuhk.edu.hk
Table of Contents 1. Introduction... 3 2. Prerequisite... 3 2.1. Upgrade Kaspersky Endpoint Security to 10.2.1.23 with selected components... 3 2.2. Prepare the McAfee Agent Installation Package... 3 2.3. Preparation for Drive Encryption (for Laptops)... 3 3. Quick Instruction Guide... 4 4. Check if correct Kaspersky components are installed... 5 5. Installing McAfee Agent... 8 5.1. The installation... 8 5.2. Synchronize policies and information with central management server... 9 6. Post-Installation - Procedure of Trusting McAfee agent in Kaspersky.... 10 7. File and Removable Media Protection (FRP)... 16 7.1. The installation... 16 7.2. Check the status... 16 7.3. Change USB Password... 17 8. Drive Encryption (DE)... 19 8.1. The installation... 19 8.2. Check the status... 19 2
1. Introduction Installation Procedure for McAfee Agent v1.1 This document describes the procedure for installing McAfee agent to Departmental Desktop PCs and Laptop computers running Windows 7, 8 or 8.1. 2. Prerequisite 2.1. Upgrade Kaspersky Endpoint Security to 10.2.1.23 with selected components It is recommended to upgrade Kaspersky Endpoint Security (KES) to 10.2.1.23 with selected components for better compatibility with McAfee agent. You may install the version of Kaspersky provided in ITSC website (http://www.cuhk.edu.hk/itsc/security/antivirus/index.html). 2.2. Prepare the McAfee Agent Installation Package Download the McAfee Agent Installation Package "*.zip" in EPSS Portal page (http://epss.itsc.cuhk.edu.hk/data_encryption/installation.html). Extract "*.zip" and save the files to your Desktop. 2.3. Preparation for Drive Encryption (for Laptops) Back up the system before you encrypt it, and perform regular backups. As with any roll out and deployment, it is good practice to back up the system before installing Drive Encryption to ensure data is not lost in the unlikely event that a problem occurs. CHKDSK /r Clean up the hard disk before you encrypt it Run a "CHKDSK /r" command prior to installing Drive Encryption to make sure the disk is healthy. If you require any assistance, please contact your LAN administrator or epss@itsc.cuhk.edu.hk. 3
3. Quick Instruction Guide Installation Procedure for McAfee Agent v1.1 If possible, upgrade your computer to Kaspersky Endpoint Security (KES) 10.2.1.23 with selected components and using Kaspersky Network Agent to connect to the Kaspersky Admin Server of your department. If you are using your own installation of Kaspersky Endpoint Security, please refer to: Section 4, Check if the correct Kaspersky components are installed. For McAfee Agent installation, please refer to Section 5, Installing McAfee Agent. After installation, if you are NOT using Kaspersky Network Agent to download centrallymanaged Kaspersky policies from server, please follow: Section 6, the Post-Installation procedure of Trusting McAfee agent in Kaspersky. A DAT file is prepared for you to import. 4
4. Check if correct Kaspersky components are installed It is recommended to upgrade KES to 10.2.1.23 with selected components. If you still need to use old version, please check that only the recommended Kaspersky modules were installed before attempting to install McAfee agent. List of recommended KES components Endpoint control o Vulnerability Monitor Anti-Virus protection o File Anti-Virus o Mail Anti-Virus o Web Anti-Virus o IM Anti-Virus o Network Attack Blocker o System Watcher If you have installed any extra module that is not listed, please uninstall KES first and install the version of Kaspersky provided in ITSC website, http://www.cuhk.edu.hk/itsc/security/antivirus/index.html (this customized Kaspersky only installed recommended components). You CANNOT simply disable these functions in Kaspersky. Removal of the not recommended modules is essential. Should you have any doubt, please contact your LAN administrator or epss@itsc.cuhk.edu.hk. List of example KES components that SHOULD NOT be installed Application Startup Control Application Privilege Control Device Control Web Control Firewall Encryption of hard drives File Encryption 5
The instructions for checking what components have been installed are provided in the following. To check what components were installed, you may: Right click on Kaspersky Endpoint Security icon and select Settings In Settings tab, check and ensure the only recommended modules are installed. 6
Should you find any not recommended components installed, please uninstall the existing KES first and then install back the version of Kaspersky provided in ITSC webpage (http://www.cuhk.edu.hk/itsc/security/antivirus/index.html). Should you have any question, please contact your LAN administrator or epss@itsc.cuhk.edu.hk. 7
5. Installing McAfee Agent Installation Procedure for McAfee Agent v1.1 5.1. The installation To install the McAfee agent, please follow below step: - for Desktop PCs, please run installxxxxdesktop.bat - for Laptops, please run installxxxxlaptop.bat (*Note: the XXXX mentioned in above is the short form of your belonging Faculty / Unit, if you don t know the exact value of it, please consult your LAN administrator or epss@itsc.cuhk.edu.hk.) After the process is completed, the McAfee Agent should have been installed, please restart your system. After system restart, you can see the McAfee Agent icon in the system tray. 8
5.2. Synchronize policies and information with central management server After the McAfee agent is installed, right click on McAfee Agent icon, then select McAfee Agent Status Monitor. 4 3 1 2 Click the buttons (1) Check New Policies and (2) Enforce Policies to download the required policies from the central management server. Then click (3) Sent Events and (4) Collect and Sent Props buttons to send the information of your system to the server and collect required information from the server. This will also shorten the activation time for File and Removable Media Protection (FRP) [Section 7] and Drive Encryption (DE) [in Section 8]. 9
6. Post-Installation - Procedure of Trusting McAfee agent in Kaspersky. After the installation of McAfee agent, if you are NOT using Kaspersky Network Agent to download centrally-managed Kaspersky policies from server, you MUST configure your Kaspersky to trust the McAfee agent in order for the McAfee agent to work properly. To configure Kaspersky to add the McAfee agent as Trusted Application, you may: For Kaspersky Endpoint Security (KES) 10 Right click on Kaspersky Endpoint Security icon and select Settings In Settings tab, on the right-hand side, choose Anti-Virus protection, and then on the left-hand side, click Settings. 10
Select the Trusted applications tab then click Import Click Yes when the following message box appears: Select Trust_McAfee.dat which extracted from the McAfee Agent Installation Package, in order to import McAfee agent to the Kaspersky list of trusted applications. 11
Click OK to close the list. Click Save in order to save the settings. Congratulations! You have successfully added McAfee agent to the list of trusted applications! 12
For Kaspersky Anti-Virus (KAV) 6 Installation Procedure for McAfee Agent v1.1 Right click on Kaspersky Anti-Virus icon and select Settings Choose on the left-hand side Protection, and on the right-hand side Trusted zone. Click Import when the following screen shows up: 13
Click Yes when the following message box appears: Click OK to close the updated list of trusted applications. Select Trust_McAfee.dat which extracted from the McAfee Agent Installation Package, in order to import McAfee agent to the Kaspersky list of trusted applications. 14
Click OK to close the updated list. Click Apply to save the settings. Congratulations! You have successfully added McAfee agent to the list of trusted applications! 15
7. File and Removable Media Protection (FRP) 7.1. The installation Installation Procedure for McAfee Agent v1.1 After the McAfee Agent is installed, it will start to install the File and Removable Media Protection automatically. A restart will be needed once the installation is completed. After restart, you can see the File and Removable Media Protection option and status on McAfee Agent as below: 7.2. Check the status You need to wait for around 15 minutes for the McAfee Policies synchronization between your machine and the Central Management server. To confirm the policies of FRP is synchronized, right click on the McAfee Agent icon, then click "Manage Features" > "File and Removable Media Protection". Once the link of "Initialize media" is in black color, it is ready to encrypt the USB device. 16
7.3. Change USB Password Installation Procedure for McAfee Agent v1.1 The USB password can be changed by the machine that used to encrypt the USB device before. i. Plug in the USB device. ii. Right click on the McAfee Agent icon, then click "Manage Features" > "File and Removable Media Protection". iii. Click "Change Authentication". 17
iv. Click "Change". Installation Procedure for McAfee Agent v1.1 v. Then enter the new password, and then click OK. 18
8. Drive Encryption (DE) Installation Procedure for McAfee Agent v1.1 8.1. The installation The McAfee Agent will start to install the Drive Encryption if your system is a Laptop computer. Once DE installation is completed, restart the system. After restart, you can see the Drive Encryption option and status on McAfee Agent as below: 8.2. Check the status Open the Drive Encryption Status, normally, the System State should be either "Active" or "Inactive". If the System State is "Active", the volume will start encrypting, completed percentage will be shown. User can keep using the machine, normal reboot and shut down can also be performed. - END - 19