Anti-Spyware Enterprise Module software



Similar documents
McAfee VirusScan Enterprise for Linux Software

Total Protection Service

Installation Guide. McAfee Security for Microsoft Exchange Software

Product Guide. McAfee Endpoint Protection for Mac 2.1.0

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

Sophos Anti-Virus for NetApp Storage Systems startup guide

Product Guide. McAfee Endpoint Security 10

McAfee Total Protection Service Installation Guide

Product Guide. McAfee VirusScan for Mac 9.8.0

Release Notes for McAfee VirusScan Enterprise for Storage 1.0

Sophos Anti-Virus for Windows, version 7 user manual. For Windows 2000 and later

McAfee MOVE / VMware Collaboration Best Practices

McAfee VirusScan Enterprise 8.8 software Product Guide

Product Guide. McAfee Endpoint Security for Mac Threat Prevention

McAfee VirusScan and epolicy Orchestrator Administration Course

ESET NOD32 Antivirus 4 for Linux Desktop. Quick Start Guide

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2

McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide

McAfee MOVE AntiVirus Multi-Platform 3.5.0

McAfee Host Data Loss Prevention 9.1 Cluster Installation Guide

McAfee Security for Microsoft SharePoint User Guide

Desktop Release Notes. Desktop Release Notes 5.2.1

TIBCO Spotfire Automation Services Installation and Configuration

McAfee VirusScan Enterprise 8.8 software Installation Guide

McAfee DAT Reputation Implementation Guide. Version 1.0 for Enterprise

Release Notes for McAfee(R) VirusScan(R) Enterprise for Linux Version Copyright (C) 2014 McAfee, Inc. All Rights Reserved.

For a list of supported environments for VirusScan Enterprise 8.7i on Microsoft Windows, see (McAfee) KnowledgeBase article KB51111.

Contents. McAfee Internet Security 3

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Installation Guide. McAfee VirusScan Enterprise for Linux Software

Sophos for Microsoft SharePoint startup guide

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

McAfee Endpoint Security Software

Setup Guide Revision B. McAfee SaaS Archiving for Microsoft Exchange Server 2010

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

Active Directory Software Deployment

McAfee VirusScan Enterprise for Storage 1.1.0

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

Sophos Anti-Virus for Mac OS X: Home Edition Help

MICROSOFT STEP BY STEP INTERACTIVE VERSION 3.0 ADMINISTRATION GUIDE

Deployment Guide: Transparent Mode

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

K7 Business Lite User Manual

Installation and Program Essentials

McAfee Certified Product Specialist McAfee epolicy Orchestrator

Laptop Backup - User Guide (Windows)

McAfee Solidcore Product Guide

Setup Guide. Archiving for Microsoft Exchange Server 2007

Setup Guide. Archiving for Microsoft Exchange Server 2010

Colligo Manager 6.2. Offline Mode - User Guide

McAfee Endpoint Encryption for PC 7.0

Novell ZENworks Asset Management 7.5

Product Guide. McAfee SaaS Endpoint Protection (October, 2012 release)

MALWAREBYTES PLUGIN DOCUMENTATION

Oracle Enterprise Single Sign-on Logon Manager Best Practices: Packaging ESSO-LM for Mass Deployment Release E

McAfee epolicy Orchestrator 4.5 Cluster Installation Guide

Malwarebytes Anti-Malware 1.42

Colligo Manager 6.0. Offline Mode - User Guide

IBM Information Server

Windows Server Update Services 3.0 SP2 Step By Step Guide

McAfee Optimized Virtual Environments for Servers. Installation Guide

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Bitrix Site Manager ASP.NET. Installation Guide

Moving the TRITON Reporting Databases

Sophos Anti-Virus for Mac OS X Help

Release Notes McAfee Risk Advisor Software For use with epolicy Orchestrator and Software

Product Guide. McAfee epolicy Orchestrator Software

POC Installation Guide for McAfee EEFF v4.1.x using McAfee epo 4.6. New Deployments Only Windows Deployment

4cast Client Specification and Installation

Installation Guide. McAfee SaaS Endpoint Protection 5.2.0

Sophos for Microsoft SharePoint Help

WhatsUp Gold v16.3 Installation and Configuration Guide

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Sophos Anti-Virus for Mac OS X Help

Network Scanner Tool R3.1. User s Guide Version

Novell ZENworks 10 Configuration Management SP3

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

SECURE MOBILE ACCESS MODULE USER GUIDE EFT 2013

OnDemand. Getting Started Guide

Installation Guide. McAfee SaaS Endpoint Protection

AV Management Dashboard

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service

Remove ANY TOOLBAR from Internet Explorer, Firefox and Chrome

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

BitDefender Security for Exchange

Installing and Configuring DB2 10, WebSphere Application Server v8 & Maximo Asset Management

Vodafone PC SMS (Software version 4.7.1) User Manual

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Bulk Downloader. Call Recording: Bulk Downloader

ACTIVE DIRECTORY DEPLOYMENT

Symantec Mail Security for Domino

McAfee Database Activity Monitoring 5.0.0

Configuring Trend Micro Content Security

Transcription:

Anti-Spyware Enterprise Module software version 8.0 Guide What is the Anti-Spyware Enterprise Module? The McAfee Anti-Spyware Enterprise Module is an add-on to the VirusScan Enterprise 8.0i product that extends its ability to detect and take action on spyware and cookies. Where do I get the module? Anti-Spyware Enterprise Module 8.0 is available from the product CD or with a valid grant number, you can download the module from the McAfee download web site: https://secure.nai.com/us/forms/downloads/upgrades/login.asp What do these terms mean? Spyware definitions These are signatures (similar to virus definitions) of spyware applications that are classified as potentially unwanted. Spyware definitions are included in the virus definitions (DAT) file and are used by VirusScan Enterprise to detect potentially unwanted spyware applications on your computer. Cookie definitions These are Internet Explorer 4.0 or later version cookies that are classified as potentially unwanted. Cookie definitions are included in the virus definitions (DAT) file and are used by VirusScan Enterprise to detect potentially unwanted cookies in the cookies folder. Contents What is the Anti-Spyware Enterprise Module?............ 1 Where do I get the module?................................ 1 What do these terms mean?................................ 1 How does the module work?............................... 1 Before you begin............................................ 2 Installing the module......................................... 2 Confirming installation....................................... 5 Configuring the module from VirusScan Enterprise....... 6 Configuring the module via epolicy Orchestrator.......... 8 Performing scan tasks and viewing results............... 11 Submitting samples to AVERT............................. 11 Removing the module...................................... 12 Getting more information................................... 12 Icon Conventions Note Caution Tip How does the module work? The module installs as an add-on to VirusScan Enterprise 8.0i. Once installed and configured, it uses the on-access scanner and on-demand scan tasks to detect potentially unwanted spyware and cookies, then take action on detections. You can also add exclusions for files, registry values, and cookies that you want to exclude from detection. The scanners use the spyware and cookie definitions that have been added to the virus definitions (DAT) file to detect the potentially unwanted spyware and cookies. New spyware and cookie definitions will be added to the DAT file as they are identified, therefore we recommend that you perform regular DAT file updates to ensure that you have the most current spyware and cookie definitions. The module can be used directly from VirusScan Enterprise or managed via epolicy Orchestrator. On-Access Scanner The on-access scanner provides the primary protection from spyware by detecting potentially unwanted spyware files as they are accessed. It does not detect cookies. Detections If the action is set to Clean files automatically, the scanner takes the action that is specified by the DAT file. This may include killing processes, removing injected.dlls, deleting files, and/or deleting registry keys. In most cases with spyware, the end user will only notice that files have been deleted as they are the most visible. If the action is set to Delete files automatically, the detected file is deleted. Exclusions If the module detects a file that you legitimately use, you can exclude it from detection. On-Demand Scan Tasks In addition to file scanning, you can configure on-demand scan tasks to scan the registry for potentially unwanted spyware and the cookies folder for potentially unwanted cookies. New on-demand scan items have been added for the registry and cookies scans. Registry Scan The registry scan detects potentially unwanted spyware-related registry entries that were not previously cleaned. Detections If the action is set to Clean files, the scanner takes the action that is specified by the DAT file. This may include cleaning or deleting registry keys or values. If the action is set to Delete files, the detected registry key or value is deleted. All other actions are treated as Continue scanning. Exclusions If the module detects a spyware-related registry entry that you legitimately use, you can exclude it from detection. Cookies Scan The cookies scan detects potentially unwanted cookies in the cookies folder. Detections If the action is set to Delete files or Move files to a folder, the entire cookie file will be deleted or moved. Clean files is treated the same as Delete files. Exclusions If the module detects a cookie that you legitimately use, you can exclude it from detection. 1

Before you begin Describes what to do before you start the installation process. 1 Verify that your computer meets these requirements: A server or workstation that meets the system requirements as detailed in the VirusScan Enterprise 8.0i Installation Guide. A server or workstation with an installed, licensed version of VirusScan Enterprise 8.0i. Caution This release of Anti-Spyware Enterprise Module 8.0 does not work with earlier versions of VirusScan Enterprise. 2 Review the product release notes (README.TXT) for: Special requirements Known issues Last minute additions or changes 3 Get the installation files: a Retrieve the Anti-Spyware Enterprise Module 8.0.ZIP file from the product CD or the McAfee download web site at: https://secure.nai.com/us/forms/downloads/upgrades/ login.asp b Extract the files from the product.zip file to a temporary location on the hard drive where, depending on your method of installation: VirusScan Enterprise 8.0i is already installed. OR epolicy Orchestrator 3.0.1 or later version resides. OR McAfee Installation Designer can access the files. The product.zip file includes these files: PACKING.LST VS800DET.MCS VSE800.NAP PKGCATALOG.Z VSE80MAS.EXE VSEMAS80.NAP README.TXT (A file for each language) Installing the module Describes how to install the module using several different methods. Install the module using one of these methods: Stand alone Command line epolicy Orchestrator McAfee Installation Designer We recommend that you review all of the installation methods before you choose one. Each method may have different installation results. For example, using the stand-alone method results in changes to the VirusScan Enterprise configuration settings. These configuration setting changes are made automatically to ensure that you receive the full benefit of the module s detection capabilities. If you want to install the module without making changes to VirusScan Enterprise configuration settings, you must use one of the other methods. 2

Installing the module (continued) Stand alone Use the module setup executable to add it to the VirusScan Enterprise product. Command line Use the command line to configure the installation options that meet your requirements. Caution When you install the module using the stand-alone method, some of the VirusScan Enterprise 8.0i configuration settings are automatically changed to ensure that you receive the full benefit of the module s detection capabilities. See Configuration changes below for details. If you do not want to change VirusScan Enterprise configuration settings as a result of installing the module, use any of the three other methods described here. Caution When you install the module using the command-line method, some of the VirusScan Enterprise 8.0i configuration settings are automatically changed to ensure that you receive the full benefit of the module s detection capabilities. See Stand alone Configuration changes for details. If you do not want to change VirusScan Enterprise configuration settings as a result of installing the module, use the command-line /NC option as described below. 1 From the temporary folder where you extracted the files, doubleclick VSE80MAS.EXE. 1 Select Run from the Windows Start menu to open the Windows command-line component. 2 Browse to the temporary folder where you extracted the files, then type the command line to install the module. Use this syntax: VSE80MAS PROPERTY=VALUE[,VALUE] [/OPTION] For example: VSE80MAS [[/LOGFILE filename][/silent][/reboot][/prompt][/e [dir]] Or, if you do not want to change any existing configuration settings: VSE80MAS [[/LOGFILE filename][/silent][/reboot][/prompt][/nc][/e [dir]] 2 Click Next to continue the installation, then click Finish when the installation completes. Configuration changes When you install the module using this method, these changes occur in the VirusScan Enterprise 8.0i configuration settings to ensure that you get the full benefit of the module s detection capabilities: On-access scanner Detect unwanted programs is enabled on the Unwanted Programs tab in the On-Access Scan Properties dialog box, if it was not already enabled. On-demand scan tasks: Detect unwanted programs is enabled on the Unwanted Programs tab in the On-Demand Scan Properties dialog box, if it was not already enabled. The VirusScan Enterprise on-demand scan task includes two new scan items: Registry (using the Anti-Spyware Module) Cookies (using the Anti-Spyware Module) The two new scan items; Registry (using the Anti-Spyware Module) and Cookies (using the Anti-Spyware Module), are added to every existing and every new on-demand scan task. Unwanted Programs Policy The categories on the Detection tab in the Unwanted Programs Policy are selected differently based on these scenarios: If no categories were previously selected, all categories are automatically selected. If some or all categories were previously selected, no change is made. /LOGFILE Logs the status into the specified file. /SILENT Runs this utility in silent mode. /REBOOT Restarts the computer, if required. /PROMPT Displays the prompt dialog before restart. /NC No change to existing configuration settings. /E Extracts packaged files. dir An existing folder. 3

Installing the module (continued) epolicy Orchestrator Add the module package and.nap files to the epolicy Orchestrator Repository. Note When you install the module via epolicy Orchestrator, no changes are made to the VirusScan Enterprise 8.0i configuration settings or to the existing on-demand scan tasks. However, all new on-demand scan tasks will have the registry and cookies scan items automatically added to the task. 1 Open the epolicy Orchestrator 3.0.1 or later version console, then select Repository in the console tree. 4 Log on to the Reporting console using epolicy Orchestrator authentication. If you are already logged in, you must log out, then log back in again. Tip Logging on with epolicy Orchestrator authentication is required so that the console can recognize and collect the new information from the registry and/or cookies scan, then display the information in the reports. a Under Reporting in the console tree, expand epo Databases, then select the database for which you want to log on. b Select Connect, then log on using epolicy Orchestrator authentication. c Click Yes to download the new reports. 5 Use the deployment task to install the module on the clients. McAfee Installation Designer Use McAfee Installation Designer to create an installation package. 2 Check the PKGCATALOG.Z in to the software repository. a Select Check in package. b Click Next, select Products or updates, then click Next again. c Click Browse, navigate to the temporary folder where you extracted the files, select PKGCATALOG.Z, then click Open. d Click Next, then click Finish to check the package in. e Click Close when the package has been checked in. 3 Check these files in to the software repository. VSE800.NAP Contains new information, such as user interface and policy page changes, that are required to configure the module. This file replaces the previously installed VSE800.NAP. VSEMAS80.NAP Contains policies that are required to enable compliance reporting of the module. a Select Repository in the console tree, then select Check in NAP. b Select Add new software to be managed, then click Next. c d e Navigate to the temporary folder where you extracted the files, select the.nap file, then click Open to install it. Click Yes to replace a file that already exists. Repeat Step a through Step d for each.nap file you want to check in. Caution When you install the module using the McAfee Installation Designer method, some of the VirusScan Enterprise 8.0i configuration settings are automatically changed to ensure that you receive the full benefit of the module s detection capabilities. See Stand alone Configuration changes on page 3 for details. If you do not want to change VirusScan Enterprise configuration settings as a result of installing the module, use the command-line /NC option, as described in Command line on page 3, when you create the installation package. 1 Start McAfee Installation Designer 8.0. 2 Select the package type and any products that you want to include in the package, then click Next. 3 Specify the source folder, destination folder, and optimization option, then click Next. 4 In Programs, click Add, browse to the temporary folder where you extracted the files, then select VSE80MAS.EXE. 5 Click Finish then Save. 6 Deploy the installation package using the tool of your choice. 4

Confirming installation Describes how to confirm that the module successfully installed from both VirusScan Enterprise and epolicy Orchestrator. From VirusScan Enterprise From the VirusScan Console: 1 Confirm the module name has been added to the product name. a From the VirusScan Console, select About from the Help menu. b Confirm that VirusScan Enterprise + Anti-Spyware Module 8.0.0 displays in the dialog From epolicy Orchestrator From the epolicy Orchestrator console: 1 Confirm there is a policy page for the module. In the console tree under epolicy Orchestrator, select Directory or the desired site, group, or computer, then confirm that McAfee Anti-Spyware Enterprise Module 8.0 displays on the Policies tab. 2 View the Managed Products in the Repository to confirm the module is installed. a In the console tree under epolicy Orchestrator, select Repository Managed Products Windows. b Expand McAfee Anti-Spyware Enterprise Module and confirm that version 8.0.0 displays. 3 The two new on-demand scan items; Registry (using the Anti- Spyware Module) and Cookies (using the Anti-Spyware Module), are automatically added to every new on-demand scan task. 4 After scanning, confirm that the Top Ten Unwanted Programs report in the Report Repository includes information from anti-spyware scan detections. c Click OK when finished. 2 The VirusScan Enterprise 8.0i on-demand scan task includes two new items: Registry (using the Anti-Spyware Module) Cookies (using the Anti-Spyware Module) 3 After scanning, confirm that the log files include alerts of antispyware scan detections. 4 If you used an installation method that automatically changed the VirusScan Enterprise configuration settings, you will also see these changes: On-access scanner Detect unwanted programs is enabled on the Unwanted Programs tab in the On-Access Scan Properties dialog box, if it was not already enabled. On-demand scan tasks: Detect unwanted programs is enabled on the Unwanted Programs tab in the On-Demand Scan Properties dialog box, if it was not already enabled. The two new on-demand scan items; Registry (using the Anti- Spyware Module) and Cookies (using the Anti-Spyware Module), are added to every existing and every new ondemand scan task. Unwanted Programs Policy The categories on the Detection tab in the Unwanted Programs Policy are selected differently based on these scenarios: If no categories were previously selected, the installer automatically selects all categories. If some or all categories were previously selected, the module leaves the selections as previously set. In this scenario, no change is made. 5

Configuring the module from VirusScan Enterprise Describes how to configure the module from VirusScan Enterprise. Update the definitions, enable unwanted programs detection, configure the on-access scanner, then create and configure on-demand scan tasks. You can also add user-defined detections for files that are not being detected and exclusions for items that you do not want to detect. Update definitions The Anti-Spyware Enterprise Module uses the spyware and cookie definitions that have been added to the virus definitions file to detect potentially unwanted spyware and cookies. When you update the virus definitions file, you also get the latest spyware and cookie definitions. 1 Perform an update task immediately after installing the module to ensure that you have the most current spyware and cookie definitions. From the VirusScan Console, right-click AutoUpdate, then click Start. 2 Perform regular updates to keep your spyware and cookie definitions current. Unwanted Programs Policy Review the category selections to ensure that you have selected all of the categories that you want to detect. 1 From the VirusScan Console, open the Unwanted Programs Policy dialog 2 On the Detection tab, review the category selections and make changes as required. 3 Click OK to save your settings and close the dialog On-access scanner Enable unwanted programs detection and specify what actions to take when detections occur. 1 From the VirusScan Console, open the On-Access Scan Properties dialog 2 Enable unwanted programs detection. a Select All Processes in the left pane. b On the Unwanted Programs tab, select Detect unwanted programs, if it is not already selected. You may also specify unwanted program detection individually for default, low-risk, and/or high-risk processes. 3 Review the actions on the Unwanted Programs tab to ensure they meet your needs. If the action is set to Clean files automatically, the scanner takes the action that is specified by the DAT file. This may include killing processes, removing injected.dlls, deleting files, and/ or deleting registry keys. In most cases with spyware, the end user will only notice that files have been deleted as they are the most visible. If the action is set to Delete files automatically, the detected file is deleted. 4 Click OK to save your settings and close the dialog On-demand scan tasks Enable unwanted programs detection, specify what actions to take when detections occur, then create and configure the registry and cookies scan tasks. Enabling unwanted programs detection 1 From the VirusScan Console, open the On-Demand Scan Properties dialog 2 On the Unwanted Programs tab, select Detect unwanted programs, if it is not already selected. 3 Review the actions on the Unwanted Programs tab to ensure they meet your needs. For the registry scan: If the action is set to Clean files, the scanner takes the action that is specified by the DAT file. This may include cleaning or deleting registry keys or values. If the action is set to Delete files, the detected registry key or value is deleted. All other actions are treated as Continue scanning. For the cookies scan: If the action is set to Delete files or Move files to a folder, the entire cookie file is deleted or moved. Clean files is treated the same as Delete files. 4 Click OK to save your settings and close the dialog Creating and configuring a registry scan task 1 From the VirusScan Console, open the On-Demand Scan Properties dialog box for an existing scan task, or create a new task. Note 2 On the Where tab, click Add. a Select Registry (using the Anti-Spyware Module) from the dropdown list. b The registry scan item is already added to the task if you installed the module using one of the methods that changed the configuration settings. If so, you can skip Step 2 and go to Step 3. Click OK.to return to the On-Demand Scan Properties dialog You see Registry (using the Anti-Spyware Module) in the Item Name list. 3 Configure the task as you would for any on-demand scan task with these exceptions: The Heuristics options on the Advanced tab do not apply. The options on the Actions tab do not apply. 4 When finished, click OK to save your settings and close the dialog 6

Configuring the module from VirusScan Enterprise (continued) Creating and configuring a cookies scan task 1 From the VirusScan Console, open the On-Demand Scan Properties dialog box for an existing scan task, or create a new task. Note The cookies scan item is already added to the task if you installed the module using one of the methods that changed the configuration settings. If so, you can skip Step 2 and go to Step 3. Adding a user-defined detection User-defined detections apply only to files. They cannot be specified for registry keys/values, or cookies. 1 From the VirusScan Console, open the Unwanted Programs Policy dialog 2 On the User-Defined Detection tab, click Add. 2 On the Where tab, click Add. a Select Cookies (using the Anti-Spyware Module) from the dropdown list. b Click OK to return to the On-Demand Scan Properties dialog You see Cookies (using the Anti-Spyware Module) in the Item Name list. 3 Configure the task as you would for any on-demand scan task with these exceptions: The Heuristics options on the Advanced tab do not apply. The options on the Actions tab do not apply. 4 When finished, click OK to save your settings and close the dialog User-defined detections or exclusions Add user-defined detections if you know of specific files that are not being detected. Add exclusions for any items that you do not want to detect. For example, if you are using a specific program that is being detected as spyware or want to keep certain cookies, add them to the exclusion list. 3 In the Filename text box, type the exact detection name. 4 In the Description text box, type the description that you want to display in the notification. 5 Click OK. 6 Repeat this procedure for each user-defined detection you want to add. 7 When finished, click OK to save your settings and close the dialog Adding an exclusion Exclusions can be specified for files, registry keys/values, or cookies. 1 From the VirusScan Console, open the Unwanted Programs Policy dialog 2 Click Exclusions on the Detection tab, then click Add.. Tip When adding user-defined detections or exclusions, you must specify the exact detection name. Do not use the file name, the registry key or cookie. For exclusions, you can find the exact detection name by looking in the detected as section of the log file. 3 Type the exact detection name, then click OK. 4 Repeat this procedure for each exclusion you want to add. 5 When finished, click OK to save your settings and close the dialog 7

Configuring the module via epolicy Orchestrator Describes how to configure the module from epolicy Orchestrator. Update the spyware and cookie definitions, configure the on-access scanner, then create and configure the on-demand scan tasks. You can also add user-defined detections for files that are not being detected and exclusions for items that you do not want to detect. Tip The Anti-Spyware Enterprise Module adds on to VirusScan Enterprise, therefore you configure the module s policies from the VirusScan Enterprise 8.0 policy pages. Update definitions The Anti-Spyware Enterprise Module uses the spyware and cookie definitions that have been added to the virus definitions file to detect potentially unwanted spyware and cookies. When you update the virus definitions file, you also get the latest spyware and cookie definitions. 1 Perform an epolicy Orchestrator Agent Update task to ensure that you have the most current spyware and cookies definitions. a In the console tree under epolicy Orchestrator, select Directory or the desired site, group, or computer, then select the Tasks tab in the upper details pane. b Use the epolicy Orchestrator Agent Update task to perform the update. 2 Perform regular updates to keep your spyware and cookie definitions current. Unwanted Programs Policy Review the category selections to ensure that you have selected all of the categories that you want to detect. 1 In the console tree under epolicy Orchestrator, select Directory or the desired site, group, or computer, then select the Policies tab in the upper details pane. 2 Expand the VirusScan Enterprise 8.0 policies, then select Unwanted Program Policies. 3 Deselect Inherit. 4 On the Detection tab, review the category selections and make changes as required. 5 Click Apply to save your settings. 7 Review the actions on the Unwanted Programs tab to ensure they meet your needs. If the action is set to Clean files automatically, the scanner takes the action that is specified by the DAT file. This may include killing processes, removing injected.dlls, deleting files, and/ or deleting registry keys. In most cases with spyware, the end user will only notice that files have been deleted as they are the most visible. If the action is set to Delete files automatically, the detected file is deleted. 8 Click Apply to save your settings. 9 Repeat Step 4 through Step 8 to configure settings for either the workstation or the server and for default, low-risk, and high-risk processes. On-demand scan task policies Create and configure registry and cookies scan tasks. Creating a registry scan task 1 In the console tree under epolicy Orchestrator, right-click Directory or the desired site, group, or computer, then select Schedule Task to create a new task. 2 Type the New Task Name for the registry scan. 3 Select VirusScan Enterprise 8.0 On-Demand Scan from the Software Task Type list, then click OK to create the task. On-access scanner policies Enable unwanted programs detection and specify what actions to take when detections occur. 1 In the console tree under epolicy Orchestrator, select Directory or the desired site, group, or computer, then select the Policies tab. 2 Expand the VirusScan Enterprise 8.0 policies, then select either On- Access Default Processes Policies, On-Access Low-Risk Processes Policies, or On-Access High-Risk Processes Policies 3 Select the Unwanted Programs tab. 4 In Settings for, select either Workstation (default) or Server from the drop-down list. 5 Deselect Inherit. 6 Select Detect unwanted programs. 8

Configuring the module via epolicy Orchestrator (continued) Configuring the registry scan task polices 1 On the Task tab in the upper details pane, right-click the task, then select Edit Task to open the epolicy Orchestrator Scheduler dialog 2 Click Settings. 3 Enable unwanted programs detection. a On the Unwanted Programs tab, deselect Inherit. b Select Detect unwanted programs. 4 Review the actions on the Unwanted Programs tab to ensure they meet your needs. If the action is set to Clean infected files, the scanner takes the action that is specified by the DAT file. This may include cleaning or deleting registry keys or values. If the action is set to Delete infected files, the detected registry key or value is deleted. All other actions are treated as Continue scanning. Note If you are creating a new task, the registry scan item is already added to the task. If so, you can skip Step 5 and go to Step 6. 5 On the Where tab, deselect Inherit, then click Add. a Select Registry (using the Anti-Spyware Module) from the dropdown list. b Click OK to return to the Task Settings dialog You see Registry (using the Anti-Spyware Module) in the item list. 6 Configure the options in the Task Settings dialog box as you would for any on-demand scan task with these exceptions: The Heuristics options on the Advanced tab do not apply. The options on the Actions tab do not apply. 7 Click OK to save your settings and return to the epolicy Orchestrator Scheduler dialog 8 When finished, click OK to save your settings and close the dialog Creating a cookies scan task 1 In the console tree under epolicy Orchestrator, right-click Directory or the desired site, group, or computer, then select Schedule Task. 2 Type the New Task Name for the cookies scan. 3 Select VirusScan Enterprise 8.0 On-Demand Scan from the Software Task Type list, then click OK to create the task. Configuring the cookies scan task policies 1 On the Task tab in the upper details pane, right-click the task, then select Edit Task to open the epolicy Orchestrator Scheduler properties dialog 2 Click Settings. 3 Enable unwanted programs detection. a On the Unwanted Programs tab, deselect Inherit. b Select Detect unwanted programs. 4 Review the actions on the Unwanted Programs tab to ensure they meet your needs. If the action is set to Delete files or Move files to a folder, the entire cookie file is deleted or moved. Clean files is treated the same as Delete files. Note If you are creating a new task, the cookies scan item is already added to the task. If so, you can skip Step 5 and go to Step 6. 5 On the Where tab, deselect Inherit, then click Add. a Select Cookies (using the Anti-Spyware Module) from the dropdown list. b Click OK.to return to the Task Settings dialog You see Cookies (using the Anti-Spyware Module) in the item list. 6 Configure the options in the Task Settings dialog box as you would for any on-demand scan task with these exceptions: The Heuristics options on the Advanced tab do not apply. The options on the Actions tab do not apply. 7 Click OK to save your settings and return to the epolicy Orchestrator Scheduler properties dialog 8 When finished, click OK to save your settings and close the dialog 9

Configuring the module via epolicy Orchestrator (continued) User-defined detections or exclusions Add user-defined detections if you know of specific files that are not being detected. Add exclusions for any items that you do not want to detect. For example, if you are using a specific program that is being detected as spyware or want to keep certain cookies, add them to the exclusion list. Caution When adding user-defined detections or exclusions, you must specify the exact detection name. Do not use the file name, the registry key or cookie. For exclusions, you can find the exact detection name by looking in the detected as section of the log file. Adding a user-defined detection User-defined detections apply only to files. They cannot be specified for registry keys/values or cookies. 1 In the console tree under epolicy Orchestrator, select Directory or the desired site, group, or computer, then select the Policies tab. 2 Expand the VirusScan Enterprise 8.0 policies, then select Unwanted Programs Policies. 3 In Settings for, select either Workstation (default) or Server from the drop-down list. 4 On the User-Defined Detection tab, deselect Inherit.. 5 Click Add. b In the Description text box, type the description that you want to display in the notification. c Click OK to return to the User-Defined Detection tab, then click Apply to save your settings. 6 Repeat this procedure for each user-defined detection you want to add. 7 Repeat Step 3 through Step 6 to configure settings for either the workstation or the server. Adding an exclusion Exclusions can be specified for files, registry keys/values, or cookies. 1 In the console tree under epolicy Orchestrator, select Directory or the desired site, group, or computer, then select the Policies tab. 2 Expand the VirusScan Enterprise 8.0 policies, then select Unwanted Programs Policies. 3 In Settings for, select either Workstation (default) or Server from the drop-down list. 4 On the Detection tab, deselect Inherit. 5 Click Exclusions to open the Unwanted Program Exclusions dialog 6 Click Add. a In the Filename text box, type the exact detection name. a Type the exact detection name that you want to exclude. b Click OK. Repeat this step for each exclusion you want to add. 7 When finished, click OK to return to the Detection tab, then click Apply to save your settings. 8 Repeat Step 3 through Step 7 to configure settings for either the workstation or the server. 10

Performing scan tasks and viewing results Describes how to run scan tasks and view results either from VirusScan Enterprise or using epolicy Orchestrator. From VirusScan Enterprise On-Access Scanner The on-access scanner detects spyware as it is accessed, then takes the actions that you specified. View the results as follows: The On-Access Scan Messages dialog box displays the results of the scan. View the results of the completed task in the On-Access Scan Statistics dialog summary and the activity log. On-Demand Scan Tasks The registry and cookies scan tasks run as scheduled or you can start an immediate scan at any time. The cookies scan task always runs after other scans. View the results as follows: The On-Demand Scan Progress dialog box displays the progress of the scan. View the results of the completed task in the On-Demand Scan Statistics dialog summary and the activity log. Using epolicy Orchestrator On-Access Scanner The on-access scanner detects spyware as it is accessed and takes the actions that you specified. On-Demand Scan Tasks The registry and cookies scan tasks run as scheduled or you can start an immediate scan at any time. The cookies scan task always runs after other scans. Reports The results of scans performed by the Anti-Spyware Enterprise Module are reported under the VirusScan Enterprise product in the epolicy Orchestrator reports. This is expected behavior. The module is an add-on to VirusScan Enterprise, so VirusScan Enterprise collects and reports the data. Coverage Reports display an entry for the Anti-Spyware Enterprise Module, so you can see how many computers have it installed. View the results of scans in the Top Ten Unwanted Programs report that is available in the Report Repository under Anti-Virus VirusScan8.0. This report is one of the extended reports that were made available with the VirusScan Enterprise 8.0i product release. Use the Data Filter feature when configuring the Top Ten Unwanted Programs report to filter the report results. For example, you can use the filter to just show cookies, or omit them from the report. Use this syntax to filter cookies in the report: Data Filter = Detection Tab - Starting With (or Not Starting With) - Cookie Submitting samples to AVERT If you find a spyware application or cookie that is not being detected with the current DAT file, you can submit a sample of it to the Anti-Virus & Vulnerability Emergency Response Team (AVERT) through WebImmune. AVERT analyzes the sample and considers it for inclusion in the DAT file. If the module detects something that you think it should not detect, you can also submit a sample of it to AVERT through WebImmune. They will analyze it and consider excluding it from the DAT file. When you submit samples to AVERT, they analyze those samples and use the information to improve the content of the DAT file. Tip To submit a sample to AVERT: WebImmune This is the preferred method to submit samples to AVERT as it provides the fastest turnaround time on sample reviews, and provides historical information of all samples that you have submitted. By accessing https:/ /www.webimmune.net/default.asp and creating a free account you will be able to upload files directly to AVERT s automated systems for review. If the automated system is unable to determine a threat exists then the issue will be escalated to AVERT analysts. More information about WebImmune can be found at https:// www.webimmune.net/faqs.asp. E-mail You can send e-mails directly to AVERT s automated systems for review. If the automated system is unable to determine a threat exists then the issue will be escalated to AVERT analysts. When submitting the sample via e-mail, you can send it to the global e-mail address at virus_research@avertlabs.com, or you can get additional regional addresses from the WebImmune web site. Standard Mail This is the least preferred method. Submitting samples in this way causes the longest turnaround time for review of your sample. 11

Removing the module Describes how to remove the module using the Windows Add/Remove Programs utility or from epolicy Orchestrator. Caution Do not use the VirusScan Enterprise Repair Installation feature to remove the Anti-Spyware Enterprise Module. Using this feature may not remove all of the necessary files. You must use one of the methods described here. Windows Add/Remove Programs utility 1 Select Start Settings Control Panel, to open the Windows Control Panel. 2 Select Add or Remove Programs. 3 Select McAfee Anti-Spyware Enterprise Module, then click Remove. 4 Close the Windows Control Panel. From epolicy Orchestrator 1 In the console tree under epolicy Orchestrator, expand the Repository. 2 Select Managed Products Windows McAfee Anti-Spyware Enterprise Module. 3 Right-click the 8.0.0 folder, then select Remove. Getting more information What product documentation is available? The product documentation is available in PDF format on the product CD and also on the McAfee download web site. Anti-Spyware Enterprise Module 8.0 Release Notes ReadMe. Product information, any known issues, and last minute additions or changes to the product or its documentation. Guide This guide. Installation, configuration, and operating procedures. VirusScan Enterprise 8.0i Release Notes ReadMe. Product information, resolved issues, any known issues, and last minute additions or changes to the product or its documentation. Installation Guide System requirements and instructions for installing and removing the software using the Setup utility and the command line. Product Guide Product introduction and features, detailed instructions for configuring the software, information on deployment, recurring tasks, and operating procedures. Configuration Guide For use with epolicy Orchestrator. Configuring, deploying, and managing VirusScan Enterprise through epolicy Orchestrator. Quick Reference Card First things to do after installation. epolicy Orchestrator 3.0.1, 3.0.2, or 3.5 Release Notes ReadMe. Product information, resolved issues, any known issues, and last minute additions or changes to the product or its documentation. Product Guide Product introduction and features, detailed instructions for configuring the software, information on deployment, recurring tasks, and operating procedures. McAfee Installation Designer 8.0 Release Notes ReadMe. Product information, resolved issues, any known issues, and last minute additions or changes to the product or its documentation. Product Guide Product introduction and features, detailed instructions for configuring the software, information on deployment, recurring tasks, and operating procedures. DBN-006-EN mcafee.com Copyright 2005 McAfee, Inc. All Rights Reserved. 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information