ePolicy Orchestrator 3.0 Product Guide

Transcription

Product Guide
ePolicy
version 3.0
Orchestrator™
Revision 1.0
COPYRIGHT
© 2003 Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be
reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form
or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or
affiliate companies. To obtain this permission, write to the attention of the Network Associates legal department
at: 5000 Headquarters Drive, Plano, Texas 75024, or call +1-972-308-9960.
TRADEMARK ATTRIBUTIONS
Active Firewall, Active Security, Active Security (in Katakana), ActiveHelp, ActiveShield, AntiVirus Anyware and
design, AVERT, Bomb Shelter, Certified Network Expert, Clean-Up, CleanUp Wizard, CNX, CNX Certification Certified
Network Expert and design, Covert, Design (stylized N), Disk Minder, Distributed Sniffer System, Distributed Sniffer
System (in Katakana), Dr Solomon’s, Dr Solomon’s label, Enterprise SecureCast, Enterprise SecureCast (in Katakana),
ePolicy Orchestrator, Event Orchestrator (in Katakana), EZ SetUp, First Aid, ForceField, GMT, GroupShield,
GroupShield (in Katakana), Guard Dog, HelpDesk, HomeGuard, Hunter, LANGuru, LANGuru (in Katakana), M and
design, Magic Solutions, Magic Solutions (in Katakana), Magic University, MagicSpy, MagicTree, McAfee, McAfee (in
Katakana), McAfee and design, McAfee.com, MultiMedia Cloaking, Net Tools, Net Tools (in Katakana), NetCrypto,
NetOctopus, NetScan, NetShield, NetStalker, Network Associates, Network Policy Orchestrator, NetXray, NotesGuard,
nPO, Nuts & Bolts, Oil Change, PC Medic, PCNotary, PortalShield, Powered by SpamAssassin, PrimeSupport,
Recoverkey, Recoverkey – International, Registry Wizard, Remote Desktop, ReportMagic, RingFence, Router PM, Safe &
Sound, SalesMagic, SecureCast, Service Level Manager, ServiceMagic, SmartDesk, Sniffer, Sniffer (in Hangul),
SpamKiller, SpamAssassin, Stalker, SupportMagic, ThreatScan, TIS, TMEG, Total Network Security, Total Network
Visibility, Total Network Visibility (in Katakana), Total Service Desk, Total Virus Defense, Trusted Mail, UnInstaller,
Virex, Virus Forum, ViruScan, VirusScan, WebScan, WebShield, WebShield (in Katakana), WebSniffer, WebStalker,
WebWall, Who’s Watching Your Network, WinGauge, Your E-Business Defender, ZAC 2000, Zip Manager are
registered trademarks or trademarks of Network Associates, Inc. and/or its affiliates in the US and/or other
countries. Sniffer® brand products are made only by Network Associates, Inc. All other registered and
unregistered trademarks in this document are the sole property of their respective owners.
This product includes or may include software developed by the OpenSSL Project for use in the OpenSSL
Toolkit (http://www.openssl.org/).
This product includes or may include cryptographic software written by Eric Young ([email protected]).
This product includes or may include some software programs that are licensed (or sublicensed) to the user
under the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights,
permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the
source code. The GPL requires that for any software covered under the GPL which is distributed to someone in
an executable binary format, that the source code also be made available to those users. For any such software
covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that
Network Associates provide rights to use, copy or modify a software program that are broader than the rights
granted in this agreement, then such rights shall take precedence over the rights and restrictions herein.
LICENSE AGREEMENT
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE
YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED
SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND
OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE
PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE
PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF
YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF
APPLICABLE, YOU MAY RETURN THE PRODUCT TO NETWORK ASSOCIATES OR THE PLACE OF PURCHASE FOR A FULL
REFUND.
Issued April 2003 / ePolicy Orchestrator™ software version 3.0
DOCUMENT BUILD
3.0.0.13
9
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Getting more information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Contacting McAfee Security & Network Associates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Minimum Escalation Resource Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Virus Information Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
AVERT WebImmune . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
McAfee Security Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Network Associates Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Using online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Copying Help topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Finding information in Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Hiding or showing the Help navigation pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Highlighting search words in Help topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Moving through Help topics you've seen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Printing Help topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Viewing definitions of options in the interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
1 Introducing ePolicy Orchestrator . . . . . . . . . . . . . . . . . . . . . . . . . 27
The ePolicy Orchestrator server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
The ePolicy Orchestrator agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
The ePolicy Orchestrator console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
What’s new in this release? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Feature comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Enterprise-scalable product deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Global updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Deployment of all product updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Reporting on all product updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Support for and controlled upgrade of agents 2.0, 2.5, and 2.5.1 . . . . . . . . . . . . . . . 38
Enhanced updating for mobile computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Product Guide
iii
Contents
Continuous updating from Network Associates to desktops . . . . . . . . . . . . . . . . . . . 40
Multiple server management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Custom compliance reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Daily executive summary security reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Windows 2003 support for the agent and server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
64-bit support for the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Automatic inactive agent maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Automatic domain synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Getting Started wizard for small businesses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
More control over agent-to-server communication . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Reporting performance improvements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Integration with Symantec Norton AntiVirus 8.0 and 8.01 . . . . . . . . . . . . . . . . . . . . . 49
Integration with McAfee VirusScan Enterprise 7.0 . . . . . . . . . . . . . . . . . . . . . . . . . . 49
2 ePolicy Orchestrator Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Managing multiple ePolicy Orchestrator servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Logging on to or adding ePolicy Orchestrator servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Logging on to ePolicy Orchestrator servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Adding ePolicy Orchestrator servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Logging off ePolicy Orchestrator servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Removing ePolicy Orchestrator servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Version of the server, console, or policy pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Determining the version number of the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Determining the version number of policy pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
User accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Types of user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Global administrator user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Global reviewer user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Site administrator user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Site reviewer user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Adding user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Deleting user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Changing passwords on user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Server settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Changing ePolicy Orchestrator server settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Setting the IP address of ePolicy Orchestrator servers . . . . . . . . . . . . . . . . . . . . . . . 67
Server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Default server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
iv
ePolicy Orchestrator™ software version 3.0
Contents
Creating server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Scheduling recurring server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Scheduling server tasks to start in the future . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Changing server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Deleting server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Reviewing the status of server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Server events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Viewing server events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Refreshing server events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Saving server events to a file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Printing server events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
The Small Business Getting Started wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Using the Small Business Getting Started wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
3 The Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Automatic IP address sorting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Guidelines for IP management settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Search order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Importing sites based on network domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Adding sites manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Assigning IP management settings to a newly added site . . . . . . . . . . . . . . . . 102
Sending the agent to all computers in a newly added site . . . . . . . . . . . . . . . 103
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Importing groups based on network domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Adding groups manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Assigning IP management settings to a newly added group . . . . . . . . . . . . . . 110
Sending the agent to all computers in a newly added group . . . . . . . . . . . . . . 111
Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Importing computers based on network domains . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Adding computers manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Sending the agent to all newly added computers . . . . . . . . . . . . . . . . . . . . . . 117
Importing computers from text files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Format of text files used to import computers . . . . . . . . . . . . . . . . . . . . . . . . . 120
Sample text file used to import computers . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Adding WebShield appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Lost&Found groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Verifying the integrity of the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Product Guide
v
Contents
Finding duplicate computer names in the Directory . . . . . . . . . . . . . . . . . . . . . . . . . 124
Verifying the integrity of IP management settings . . . . . . . . . . . . . . . . . . . . . . . . . . 125
List of IP management conflicts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
IP management settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Assigning IP management settings to existing sites or groups . . . . . . . . . . . . . . . . 127
Changing IP management settings of existing sites or groups . . . . . . . . . . . . . . . . 128
Deleting IP management settings from existing sites or groups . . . . . . . . . . . . . . . 130
Manual IP address sorting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Specifying how to sort computers by IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Sorting computers by IP address manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Managing the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Synchronizing domains automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Synchronizing domains manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Finding computers in the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Pattern matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Moving items in the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
4 Managed Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Adding policy pages to the Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Adding report templates to the Report Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Removing policy pages from the Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
5 Software Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Importing McAfee AutoUpdate Architect repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Enabling or disabling the management of distributed repositories . . . . . . . . . . . . . . . . . . 150
Setting up distributed software repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Common implementations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Small business scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Mid-sized business scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Pre-deployment testing scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Repository types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Master repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Global distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Local distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Mirror distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
SuperAgent distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Source repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Fallback repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
vi
Contents
Creating repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Creating global distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Defining local distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Defining mirror distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Creating SuperAgent distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Defining source repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Specifying how the nearest repository is selected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Proxy server settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Using Internet Explorer proxy server settings (master repository) . . . . . . . . . . . . . . 173
Defining custom proxy server settings (master repository) . . . . . . . . . . . . . . . . . . . 175
Using Internet Explorer proxy server settings (client computers) . . . . . . . . . . . . . . 179
Setting custom proxy server policies (client computers) . . . . . . . . . . . . . . . . . . . . . 180
Managing repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Redefining the default source repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Redefining the fallback repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Switching source and fallback repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Changing global distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Changing local distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Changing SuperAgent distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Viewing the master repository settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Deleting global distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Removing local distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Deleting SuperAgent distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Removing source or fallback repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Repository list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
When does the repository list change? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Exporting the repository list to a file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Distributing the repository list manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Product and product update packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Legacy product support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Package catalog files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Package signing and security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Package versioning and branches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Package ordering and dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Checking in and managing packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Checking in packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Manually moving packages between branches . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Viewing information about packages in repositories . . . . . . . . . . . . . . . . . . . . . . . . 213
Product Guide
vii
Contents
Deleting packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Pull and replication tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Scheduling Repository Pull server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Running a pull task immediately . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Scheduling Repository Replication server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Running a replication task immediately . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
6 Policies, Properties, and Client Tasks . . . . . . . . . . . . . . . . . . . . 225
Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
What is a policy? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Policy inheritance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Policy enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
How policies are enforced for McAfee products . . . . . . . . . . . . . . . . . . . . . . . 229
How policies are enforced for Norton AntiVirus products . . . . . . . . . . . . . . . . 230
Setting policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Copying policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Importing and exporting policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Policy files and policy templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Exporting policies to policy files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Importing policies from policy files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Exporting policies to policy templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Importing policies from policy templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Restoring the default policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Agent policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Agent activity log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Agent wakeup calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Agent-to-server communication interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Recommended agent-to-server communication intervals . . . . . . . . . . . . . . . . 245
Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Initial agent-to-server communication interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Policy enforcement interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Repository list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Selective updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
SuperAgent wakeup calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
IP address information in the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Setting agent policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Showing or hiding the agent system tray icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Enabling or disabling agent wakeup calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
viii
Contents
Setting agent communication intervals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Specifying whether to send full or minimal properties . . . . . . . . . . . . . . . . . . . . . . . 255
Enabling or disabling immediate event forwarding . . . . . . . . . . . . . . . . . . . . . . . . . 256
Enabling or disabling the logging of agent activity and remote access to log files . . 257
Enforcing the agent policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Complete and incremental properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Full or minimal properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Viewing properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Default client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Task inheritance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Creating client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Scheduling client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Scheduling recurring client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Scheduling client tasks to start in the future . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Changing client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Deleting client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
7 Agent Deployment and Management . . . . . . . . . . . . . . . . . . . . . 269
Agent installation directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Agent language deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Agent AutoUpgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Enabling or disabling agent AutoUpgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Enabling the agent on unmanaged products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Upgrading the agent 3.0 or later to the most current version . . . . . . . . . . . . . . . . . . 275
How is the agent installation package created? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Permissions associated with installing the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Agent deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Creating a custom agent installation package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Deploying the agent from the console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Setting up remote administration on Windows 95, Windows 98, or
Windows Me computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Enabling network access on Windows XP Home computers . . . . . . . . . . . . . 283
Deploying the agent while creating the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Distributing the agent manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Distributing the agent using third-party deployment tools . . . . . . . . . . . . . . . . . . . . 284
Installing the agent for use with computer images . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Product Guide
ix
Contents
Scheduling the deployment of the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Updating logon scripts to install the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Agent installation command-line options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
/DATADIR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
/DOMAIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
/INSTALL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
/INSTDIR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
/PASSWORD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
/REMOVE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
/SILENT or S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
/SITEINFO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
/USELANGUAGE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
/USERNAME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Agent management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Switching servers that manage client computers . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Finding inactive agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Scheduling Inactive Agent Maintenance server tasks . . . . . . . . . . . . . . . . . . . 295
Sending agent wakeup calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Sending SuperAgent wakeup calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Scheduling agent-to-server communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Viewing or saving the agent activity log file locally . . . . . . . . . . . . . . . . . . . . . . . . . 299
Viewing the agent activity log files remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Agent system tray icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
ePolicy Orchestrator Agent Monitor dialog box . . . . . . . . . . . . . . . . . . . . . . . . 301
ePolicy Orchestrator Agent Options dialog box . . . . . . . . . . . . . . . . . . . . . . . . 302
Update Now command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
ePolicy Orchestrator Agent dialog box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Command Agent command-line options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Uninstalling the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Uninstalling the agent when you remove computers . . . . . . . . . . . . . . . . . . . . 305
8 Product Deployment and Updating . . . . . . . . . . . . . . . . . . . . . . 307
Product deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Enforcement of product deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Deploying products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Viewing product activity log files remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Uninstalling products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Product update deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
x
Contents
How the Update task works and when to use it . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
How AutoUpdate and AutoUpgrade tasks work and when to use them . . . . . . . . . . 313
Specifying the branch to retrieve updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Rolling back updates to the previous version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Deploying new updates to selected computers for testing . . . . . . . . . . . . . . . . . . . . 316
Deploying product updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Deploying product updates using AutoUpdate and AutoUpgrade tasks . . . . . . . . . 318
Global updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Setting up global updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Initiating and reporting on a global update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Deploying SuperAgents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Enabling or disabling global updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
9 Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
How security affects reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Database authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
How authentication method affects working with events . . . . . . . . . . . . . . . . . . . . . 328
How user account affects working with events and reports . . . . . . . . . . . . . . . . . . . 329
How user account affects data that appears in reports . . . . . . . . . . . . . . . . . . . . . . 329
ePolicy Orchestrator database servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Logging on to or adding ePolicy Orchestrator database servers . . . . . . . . . . . . . . . 330
Logging on to ePolicy Orchestrator database servers . . . . . . . . . . . . . . . . . . . 331
Adding ePolicy Orchestrator database servers . . . . . . . . . . . . . . . . . . . . . . . . 333
Logging off ePolicy Orchestrator database servers . . . . . . . . . . . . . . . . . . . . . . . . . 334
Removing ePolicy Orchestrator database servers . . . . . . . . . . . . . . . . . . . . . . . . . . 334
Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Limiting events stored in the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Importing events into the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Repairing events and computer names in the database . . . . . . . . . . . . . . . . . . . . . 338
Repairing events in the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Repairing computer names associated with events in the database . . . . . . . . 340
Deleting events from the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Global reporting settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Specifying global reporting options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Limiting report and query results by client computer . . . . . . . . . . . . . . . . . . . . . . . . 345
Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Running reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Defining compliance rules for reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Product Guide
xi
Contents
Specifying viewing and printing options for reports . . . . . . . . . . . . . . . . . . . . . 352
Defining how to group data on reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Limiting report results within a time period or data group . . . . . . . . . . . . . . . . 355
Limiting report results by selected criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Saving and reusing report input settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Saving report input settings for reuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Applying report input settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
Changing existing report input settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
Saving existing report input settings to a new name . . . . . . . . . . . . . . . . . . . . 363
Deleting report input settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Saving customized reports selections as report templates . . . . . . . . . . . . . . . . . . . 365
Working with reports in the report window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
The report toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Viewing the details of report data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Refreshing data in reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Printing reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Exporting report data to other formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Finding text in reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Zooming in or out of reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Paging through reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Hiding or showing the report group tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Running queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Refreshing data in queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Going to specific rows in a query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
Reorganizing the Report Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Adding report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Changing report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
Deleting report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Creating report groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Deleting report groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Reorganizing the Query Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Adding custom query templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Changing query templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
Deleting query templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Creating query groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Deleting query groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
10 Maintaining ePolicy Orchestrator Databases . . . . . . . . . . . . . . 385
xii
Contents
Securing ePolicy Orchestrator databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
Securing ePolicy Orchestrator MSDE databases . . . . . . . . . . . . . . . . . . . . . . . . . . 386
Changing SQL Server user account information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Maintaining ePolicy Orchestrator databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Maintaining MSDE databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Maintaining SQL Server databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Backing up and restoring ePolicy Orchestrator databases . . . . . . . . . . . . . . . . . . . . . . . 394
Backing up ePolicy Orchestrator MSDE databases . . . . . . . . . . . . . . . . . . . . . . . . . 394
Restoring ePolicy Orchestrator MSDE databases . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Merging ePolicy Orchestrator databases together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Creating merged databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Saving database merge settings for reuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Merging databases using predefined settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Merging databases using predefined settings (drag-and-drop operation) . . . . 410
Merging databases from the command line using predefined settings . . . . . . 411
Merging databases in the background using predefined settings . . . . . . . . . . 411
Changing the default server connection protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
11 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
Creating a User DSN in Data Sources (ODBC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Enabling logging for the agent for NetWare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
Disabling logging for the agent for NetWare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
A Using ePolicy Orchestrator Over the Internet . . . . . . . . . . . . . . 419
Internet scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Remote access via VPN and RAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Corporate intranet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Connecting through an ISP and a firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Configuring the firewall for ePolicy Orchestrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Agent-to-server communications packet size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
B Report and Query Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
Coverage report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
Agent to Server Connection Info report template . . . . . . . . . . . . . . . . . . . . . . . . . . 425
Agent Versions report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
Compliance Issues report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
Compliance Summary report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
DAT/Definition Deployment Summary report template . . . . . . . . . . . . . . . . . . . . . . 433
Product Guide
xiii
Contents
DAT Engine Coverage report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Engine Deployment Summary report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
Product Protection Summary report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Products By Custom Data Groups report template . . . . . . . . . . . . . . . . . . . . . . . . . 441
Product Updates By Custom Event Groups report template . . . . . . . . . . . . . . . . . . 444
Infection | Action Summaries report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Action Summary By Top 10 Files Resolved report . . . . . . . . . . . . . . . . . . . . . . . . . 447
Action Summary By Top 10 Files Unresolved report . . . . . . . . . . . . . . . . . . . . . . . . 448
Action Summary By Top 10 Viruses report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
Action Summary report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
Infection | Detections report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
Infection History report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
Infections By Custom Data Groups report template . . . . . . . . . . . . . . . . . . . . . . . . 454
Number Of Infections Detected By Product For Current Quarter (3D Bars)
report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
Number Of Infections Detected Monthly Showing Viruses report template . . . . . . . 458
Number Of Infections For the Past 24 Hours report template . . . . . . . . . . . . . . . . . 460
Outbreaks - Weekly History report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
Outbreaks - Current report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
Product Events By Severity report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
Number Of Infections From Removable Media report template . . . . . . . . . . . . . . . . 465
Security Summary report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
Virus Type report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Viruses Detected report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
Infection | Top Tens report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
Top 10 Detected Viruses report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
Top 10 Infected Files report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
Top 10 Infected Machines report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Top 10 Infected Users report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
Infection | WebShield report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
Content Filter Report By Rule template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
Content Filter Report By Rule And Time template . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Content Filter Report Rules Triggered template . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
Content Scanning Detections By Appliance report template . . . . . . . . . . . . . . . . . . 480
Infection History report template (WebShield) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481
Spam Detections By Appliance report template . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
Top Ten Spammers report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
URLs Blocked report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485
Virus Detections By Appliance report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
xiv
Contents
Virus Detections Timing report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
Virus Type report template (WebShield) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490
Viruses Detected report template (WebShield) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492
Coverage and Infection subreports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
Computer Summary subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
Compliance Summary subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
Infection History subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497
Infection Summary subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
Policy subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
Task subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
Update Errors subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
Upgrade History subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502
Criteria used to limit report results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
Coverage reports criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
Infection | Action Summaries reports criteria
Infection | Detections reports criteria
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
Infection | Top Tens reports criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
Infection | WebShield reports criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
Descriptions of the criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
Computer query templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
All Connecting Computers query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Hourly ASCI Count query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Computers With No Protection query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Computers By Language query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Computers By OS Type query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Computers By Timezone query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Computers By ePONode query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Count Of All Connecting Computers query template . . . . . . . . . . . . . . . . . . . . . . . . 512
OS Summary query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Policy Changes (Computers) query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Policy Changes (Groups) query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Events query templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513
All Scanning Events query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513
All Scanning Events By ePONode query template . . . . . . . . . . . . . . . . . . . . . . . . . 513
All Product Update Events query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513
Count Of All Scanning Events query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
Count Of All Product Update Events query template . . . . . . . . . . . . . . . . . . . . . . . . 514
Count of All Infections query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
Product Guide
xv
Contents
Scanning Event Summary query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
First Virus Occurrence query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
Summary of Past Outbreak Events query template . . . . . . . . . . . . . . . . . . . . . . . . . 514
Upgrade Summary query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
Upgrade Summary by Date query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
Server Task Log query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
All Infections query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
All Infections By Virus Name query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
Installations query templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
All AV Installations by Last Contact query template . . . . . . . . . . . . . . . . . . . . . . . . 516
All Installations query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
All Installations By ePONode query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
Compliance Comparison query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
Count Of All AV Installations query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
Count Of All Installations query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
C Handling Virus Outbreaks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517
Before an outbreak occurs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518
Checklist — Are you prepared for an outbreak? . . . . . . . . . . . . . . . . . . . . . . . . . . . 518
Recognizing an outbreak . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519
Network utilization key indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519
E-mail utilization key indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519
Virus detection events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
Responding to an outbreak . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521
Checklist — You think an outbreak is occurring . . . . . . . . . . . . . . . . . . . . . . . . . . . 521
D Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523
How to read operating system data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
Action taken numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
Locale IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526
Product IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527
Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528
E Supported Products and Features . . . . . . . . . . . . . . . . . . . . . . . 529
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543
xvi
Preface
This Product Guide introduces McAfee ePolicy Orchestrator™ software version
3.0, and provides the following information:
n
Overview of the product.
n
Descriptions of product features.
n
Descriptions of all new features in this release of the software.
n
Detailed instructions for configuring and deploying the software.
n
Procedures for performing tasks.
n
Troubleshooting information.
n
Glossary of terms.
Audience
This information is designed for system and network administrators who are
responsible for their company’s anti-virus and security program.
Product Guide
17
Preface
Conventions
This guide uses the following conventions:
Bold
All words from the user interface, including options, menus,
buttons, and dialog box names.
Example
Type the User name and Password of the desired account.
Courier
Text that represents something the user types exactly; for example,
a command at the system prompt.
Example
To enable the agent, run this command line on the client
computer:
FRMINST.EXE /INSTALL=AGENT
/SITEINFO=C:\TEMP\SITELIST.XML
Italic
Names of product manuals and topics (headings) within the
manuals; emphasis; introducing a new term.
Example
Refer to the VirusScan Enterprise Product Guide for more
information.
<TERM>
Angle brackets enclose a generic term.
Example
In the console tree under ePolicy Orchestrator, right-click
<SERVER>.
18
NOTE
Supplemental information; for example, an alternate method of
executing the same command.
WARNING
Important advice to protect a user, computer system, enterprise,
software installation, or data.
Preface
Getting more information
Installation
Guide
System requirements and instructions for installing and
starting the software.
Available as a printed booklet that accompanies the product
CD. Also available in an Adobe Acrobat .PDF file from either
the product CD or the McAfee Security download site.
Help
Product information in the Help system that is accessed from
within the application. For instructions, see Using online Help
on page 24.
n
Configuration
Guide
The Help system provides high-level and detailed
information. Access from either a Help menu option or
Help button in the application.
For use with ePolicy Orchestrator. Procedures for installing,
configuring, deploying, and managing your McAfee and
third-party products through ePolicy Orchestrator
management software.
Available in an Adobe Acrobat .PDF file from either the
product CD or the McAfee Security download site.
Getting Started
Guide
Detailed instructions for installing the Small Business Edition
of the software, detailed instructions for configuring and
deploying the agent and anti-virus products using an
automated wizard, and a list of weekly anti-virus
management tasks.
Available in an Adobe Acrobat .PDF file from either the
product CD or the McAfee Security download site.
Product Guide
19
Preface
Release Notes
README file. Product information, resolved issues, any
known issues, and last-minute additions or changes to the
product or its documentation.
Available as a .TXT file from either the product CD or the
McAfee Security download site.
Contact
20
A list of phone numbers, street addresses, web addresses,
and fax numbers for Network Associates offices in the United
States and around the world. Also provides contact
information for services and resources, including:
n
Technical Support
n
Customer Service
n
Download Support
n
AVERT Anti-Virus Research Site
n
McAfee Beta Site
n
On-Site Training
n
Network Associates Offices Worldwide
Preface
Contacting McAfee Security & Network Associates
Technical Support
Home Page
http://www.nai.com/naicommon/services/technical-support/intro.asp
KnowledgeBase Search
https://knowledgemap.nai.com/phpclient/Homepage.aspx
PrimeSupport Service Portal *
http://mysupport.nai.com
McAfee Beta Program
http://www.mcafeeb2b.com/beta/
AVERT Anti-Virus Emergency Response Team
Home Page
http://www.mcafeeb2b.com/naicommon/avert/default.asp
Virus Information Library
http://vil.nai.com
Submit a Sample
https://www.webimmune.net/default.asp
Download Site
Home Page
http://www.mcafeeb2b.com/naicommon/download/
DAT File and Engine Updates
http://www.mcafeeb2b.com/naicommon/download/dats/find.asp
ftp://ftp.nai.com/pub/antivirus/datfiles/4.x
Product Upgrades *
http://www.mcafeeb2b.com/naicommon/download/upgrade/login.asp
Training
On-Site Training
http://www.mcafeeb2b.com/services/mcafee-training/default.asp
McAfee Security University
http://www.mcafeeb2b.com/services/mcafeesecurityu.asp
Network Associates Customer Service
E-mail
[email protected]
Web
http://www.nai.com
http://www.mcafeeb2b.com
US, Canada, and Latin America toll-free:
Phone
+1-888-VIRUS NO
or
+1-888-847-8766
Monday – Friday, 8 a.m. – 8 p.m., Central Time
For additional information on contacting Network Associates and McAfee Security— including toll-free
numbers for other geographic areas — see the Contact file that accompanies this product release.
* Login credentials required.
Product Guide
21
Preface
Resources
The ePolicy Orchestrator Start Page includes links to some useful resources. This
page appears when you log on to any ePolicy Orchestrator server. For instructions,
see Logging on to or adding ePolicy Orchestrator servers on page 53.
n
Minimum Escalation Resource Tool.
n
Virus Information Library.
n
AVERT WebImmune.
n
McAfee Security Home Page.
n
Network Associates Home Page.
Minimum Escalation Resource Tool
Use the Minimum Escalation Resource Tool link to access the Network Associates
web site for more information about this tool, the tool itself, and instructions for
installation.
Minimum Escalation Resource Tool (MERTool) is designed to be used when
Network Associates products fail on a computer. When launched, MERTool
collects a variety of information from the computer on which it is running,
including event logs, registry information, running process lists and Active
Directory entries.
Virus Information Library
Use the Virus Information Library link to access the McAfee Anti-Virus Emergency
Response Team (AVERT) Virus Information Library web site that includes
detailed information on where viruses come from, how they infect your system,
and how to remove them.
AVERT WebImmune
Use the AVERT WebImmune link to access to the Anti-Virus Emergency Response
Team (AVERT) WebImmune web site. AVERT WebImmune is the world's first
Internet virus security scanner that resides on the web, and is available 24 hours a
day, 365 days a year. You can submit potentially infected files to WebImmune for
analysis. You will receive information about your files, including solutions and
real-time fixes, if required.
22
Preface
McAfee Security Home Page
Use the McAfee Security Home Page link to access the McAfee Security web site.
Network Associates Home Page
Use the Network Associates Home Page link to access the Network Associates web
site.
Product Guide
23
Preface
Using online Help
You can access all of the product information found in the product guide in online
Help.
n
Copying Help topics.
n
Finding information in Help.
n
Hiding or showing the Help navigation pane.
n
Highlighting search words in Help topics.
n
Moving through Help topics you've seen.
n
Printing Help topics.
n
Viewing definitions of options in the interface.
Copying Help topics
1
Right-click inside the desired topic, then select Select All.
2
Right-click inside the topic again, then select Copy to copy the topic to the
Clipboard.
3
Open the document to which you want to copy the topic.
4
Click the place in your document where you want the information to appear.
5
On the Edit menu, select Paste.
NOTE
To copy only part of a topic, select the part you want to copy, right-click
the selection, then select Copy.
Words that are links to other topics and step numbers are not copied to
the Clipboard.
Finding information in Help
24
n
Click the Contents tab to browse through topics by category.
n
Click the Index tab to see a list of index entries. You can either enter the word
you’re looking for or scroll through the list.
n
Click the Search tab to find every occurrence of a word or phrase within the
Help file.
Preface
Hiding or showing the Help navigation pane
n
To hide the navigation pane, which includes the Contents, Index, and Search
tabs, click Hide on the Help toolbar.
n
To display the navigation pane, which includes the Contents, Index, and
Search tabs, click Show on the Help toolbar.
Highlighting search words in Help topics
n
n
To highlight search words in topics, click Options on the Help toolbar, then
select Search Highlight On.
To turn off highlighting, click Options on the Help toolbar, then select Search
Highlight Off.
Moving through Help topics you've seen
n
To display the previously viewed Help topic, click Back on the Help toolbar.
n
To display the next Help topic in a previously displayed sequence of topics,
click Forward on the Help toolbar.
Printing Help topics
n
To print a Help topic, right-click inside the desired topic, then select Print.
n
To print a pop-up topic, right-click inside the pop-up window, then select
Print.
n
To print all topics within a book on the Contents tab, right-click the desired
book, select Print, then select Print the selected heading and all subtopics.
Viewing definitions of options in the interface
n
Click Help.
Product Guide
25
Preface
26
1
Introducing ePolicy
Orchestrator
The ePolicy Orchestrator software provides a scalable tool for centralized
anti-virus and security policy management and enforcement. It also provides
comprehensive graphical reporting and product deployment capabilities. Using
ePolicy Orchestrator, you can manage policies for McAfee and Symantec products
and deploy McAfee products and product updates through a single point of
control.
The ePolicy Orchestrator software is comprised of the following components:
n
The ePolicy Orchestrator server — A repository for all data collected from
distributed ePolicy Orchestrator agents.
n
The ePolicy Orchestrator console — A clear, understandable view of all virus
activity and status, with the ability to manage and deploy agents and
products.
n
The ePolicy Orchestrator agent — An intelligent link between the ePolicy
Orchestrator server and the anti-virus and security products that enforces
policies and tasks on client computers.
The following topics are included:
n
The ePolicy Orchestrator server.
n
The ePolicy Orchestrator console.
n
The ePolicy Orchestrator agent.
n
What’s new in this release?
Product Guide
27
Introducing ePolicy Orchestrator
The ePolicy Orchestrator server
The ePolicy Orchestrator server acts as a repository for all data collected from
distributed agents. It includes the following features:
n
A robust database that accrues data about product operation on the client
computers in your network.
n
A report-generating engine that lets you monitor the virus protection
performance in your company.
n
A software repository that stores the products and product updates (for
example, Service Pack releases) that you deploy to your network.
The ePolicy Orchestrator server can segment the user population into discrete
groups for customized policy management. Each server can manage up to 250,000
computers.
The ePolicy Orchestrator agent
The ePolicy Orchestrator agent is installed on target client computers and servers
where it gathers and reports data, installs products, enforces policies and tasks,
and sends events back to the ePolicy Orchestrator server. The agent runs in the
background on client computers. It retrieves incremental changes to policies and
tasks from the ePolicy Orchestrator server, then executes the policies, installs any
downloaded products on the client computer, and performs all scheduled tasks.
When activity relating to products occurs on the client computer, the agent notifies
the server. For example, if a virus appeared on the client computer, the information
is sent back to the ePolicy Orchestrator console. This activity is invisible to the user
of the client computer.
The ePolicy Orchestrator console provides great flexibility in deploying the agent.
While it is designed for pushing the agent to your client computers, you can also
copy the agent installation package onto a floppy disk, into a network share, or
onto some other medium for manual installation on your client computers.
The ePolicy Orchestrator console
The ePolicy Orchestrator console allows you to manage your entire company's
anti-virus and security protection and view client computer properties easily.
Housed within the Microsoft Management console (MMC) user interface, the
ePolicy Orchestrator console provides the ability to set and enforce anti-virus and
security policies to all agents on client computers, or to selected computers. It also
provides a task scheduling feature that lets you target specific computers or
groups with scheduled tasks and policies. Finally, the console allows you to view
and customize reports to monitor your deployment, virus outbreaks, and current
protection levels.
28
When you start the ePolicy Orchestrator software, the ePolicy Orchestrator console
appears. The console uses standard components of the Microsoft Management
Console (MMC). The main components of the ePolicy Orchestrator console are
described below. For more information on using the ePolicy Orchestrator console,
see the MMC Help file.
1
2
4
3
5
Figure 1-1. Components of the console
1 Console tree — Appears in the left pane of the console, and contains all of the
console tree items.
2 Console tree items — Include the Directory, Repository, and Reporting.
3 Details pane — Appears in the right pane of the console, and shows details of the
currently selected console tree item. Depending on the console tree item you select,
the details pane can be divided into upper and lower panes.
4 Upper details pane — Contains the Policies, Properties, and Tasks tabs.
5 Lower details pane — Contains the configuration settings for the products listed on
the Policies tab in the upper details pane.
Product Guide
29
What’s new in this release?
This release of the ePolicy Orchestrator software introduces the following new
features:
30
n
Feature comparison.
n
Enterprise-scalable product deployment.
n
Global updating.
n
Deployment of all product updates.
n
Reporting on all product updates.
n
Support for and controlled upgrade of agents 2.0, 2.5, and 2.5.1.
n
Enhanced updating for mobile computers.
n
Continuous updating from Network Associates to desktops.
n
Multiple server management.
n
Custom compliance reporting.
n
Daily executive summary security reports.
n
Windows 2003 support for the agent and server.
n
64-bit support for the agent.
n
Automatic inactive agent maintenance.
n
Automatic domain synchronization.
n
Getting Started wizard for small businesses.
n
More control over agent-to-server communication.
n
Reporting performance improvements.
n
Integration with Symantec Norton AntiVirus 8.0 and 8.01.
n
Integration with McAfee VirusScan Enterprise 7.0.
Feature comparison
Here’s a comparison of the major features of the software, and how they have
changed since version 2.0:
Feature
Description
ePolicy Orchestrator
servers
w
Added ability to log on to multiple ePolicy Orchestrator
servers at once.
Server tasks
w
Added server tasks, including Inactive Agent Maintenance
and Synchronize Domains.
w
Added log file that reports on the status of server tasks.
w
Grouped general tasks, user account management, server
settings, and server tasks together.
w
Added links to additional resources, including the Virus
Information Library and AVERT WebImmune web sites.
Directory Integrity
Check
w
Replaced the Directory Integrity Check command with the
Duplicate Computer names query in the Directory Search
dialog box.
Domain
synchronization
w
Added ability to schedule domain synchronization.
Repository
w
Added distributed software repository architecture.
w
Moved check in of product Setup (binary) files to the master
repository.
w
Moved check in of product plug-in (.DLL) files to the master
repository.
w
Included support for updating of legacy products.
w
Added ability to check report templates into the Repository.
w
Added ability to copy and paste policy settings within the
same ePolicy Orchestrator server or between different
servers.
w
Added ability to save policy settings to policy files or
templates.
w
Added ability to disable the agent-to-server communication
interval (ASCI), and schedule this communication using an
Agent Wakeup client task.
w
Added ability to skip the initial ten-minute, randomized ASCI if
the last agent-to-server communication occurred within the
time period you specify.
Console
Policies
Agent-to-server
communication
Product Guide
31
Feature
Description
Properties
w
Added ability to collect full or minimal properties in the agent
policy.
w
Added ability to collect the complete set of properties,
instead of incremental properties, during agent wakeup calls.
Client tasks
w
Added client tasks for the agent that apply to all products.
Tasks include Agent Wakeup and Product Deployment.
Agent AutoUpgrade
w
Removed Agent AutoUpgrade on agents 3.0 or later; you
now initiate the upgrade.
w
Added ability to disable agent AutoUpgrade on agents 2.0,
2.5, or 2.5.1 in the agent policy.
w
Added ability to enable or disable the agent to support
migration of unmanaged products.
w
Separated language-specific files from agent installation
package. Languages are distributed as product update
packages.
w
Changed the name of the agent installation package to
FRAMEPKG.EXE.
w
Added ability to schedule the deployment of the agent.
w
Added ability to resume interrupted downloads of products or
product updates.
w
Added ability to retrieve incremental updates.
Inactive agents
w
Added ability to schedule maintenance of inactive agents.
Agent activity log
files
w
Added ability to enable or disable logging of agent activity
and remote access to the agent activity log files.
SuperAgent
w
Added ability to enable an agent as a SuperAgent. The
SuperAgent is a major component of global updating and
can be used as a distributed repository.
Agent wakeup call
w
Added ability to collect the complete set of properties instead
of incremental properties during agent wakeup calls.
w
Included ability to send wakeup calls to SuperAgents. In turn,
SuperAgents send wakeup calls to all agents in the same
subnet.
w
Moved to Product Deployment client task, which can be
enforced periodically or during the policy enforcement
interval.
w
Added ability to view product activity log files remotely.
Agent
Product deployment
32
Feature
Description
Product update
deployment
w
Added ability to deploy updates to products including service
pack and HotFix releases.
w
Included support for rolling back product updates to previous
versions.
w
Included support for deploying evaluation versions of product
updates to selected computers for testing purposes.
w
Added ability to allow users to postpone product updates.
Global updating
w
Added ability to deploy product updates as soon you check
in the corresponding packages to the master repository, then
report on the status of the global update immediately.
Reporting
w
Expanded capabilities to include compliance rules, viewing
and printing options, and how to group data on reports.
w
Added ability to save these settings to later reuse.
w
Added subreports to selected reports used to view infection
history, upgrade summaries, tasks, and policy settings at the
computer-level.
w
Incorporated the ability to specify time basis for infection
reports into the user interface.
Product Guide
33
Enterprise-scalable product deployment
Previous release
Each ePolicy Orchestrator server had one Repository from which client
computers (computers with the agent installed on them) retrieved
supported Network Associates products.
Current release
Although each server still has one Repository (the master repository), you
can now replicate its contents to distributed repositories. You can check
product and product update packages into the master repository or use
source repositories to define a location from which the master repository
retrieves packages. By default, the Network Associates HTTP Download
web site is a source repository.
Client computers retrieve their updates from the nearest repository. If none
of these repositories is available, client computers retrieve packages from
the fallback repository. By default, the Network Associates FTP Download
web site is the fallback repository.
You can schedule pull and replication tasks or initiate them on-demand to
ensure that the master repository is kept current with the contents of source
or fallback repositories, and that distributed repositories are kept current
with the contents of the master repository.
Benefits
Because client computers retrieve their updates from multiple locations,
bandwidth usage is more efficient. This distributed software repository
architecture, coupled with incremental updates, results in faster update
times. Since you can schedule the update of distributed repositories and the
master repository, repositories are easily kept up-to-date.
Where to find
To create global distributed repositories:
n
In the console tree under ePolicy Orchestrator | <SERVER>, select
Repository. In the details pane under AutoUpdate Tasks, click Add
distributed repository.
To define local distributed repositories:
n
On the Repositories tab in the ePolicy Orchestrator Agent |
Configuration policy page, click Add.
To create SuperAgent distributed repositories:
n
On the General tab in the ePolicy Orchestrator Agent | Configuration
policy page, select Enable SuperAgent functionality and Enable
SuperAgent repository.
To define source repositories:
n
Repository. In the details pane under AutoUpdate Tasks, click Add
source repository.
34
To redefine the default source or fallback repositories:
n
For more information
Repository. In the details pane under AutoUpdate Components, click
Source Repository.
See Software Repositories on page 147.
Product Guide
35
Global updating
Previous release
You could deploy supported McAfee products stored in the Repository
during the agent-to-server communication interval (ASCI) or by sending an
agent wakeup call. In addition, product-specific installation policies were
enforced on client computers during the policy enforcement interval.
Current release
When global updating is enabled, product updates are deployed as soon as
you check the corresponding packages into the master repository. The
packages are immediately replicated to all SuperAgent and global
distributed repositories. The ePolicy Orchestrator server sends a wakeup
call to all SuperAgents. SuperAgents send a broadcast wakeup call to all
agents in the same subnet. All agents (regular agents and SuperAgents)
retrieve the update from the nearest repository. If immediate event
forwarding is also enabled, agents send update events to the server without
waiting for the next agent-to-server communication. You can then report on
the status of the global update immediately.
Benefits
n
Administrator-controlled — You control when and whether to enable
global updating.
n
Instant updating — Product updates can be instantly updated during
outbreak scenarios without intervention.
n
Where to find
Bandwidth-friendly updating — Only incremental changes to product
updates are replicated to distributed repositories.
To deploy the SuperAgent:
n
On the ePolicy Orchestrator Agent | Configuration policy page, select
Enable agent wakeup call support and Enable Super Agent functionality.
To enable immediate event forwarding:
n
On the Events tab in the ePolicy Orchestrator Agent | Configuration
policy page, select Enable uploading of events.
To enable global updating:
n
In the console tree under ePolicy Orchestrator, select <SERVER>. In the
details pane, click the Settings tab, then select Enable global updating.
To review the status of a global update:
n
36
In the console tree under Reporting | ePO Databases | <DATABASE
SERVER> | Reports | Anti-Virus | Coverage, right-click <REPORT>, then
select Run.
See Global updating on page 319.
Deployment of all product updates
Previous release
Updates to supported products needed to be deployed manually.
Current release
You can now deploy these types of product updates:
n
Agent language packages.
n
HotFix releases.
n
Product binary (Setup) files.
n
Product plug-in (.DLL) files.
n
Service pack releases.
n
SuperDAT (SDAT*.EXE) files.
n
Supplemental virus definition (EXTRA.DAT) files.
n
Virus definition (DAT) files.
n
Virus scanning engine.
Once the desired product update packages are checked into the master
repository, you can schedule their deployment using client tasks, or deploy
them automatically using global updating.
Benefits
You can now deploy product updates for all supported products.
Where to find
To check in product update packages:
n
Repository. In the details pane, click Check in package.
To schedule the deployment of product updates:
1
In the console tree under ePolicy Orchestrator | <SERVER>, right-click
Directory, <SITE>, <GROUP>, or <COMPUTER>, then select Schedule Task.
2
In the Tasks tab in the details pane, right-click the Task Name, then
select Edit Task.
See Product and product update packages on page 203 and Product update
deployment on page 313.
Product Guide
37
Reporting on all product updates
Previous release
You could report on the compliance of products, virus definition (DAT) files,
and the virus scanning engine.
Current release
You can report on which HotFix and service pack releases have been
installed on client computers, and determine which are needed to bring the
product up-to-date.
Benefits
You can now report on all supported McAfee products and product
updates.
Where to find
n
SERVER> | Reports | Anti-Virus | Coverage, right-click <REPORT>, then
select Run.
See Running reports on page 347 and Coverage report templates on page 424.
Support for and controlled upgrade of agents 2.0, 2.5, and 2.5.1
Current release
You can disable the automatic upgrade of agents version 2.0, 2.5, or 2.5.1 to
version 3.1 or later. The version 2.0, 2.5, and 2.5.1 agents will continue to
send events and properties to the ePolicy Orchestrator server.
Benefits
You are ensured full visibility during the transition from a 2.0, 2.5, or 2.5.1
environment to the 3.0 environment.
Where to find
To disable agent AutoUpgrade:
n
38
policy page, deselect Enable Agent Upgrade from 2.x Agent to 3.0 Agent.
See Enabling or disabling agent AutoUpgrade on page 274.
Enhanced updating for mobile computers
Previous release
You could schedule tasks to run on dial-up.
Current release
The management of mobile users is made easier with the addition of several
new updating enhancements:
n
Pick nearest repository — Ensures that mobile computers retrieve their
updates from the most bandwidth-efficient repository available. This
allows you to set a single policy that controls updates for all users,
regardless of location.
n
Postponable updating — Gives control of installing updates to mobile
users. You can give users the ability to postpone updates until a later
time when bandwidth is more accessible.
Benefits
n
Resumable updating — When mobile computers experience a broken
connection during an update, the update process continues where it
left off once the connection is re-established.
n
Secured Internet-compatible HTTP updating — Ensures that users of
mobile computers working outside the company firewall can securely
update from company web servers or the Network Associates
download site.
These new bandwidth-efficient update methods help ensure that mobile
computers can be kept compliant with the same ease as desktop computers.
Product Guide
39
Continuous updating from Network Associates to desktops
Current release
You can now configure the ePolicy Orchestrator server to replicate products
and product updates in the master repository to distributed repositories. To
keep your entire organization up-to-date, the master repository can be
configured to check the Network Associates download site for updates on a
periodic basis (weekly, daily, or every 15 minutes). Since the contents of the
download site is compared to the contents of the master repository before
any files are downloaded, checking continuously for updates uses a minimal
amount of bandwidth.
Benefits
Customers wanting a more automated, hands-free approach to updating
their organization can automatically check the Network Associates
download site for new anti-virus or security updates, and when available,
immediately deploy them into the environment. The deployment can be set
up in stages, ensuring a bandwidth-efficient approach in enterprise
environments spread across the globe.
40
Multiple server management
Previous release
You could manage only one ePolicy Orchestrator server at a time.
Current release
You can easily manage multiple ePolicy Orchestrator servers from a single
console using these procedures:
n
Logging on to multiple servers at once — You can be logged on to
multiple servers at the same time.
n
Creating consolidated reports — You can combine the data from
multiple servers and use the resulting merged database to create
consolidated reports.
n
Sharing policy settings — You can share policy settings between console
tree items under the Directory on the same server, or between items on
different servers.
Benefits
Computer-specific policies, group-level policies, or server-level policies can
be exported and imported for a variety of purposes, including backing up to
a disk or sharing between servers.
Where to find
To log on to multiple servers:
n
In the console tree, select ePolicy Orchestrator. In the details pane, click
Add Server.
To create consolidated reports:
1
Use the DB Merge Tool (AVIDB_MERGE_TOOL.EXE) to merge databases.
2
In the console tree under Reporting, right-click ePO Databases, then
select Add new server.
3
SERVER> | Reports | <REPORT GROUP>, select <REPORT>.
To copy policies:
1
Directory, <SITE>, <GROUP>, or <COMPUTER>, then select Policy | Copy.
2
Directory, <SITE>, <GROUP>, or <COMPUTER>, then select Policy | Paste.
Product Guide
41
To import and export policies:
42
1
Directory, <SITE>, <GROUP>, or <COMPUTER>, then select Policy | Export.
2
Directory, <SITE>, <GROUP>, or <COMPUTER>, then select Policy | Import.
See these topics:
n
Logging on to or adding ePolicy Orchestrator servers on page 53.
n
Merging ePolicy Orchestrator databases together on page 398.
n
Logging on to or adding ePolicy Orchestrator database servers on page 330.
n
Running reports on page 347.
n
Copying policies on page 233.
n
Importing and exporting policies on page 235.
Custom compliance reporting
Previous release
You could select the versions of virus definition (DAT) files and the virus
scanning engine that met your definition of compliance.
Current release
You now have the ability to further define what compliance means in your
environment. For example, you can define compliance rules for the version
of the agent or the date of virus infection events.
Benefits
You can more easily ensure compliance within your environment.
Where to find
n
SERVER> | Reports | Anti-Virus | Coverage, right-click <REPORT> (for
example, Compliance Issues), then select Run.
See Defining compliance rules for reports on page 350.
Daily executive summary security reports
Current release
A new executive-level summary report is available. This report provides
summarized anti-virus and security product data that is used to identify
compliance and threat levels.
Benefits
Consolidates important compliance and threat-level information that
highlights infections that cannot be cleaned, or general conditions that
demand on-site administrative attention.
Where to find
n
SERVER> | Reports | Anti-Virus | Infection | Detections, right-click Security
Summary, then select Run.
See Running reports on page 347.
Product Guide
43
Windows 2003 support for the agent and server
Previous release
The agent for Windows supported a variety of Microsoft operating systems
from Windows 95 to Windows XP.
The ePolicy Orchestrator server was supported on a number of Microsoft
operating systems, including Windows NT and Windows 2000.
Current release
The agent now supports the Windows 2003 operating system for managing
McAfee VirusScan Enterprise 7.0 and future McAfee solutions compatible
with this operating system.
The server now includes support for Windows 2003 operating systems.
Benefits
The agent now functions properly on the Windows 2003 platform for
managing McAfee VirusScan Enterprise 7.0 and future Network Associates
products.
See the ePolicy Orchestrator 3.0 Installation Guide.
64-bit support for the agent
Previous release
The agent for Windows supported a variety of 32-bit Microsoft operating
systems from Windows 95 to Windows XP.
Current release
The agent now supports 64-bit versions of supported Windows operating
systems.
See the ePolicy Orchestrator 3.0 Installation Guide.
44
Automatic inactive agent maintenance
Previous release
You could manually find computers with inactive agents using the Agent to
Server Connection Info report or the Inactive ePolicy Orchestrator agents
search query in the Directory Search dialog box.
Current release
You can now schedule an Inactive Agent Maintenance server task to specify
the time period that defines inactive agents, and the action that you want
performed on computers with inactive agents. This task does not uninstall
the agent.
Benefits
You can schedule a server task that automatically performs inactive agent
maintenance for you in the manner you specify. The computers with
inactive agents can be deleted from the Directory, or moved into a group you
specify for troubleshooting.
Where to find
1
details pane, click the Scheduled Tasks tab, then click Create.
2
In the Configure New Task page, select Inactive Agent Maintenance
under Task type.
See Scheduling Inactive Agent Maintenance server tasks on page 295.
Automatic domain synchronization
Previous release
You could manually synchronize Windows NT domains that you imported
into the Directory with their counterparts on the network and uninstall
agents from computers that no longer belong to the specified domain in the
Update Domain dialog box.
Current release
You can now schedule a Synchronize Domains server task to synchronize
selected domains that you imported into the Directory with their
counterparts on the network.
Benefits
Keep the Directory current with the network automatically. This server task
automatically adds computers to and removes them from the Directory as
they join and leave domains, and deploys the agent and applies policies and
tasks to computers as they join domains.
Where to find
1
2
In the Configure New Task page, select Synchronize Domains under
Task type.
See Synchronizing domains automatically on page 135.
Product Guide
45
Getting Started wizard for small businesses
Current release
Designed for small businesses managing up to 250 client computers, the
Small Business Getting Started Wizard automates the process of installing
and setting policies for the agent and VirusScan products.
Benefits
Small businesses can get up-and-running quickly.
Where to find
46
n
If you installed the Small Business Edition of the software, the wizard
appears automatically when you log on to the ePolicy Orchestrator
server.
n
details pane under Task List, click Small Business Getting Started
Wizard.
See the ePolicy Orchestrator 3.0 Small Business Edition Getting Started Guide.
More control over agent-to-server communication
Previous release
Agent-to-server communication took place during the agent-to-server
communication interval (ASCI) or during agent wakeup calls. You could not
disable the ASCI.
When the agent communicates with the server for the first-time either
immediately after the agent is installed or when the agent service restarts
(for example, when the client computer is turned off and on), the initial ASCI
is randomized over a ten-minute interval.
Current release
You can now disable the ASCI, then schedule agent-to-server communication
using the Agent Wakeup client task.
You can now skip the initial ten-minute, randomized ASCI if the last
agent-to-server communication occurred within the time period (default is
24 hours) you specify. For example, if users turn off their computers at night,
agents will initially communicate to the server randomly over the ASCI
length instead of 10 minutes.
Benefits
You have complete control over agent-to-server communication and can
schedule it to take place during off-peak times.
Where to find
To disable the ASCI:
n
policy page, deselect Enable Agent to server communication.
To schedule an Agent Wakeup client task:
1
2
In the Configure New Task page, select Agent Wakeup under Task type.
To skip the initial ten-minute, randomized ASCI:
n
policy page, specify the time period since the last agent-to-server
communication that prompts the agent to skip the initial ten-minute,
randomized ASCI in Policy agent to trigger 10 minute communication
interval.
See Setting agent communication intervals on page 254 and Creating client tasks
on page 263.
Product Guide
47
Reporting performance improvements
Current release
The new Products By Custom Data Groups, Product Updates By Custom Event
Groups, Infections By Custom Data Groups, and Product Events By Severity
reports, and many of the existing infection reports now retrieve group
summary data instead of individual detailed data from the ePolicy
Orchestrator database when the report is run. Detailed data is retrieved only
when you view the details of report data. Each time you view details, the
amount of data being retrieved is reduced. By first retrieving only group
summary data, then retrieving only the requested detailed data for reports,
reports can run 5 to 10 times faster depending on database size.
When you run selected reports, you have the ability to specify how data is
retrieved. The Fast Drilldown option that appears on the Layout tab in the
Enter Reports Inputs dialog box provides the best report performance when
running reports from remote consoles.
When you run selected reports, you have the ability to limit the results to
data recorded within a time period you specify (for example, within the last
3 days), or by custom data groups (for example, for anti-virus products
only). You use the Within tab in the Enter Reports Inputs dialog box to specify
the time period or data group that you want to limit report results.
Benefits
Where to find
48
These new features significantly improve the performance of reports.
n
SERVER> | Reports | <REPORT GROUP>, select <REPORT>. In the Enter
Report Inputs dialog box, click the Layout or Within tab.
See these topics:
n
Specifying viewing and printing options for reports on page 352.
n
Limiting report results within a time period or data group on page 355.
Integration with Symantec Norton AntiVirus 8.0 and 8.01
Previous release
You could manage policies for, schedule tasks for, and report on Symantec
Norton AntiVirus Corporate Edition 7.50, 7.51, and 7.6.
Current release
You can now also manage and report on Norton AntiVirus 8.0 and 8.01.
Benefits
ePO has been updated to support the policy management, enforcement and
detailed reporting on Symantec’s NAV 8.0 desktop and fileserver AV
solution.
Where to find
1
Directory, <SITE>, <GROUP>, or <COMPUTER>.
2
In the details pane, click the Policies tab, then select Norton AntiVirus
Corporate Edition 7.5x/7.6/8.0.
See the Symantec Norton AntiVirus Configuration Guide for use with ePolicy
Orchestrator 3.0.
Integration with McAfee VirusScan Enterprise 7.0
Benefits
Where to find
Award-winning VirusScan technology from McAfee has been updated to
McAfee VirusScan Enterprise 7.0. The VirusScan Enterprise software runs
on all Windows-based workstation and server platforms simplifying the
management and administration of desktop and fileserver anti-virus
protection.
1
Directory, <SITE>, <GROUP>, or <COMPUTER>.
2
In the details pane, click the Policies tab, then select VirusScan
Enterprise 7.0.
See the VirusScan Enterprise 7.0 Configuration Guide for use with ePolicy
Orchestrator 3.0.
Product Guide
49
50
2
ePolicy Orchestrator Servers
Once you start the software, you need to log on to the corresponding ePolicy
Orchestrator server before you can work with the Directory and Repository. You
can be logged on to multiple servers at once. You can also log off or remove servers
from the console tree as needed.
n
Managing multiple ePolicy Orchestrator servers.
n
Logging on to or adding ePolicy Orchestrator servers.
n
Logging off ePolicy Orchestrator servers.
n
Removing ePolicy Orchestrator servers.
Once you log on to the ePolicy Orchestrator server, you can work with the
following:
n
Version of the server, console, or policy pages.
n
User accounts.
n
Server settings.
n
Server tasks.
n
Server events.
n
The Small Business Getting Started wizard.
Product Guide
51
Managing multiple ePolicy Orchestrator servers
You can easily manage multiple ePolicy Orchestrator servers from a single console
using these procedures:
n
Logging on to multiple servers at once — You can be logged on to multiple
servers at the same time. For instructions, see Logging on to or adding ePolicy
Orchestrator servers on page 53.
n
Creating consolidated reports — You can combine the data from multiple
servers and use the resulting merged database to create consolidated reports.
For instructions, see Merging ePolicy Orchestrator databases together on
page 398.
n
Sharing policy settings — You can share policy settings between console tree
items under the Directory on the same server or between items on different
servers. For instructions, see Copying policies on page 233 or Importing and
exporting policies on page 235.
52
Logging on to or adding ePolicy Orchestrator
servers
Depending on whether the desired ePolicy Orchestrator server already appears in
the console tree, you need to complete different steps to log on to it.
n
If the server appears in the console tree, use Logging on to ePolicy Orchestrator
servers on page 53.
n
If the server doesn’t appear in the console tree, use Adding ePolicy Orchestrator
servers on page 54.
NOTE
You need to log on to ePolicy Orchestrator database servers separately
from the ePolicy Orchestrator server itself. For instructions, see ePolicy
Orchestrator database servers on page 330.
Logging on to ePolicy Orchestrator servers
Use this procedure to log on to an ePolicy Orchestrator server that already appears
in the console tree under ePolicy Orchestrator. If the server doesn’t appear in the
console tree, use Adding ePolicy Orchestrator servers on page 54.
For option definitions, click Help in the interface.
1
In the console tree under ePolicy Orchestrator, select <SERVER>.
2
In the details pane under Global Task List, click Login. The ePolicy
Orchestrator Login dialog box appears.
Figure 2-1. ePolicy Orchestrator Login dialog box
3
Accept the default Server name or type the name of another server.
4
Type the User name and Password of the desired user account.
Product Guide
53
5
Type HTTP Port number that corresponds to the Server name you specified.
6
Click OK to connect to the specified server.
Adding ePolicy Orchestrator servers
Use this procedure to add an ePolicy Orchestrator server to the console tree under
ePolicy Orchestrator and log on to it. You can add multiple servers to the console
tree. If the server appears in the console tree, use Logging on to ePolicy Orchestrator
servers on page 53.
1
In the console tree, select ePolicy Orchestrator.
2
In the details pane under Global Task List, click Add Server. The ePolicy
Orchestrator Login dialog box appears.
Figure 2-2. ePolicy Orchestrator Login dialog box
54
3
Accept the default Server name or type the name of another server.
4
Type the User name and Password of the desired account.
5
Type the HTTP Port number that corresponds to the Server name you
specified.
6
Click OK to connect to the specified server.
Logging off ePolicy Orchestrator servers
Use this procedure to break the connection between the selected ePolicy
Orchestrator server and console.
1
2
In the details pane, click the General tab.
3
Under Task List, click Log Off.
Removing ePolicy Orchestrator servers
Use this procedure to break the connection between the selected ePolicy
Orchestrator server and console if you no longer want the server icon to appear in
the console tree.
n
In the console tree under ePolicy Orchestrator, right-click <SERVER>, then
select Remove Server.
Product Guide
55
Version of the server, console, or policy pages
You can determine the version number of the ePolicy Orchestrator server or
console, and policy (.NAP) pages.
56
n
Determining the version number of the software.
n
Determining the version number of policy pages.
Determining the version number of the software
Use this procedure to determine the version and build numbers, edition, and
license of the software.
1
In the console tree, right-click ePolicy Orchestrator, then select About ePolicy
Orchestrator. The About ePolicy Orchestrator dialog box appears. The version
number appears at the top of this dialog box.
Figure 2-3. About ePolicy Orchestrator dialog box
2
To view the version and build numbers, edition, and license, log on to the
desired ePolicy Orchestrator server. For instructions, see Logging on to or
adding ePolicy Orchestrator servers on page 53.
This information appears below the title (for example, Server Version:
3.0.0.494, Enterprise Edition, Licensed) in the details pane.
Figure 2-4. Version number of the software
Product Guide
57
Determining the version number of policy pages
Use this procedure to determine the version number of policy (.NAP) pages that are
in the Repository.
1
Log on to the desired ePolicy Orchestrator server. For instructions, see
2
In the console tree under ePolicy Orchestrator | <SERVER>, select Directory.
The Policies, Properties, and Tasks tabs appear in the upper details pane.
3
Click the Policies tab.
4
Select the desired product (for example, VirusScan Enterprise 7.0). The
corresponding policy page appears in the lower details pane.
5
The version number (for example, VSE.7.0.0.216) appears below the product
name.
Figure 2-5. Version number of policy pages
58
User accounts
You can grant different levels of rights to users by assigning them a particular type
of ePolicy Orchestrator user account. You can add or delete accounts, or change
passwords on accounts.
n
Types of user accounts.
n
Adding user accounts.
n
Deleting user accounts.
n
Changing passwords on user accounts.
Types of user accounts
The ePolicy Orchestrator user accounts include global administrator, global
reviewer, site administrator, and site reviewer.
Administrator-level user accounts have read, write, and delete permissions.
Reviewer-level user accounts have read-only permissions.
Account rights are further restricted based on whether a global or site account is
selected. In general, global accounts have rights to all operations on all client
computers; site accounts are restricted to operations on client computers within
the specified site under the Directory. In addition, global operations (for example,
adding user accounts) are reserved for use only by global administrator user
accounts.
n
Global administrator user accounts.
n
Global reviewer user accounts.
n
Site administrator user accounts.
n
Site reviewer user accounts.
Global administrator user accounts
A global administrator user account (admin) is set up automatically when you
install the software. You cannot delete this user account.
Global administrator user accounts have read, write, and delete permissions, and
rights to all operations. In addition, operations that affect the entire installation are
reserved for use only by global administrator user accounts. For these reasons, we
recommend that you reserve access to this type of account to a limited set of
people.
You must log on to ePolicy Orchestrator servers using a global administrator
account to:
n
Create, change, or delete global distributed repositories.
Product Guide
59
n
Define or remove source repositories.
n
Define or remove the fallback repository.
n
Export or import the repository list.
n
Check packages into the master repository.
n
Move packages between branches.
n
Delete packages from the master repository.
n
Schedule pull or replication tasks.
n
Change server settings.
n
Work with server events.
n
Schedule Synchronize Domains server tasks.
n
Change site-level IP subnet masks.
n
Verify the integrity of IP management settings.
n
Run enterprise-wide reports.
n
Add user accounts.
n
Delete user accounts.
n
Create, rename, or delete sites.
n
Move computers from the global Lost&Found.
n
Use the Getting Started wizard.
n
If you use ePolicy Orchestrator authentication, global administrators can
view and change all options on all tabs in the Events dialog box. Other users
can only view this information.
n
Limit events that are stored in the ePolicy Orchestrator database.
n
Import events into ePolicy Orchestrator databases.
Global reviewer user accounts
With read-only permissions, global reviewer user accounts can view all settings in
the software, but cannot change any of these settings.
Site administrator user accounts
Site administrator user accounts have read, write, and delete permissions and
rights to all operations (except those restricted to global administrator user
accounts) on the specified site, as well as all groups and computers underneath it.
60
Site reviewer user accounts
With read-only permissions, site reviewer user accounts can view the same
settings as site administrator accounts, but cannot change any of these settings.
One exception being that although site reviewer accounts can view the task
summary, these account cannot view task details.
Adding user accounts
Use this procedure to set up new user accounts.
NOTE
You must be a global administrator to set up user accounts.
1
Log on to the desired ePolicy Orchestrator server using a global
administrator user account. For instructions, see Logging on to or adding
ePolicy Orchestrator servers on page 53.
2
3
In the details pane, click the Users tab.
Figure 2-6. Users tab
Product Guide
61
4
Click Create user. The Add New User page appears.
Figure 2-7. Add New User page
5
Type a Name for the user account.
6
In Role, select the level of access rights that you want to assign to this user
account:
w
Administrator — Has read, write, and delete permissions and rights to
all operations on all client computers
w
Reviewer — Has read-only permissions to all settings in the software,
but does not have rights to change any of these settings.
62
w
Site Administrator — Has read, write, and delete permissions and rights
to all operations (except those restricted to global administrator user
accounts) on the specified site, as well as all groups and computers
underneath it.
w
Site Reviewer — Has read-only permissions on the specified site and all
groups and computers underneath it, but does not have rights to
change any settings.
7
If you select Site Administrator or Site Reviewer in Role, select the Site to
which you want to grant permission.
8
Type a Password, then Confirm password.
9
Click Save to save the current entries and return to the Users tab.
Deleting user accounts
Use this procedure to delete user accounts.
NOTE
You must be a global administrator to delete user accounts. You cannot
delete the default global administrator user account (admin).
1
2
3
4
Select the desired User Name, then click Delete users.
Product Guide
63
Changing passwords on user accounts
Use this procedure to change passwords on existing user accounts.
NOTE
Global administrators can change passwords on all user accounts; other
users can only change passwords on their own accounts.
1
2
3
4
Select the desired User Name, then click Modify user.
64
5
In the Modify User page, select change password, then type the new Password,
and Confirm password.
Figure 2-10. Modify User page
6
Click Save to save the current entries and return to the Users tab.
Product Guide
65
Server settings
You can change various settings that control how the ePolicy Orchestrator server
behaves. You can change most settings dynamically; however, you must reinstall
the software to change the name of the server or the port number the server uses
for HTTP communication.
n
Changing ePolicy Orchestrator server settings.
n
Setting the IP address of ePolicy Orchestrator servers.
Changing ePolicy Orchestrator server settings
Use this procedure to change settings on the selected ePolicy Orchestrator server.
NOTE
If you need to change the port number that the server uses for HTTP
communication or the name of the server, back up all ePolicy
Orchestrator databases, uninstall the software, then assign the new port
number or name when you re-install the software.
If you change the IP address of the server via the operating system, the
new IP address is automatically updated in the SITEINFO.INI file.
1
2
3
In the details pane, click the Settings tab.
Figure 2-11. Settings tab
66
4
5
Accept the default (1,000) or change the number of Maximum connections.
Accept the default (25) or change the Concurrent legacy Agent auto-upgrade
download limit.
NOTE
This option effects only agents 2.5.1 or earlier.
6
Accept the default (2,048KB) or change the Event log size.
7
Accept the default (81) or type a different Console-to-server port. Although
you can change this port number, we do not recommend doing so. Changes
take effect within one minute.
NOTE
If you change the port number used for console-to-server
communication, be sure make the change on all consoles and use the
new port number when logging on to the server.
8
Accept the default (8081) or type a different Agent wakeup port.
9
Accept the default (8082) or type a different SuperAgent wakeup port.
NOTE
If you change the port number from which the server sends agent or
SuperAgent wakeup calls, agent wakeup calls are disabled until the
next agent-to-server communication.
10 Specify whether you want to Enable global updating and the Global updating
randomization interval to use. For instructions, see Global updating on
page 319.
11 Click Apply settings to save the current entries.
Setting the IP address of ePolicy Orchestrator servers
If an ePolicy Orchestrator server has more than one network card, use this
procedure to specify which IP address that you want ePolicy Orchestrator agents
and consoles to use to connect to the server. Otherwise, the first binding IP address
is used.
1
In a text editor, open SERVER.INI. This file is located in the DB folder in the
installation directory. The default location is:
C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3
If you upgraded the software from version 2.0, 2.5, or 2.5.1, the default
location is:
C:\PROGRAM FILES\MCAFEE\EPO\3
Product Guide
67
2
Type the following line in SERVER.INI:
SERVERIPADDRESS=<IP ADDRESS>
Where <IP ADDRESS> is the IP address of the server. If <IP ADDRESS> is blank,
the first binding IP address to used.
68
3
Save the SERVER.INI file.
4
Stop and restart the McAfee ePolicy Orchestrator 3.0 Server service.
Depending on the operating system that you are using, this procedure varies.
For instructions, see the Microsoft product documentation.
5
Deploy the agent or SITEINFO.INI to effected client computers. For
instructions, see Agent deployment on page 277.
Server tasks
You can schedule tasks that run on the selected ePolicy Orchestrator server to
perform maintenance on the ePolicy Orchestrator database and Repository. You
can also review the status of each task.
n
Default server tasks.
n
Creating server tasks.
n
Changing server tasks.
n
Deleting server tasks.
n
Reviewing the status of server tasks.
Default server tasks
The default set of server tasks are described below. These tasks are always
available. Other tasks might also be available depending on the products that you
are managing. For a list of tasks that apply to each product, see the Configuration
Guide for that product.
n
Inactive Agent Maintenance — Moves computers with inactive agents to a
specified group or deletes them from the Directory. This task does not
uninstall the agent.
n
Repository Pull — Retrieves packages from the source repository you specify,
then integrates the packages into the master repository.
n
Repository Replication — Updates distributed repositories to maintain
identical copies of packages in the master repository.
n
Synchronize Domains — Synchronizes selected Windows NT domains that
you have imported into the Directory with their counterparts on the network.
Creating server tasks
Use this procedure to create new server tasks. For a list of these tasks, see Server
tasks on page 69.
You can also perform the Inactive Agent Maintenance and Synchronize Domains
tasks manually. For instructions, see Finding computers in the Directory on page 139
and Synchronizing domains manually on page 137, respectively.
1
2
Product Guide
69
3
In the details pane, click the Scheduled Tasks tab.
Figure 2-12. Scheduled Tasks tab
4
Click Create task to open the Configure New Task page.
Figure 2-13. Configure New Task page
70
5
Type a descriptive Name for the task.
6
Specify the Task type.
7
Select Yes under Enable task; otherwise, the task won't start, regardless of
settings on this page.
8
Select the frequency for the task in Schedule type, then specify the options for
the frequency you specified. For example, if you select Daily in Schedule type,
Daily options appear.
9
Click Advanced schedule options to display more options.
a
Schedule the task to be recurring. For instructions, see Scheduling
recurring server tasks on page 72.
b
Schedule the task to start in the future. For instructions, see Scheduling
server tasks to start in the future on page 73.
10 To start this task randomly, select Yes under Randomize execution time, then
type the Maximum delay within which you want to start the task.
11 To ensure that this task is started if the server was not available during the
scheduled time, select Yes under Run missed task. To delay the task after the
server becomes available, type the amount of delay in Delay missed task by.
12 To limit the amount of time for which the task can run before it is
automatically cancelled, select Stop task if execution time exceeds limit, then
specify the time limit.
13 Click Next.
14 Specify task-specific settings. For instructions, see the appropriate
procedure:
w Scheduling Inactive Agent Maintenance server tasks on page 295.
w Synchronizing domains automatically on page 135.
w Scheduling Repository Pull server tasks on page 215.
w Scheduling Repository Replication server tasks on page 220.
Product Guide
71
Scheduling recurring server tasks
Use this procedure to schedule recurring server tasks.
1
Create or change the desired server task. For instructions, see Creating server
tasks on page 69 or Changing server tasks on page 74, respectively.
2
Click Advanced schedule options.
Figure 2-14. Advanced schedule options for server tasks
3
Select a Start Time.
4
In Start Date, specify a beginning date for the date range in which you want
the task to run.
5
Select End Date, then specify an ending date for the date range in which you
want the task to run. Otherwise, the task repeats indefinitely.
6
To specify the duration and frequency of a recurring task, select Repeat task,
then make the following selections:
7
72
a
In Every, specify the time interval that you want the task repeated.
b
In Until, specify the time limits for the recurring task.
Click Next.
8
Specify task-specific settings. For instructions, see the appropriate
procedure:
Scheduling server tasks to start in the future
Use this procedure to schedule server tasks that you want to start in the future.
1
Create or change the desired server task. For instructions, see Creating server
tasks on page 69 or Changing server tasks on page 74, respectively.
2
Click Advanced schedule options.
Figure 2-15. Advanced schedule options for server tasks
3
Select a Start Time.
4
the task to run.
Product Guide
73
5
Select End Date, then specify an ending date for the date range in which you
6
Click Next.
7
procedure:
Changing server tasks
Use this procedure to change existing server tasks.
1
2
3
4
Select the desired task, then click Modify task.
74
5
In the Modify Task page, change the settings of this task as needed.
Figure 2-17. Modify Task page
6
Click Next.
7
procedure:
Deleting server tasks
Use this procedure to delete server tasks you no longer want to run.
1
2
Product Guide
75
3
4
Select the desired tasks, then click Delete tasks.
5
Click OK when asked whether you want to delete all selected tasks.
Reviewing the status of server tasks
Use this procedure to review the status of server tasks.
76
1
2
3
In the details pane, click the Task Logs tab.
Figure 2-19. Task Logs tab
4
The date and time that the server task log was last updated appears in
Current as of. To refresh the server task log, click Refresh.
5
To delete the contents of the server task log, click Purge.
6
The status of each server task appears in the Status column:
w
Completed Successfully — Task completed successfully.
w
Executing — Task was started.
w
Scheduled — This message appears when you create or change server
tasks.
w
Ran With Errors — Task was started, but was not completed
successfully.
Product Guide
77
Server events
You can work with all information, warning, and error events for each ePolicy
Orchestrator server. You can view and refresh server events, save them to a file, or
print them. For more information on Microsoft Event Viewer, see the Event Viewer
Help file.
n
Viewing server events.
n
Refreshing server events.
n
Saving server events to a file.
n
Printing server events.
Viewing server events
Use this procedure to view server events.
1
2
3
Figure 2-20. General tab
78
4
Under Task List, click Server Events to open the Server Event Viewer dialog
box.
Figure 2-21. Server Event Viewer dialog box
5
To view a detailed description of a server event, select the desired Date
checkbox. The Server Event Detail dialog box appears.
Figure 2-22. Server Event Detail dialog box
Product Guide
79
Refreshing server events
Use this procedure to update the Server Event Viewer dialog box with events that
have been received since you initially opened it.
1
2
3
80
4
box.
5
On the View menu, click Refresh.
Saving server events to a file
Use this procedure to save server events to a file.
1
2
Product Guide
81
3
4
box.
5
82
To save all server events to a Server Log (.LOG) file, click Save As on the File
menu.
To save only selected server events to a Server Log file, select the desired
events, then click Save As on the File menu. In the Save As dialog box, select
Selected Items only.
6
In File name, accept the default file name (SRVEVENT.LOG) or type a different
name for the Server Log file.
7
In Save in, specify the path (for example, C:\PROGRAM FILES\NETWORK
ASSOCIATES\EPO\3) where you want to save the file.
8
Click Save.
Printing server events
Use this procedure to print all or selected server events to the default printer. For
more information on how to specify the default printer, see the Windows Help file.
1
2
3
Product Guide
83
4
box.
5
To print all server events to the default printer, click Print on the File menu.
To print only selected server events to the default printer, select the desired
events, then click Print on the File menu.
84
The Small Business Getting Started wizard
The Small Business Getting Started wizard allows you to configure several
important settings quickly. The wizard allows you to choose to:
n
Deploy the ePolicy Orchestrator agent to specified Windows NT domains.
n
Download the agent installation package (FRAMEPKG.EXE) for manual
deployment to computers.
n
Enable VirusScan deployment upon installation of the agent.
n
Apply small business policies.
Using the Small Business Getting Started wizard
1
If the wizard does not appear automatically, do the following:
a
b
c
Under Task List, click Small Business Getting Started Wizard.
The Small Business Getting Started wizard appears.
Figure 2-29. Small Business Getting Started wizard
Product Guide
85
NOTE
Select Don’t show this wizard at logon if you don’t want the wizard to
start automatically when you log on.
2
Click Next to open the Agent Deployment — Configure Automated Deployment
dialog box.
Figure 2-30. Agent Deployment — Configure Automated Deployment dialog box
3
Choose whether to deploy the ePolicy Orchestrator agent to all computers.
If you don’t have domains (for example, if you use NetWare), or you don’t
want to change the current settings with the wizard, select I want to skip this
step, then Next.
86
If you use Windows NT domains, and want to add computers belonging to
a domain:
a
Select I want to automatically deploy the agent to the Windows NT domains
I specify, then click Next.
b
On the Configure Automated Deployment — Select Domains dialog box,
select the desired domains to which to deploy the agent, then click Next.
Figure 2-31. Configure Automated Deployment — Select Domains dialog box
c
Enter the account credentials, then click OK.
NOTE
The account you enter must have domain administrator rights.
d
Verify the domain information, then click Next.
Product Guide
87
4
From the Agent Deployment — Manual Deployment dialog box you can
download the agent installation package (FRAMEPKG.EXE) to deploy manually
to computers running Windows 95, Windows 98, or Windows Me (that do
not have remote administrator enabled). This is also useful to deploy the
agent to computers that do not belong to a Windows NT domain.
Figure 2-32. Agent Deployment — Manual Deployment dialog box
If you do not want to deploy the agent installation program manually, click
Next.
88
If you want to deploy the agent installation package manually:
a
Click Download and select the location to which you want to save the
agent installation package.
b
Create an e-mail message with installation instructions, attach the agent
installation package, then send the e-mail message when desired.
NOTE
You can also deploy the agent manually. For information, see Agent
c
Click Next.
Figure 2-33. Agent Policies and Tasks — Enable VirusScan Deployment Task dialog box
5
On the Agent Policies and Tasks — Enable VirusScan Deployment Task dialog
box, choose whether the agents deploy VirusScan when they are installed,
then click Next.
NOTE
The agent deploys VirusScan Enterprise 7.0 to computers using
Windows NT, Windows 2000, Windows XP, and Windows 2003 Server.
The agent deploys VirusScan 4.5.1 to computers using Windows 95 and
Windows 98. The agent deploys VirusScan only to computers that do
not already have it installed.
Product Guide
89
NOTE
If VirusScan software has not been loaded into the repository, a
message appears stating that the software is not in the repository. You
need to browse to and select the package files into the repository.
6
On the Part 2: Agent Policies and Tasks — Enable Small Business Policies
dialog box, choose whether to enable the small business policies, then click
Next.
The small business settings are predefined policies and tasks designed to
help you get started with the software, including:
w Send report data to the ePolicy Orchestrator server every hour.
w Request updated policies and tasks from the server every hour.
w Send high-priority data to the server immediately, so you can view the
most current data in reports.
w Check the McAfee web site for new virus definition (DAT) files every
fifteen minutes.
w Scan computers for virus infections every day at 12:00 PM local time.
w Enforce policies every five minutes.
w Imports the domain into the console and checks for new machines in the
domain, adds them to the console, and enforces policies (domain
synchronization).
90
7
On the Ready to Start dialog box, review the tasks that the wizard will
perform, then click Next.
Figure 2-34. Ready to Start dialog box
NOTE
You can return to previous dialog boxes if necessary to edit information.
8
Click Finish.
NOTE
When you click Finish, the agent and Small Business Edition policies are
deployed. Ensure you want these deployed before you click Finish.
Product Guide
91
92
The Directory
3
The Directory contains all of the computers that you want to manage via
ePolicy Orchestrator and is the link to the primary interfaces for managing
these computers. You can organize computers under the Directory into logical
groupings (for example, functional department or geographic location) or sort
them by IP address using console tree items called sites and groups. You can
set policies (product configuration settings) and schedule tasks (for example,
to update virus definition files) for computers at any level (site, group, or
computer) under the Directory and at the Directory level itself. The Directory
also contains a Lost&Found group. For information, see Lost&Found groups on
page 123.
n
Automatic IP address sorting.
n
Sites.
n
Groups.
n
Computers.
n
Adding WebShield appliances.
n
Lost&Found groups.
n
Verifying the integrity of the Directory.
n
IP management settings.
n
Manual IP address sorting.
n
Managing the Directory.
Product Guide
93
The Directory
Automatic IP address sorting
The ePolicy Orchestrator software provides the ability to sort items in the Directory
by both IP address ranges and IP subnet masks. You can organize the Directory in
discrete blocks that correspond to company or geographic assignments of IP
addresses and subnet masks at the site or group level. Large companies can
manage different geographical sites from a single installation. Managed service
providers (MSP) have the ability to provide uniform anti-virus protection to all of
their clients from a single console, while maintaining sites separately through
assignment of IP address ranges or IP subnet masks to specific sites or groups.
This feature enhances security by ensuring that site-level accounts can only see the
site for which they have rights. Agents responding during their initial
agent-to-server communications interval are assigned to the site-level Lost&Found
group based on their IP address, restricting access to only the global administrator
and the appropriate site administrator.
n
Guidelines for IP management settings.
n
Search order.
Guidelines for IP management settings
If you decide to organize the Directory using IP management settings, be sure to
observe the following guidelines when assigning these settings to sites and groups.
NOTE
These guidelines only apply the first time that the agent communicates
with the ePolicy Orchestrator server.
n
Site — If you haven’t assigned an IP address range or IP subnet mask to a
site, groups underneath it cannot have an IP address range or IP subnet mask
assigned to them.
n
Superset — The IP address range or IP subnet mask of a site must be a
superset of those assigned to groups underneath it.
n
Subset — The IP address range or IP subnet mask of each group underneath
a site must be a subset of those assigned to the site that contains these groups.
n
Overlap — The IP address range or IP subnet mask of groups underneath a
site cannot overlap each other.
After the initial contact, the agent updates whatever location to which it has been
assigned. If the IP address in the unique agent ID does not match any of the
assigned IP address ranges or IP subnet masks, the agent is placed in the global
Lost&Found so that a global administrator can assign it to the appropriate location.
If the IP address range or IP subnet mask does match one of the sites, the agent data
is placed in the site-level Lost&Found. The site administrator then assigns the agent
to whatever group is appropriate.
94
The Directory
Search order
When an agent contacts the server for the first time, the server searches for the
appropriate site whose IP mask or range matches the agent’s IP address, using the
following order:
NOTE
To enable the search order feature on first communication, you must
install the agent using a non-push method, such as login scripts. You
cannot use this feature if the agent is pushed. We recommend using a
login script. For instructions, see Updating logon scripts to install the agent
on page 287.
1
Site IP mask/range — If the site IP mask or range matches the agent’s IP
address, the server continues the search within that site. If the site IP mask or
range does not match the agent’s IP address, the search continues in all other
sites that do not have IP mask settings.
If the site IP mask or range matches the agent’s IP address, but the server
cannot match the IP mask or range at the computer or domain level, the
server creates a domain group under the site Lost&Found group, then adds a
computer node under the domain group.
2
Computer name — If the computer node whose node name matches the
agent’s computer name is located, the agent is linked to that node.
3
Domain name — If the group node whose node name matches the agent’s
domain name is located, the server continues the search within that domain’s
deepest group, for the matching IP mask or range. If an IP mask or range that
matches the agent’s IP address is located, the server creates a computer node
with the agent’s name and links the agent to that computer node. If an IP
mask or range that matches the agent’s IP address is not located, the server
creates a computer node under the domain group.
4
Deepest group under this site that matches IP mask — If the group node
does not match an agent’s domain name, the server continues to search for
the deepest group, under that site, that has a matching IP mask. After a
matching group is located, the server creates a computer node with the
agent’s computer name and links the agent to that computer node.
5
No match is found — If the server cannot find an IP match to any site in the
Directory, the server creates a domain group under global Lost&Found, then
creates a computer node under the domain group. You must have global
administrator rights to move a group from global Lost&Found.
Product Guide
95
The Directory
The domain name search rule takes precedence over the IP group rule. If you want
the computer to go to the appropriate IP group, you should either create the IP
group under the domain group or do not create the domain group under the site.
Following are three scenarios to demonstrate how this works:
Scenario A
Directory
SiteA (161.69.0.0/16)
North_America (Domain group)
IPGroupA (161.69.82.0/24)
Scenario B
Directory
SiteA (161.69.0.0/16)
IPGroupA (161.69.82.0/24)
Scenario C
Directory
SiteA (161.69.0.0/16)
North_America (Domain group)
IPGroupA (161.69.82.0/24)
When a client computer with an IP address of 161.69.82.100 in the North_America
domain connects to the server in scenarios A and B, the computer correctly falls
into IPGroupA. However, in scenario C, the computer goes to the North_America
domain group instead of IPGroupA because the domain name takes precedence
over the IP group.
96
The Directory
Sites
Sites allow you to organize computers together under the Directory. You must
create sites before you can create groups or add computers under the Directory.
Sites can contain groups or computers. Each site also contains a Lost&Found group.
For information, see Lost&Found groups on page 123. You can assign IP address
ranges or IP subnet masks to sites so you can sort computers by IP address.
NOTE
You must be a global administrator to create, rename, or delete sites.
If you create a site by importing a Windows NT domain, you can automatically
send the agent installation package to all imported computers in the domain.
n
Importing sites based on network domains.
n
Adding sites manually.
Product Guide
97
The Directory
Importing sites based on network domains
Use this procedure to create a site under the Directory with the same name as the
selected Windows NT domain and import all computers belonging to that domain
under the site. You can assign IP address ranges or IP subnet masks to the site at
the same time. You can also automatically send the agent installation package to
all imported computers.
NOTE
You must be a global administrator to create sites.
1
2
Directory, then select New | Site. The Add Sites dialog box appears.
Figure 3-1. Add Sites dialog box
98
The Directory
3
Click Browse to open the Directory Browser dialog box and select the desired
domain.
4
Click OK to return to the Add Sites dialog box.
5
Assign an IP address range or IP subnet mask to this site as needed. For
instructions, see Assigning IP management settings to a newly added site on
page 102.
6
Send the agent to all computers in the sites that appear in Sites to be added
as needed. For instructions, see Sending the agent to all computers in a newly
added site on page 103.
7
Click OK.
Product Guide
99
The Directory
Adding sites manually
Use this procedure to create a site under the Directory. For example, you might find
this procedure useful to group computers belonging to different Windows NT
domains together if you want to enforce the same policy on them. You can also
assign IP address ranges or IP subnet masks to the site at the same time.
NOTE
You must be a global administrator to create sites.
1
2
Directory, then select New | Site. The Add Sites dialog box appears.
100
The Directory
3
Click Add to open the New Site dialog box and define the sites that you want
to add to the Directory.
Figure 3-3. New Site dialog box
4
Type a Name for the new site.
5
Assign an IP address range or IP subnet mask to this site as needed. For
instructions, see Assigning IP management settings to a newly added site on
page 102.
6
Click OK to return to the Add Sites dialog box.
7
Send the agent to all computers in the sites that appear in Sites to be added
as needed. For instructions, see Sending the agent to all computers in a newly
added site on page 103.
8
Click OK.
Product Guide
101
The Directory
Assigning IP management settings to a newly added site
Use this procedure to assign IP address ranges or IP subnet masks to a site at the
same time that you are adding it to the Directory.
1
Add a site to the Directory. For instructions, see Importing sites based on
network domains on page 98 or Adding sites manually on page 100.
2
In the Add Sites dialog box, select the site from Sites to be added, then click
Edit. The New Site dialog box appears.
Figure 3-4. New Site dialog box
3
Click Add. The IP Management dialog box appears.
Figure 3-5. IP Management dialog box
102
The Directory
4
Select IP subnet mask or IP range and type the appropriate values.
5
Click OK twice to return the Add Sites dialog box.
Sending the agent to all computers in a newly added site
Use this procedure to send the agent installation package to all computers being
imported along with a site at the same time that you are adding it to the Directory.
This method uses Windows NT push technology.
NOTE
If you want to deploy the agent from the console to computers using
Windows 95, Windows 98, or Windows Me, you must set up remote
administration on these computers before you deploy the agent. For
instructions, see Setting up remote administration on Windows 95, Windows
98, or Windows Me computers on page 283. If you deploy the agent to
these computers using any other method, you do not need to set up
remote administration on them. The agent installation begins the next
time users log on to these computers.
Windows XP Home, you must enable network access on these
computers before you deploy the agent. For instructions, see Enabling
network access on Windows XP Home computers on page 283.
1
Add a site to the Directory. For instructions, see Importing sites based on
network domains on page 98.
Product Guide
103
The Directory
2
In the Add Sites dialog box, select Send agent package.
3
To hide the installation of the agent from the user, select Suppress agent
installation GUI.
4
Accept the default Installation path (<SYSTEM_DRIVE>\EPOAGENT) or type a
different path on the client computer where you want to install the agent.
You can also click
to insert variables into the Installation path. For a list,
see Variables on page 528.
5
To use the credentials you provided in the Server Service Account dialog box
when you installed the software, select Use ePO server credentials.
NOTE
If you selected Use Local System Account in the Server Service Account
dialog box when you installed the software, you cannot use the ePolicy
Orchestrator server credentials to deploy the agent.
To embed user credentials in the agent installation package, deselect Use ePO
server credentials, then type the User account and Password.
104
The Directory
Groups
Like sites, groups allow you to organize computers together under the Directory.
After you create a site, you can create groups under them. Groups can contain
other groups or computers. You can assign IP address ranges or IP subnet masks
to groups to sort computers by IP address. If you create a group by importing a
Windows NT domain, you can automatically send the agent installation package
to all imported computers in the domain.
n
Importing groups based on network domains.
n
Adding groups manually.
Product Guide
105
The Directory
Importing groups based on network domains
Use this procedure to create a group under a site or another group in the Directory
with the same name as the selected Windows NT domain and import all
computers belonging to that domain under the group. You can assign IP address
ranges or IP subnet masks to the group at the same time. You can also
automatically send the agent installation package to all imported computers.
1
2
In the console tree under ePolicy Orchestrator | <SERVER> | Directory,
right-click <SITE> or <GROUP>, then select New | Group. The Add Groups
dialog box appears.
Figure 3-7. Add Groups dialog box
3
106
Click Browse to open the Directory Browser dialog box and select the desired
domain.
The Directory
4
Assign an IP address range or IP subnet mask to this group as needed. For
instructions, see Assigning IP management settings to a newly added group on
page 110.
5
Click OK to return to the Add Groups dialog box.
6
Send the agent to all computers in the groups that appear in Groups to be
added as needed. For instructions, see Sending the agent to all computers in a
newly added group on page 111.
7
Click OK.
Product Guide
107
The Directory
Adding groups manually
Use this procedure to create a group under a site or another group in the Directory.
For example, you might find this procedure useful to enforce the same policy on
computers belonging to different Windows NT domains. You can also assign IP
address ranges or IP subnet masks to the group at the same time.
1
2
right-click <SITE> or <GROUP>, then select New | Group. The Add Groups
dialog box appears.
108
The Directory
3
Click Add to open the New Group dialog box and define the groups that you
want to add to the Directory.
Figure 3-9. New Group dialog box
4
Type a Name for the new group.
5
Assign an IP address range or IP subnet mask to this group. For instructions,
see Assigning IP management settings to a newly added group on page 110.
6
Click OK twice.
Product Guide
109
The Directory
Assigning IP management settings to a newly added group
Use this procedure to assign IP address ranges or IP subnet masks to a group at the
same time that you are adding it to the Directory.
1
Add a group to the Directory. For instructions, see Importing groups based on
network domains on page 106 or Adding groups manually on page 108.
2
In the Add Groups dialog box, select the group from Groups to be added, then
click Edit. The New Group dialog box appears.
Figure 3-10. New Group dialog box
3
110
The Directory
4
Select IP subnet mask or IP range and type the appropriate values.
5
Click OK twice to return the Add Groups dialog box.
Sending the agent to all computers in a newly added group
Use this procedure to send the agent installation package to all computers being
imported along with a group at the same time that you are adding it to the
Directory. This method uses Windows NT push technology.
NOTE
1
Add a group to the Directory. For instructions, see Importing groups based on
network domains on page 106.
Product Guide
111
The Directory
2
In the Add Groups dialog box, select Send agent package.
3
installation GUI.
4
You can also click
5
NOTE
112
The Directory
Computers
In the console tree, computers represent the physical computers on the network
that you want to manage. You must deploy (install) the agent on all computers that
you want to manage. You can add computers under existing sites or group in the
Directory. You can automatically send the agent installation package to computers
at the same time, except when you import them from a text file.
n
Importing computers based on network domains.
n
Adding computers manually.
n
Importing computers from text files.
Product Guide
113
The Directory
Importing computers based on network domains
Use this procedure to import all computers belonging to the selected Windows NT
domain under an existing site or group in the Directory. You can also automatically
send the agent installation package to all imported computers at the same time.
1
2
right-click <SITE> or <GROUP>, then select New | Computer. The Add
Computers dialog box appears.
Figure 3-13. Add Computers dialog box
114
3
Click Browse to open the Computer Browser dialog box and select the desired
computers.
4
Click OK to return to the Add Computers dialog box.
The Directory
5
Send the agent to all computers that appear in Computers to be added as
needed. For instructions, see Sending the agent to all newly added computers on
page 117.
6
Click OK.
Product Guide
115
The Directory
Adding computers manually
Use this procedure to add computers under an existing site or group in the
Directory. For example, you might find this procedure useful to enforce the same
policy on computers belonging to different Windows NT domains. You can also
automatically send the agent installation package to these computers at the same
time.
1
2
right-click <SITE> or <GROUP>, then select New | Computer. The Add
Computers dialog box appears.
116
The Directory
3
Click Add to open the New Computer dialog box.
Figure 3-15. New Computer dialog box
4
Type a Name for the new computer.
5
Click OK to return to the Add Computers dialog box.
6
Send the agent to all computers that appear in Computers to be added as
needed. For instructions, see Sending the agent to all newly added computers on
page 117.
7
Click OK.
Sending the agent to all newly added computers
Use this procedure to send the agent installation package to computers at the same
time that you are adding them to the Directory. This method uses Windows NT
push technology.
NOTE
1
Add computers to the Directory. For instructions, see Importing computers
based on network domains on page 114 or Adding computers manually on
page 116.
Product Guide
117
The Directory
2
In the Add Computers dialog box, select Send agent package.
3
installation GUI.
4
You can also click
5
NOTE
118
The Directory
Importing computers from text files
Use this procedure to import computers, organize them into groups, and add them
under existing sites or groups in the Directory, using a text file that defines these
computers and groups and their organization.
NOTE
Be sure to manually verify the syntax of entries and computer and
group names in the desired text file before you use it to import
computers.
1
Create the site or group into which you want to import computers. For
instructions, see Adding sites manually on page 100 or Adding groups manually
on page 108, respectively.
2
Create a text file that defines the console tree items you want to add to the
Directory. For information, see Format of text files used to import computers on
page 120.
3
right-click <SITE> or <GROUP>, then select All Tasks | Import Computer. The
Importing Computers from a Text File dialog box appears.
4
Click Continue to open the Import From File dialog box.
5
Select the desired text file.
6
Click Open to import computers into the selected site or group.
Product Guide
119
The Directory
Format of text files used to import computers
You can use text files to import computers, organize them into groups, and add
them under existing sites or groups in the Directory. Use the following entries
within text files to define the computers and group that you want to add to the
Directory and their organization:
n
Computer name only — Type each computer name on a separate line. Each
computer is added under the selected site or group. Use this syntax:
<COMPUTER>; for example, Computer One.
n
Group and single computer — Type the group name followed by the
computer name. The computer is added under the specified group in the
selected site or group. Use this syntax: <GROUP>\<COMPUTER>; for example,
ITDomain\1Computer.
n
Group and multiple computers — Type the group name and each
individual computer name on separate lines. Each computer is added under
the specified group in the selected site or group. Use this syntax:
<GROUP>\
<COMPUTER>
<COMPUTER>
For example,
DevDomain\
AComputer
BComputer
CComputer
120
The Directory
Sample text file used to import computers
The table below shows how the group and computer entries will appear in the
Directory after the text file is used to import these groups and computers.
If the contents of the text file is...
DevDomain\
Then, the selected site or group under the
Directory looks like this...
<SITE> or <GROUP>
AComputer
BComputer
DevDomain
CComputer
HRDomain\2Computer
HRDomain\3Computer
AComputer
BComputer
ITDomain\1Computer
Computer One
CComputer
ComputerOne
HRDomain
2Computer
3Computer
ITDomain
1Computer
Computer One
ComputerOne
Product Guide
121
The Directory
Adding WebShield appliances
Use this procedure to add WebShield appliances under an existing site or group in
the Directory, in order to access the WebShield user interface.
1
2
right-click <SITE> or <GROUP>, then select New | WebShield Appliance. The
New WebShield Appliance Configuration dialog box appears.
Figure 3-17. New WebShield Appliance Configuration dialog box
122
3
Type a Name. You must use a different name than the site or group, and a
different name than the host name of the appliance.
4
In URL, type the same URL that you use to access the WebShield user
interface from a web browser.
5
Click OK.
The Directory
Lost&Found groups
Lost&Found groups store computers for which the ePolicy Orchestrator server
cannot determine their appropriate location in the Directory. The server uses the IP
management settings, computer names, domain names, and site or group names
to determine where to place computers.
NOTE
We recommend not managing computers from Lost&Found groups.
First, move unidentified computers to the appropriate locations in the
Directory, then manage them.
If you delete computers from the Directory, you also need to uninstall the agent
from these computers. Otherwise, these computers will continue to appear in the
Directory as the agent will continue to communicate to the server.
Lost&Found groups appear under the Directory and under every site in the console
tree.
2
1
Figure 3-18. Lost&Found groups
1 Global Lost&Found group — This group contains computers that do not match any
site in the Directory. Only global administrators have full access to the global
Lost&Found.
2 Site-level Lost&Found groups — Lost&Found groups at the site level contain
computers that match the IP management settings or name assigned to that site. Site
administrators can access Lost&Found groups in sites for which they have rights.
Product Guide
123
The Directory
Verifying the integrity of the Directory
You need to verify that all computers in the Directory have unique names and — if
you are sorting computers by IP address — that the IP address ranges and IP
subnet masks assigned to sites and groups under the Directory follow the IP
management guidelines.
n
Finding duplicate computer names in the Directory.
n
Verifying the integrity of IP management settings.
Finding duplicate computer names in the Directory
Use the Duplicate Computer names query in the Directory Search dialog box to find
duplicate computer names. For instructions, see Finding computers in the Directory
on page 139.
124
The Directory
Verifying the integrity of IP management settings
Use this procedure to verify that the IP address ranges and IP subnet masks within
the Directory follow the guidelines for IP management settings. For more
information, see Guidelines for IP management settings on page 94.
NOTE
You must be a global administrator to verify the integrity of IP
management settings.
1
2
Directory, then select All Tasks | IP Integrity Check. The Check IP Integrity
dialog box appears.
Figure 3-19. Check IP Integrity dialog box
3
Click Start to search for conflicting IP addresses and IP subnet masks. The
type of conflict found and the site, group, or computer causing the conflict
appears in List of conflicts. For information on these conflicts, see List of IP
management conflicts on page 126.
4
Select the conflict you want to review in List of conflicts. A description of the
conflict displays in Details.
Product Guide
125
The Directory
5
To jump to the site or group listed in the First node or Second node column,
click the First node or Second node button, respectively. The IP Management
page appears in the details pane.
Figure 3-20. IP Management page
6
To resolve conflicts, add, change, and delete IP address ranges or IP subnet
masks as needed. For instructions, see IP management settings on page 127.
7
Repeat Step 3 through Step 6 until no conflicts are found.
List of IP management conflicts
The different types of IP management conflicts reported in the Check IP Integrity
dialog box are listed below.
126
If the Type
column displays...
Then the First node column
displays...
And the Second node column
displays...
Site
The site without an IP address
range or IP subnet mask.
The group under this site with
an IP address range or IP
subnet mask.
Subset
The site with an IP address
range or IP subnet mask.
The group under this site
whose IP address range or IP
subnet mask falls outside the
range defined by the site.
Overlap
The group whose IP address
range or IP subnet mask
overlaps with the group in the
Second node column.
The group whose IP address
range or IP subnet mask
overlaps with the group in the
First node column.
The Directory
IP management settings
If you are sorting computers by IP address, you can assign new or change existing
IP management settings to sites or groups after you add them to the Directory.
n
Assigning IP management settings to existing sites or groups.
n
Changing IP management settings of existing sites or groups.
n
Deleting IP management settings from existing sites or groups.
Assigning IP management settings to existing sites or groups
Use this procedure to assign IP address ranges or IP subnet masks to existing sites
or groups.
1
2
In the console tree under ePolicy Orchestrator | <SERVER> | Directory, select
<SITE> or <GROUP>. The Policies, Properties, and Tasks tabs appear in the
details pane.
3
Click the Properties tab. The IP Management page appears.
Product Guide
127
The Directory
4
5
Select IP Subnet Mask or IP Range and type the appropriate values.
6
Click OK, then click Apply to save the current entries.
7
Sort computers by IP address to apply these settings to the selected site or
group. For instructions, see Sorting computers by IP address manually on
page 133.
Changing IP management settings of existing sites or groups
Use this procedure to change the IP address ranges or IP subnet masks assigned to
existing sites or groups.
128
1
2
details pane.
The Directory
3
4
Select the desired value, then click Edit. The IP Management dialog box
appears.
5
Change the IP Subnet Mask and number of significant bits, or change the IP
Range.
6
Click OK, then click Apply to save the current entries.
7
page 133.
Product Guide
129
The Directory
Deleting IP management settings from existing sites or groups
Use this procedure to delete IP address ranges or IP subnet masks assigned to
existing sites or groups.
1
2
details pane.
3
130
4
Select the desired value, then click Delete.
5
Click Apply to save the current entries.
6
page 133.
The Directory
Manual IP address sorting
You can manually sort computers by IP address in the Directory using the IP
Sorting wizard. The IP integrity of the Directory must be valid before the wizard
can sort the computers. If you define IP management settings after the initial
agent-to-server communication, you need to manually sort computers by IP
address. The wizard uses two sorting methods:
n
The non-explicit sorting method is the default and sorts as follows:
w Follow the rules set by the explicit sorting method, unless one of the
rules set in the non-explicit sorting methods takes precedence.
w If the computer is in a group that does not have an IP range, but that
group is under a group that matches the computer’s IP range, then leave
it where it was found.
w If a computer resides under a group that is less appropriate than
another group that has the correct IP range, the computer will be moved
to the more appropriate group.
n
The explicit sorting method is an alternative method you can enable by
inserting a new key in the CONSOLE.INI file. The explicit sorting method sorts
as follows:
w Computer IP must match the IP range of its parent site. If no suitable site
is found, the computer will be moved to the site specified by the user
(global Lost& Found by default).
w (Optional) — If the computer belongs to a site, and no other groups are
valid under that site, a new group must be created under the site
Lost&Found before the computer can be moved to this site. The new
group must be named after domain that the computer belongs to. This
can only be enabled via the option in the CONSOLE.INI file.
The UseExplicitLostFound option determines how we treat systems that need
to be moved to the Lost&Found or a site. If this option is enabled, computers are
moved directly to the root of the Lost&Found or site. If the
UseExplicitLostFound option is not enabled (default), and a computer needs to
be moved to a site, the computer is moved to the site level Lost&Found. In addition,
if a computer needs to be moved to any Lost&Found (including the explicit move
from site level), we create the computer’s domain as a group under the Lost&Found
and move the computer under the new Lost&Found/domain group.
n
Specifying how to sort computers by IP address.
n
Sorting computers by IP address manually.
Product Guide
131
The Directory
Specifying how to sort computers by IP address
Use this procedure to specify the sorting method and rules for moving computers
used by the IP Sorting wizard. This wizard sorts computers by IP address.
1
In a text editor, open the CONSOLE.INI file located in the installation directory.
The default location is:
location is:
The non-explicit sorting method and rules for moving computers are the
default settings as indicated below:
[Sorting]
UseExplicitLostFound=0
UseExplicit=0
2
To enable the explicit sorting method or rules for moving computers, make
this change:
[Sorting]
UseExplicitLostFound=1
UseExplicit=1
3
132
Save the file.
The Directory
Sorting computers by IP address manually
Use this procedure to sort computers in the Directory by IP address, based on the
following:
n
The IP management settings you specify in sites and groups.
n
The sorting method and rules for moving computers used by the IP Sorting
wizard.
If you define IP management settings after the initial agent-to-server
communication, you need to manually sort computers by IP address.
1
Verify the integrity of IP management settings. For instructions, see Verifying
the integrity of IP management settings on page 125.
2
Directory, then select All Tasks | Sort Computers by IP. The IP Sorting wizard
appears.
3
Click Next to open the IP Sorting Options dialog box.
Figure 3-26. IP Sorting wizard — IP Sorting Options dialog box
4
Under Options, select where you want to locate computers with IP addresses
that fall outside the IP address ranges and IP subnet masks specified for the
site or groups in which each computer resides.
5
To exclude computers without IP management settings from being sorted,
select Ignore machines with no IP address.
Product Guide
133
The Directory
134
6
Click Next to sort the computers in the Directory using their IP management
settings.
7
Click Next, then Finish.
The Directory
Managing the Directory
You can easily keep sites, groups, and computers that you imported from
Windows NT domains aligned with their counterparts on the network; find
computers in the Directory using a variety of criteria to pinpoint them, then
perform selected commands on them; and move console tree items around in the
Directory.
n
Synchronizing domains automatically.
n
Synchronizing domains manually.
n
Finding computers in the Directory.
n
Moving items in the Directory.
Synchronizing domains automatically
Use this procedure to synchronize selected Windows NT domains that you have
imported into the Directory with their counterparts on the network. You can also
perform this task manually. For instructions, see Synchronizing domains manually
on page 137.
NOTE
If the domains you select do not already exist in the Directory, they are
automatically added as sites. If there is an existing site or group with the
same name as a domain you select, the computers in the domain are
added to that site or group.
When computers join a specified domain, this task does the following:
n
Adds the computers to the corresponding site or group in the Directory.
n
Deploys the agent using the user account you provided.
NOTE
Because the agent cannot be deployed to all operating systems in this
manner, you might need to manually deploy the agent to some
computers. For instructions, see Agent deployment on page 277.
n
Applies policies and tasks for the site or group to the computers.
When computer leave a specified domain, this task remove the computers from the
Directory.
Product Guide
135
The Directory
1
Create a Synchronize Domains server task. For instructions, see Creating server
tasks on page 69. The Synchronize Domains Task page appears.
Figure 3-27. Synchronize Domains Task page
2
To add another domain, click Add. The Add/Edit Domain dialog box appears.
To provide a different set of credentials for a domain, select the domain, then
click Modify. The Add/Edit Domain dialog box appears.
Figure 3-28. Add/Edit Domain dialog box
136
3
In the Add/Edit Domain dialog box, type domain administrator user account
information as needed, then click OK.
4
To remove a domain from the task, select the domain, then click Delete.
5
Click Finish when done.
The Directory
Synchronizing domains manually
Use this procedure to synchronize Windows NT domains that you have imported
into the Directory with their counterparts on the network. At the same time, you
can also uninstall agents from all computers that no longer belong to the specified
domain. You can also perform this task automatically. For instructions, see
Synchronizing domains automatically on page 135.
NOTE
If you use the Getting Started wizard to import computers belonging to
selected domains, you need to synchronize domains differently. For
information, see the ePolicy Orchestrator Getting Started Guide.
1
2
right-click <SITE> or <GROUP>, then select All Tasks | Update Domain. The
Update Domain dialog box appears.
Figure 3-29. Update Domain dialog box
3
To move all or selected computers from the network domain to the selected
site or group, click Add All or Add, respectively.
Product Guide
137
The Directory
To delete all or selected computers from the selected site or group, click
Remove All or Remove, respectively.
To uninstall the agent from computers at the same time that you are deleting
them from the selected site or group, select Uninstall agent from computers
when they are removed from the group.
4
138
Click OK when done.
The Directory
Finding computers in the Directory
Use this procedure to quickly find computers using predefined search queries. For
example, you can use the Computers with a specific DAT version query to find
computer without the minimum level of protection. You can then perform selected
commands on the computers in the search results.
1
2
Directory, then select Search. The Directory Search dialog box appears.
Figure 3-30. Directory Search dialog box
3
To display the path of computers, select Get the location of each computer in
the search results.
Product Guide
139
The Directory
4
Select the desired query in Search for.
5
For each Field Name listed, specify the Operator and Value to apply to the
selected query.
6
Click Search Now. Computers that match the search criteria display under
Search Results.
7
You can perform the following commands on the computers in Search
Results:
w To install the agent, select the desired computers, right-click them, then
select Send Agent Install. The Send Agent Install dialog box appears. For
instructions, see Deploying the agent from the console on page 281.
w To send an agent wakeup call, select the desired computers, right-click
them, then select Agent Wakeup Call. The Agent Wakeup Call dialog box
appears. For instructions, see Sending agent wakeup calls on page 296 or
Sending SuperAgent wakeup calls on page 297.
w To move computers to another site or group, select the desired
computers, right-click them, then select Move To.
w To remove computers from the Directory, select the desired computers,
right-click them, then select Delete. To also remove the agent from these
computers, select Uninstall agent from all connected computers.
w To save or print the search results, right-click any computer, then select
Save As or Print.
140
The Directory
Pattern matching
Using the Directory Search dialog box, you can use the following wildcard
characters in conjunction with the Operator like to find computers in the Directory.
Table 3-1. List of wildcard characters
Use this character...
To find...
For example...
%
Any string of zero or more
characters.
like computer% finds computer1,
computerNT, and computers.
like %computer% finds
computer1, computerNT,
computers, and my computer.
_
Any single character.
like computer_ finds computer1
and computers.
like computer__ finds
computerNT.
[]
[^]
Any single character
within a specified range;
such as [a-f]; or set; such
as [abcd].
like PDX[abc] finds PDXA,
PDXB, PDXC.
Any single character that
is not within a specified
range; such as [â-f]; or
set; such as [âbcd].
like PDX[âbc] finds PDXD,
PDXF, and PDXG.
like IT[a-b]-Test finds
ITA-Test, and ITB-Test.
like IT[â-b]-Test finds
ITD-Test and ITF-Test.
Moving items in the Directory
Use this procedure to organize the Directory by moving groups, computers, or
appliances to other sites and groups. You can also move these console tree items
using a drag-and-drop operation. In addition, you can move desired items after
finding them using predefined search queries. For instructions, see Finding
computers in the Directory on page 139.
NOTE
You must be a global administrator to move items from global
Lost&Found.
1
2
right-click <GROUP>, <COMPUTER>, or <APPLIANCE>, then select Cut.
Product Guide
141
The Directory
142
3
Right-click the site or group to which you want to move the item, then select
Paste.
4
Verify the integrity of IP management settings. For instructions, see Verifying
the integrity of IP management settings on page 125.
4
Managed Products
In addition to the products and product updates that you can check into the master
repository and replicate to distributed software repositories (for more information,
see Software Repositories on page 147), you can add policy pages and report
templates to the Repository. Policy pages allow you to set policies and create
scheduled tasks for products. For more information, see Policies, Properties, and
Client Tasks on page 225. Report templates are used to create reports and using
data on any database server. For more information, see Reporting on page 327.
NOTE
Policy pages and report templates are not added to the master
repository; they are stored on the corresponding ePolicy Orchestrator
server.
n
Adding policy pages to the Repository.
n
Adding report templates to the Report Repository.
n
Removing policy pages from the Repository.
Product Guide
143
Managed Products
Adding policy pages to the Repository
Use this procedure to add policy pages to the Repository. Policy pages allow you
to set policies and create scheduled tasks for products.
NOTE
Policy pages are not added to the master repository; they are stored on
the corresponding ePolicy Orchestrator server.
1
2
Repository, then select Configure Repository. The Software Repository
Configuration Wizard appears.
Figure 4-1. Software Repository Configuration Wizard
144
3
Select Add new software to be managed, then click Next. The Select a Software
Package dialog box appears.
4
Select the Software Package (.NAP) file for the desired language version of the
product, then click Open. The Software Package file is uncompressed, then
the individual files are added to the Repository.
Managed Products
Adding report templates to the Report Repository
Use this procedure to add report templates to the Report Repository. After you add
report templates, they are available for reporting purposes.
NOTE
Report templates are not added to the master repository; they are stored
in the Report Repository on the corresponding ePolicy Orchestrator
server.
1
2
Repository, then select Configure Repository. The Software Repository
Configuration Wizard appears.
Figure 4-2. Software Repository Configuration Wizard
3
Select Add new reports, then click Next. The Select a Software Package dialog
box appears.
4
Select the Software Package (.NAP) file for the desired language version of the
report templates, then click Open. The Software Package file is
uncompressed, then the individual files are added to the Report Repository.
Product Guide
145
Managed Products
Removing policy pages from the Repository
Use this procedure to remove policy pages that you no longer want to manage via
ePolicy Orchestrator. Policy pages allow you to set policies and create scheduled
tasks for products.
1
2
In the console tree under ePolicy Orchestrator | <SERVER> | Repository |
Managed Products | <PLATFORM>, right-click <PRODUCT NAME> or <PRODUCT
VERSION>.
3
146
Click Yes when asked whether you want to remove the selected software.
The policy pages and tasks for all language versions of the selected product
are removed from the Repository.
5
Software Repositories
The distributed software repository architecture of ePolicy Orchestrator makes it
easy to deploy products and product updates throughout your enterprise. This can
be done rapidly and securely while conserving valuable bandwidth resources.
n
Importing McAfee AutoUpdate Architect repositories.
n
Enabling or disabling the management of distributed repositories.
n
Setting up distributed software repositories.
n
Common implementations.
n
Repository types.
n
Creating repositories.
n
Specifying how the nearest repository is selected.
n
Proxy server settings.
n
Managing repositories.
n
Repository list.
n
Product and product update packages.
n
Checking in and managing packages.
n
Pull and replication tasks.
Product Guide
147
Importing McAfee AutoUpdate Architect
repositories
Use this procedure to import the configuration settings of repositories defined in
the McAfee AutoUpdate Architect software into the ePolicy Orchestrator software.
The master repository is converted into a global distributed repository and proxy
server settings are not preserved.
We recommend that you import repositories from McAfee AutoUpdate Architect
before you start setting up repositories in ePolicy Orchestrator.
If you are choose to migrate the configuration settings from the AutoUpdate 7.0
policy page for use with ePolicy Orchestrator 2.5 when you installed ePolicy
Orchestrator, this procedure might create duplicate global distributed and local
repositories.
WARNING
Before you uninstall McAfee AutoUpdate Architect, make a backup
copy of the SITEMGR.XML file located in the installation directory and
store it in a safe location. The default location of the McAfee
AutoUpdate Architect installation directory is:
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE AUTOUPDATE
ARCHITECT
You cannot import a repository list (SITELIST.XML) was that exported
from McAfee AutoUpdate Architect or ePolicy Orchestrator for this
purpose.
You must be a global administrator to import the repository list from
McAfee AutoUpdate Architect.
148
1
2
In the console tree under ePolicy Orchestrator | <SERVER>, select Repository.
3
In the details pane under AutoUpdate Components, click Source Repository.
The Source and Fallback Repositories page appears.
Figure 5-1. Source and Fallback Repositories page
4
Click Import repository list to open the Open dialog box, and select the
McAfee AutoUpdate Architect repository list (SITEMGR.XML).
5
Review the source and fallback repositories that appear, and make changes
as needed. For instructions, see Redefining the default source repository on
page 182, Redefining the fallback repository on page 186, and Removing source or
fallback repositories on page 199.
6
Review the global distributed repositories that were imported, and make
changes as needed. For instructions, see Changing global distributed repositories
on page 190, and Deleting global distributed repositories on page 195.
7
If you migrated the configuration settings from the AutoUpdate 7.0 policy
page when you installed ePolicy Orchestrator, review the local distributed
repositories that were imported, and make changes as needed. For
instructions, see Changing local distributed repositories on page 192 and
Removing local distributed repositories on page 197.
Product Guide
149
Enabling or disabling the management of
distributed repositories
If you want to manually manage distributed software repositories, use this
procedure to disable the management of distributed repositories via ePolicy
Orchestrator for selected client computers. You might find this setting useful when
during the initial roll-out of distributed software repositories or when making
significant changes to its organization. This setting is enabled by default. Changes
take effect during the next agent-to-server communication.
1
On the Repositories tab in the ePolicy Orchestrator Agent | Configuration
policy page, deselect Inherit. For instructions on where to find this page, see
Setting agent policies on page 250.
Figure 5-2. Repositories tab in the ePolicy Orchestrator Agent | Configuration policy page
2
To enable management, select Use ePO configured repositories.
To disable management, select Use client configured repositories.
3
150
Click Apply All to save the current entries.
Setting up distributed software repositories
Use these tasks to set up and manage distributed software repositories:
1
Plan your repository organization. For more information, see Common
implementations on page 152.
2
Create distributed repositories as needed. For more information and
instructions, see these topics:
w Global distributed repositories on page 155.
w Creating global distributed repositories on page 158.
w Local distributed repositories on page 155.
w Defining local distributed repositories on page 163.
w SuperAgent distributed repositories on page 156.
w Creating SuperAgent distributed repositories on page 166.
3
Create source repositories as needed. For more information and instructions,
see Source repositories on page 156 and Defining source repositories on page 167.
4
Check in product and product update packages. For more information and
instructions, see Product and product update packages on page 203 and Checking
in packages on page 206.
5
Schedule a Repository Pull server task or run the task immediately. For
instructions, see Scheduling Repository Pull server tasks on page 215 or Running
a pull task immediately on page 217, respectively.
6
Schedule a Repository Replication task or run the task immediately. For
instructions, see Scheduling Repository Replication server tasks on page 220 or
Running a replication task immediately on page 221, respectively.
Product Guide
151
Common implementations
This section describes some common distributed software repository
implementations:
n
Small business scenario.
n
Mid-sized business scenario.
n
Pre-deployment testing scenario.
Small business scenario
An organization with 100 users wants to obtain the latest McAfee anti-virus
product updates automatically from McAfee Security for all computers on the
network running McAfee anti-virus products. They would like to have all
computers pull updates from an internal location to conserve corporate
bandwidth.
A suggested implementation follows:
n
Create a scheduled pull task to deliver the latest updates automatically from
the default source repository on the Network Associates HTTP Download
web site to the master repository, so that the updates are available to the
destination computers on the network. For more information and
instructions, see Source repositories on page 156 and Scheduling Repository Pull
server tasks on page 215, respectively.
Mid-sized business scenario
An organization with 350 users wants to deliver the latest McAfee anti-virus
products and product updates automatically to all computers on its network. All
computers should pull updates from three internal locations to conserve corporate
bandwidth, and reduce update transfer delays.
152
1
Create two distributed repositories. For instructions, see Creating repositories
on page 158.
2
Create a scheduled pull task to deliver the latest updates automatically to the
master repository from the default fallback repository. For more information
and instructions, see Fallback repository on page 157 and Scheduling Repository
Pull server tasks on page 215, respectively.
3
Create a scheduled replication task to replicate the latest updates
automatically from the master repository to the distributed repositories. For
instructions, see Scheduling Repository Replication server tasks on page 220.
4
Export the repository list (SITELIST.XML) to the specific computers requiring
updates from the repositories, so that the destination computers know where
to look for the updates. See the documentation for the products which will be
retrieving updates from the repositories.
To support a larger organization, this implementation can be scaled by adding
distributed repositories as needed.
Pre-deployment testing scenario
An organization wants to exercise strict control over the testing and deployment
of new products and product updates. An administrator controls the delivery of
anti-virus updates to its test network, and the release of approved updates from
the test network to the production network.
1
Install two ePolicy Orchestrator servers, one on the test network, and one on
the production network. For instructions, see the ePolicy Orchestrator 3.0
Installation Guide.
2
On the production network, define the master repository of the test network
as a source repository for the production network. For instructions, see
Defining source repositories on page 167.
3
On the test network, check in packages to the master repository, or create a
pull task using the default source repository. These packages are deployed to
the test network and validated. For more information and instructions, see
Source repositories on page 156, and Checking in and managing packages on
page 206 or Scheduling Repository Pull server tasks on page 215, respectively.
4
Once the updates are approved for release to the production network, initiate
a pull task from the master repository on the test network to the master
repository on the production network. For instructions, see Scheduling
Repository Pull server tasks on page 215.
Product Guide
153
Repository types
To enable an enterprise-scalable architecture there are several types of distributed
software repositories each with its own function:
n
Master repository.
n
Global distributed repositories.
n
Local distributed repositories.
n
Mirror distributed repositories.
n
SuperAgent distributed repositories.
n
Source repositories.
n
Fallback repository.
Master repository
The master repository maintains an original copy of the packages in the source
repository. The ePolicy Orchestrator server is the master repository. A single
master repository can replicate packages to hundreds of distributed repositories.
At the master repository level, you can:
n
Check in product and product update packages.
n
Schedule tasks to replicate those packages to global or SuperAgent
distributed repositories.
n
Schedule tasks to pull packages from source or fallback repositories and
integrate them into the master repository.
Supported protocols
n
154
SPIPE.
Global distributed repositories
Each global distributed repository maintains an identical copy of the packages in
the master repository. The master repository replicates packages to global and
SuperAgent distributed repositories. For instructions, see Creating global distributed
repositories on page 158.
Supported protocols
n
HTTP servers.
n
FTP servers.
n
UNC shares.
NOTE
Replication cannot be performed to distributed repositories on FTP
server through a proxy server. For more information, see the proxy
server product documentation.
Local distributed repositories
Local distributed repositories are locations accessible only from the client
computer; for example, a mapped drive or FTP server whose address can only be
resolved from a local DNS server. Local distributed repositories are defined in the
agent policy for selected client computers. For instructions, see Defining local
distributed repositories on page 163.
NOTE
Since local distributed repositories can only be accessed from client
computers, replication tasks do not copy packages from the master
repository to local distributed repositories; you must manually update
local distributed repositories with the desired packages.
Supported protocols
n
HTTP servers.
n
FTP servers.
n
UNC shares.
n
Local directories.
n
Mapped drives.
Product Guide
155
Mirror distributed repositories
Mirror distributed repositories are local directories on client computers whose
replication is done using a Mirror client task. Mirror tasks copy the contents of the
first repository in the repository list to the local directory you specify on the client
computer. If you share this location, then define it as a local distributed repository
in the repository list, other client computers can retrieve updates from it. These
repositories are useful to handle replication in decentralized networks. For
instructions, see Defining mirror distributed repositories on page 165.
Supported protocols
n
Local directories.
SuperAgent distributed repositories
You can create SuperAgent distributed repositories in place of using dedicated
servers for global distributed repositories. The master repository can replicate
packages to global and SuperAgent distributed repositories. For instructions, see
Creating SuperAgent distributed repositories on page 166.
Supported protocols
n
Local directories.
NOTE
Replication cannot be performed to distributed repositories on FTP
server through a proxy server. For more information, see the proxy
server product documentation.
Source repositories
Source repositories define a location from which a master repository retrieves
packages. By default, the following Network Associates HTTP Download web site
(NAIHttp) is defined as a source repository. This site hosts virus definition and virus
scanning engine packages only.
http://update.nai.com/Products/CommonUpdater
NOTE
McAfee Security recommends creating another source repository so
that the fallback repository can be used in case an issue develops with a
primary source repository.
156
You can redefine the default source repository or define other master repositories
as source repositories. By creating source repositories that retrieve packages from
other master repositories, you can create an enterprise-scalable organization of
update servers. For instructions, see Redefining the default source repository on
page 182 or Defining source repositories on page 167, respectively.
Supported protocols
n
HTTP servers.
n
FTP servers.
n
UNC shares.
Fallback repository
Client computers retrieve their updates from the nearest repository in their
repository list (SITELIST.XML). If none of these repositories are available, client
computers retrieve packages from the fallback repository. You can only define one
fallback repository.
By default, the following Network Associates FTP Download web site (NAIFtp) is
defined as the fallback repository. This site hosts virus definition and virus
scanning engine packages only.
ftp://ftp.nai.com/CommonUpdater
You can redefine the default fallback repository to use a location on your intranet,
so that client computers always retrieve their updates from an internal repository.
For instructions, see Redefining the default source repository on page 182.
Supported protocols
n
HTTP servers.
n
FTP servers.
n
UNC shares.
Product Guide
157
Creating repositories
Because the master repository is the ePolicy Orchestrator server, it’s created for
you. You need to create each distributed repository. You can redefine the default
source and fallback repositories and define additional source repositories. You can
also switch source and fallback repositories.
n
Creating global distributed repositories.
n
Defining local distributed repositories.
n
Defining mirror distributed repositories.
n
Creating SuperAgent distributed repositories.
n
Defining source repositories.
Creating global distributed repositories
Use this procedure to create global distributed repositories. For more information,
see Global distributed repositories on page 155.
NOTE
You must be a global administrator to create global distributed
repositories.
158
1
2
3
In the details pane under AutoUpdate Tasks, click Add distributed repository.
The Add repository wizard appears.
4
Click Next to open the repository configuration dialog box.
Figure 5-3. Add repository wizard — repository configuration dialog box
5
In Name, type a descriptive name for this repository. Repository names must
be unique.
6
In Type, select Distributed Repository.
7
Specify the type of server or path (FTP, HTTP, or UNC) where you want to
store the repository, then click Next.
Product Guide
159
8
In the protocol configuration dialog box, provide the address and port
information of the repository, then click Next.
Figure 5-4. Add repository wizard — FTP protocol configuration dialog box
w If you selected FTP in Step 7, type the web address in URL and the FTP
port number in Port.
w If you selected HTTP in Step 7, type the web address in URL and the
HTTP port number in Port.
w If you selected UNC in Step 7, type the network directory where you
want to store the repository in Path. Use this format:
\\<COMPUTER>\<FOLDER>. You can use variables to define this
location. For a list, see Variables on page 528.
160
9
In the download credentials dialog box, provide the download credentials
used by client computers to connect to this repository, then click Next. Use
credentials with read-only permissions to the HTTP server, FTP server, or
UNC share that hosts the repository.
Figure 5-5. Add repository wizard — FTP download credentials dialog box
a
If you selected FTP in Step 7, select Use anonymous login or type the user
account information in User name, Password, and Re-Enter Password.
If you selected HTTP in Step 7 and the HTTP server requires
authentication, select Use Authentication, then type the user account
information in User name, Password, and Re-Enter Password.
If you selected UNC in Step 7, select Use Logged On Account or type the
user account information in Domain, User name, Password, and Confirm
password.
b
To authenticate the user account you specified, click Verify.
Product Guide
161
10 In the replication credentials dialog box, provide the replication credentials
used by the master repository to replicate packages to this repository, then
click Next. Use credentials with read and write permissions to the HTTP
server, FTP server, or UNC share that hosts the repository.
Figure 5-6. Add repository wizard — FTP replication credentials dialog box
a
If you selected FTP in Step 7, type the user account information in User
name, Password, and Re-Enter Password.
If you selected HTTP in Step 7, type the UNC share name of the physical
directory that represents the virtual directory where you want to store
the repository on the HTTP server in Replication UNC. Use this format:
\\<COMPUTER>\<FOLDER>. You can use variables to define this
location. For a list, see Variables on page 528. Type the user account
information for the network directory in Domain, User name, Password,
and Re-Enter Password.
If you selected UNC in Step 7, type the user account information in
Domain, User name, Password, and Re-Enter Password.
b
11 Click Finish to add the repository to the repository list.
12 Click Close after the repository has been added.
162
Defining local distributed repositories
Use this procedure to define local distributed repositories for selected client
computers. For more information, see Local distributed repositories on page 155.
Changes take effect during the next agent-to-server communication.
1
Product Guide
163
2
Click Add to open the Repository options dialog box.
Figure 5-8. Repository options dialog box
3
In Repository, type a descriptive name for this repository. Repository names
must be unique.
4
Under Retrieve files from, specify the type of server or path (HTTP Repository,
FTP Repository, UNC Path, or Local Path) where the repository resides.
5
Provide the address and port information of the repository:
w If you selected HTTP Repository in Retrieve files from, type the web
address in URL and the HTTP port number in Port.
w If you selected FTP Repository in Retrieve files from, type the web
address in URL and the FTP port number in Port.
w If you selected UNC Path in Retrieve files from, type the network
directory where you want to store the repository in Path. Use this
format: \\<COMPUTER>\<FOLDER>. You can use variables to define this
w If you selected Local Path in Retrieve files from, type the path (for
example, C:\REPOSITORY) in Path. You can use variables to define this
164
6
Provide the download credentials used by client computers to connect to this
repository. Use credentials with read-only permissions to the HTTP server,
FTP server, UNC share, or local directory that hosts the repository.
a
If you selected HTTP Repository in Retrieve files from and the HTTP
server requires authentication, select User authentication, then type the
user account information in User name, Password, and Confirm
password.
If you selected FTP Repository in Retrieve files from, select Use
anonymous login or type the user account information in User name,
Password, and Confirm password.
If you selected UNC Path or Local Path in Retrieve files from, select Use
logged on account or type the user account information in Domain, User
name, Password, and Confirm password.
b
7
Click OK to add the repository to the repository list.
8
Defining mirror distributed repositories
Use this procedure to create mirror distributed repositories. For more information,
see Mirror distributed repositories on page 156.
1
Create and schedule a Mirror client task. For instructions, see Creating client
tasks on page 263 and Scheduling client tasks on page 264.
2
On the Task tab in the ePolicy Orchestrator Scheduler dialog box, click
Settings. The Task Settings dialog box appears.
Figure 5-9. Task Settings dialog box — Mirror tasks
3
Deselect Inherit.
4
In Local destination path, type the path (for example, C:\MIRROR REPOSITORY)
where you want to store the distributed repository. If this location doesn’t
exist, it is created for you.
Product Guide
165
5
Click OK twice to save the current entries.
6
To define the location you specified in Step 4 as a local distributed repository,
you must share it. Depending on the operating system that you are using,
this procedure varies. For instructions, see the Microsoft product
documentation.
7
Define the location you specified in Step 4 as a local distributed repository.
For instructions, see Defining local distributed repositories on page 163.
Creating SuperAgent distributed repositories
Use this procedure to create SuperAgent distributed repositories. For more
information, see SuperAgent distributed repositories on page 156. Changes take effect
during the next agent-to-server communication.
NOTE
You can only set this policy at the computer level.
1
On the General tab in the ePolicy Orchestrator Agent | Configuration policy
page, deselect Inherit. For instructions on where to find this page, see Setting
agent policies on page 250.
Figure 5-10. General tab in the ePolicy Orchestrator Agent | Configuration policy page
2
166
Select Enable SuperAgent functionality and Enable SuperAgent repository.
3
In Path to use for repository, type the local directory (for example,
C:\REPOSITORY) where you want to store the repository. You can use variables
to define this location. For a list, see Variables on page 528.
w If the location you specified doesn’t exist, it is created.
w If you change the location, the files are moved to the new location.
w If the location cannot be created for any reason or if you leave this box
blank, the default location is used:
<DOCUMENTS AND SETTINGS>\ ALL USERS\APPLICATION DATA\NETWORK
ASSOCIATES\FRAMEWORK\DB\SOFTWARE
Where <DOCUMENTS AND SETTINGS> is the location of the DOCUMENTS
AND SETTINGS folder, which varies depending on the operating system.
If the operating system does not use a DOCUMENTS AND SETTINGS folder,
the default location is:
<AGENT INSTALLATION PATH>\DATA\DB\SOFTWARE
4
Defining source repositories
Use this procedure to define source repositories. For more information, see Source
NOTE
You must be a global administrator to define source repositories.
1
2
3
In the details pane under AutoUpdate Tasks, click Add source repository. The
Add repository wizard appears.
Product Guide
167
4
Click Next to open the repository configuration dialog box.
Figure 5-11. Add repository wizard — repository configuration dialog box
168
5
In Name, type a descriptive name for this repository. Repository names must
be unique.
6
In Type, select Source Repository.
7
Specify the type of server or path (FTP, HTTP, or UNC) where the repository
resides, then click Next.
8
In the protocol configuration dialog box, provide the address and port
information of the repository, then click Next.
Figure 5-12. Add repository wizard — FTP protocol configuration dialog box
w If you selected FTP in Step 7, type the web address in URL and the FTP
w If you selected HTTP in Step 7, type the web address in URL and the
w If you selected UNC in Step 7, type the network directory where the
repository resides in Path. Use this format: \\<COMPUTER>\<FOLDER>.
You can use variables to define this location. For a list, see Variables on
page 528.
9
repository, then click Next. Use credentials with read-only permissions to the
HTTP server, FTP server, or UNC share that hosts the repository.
a
If you selected FTP in Step 7, select Use anonymous login or type the user
account information in User name, Password, and Re-Enter Password.
If you selected HTTP in Step 7 and the HTTP server requires
Product Guide
169
If you selected UNC in Step 7, select Use Logged On Account or type the
user account information in Domain, User name, Password, and Confirm
password.
b
10 Click Finish to add the repository to the repository list.
11 Click Close after the repository has been added.
170
Specifying how the nearest repository is selected
Use this procedure to specify the order that client computers select repositories
from which to retrieve packages. The agent performs repository selection each
time the agent (McAfee Framework Service) service starts (for example, when the
client computer is turned off and on) and when the repository list changes. For
more information, see Repository list on page 200. Changes take effect during the
1
2
Select Use ePO configured repositories.
3
Under Repository selection, specify the method to use to sort repositories:
w
Ping time — Sends an ICMP ping to all repositories and sorts them by
response time.
w
Subnet value — Compares the IP addresses of client computers and all
repositories and sorts repositories based on how closely the bits match.
The more closely the IP addresses resemble each other, the higher in the
list the repository is placed.
Product Guide
171
w
User defined list — Selects repositories based on their order in the list.
4
All repositories appear in the Repository list. You can disable repositories by
deselecting the box next to their name.
5
If you select User defined list in Repository selection, click Move up or Move
down to specify the order in which you want client computers to select
6
172
Proxy server settings
You need to provide separate proxy server settings for the master repository and
for client computers. The master repository settings enable it to retrieve packages
through a proxy server. The master repository uses these settings to retrieve
packages from source repositories through a proxy server.
The client computer settings enable client computers to retrieve packages through
a proxy server. The agent uses these settings to retrieve packages from repositories
using HTTP or FTP protocols.
NOTE
Agent-to-server communication does not use these settings. However,
agent-to-server communication can be made through a firewall. For
instructions, see Connecting through an ISP and a firewall on page 421.
You can use the proxy server settings in Internet Explorer or specify custom proxy
server settings.
n
Using Internet Explorer proxy server settings (master repository).
n
Defining custom proxy server settings (master repository).
n
Using Internet Explorer proxy server settings (client computers).
n
Setting custom proxy server policies (client computers).
Using Internet Explorer proxy server settings (master repository)
Use this procedure to specify that the master repository uses the proxy server
settings defined in Internet Explorer to retrieve packages from source repositories
through a proxy server.
NOTE
You need to define the actual proxy server settings in Internet Explorer.
1
2
Product Guide
173
3
In the details pane under AutoUpdate Tasks, click Configure proxy settings.
The Edit proxy dialog box appears.
Figure 5-14. Edit proxy dialog box
4
174
On the Options tab, select Use Internet Explorer proxy settings.
5
Click the Authentication tab.
Figure 5-15. Authentication tab in the Edit proxy dialog box
6
7
Provide a user account with permissions to the proxy server specified in
Internet Explorer.
a
Select Use HTTP Proxy Authentication or Use FTP Proxy Authentication.
b
In the User name, Password, and Re-Enter Password boxes that
correspond to the desired protocol, type the user name and password
associated with the user account.
Click OK to save the current entries.
Defining custom proxy server settings (master repository)
Use this procedure to define the settings that the master repository uses to retrieve
packages from source repositories through a proxy server.
1
2
Product Guide
175
3
In the details pane under AutoUpdate Tasks, click Configure proxy settings.
The Edit proxy dialog box appears.
Figure 5-16. Edit proxy dialog box
4
176
On the Options tab, select Manually configure the proxy settings.
5
Click the Servers tab.
Figure 5-17. Servers tab in the Edit proxy dialog box
6
7
Provide the address and port number of the proxy server you want to use to
gain access to distributed repositories using HTTP or FTP protocols.
a
In Address, type the IP address or fully-qualified domain name of the
proxy server.
b
In Port, type the port number of the proxy server.
To specify distributed repositories to which the server can connect directly,
select Bypass Local Addresses, then type the IP addresses or fully-qualified
domain name of those computers separated by a semi-colon (;).
Product Guide
177
8
Click the Authentication tab.
Figure 5-18. Authentication tab in the Edit proxy dialog box
9
Provide a user account with permissions to the proxy server you specified in
HTTP or FTP in Step 6.
a
Select Use HTTP Proxy Authentication or Use FTP Proxy Authentication.
b
In the User name, Password, and Re-Enter Password boxes that
10 Click OK to save the current entries.
178
Using Internet Explorer proxy server settings (client computers)
Use this procedure to specify that client computers use the proxy server settings
defined in Internet Explorer to retrieve packages from repositories through a
proxy server. By default, no proxy server settings are made. For more information,
see Proxy server settings on page 173. Changes take effect during the next
agent-to-server communication.
NOTE
You need to define the actual proxy server settings in Internet Explorer.
1
On the Proxy tab in the ePolicy Orchestrator Agent | Configuration policy page,
deselect Inherit. For instructions on where to find this page, see Setting agent
policies on page 250.
Figure 5-19. Proxy tab in the ePolicy Orchestrator Agent | Configuration policy page
2
Select Use Internet Explorer Proxy Settings.
3
Product Guide
179
Setting custom proxy server policies (client computers)
Use this procedure to define settings for client computers to retrieve packages
from repositories through a proxy server. By default, no proxy server settings are
made. For more information, see Proxy server settings on page 173. Changes take
effect during the next agent-to-server communication.
1
On the Proxy tab in the ePolicy Orchestrator Agent | Configuration policy page,
deselect Inherit. For instructions on where to find this page, see Setting agent
policies on page 250.
Figure 5-20. Proxy tab in the ePolicy Orchestrator Agent | Configuration policy page
180
2
Select Manually configure the proxy settings.
3
Provide the address and port number of the proxy server you want to use to
gain access to distributed repositories using HTTP or FTP protocols.
a
In Address, type the IP address or fully-qualified domain name of the
proxy server.
b
In Port, type the port number of the proxy server.
c
To use same the Address and Port for both HTTP or FTP protocols,
select Use these settings for all proxy types.
4
Provide a user account with permissions to the proxy server you specified in
HTTP or FTP in Step 3.
a
Select Use authentication for HTTP or Use authentication for FTP.
b
In the user name, password, and confirm password boxes that
5
To specify client computers that connect directly to repositories bypassing
the proxy server, select Specify exceptions, then type the IP addresses or
fully-qualified domain name of those computers separated by a semi-colon
(;).
6
Product Guide
181
Managing repositories
You can redefine the default source and fallback repositories or switch source
repositories for the fallback repository and visa versa. You can change the settings
for distributed repositories and view the settings for the master repository. You
can delete all repositories except the master repository.
n
Redefining the default source repository.
n
Redefining the fallback repository.
n
Switching source and fallback repositories.
n
Changing global distributed repositories.
n
Changing local distributed repositories.
n
Changing SuperAgent distributed repositories.
n
Viewing the master repository settings.
n
Deleting global distributed repositories.
n
Removing local distributed repositories.
n
Deleting SuperAgent distributed repositories.
n
Removing source or fallback repositories.
Redefining the default source repository
Use this procedure to redefine the default source repository. For more information,
see Source repositories on page 156.
NOTE
You must be a global administrator to define source repositories.
182
1
2
3
4
Select NAIHttp, then click Edit. The Edit repository dialog box appears.
Product Guide
183
5
On the Configuration tab, type a descriptive name for this repository in Name.
Repository names must be unique.
Figure 5-22. Configuration tab in the Edit repository dialog box
6
184
Under Protocol, specify the type of server or path (FTP, HTTP, or UNC) where
the repository resides.
7
Click the Options tab.
Figure 5-23. Options tab in the Edit repository dialog box
8
w If you selected FTP in Protocol, type the web address in URL and the FTP
w If you selected HTTP in Protocol, type the web address in URL and the
w If you selected UNC in Protocol, type the network directory where the
page 528.
9
FTP server, or UNC share that hosts the repository.
a
If you selected FTP in Protocol, select Use anonymous login or type the
user account information in User name, Password, and Re-Enter
Password.
If you selected HTTP in Protocol and the HTTP server requires
Product Guide
185
If you selected UNC in Protocol, select Use Logged On Account or type
the user account information in Domain, User name, Password, and
Re-Enter Password.
b
Redefining the fallback repository
Use this procedure to redefine the fallback repository. For more information, see
Fallback repository on page 157.
NOTE
You must be a global administrator to define the fallback repository.
1
2
3
4
186
Select NAIFtp, then click Edit. The Edit repository dialog box appears.
5
On the Configuration tab, type a descriptive name for this repository in Name.
Repository names must be unique.
Figure 5-25. Configuration tab in the Edit repository dialog box
6
Under Protocol, specify the type of server or path (FTP, HTTP, or UNC) where
the repository resides.
Product Guide
187
7
Figure 5-26. Options tab in the Edit repository dialog box
8
w If you selected FTP in Protocol, type the web address in URL and the FTP
w If you selected HTTP in Protocol, type the web address in URL and the
w If you selected UNC in Protocol, type the network directory where the
page 528.
9
FTP server, or UNC share that hosts the repository.
a
If you selected FTP in Protocol, select Use anonymous login or type the
user account information in User name, Password, and Re-Enter
Password.
If you selected HTTP in Protocol and the HTTP server requires
188
If you selected UNC in Protocol, select Use Logged On Account or type
the user account information in Domain, User name, Password, and
Re-Enter Password.
b
Switching source and fallback repositories
Use this procedure to make the fallback repository a source repository, or to make
a source repository the fallback repository. For more information, see Source
repositories on page 156 and Fallback repository on page 157.
NOTE
You must be a global administrator to define source or fallback
repositories.
1
2
3
Product Guide
189
4
To make the fallback repository a source repository, select the fallback
repository from the list, then click Make Source.
To make a source repository the fallback repository, select the desired source
repository from the list, then click Make Fallback.
Changing global distributed repositories
Use this procedure to change the settings of global distributed repositories.
NOTE
You must be a global administrator to change global distributed
repositories.
1
2
3
In the details pane under AutoUpdate Components, click Distributed
Repository. The Distributed Repositories page appears.
Figure 5-28. Distributed Repositories page
190
4
Select the desired repository, then click Edit. The Edit repository dialog box
appears.
Figure 5-29. Edit repository dialog box
5
Change settings as needed.
6
Product Guide
191
Changing local distributed repositories
Use this procedure to change the settings of local distributed repositories. Changes
1
192
2
Under Repository list, select the desired repository, then click Edit. the
Repository options dialog box appears.
Figure 5-31. Repository options dialog box
3
Change settings as needed.
4
Product Guide
193
Changing SuperAgent distributed repositories
Use this procedure to change the settings of SuperAgent distributed repositories.
NOTE
1
2
Select Enable SuperAgent functionality and Enable SuperAgent repository.
3
In Path to use for repository, type the local directory (for example,
C:\REPOSITORY) where you want to store the repository. You can use variables
to define this location. For a list, see Variables on page 528.
w If the location you specified doesn’t exist, it is created.
w If you change the location, the files are moved to the new location.
w If the location cannot be created for any reason or if you leave this box
blank, the default location is used:
194
ASSOCIATES\FRAMEWORK\DB\SOFTWARE
Where <DOCUMENTS AND SETTINGS> is the location of the DOCUMENTS
AND SETTINGS folder, which varies depending on the operating system.
If the operating system does not use a DOCUMENTS AND SETTINGS folder,
the default location is:
<AGENT INSTALLATION PATH>\DATA\DB\SOFTWARE
4
Viewing the master repository settings
Use this procedure to view the settings for the master repository.
1
2
3
In the details pane under AutoUpdate Components, click Master Repository.
The Master Repository page appears.
Figure 5-33. Master Repository page
Deleting global distributed repositories
Use this procedure to remove global distributed repositories from the repository
list and delete their contents.
NOTE
You must be a global administrator to delete distributed repositories.
1
Product Guide
195
2
3
In the details pane under AutoUpdate Components, click Distributed
Repository. The Distributed Repositories page appears.
Figure 5-34. Distributed Repositories page
4
196
Select the desired repository, then click Delete.
Removing local distributed repositories
Use this procedure to remove local distributed repositories from the repository list;
you must manually remove their contents. Changes take effect during the next
1
2
Under Repository list, select the desired local distributed repository, then
click Delete. You can also disable repositories by deselecting them.
3
Click Apply All when done.
Product Guide
197
Deleting SuperAgent distributed repositories
Use the procedure to remove SuperAgent distributed repositories from the
repository list and delete their contents. Changes take effect during the next
1
198
2
Deselect Enable SuperAgent repository.
3
Removing source or fallback repositories
Use this procedure to remove source or fallback repositories from the repository
list.
NOTE
You must be a global administrator to remove source or fallback
repositories.
1
2
3
4
Select desired repository, then click Delete.
Product Guide
199
Repository list
The repository list (SITELIST.XML) contains the information client computers need to
select the nearest repository from the list and retrieve updates from them. The
repository list is sent to the agent during agent-to-server communication. You can
also export it to a file and manually deploy, then apply it to client computers using
command-line options.
n
When does the repository list change?
n
Exporting the repository list to a file.
n
Distributing the repository list manually.
When does the repository list change?
These tasks effect the repository list (SITELIST.XML):
n
Enabling or disabling the management of distributed repositories.
n
Creating, changing, or deleting repositories.
n
Specifying how the nearest repository is selected.
n
Adding, changing, or deleting proxy server settings.
Exporting the repository list to a file
Use this procedure to export the repository list (SITELIST.XML) to a file for manual
deployment to client computers or for import during the installation of supported
products. For more information, see Repository list on page 200.
NOTE
You must be a global administrator to export the repository list.
200
1
2
3
4
Click Export repository list. The Export repository list wizard appears.
5
Click Next to open the export location dialog box.
Figure 5-39. Export repository list wizard — export location dialog box
Product Guide
201
6
Type the path where you want to save the repository list, or click Browse to
select a location, then click Next.
7
Click Finish to export the repository list (SITELIST.XML) to the location you
specified.
Distributing the repository list manually
Once you have exported the repository list (SITELIST.XML) to a file, you can import
it during the installation of supported products. For instructions, see the
Installation Guide for that product.
You can also distribute the repository list to client computers, then apply the
repository list to the agent (for example, using third-party deployment tools and
logon scripts). For more information, see Agent installation command-line options on
page 289.
202
Product and product update packages
The distributed software repository feature of ePolicy Orchestrator allows you to
create a central library of supported products and product updates in the master
repository. These products and product updates are then available for deployment
to client computers and for replication to other distributed repositories. By
checking packages into the master repository, you define exactly which supported
products and product updates to deploy and maintain on client computers. All
packages are considered product updates with the exception of the product binary
(Setup) files.
You can check these package types into the master repository.
n
Agent language packages.
n
HotFix releases.
n
Product binary (Setup) files.
n
Product plug-in (DLL) files.
n
Service pack releases.
n
NOTE
To save bandwidth, we recommend that you check in DAT and engine
packages separately instead of checking in a SuperDAT package that
combines these updates.
n
n
n
Each package contains the binary files, detection and installation scripts, and a
package catalog (PKGCATALOG.Z) file.
Legacy product support
Existing (or legacy) products use a flat directory structure in conjunction with the
AutoUpdate and AutoUpgrade client tasks to install product updates. New products
that take advantage of AutoUpdate 7.0 use a hierarchal directory structure and the
Update client task to install product updates.
Product Guide
203
If the update location you specify in the AutoUpdate or AutoUpgrade task settings
is a distributed software repository being managed by ePolicy Orchestrator, you
need to enable legacy product support when you check the corresponding package
into the master repository. Doing so, copies the packages into both directory
structures. This flexibility enables you to continue to support legacy products; for
example, NetShield 4.5; using AutoUpdate and AutoUpgrade tasks. For instructions,
see Checking in packages on page 206 and Product update deployment on page 313.
You can enable legacy product support for these package types:
n
SuperDAT (SDAT*.EXE) packages.
NOTE
We recommend using SuperDAT packages to distribute custom
packages only.
n
Package catalog files
Package catalog (PKGCATALOG.Z) files are created and distributed by Network
Associates. The package catalog file contains details about each package including
the name of the product for which the update is intended, language version, and
any installation dependencies.
Package signing and security
All packages created and distributed by Network Associates are signed with a key
pair using the DSA (Digital Signature Algorithm) signature verification system,
and are encrypted using 168-bit 3DES encryption. A key is used to encrypt or
decrypt sensitive data.
You are notified when you check in packages that are not signed by Network
Associates. If you are confident of the content and validity of the package, continue
with the check-in. These packages are secured in the same manner described
above, but are signed by ePolicy Orchestrator when they are checked in.
Using digital signatures guarantees that packages originated from Network
Associates or were checked in by you, and that they have not been tampered with
or corrupted.
The agent only trusts package catalog files signed by ePolicy Orchestrator or
Network Associates. This protects your network from receiving updates from
unsigned or untrusted sources.
204
Package versioning and branches
Depending on the package type, you can choose to keep up to three versions
(evaluation, current, or previous) of a package. Otherwise, packages are always
checked into the current branch, so only one version is stored in the master
repository. Because HotFix releases are not always cumulative and can require
other HotFix releases, you can check in multiple versions of these packages;
however, each version is still checked into the current branch.
Typically, the evaluation branch is used for testing purposes, and the previous
branch allows you to easily roll back to a previous version of an update. You
specify the branch from which client computers retrieve these updates. For
instructions, see Specifying the branch to retrieve updates on page 314.
These are the package types you can check into the evaluation, current, or previous
branch. All other package types are automatically checked into the current branch.
n
n
n
n
Package ordering and dependencies
If one product update is dependent on another, you must check their packages into
the master repository in the required order. For example, if HotFix 2 requires
HotFix 1, you must check in HotFix 1 before HotFix 2. Packages cannot be
reordered once they are checked in. You must remove them and check them back
in, in the proper order. For instructions, see Deleting packages on page 214. If you
check in a package that supersedes an existing package, the existing package is
removed automatically.
Product Guide
205
Checking in and managing packages
You can check in, view, or delete packages from the master repository. For more
information, see Product and product update packages on page 203.
n
Checking in packages.
n
Manually moving packages between branches.
n
Viewing information about packages in repositories.
n
Deleting packages.
Checking in packages
Use this procedure to check packages into the master repository. For more
information, see Product and product update packages on page 203.
NOTE
You cannot check in packages while pull or replication tasks are
executing.
Service pack, HotFix, and supplemental virus definition (EXTRA.DAT)
files must be checked in manually if using a pull task from the
ftp://ftp.nai.com/CommonUpdater web site as the source repository.
You must be a global administrator to check in packages.
206
1
2
3
In the details pane under AutoUpdate Tasks, click Check in package. The
Check-in package wizard appears.
4
Click Next to open the package type dialog box.
Figure 5-40. Check-in package wizard — package type dialog box
Product Guide
207
5
Select the desired package type (Products or updates, Extra.dat, or SuperDAT),
then click Next. The catalog file dialog box appears.
Figure 5-41. Check-in package wizard — catalog file dialog box
208
6
Type the path of the corresponding package catalog (PKGCATALOG.Z) file, or
click Browse to select this file, then click Next. The summary dialog box
appears.
Figure 5-42. Check-in package wizard — summary dialog box
If the package is unsigned, a message appears notifying you that the validity
of the package cannot be verified. If you are confident of the content and
validity of the package, continue with the check-in. For more information,
see Package signing and security on page 204.
Product Guide
209
7
Click Next to open the branch dialog box.
Figure 5-43. Check-in package wizard — branch dialog box
8
Depending on the package type, you can choose the branch (Evaluation,
Current, or Previous) to check the package into, and whether to move the
package in the current branch to the previous branch. For more information,
see Package versioning and branches on page 205.
9
Select Support legacy product update to copy packages into both the flat
directory structure that existing (or legacy) products use in conjunction with
the AutoUpdate and AutoUpgrade client tasks and the hierarchical directory
structure that new products use in conjunction with the Update client task.
For more information, see Legacy product support on page 203.
10 To move packages in the master repository from the current branch to the
previous branch, select Move the existing package in ‘current’ branch to
‘previous’ branch.
To replace packages in the current branch on the master repository, deselect
Move the existing package in ‘current’ branch to ‘previous’ branch.
11 Click Finish to check in the package.
12 Click Close after the package has been checked in.
210
Manually moving packages between branches
Use this procedure to move packages between the evaluation, current, and
previous branches after they have been checked into the master repository. For
more information, see Package versioning and branches on page 205.
NOTE
You must be a global administrator to move packages between
branches.
1
2
3
In the details pane under AutoUpdate Tasks, click Manage packages. The
Packages page appears.
Figure 5-44. Packages page
4
Select the desired package, then click Copy to current, Copy to Previous, or
Copy to evaluation as needed. The Copy package wizard appears.
Product Guide
211
5
Click Next to open the copy options dialog box.
Figure 5-45. Copy package wizard — copy options dialog box
212
6
If you are moving packages into the current branch, select Support legacy
product update to copy packages into both the flat directory structure that
existing (or legacy) products use in conjunction with the AutoUpdate and
AutoUpgrade client tasks and the hierarchical directory structure that new
products use in conjunction with the Update client task. For more
information, see Legacy product support on page 203.
7
To delete the selected package after it has been moved to the new branch,
select Delete original after copy.
8
Click Finish to move the package.
9
Click Close after package has been moved.
Viewing information about packages in repositories
Use this procedure to view information about packages in the master repository,
global distributed repositories, or SuperAgent distributed repositories. You can
view the branch packages are checked into, the product name and version number,
whether legacy product support was enabled when the package was checked in,
the package type, and the language version.
1
2
To view packages in the master repository:
a
Repository.
b
3
To view packages in global or SuperAgent distributed repositories:
w In the console tree under ePolicy Orchestrator | <SERVER> | Repository |
Software Repositories | Distributed, select <DISTRIBUTED REPOSITORY>.
Product Guide
213
Deleting packages
Use this procedure to delete packages from the master repository.
NOTE
Do not manually delete packages from repositories.
You cannot delete packages while pull or replication tasks are
executing.
You must be a global administrator to delete packages.
1
2
3
4
214
Select the desired packages, then click Delete.
Pull and replication tasks
You can schedule pull and replication tasks or run them on demand. These tasks
allow you to keep the master repository current with source or fallback
repositories, and global and SuperAgent distributed repositories up-to-date with
the contents of the master repository.
n
Scheduling Repository Pull server tasks.
n
Running a pull task immediately.
n
Scheduling Repository Replication server tasks.
n
Running a replication task immediately.
Scheduling Repository Pull server tasks
Use this procedure to schedule a Repository Pull server task. Pull tasks allow you
to specify the source or fallback repository from which you want to retrieve
packages, then integrate the packages into the specified branches in the master
repository. For more information, see Legacy product support on page 203 and
Package versioning and branches on page 205.
NOTE
You must be a global administrator to schedule pull tasks.
1
2
Product Guide
215
3
In the details pane under AutoUpdate Tasks, click Schedule pull tasks. The
Scheduled Tasks tab appears.
4
Create a Repository Pull server task. For instructions, see Creating server tasks
on page 69.
5
On the Repository Pull Task page, specify the Source repository.
Figure 5-49. Repository Pull Task page
216
6
Select the branch (Current, Previous, or Evaluation) into which you want
packages copied.
7
If you select the Current branch, you can also make these selections:
a
directory structure that existing (or legacy) products use in conjunction
with the AutoUpdate and AutoUpgrade client tasks, and the hierarchical
directory structure that new products use in conjunction with the
Update client task. For more information, see Legacy product support on
page 203.
b
To move packages in the master repository from the current branch to
the previous branch, select Move existing packages to the ‘previous’
branch.
To replace packages in the current branch with the packages you are
checking in, deselect Move existing packages to the ‘previous’ branch.
8
Running a pull task immediately
Use this procedure to run a pull task immediately. Pull tasks allow you to specify
the source or fallback repository from which you want to retrieve packages, then
integrates the packages into the specified branches in the master repository. For
more information, see Legacy product support on page 203 and Package versioning and
branches on page 205.
NOTE
You must be a global administrator to schedule pull tasks.
1
2
3
In the details pane under AutoUpdate Tasks, click Pull now. The Pull Now
wizard appears.
Product Guide
217
4
Click Next to open the select repositories dialog box.
Figure 5-50. Pull Now wizard — select repositories dialog box
218
5
Select the desired repository, then click Next. The branches dialog box
appears.
Figure 5-51. Pull Now wizard — branches dialog box
6
Select the branch (Current, Previous, or Evaluation) into which you want
packages copied. For more information, see Package versioning and branches on
page 205.
7
directory structure that existing (or legacy) products use in conjunction with
the AutoUpdate and AutoUpgrade client tasks and the hierarchical directory
structure that new products use in conjunction with the Update client task.
For more information, see Legacy product support on page 203.
8
To move packages in the master repository from the current branch to the
previous branch, select Move the existing package in ‘current’ branch to
‘previous’ branch.
To replace packages in the current branch on the master repository, deselect
Move the existing package in ‘current’ branch to ‘previous’ branch.
9
Click Finish to run the task.
10 Click Close after the task has completed.
Product Guide
219
Scheduling Repository Replication server tasks
Use this procedure to schedule a Repository Replication server task. Replication
tasks update global and SuperAgent distributed repositories to maintain identical
copies of all packages in all branches that are in the master repository. You can also
update only selected distributed repositories. For instructions, see Running a
replication task immediately on page 221.
We recommend scheduling a full replication task on a weekly basic and an
incremental replication task on a daily basis.
NOTE
You must be a global administrator to schedule replication tasks.
1
2
3
In the details pane under AutoUpdate Tasks, click Schedule replication tasks.
The Scheduled Tasks tab appears.
4
220
Create a Repository Replication server task. For instructions, see Creating
server tasks on page 69.
5
On the Repository Replication Task page, specify the type of replication task
(Full replication or Incremental replication).
Figure 5-53. Repository Replication Task page
6
Running a replication task immediately
Use this procedure to run a replication task immediately. Replication tasks update
global and SuperAgent distributed repositories to maintain identical copies of all
packages in all branches that are in the master repository. You can update all or
only selected distributed repositories.
NOTE
You must be a global administrator to schedule replication tasks.
1
2
3
In the details pane under AutoUpdate Tasks, click Replicate now. The
Replicate Now wizard appears.
Product Guide
221
4
Click Next to open the distributed repositories dialog box.
Figure 5-54. Replicate Now wizard — distributed repositories dialog box
222
5
Select the desired repositories, then click Next. The replication type dialog
box appears.
Figure 5-55. Replicate Now wizard — replication type dialog box
6
Specify the type of replication task (Full replication or Incremental replication),
then click Finish to run the task.
7
Click Close after the task has completed.
Product Guide
223
224
6
Policies, Properties, and
Client Tasks
You can deploy the agent and products using the default policies (configuration
settings) or change these settings beforehand.
n
Policies.
n
Agent policies.
n
Setting agent policies.
n
Properties.
n
Client tasks.
Product Guide
225
Policies, Properties, and Client Tasks
Policies
You can set agent and product policies (configuration settings) before you deploy
them or use the default policies, and change them as needed after deployment.
Information provided here on setting policies does not describe the
product-specific settings, but rather defines policies and related concepts and their
use. However, agent policy settings are described. For more information on setting
product policies, see the Configuration Guide for each product. For more
information on setting agent policies, see Agent policies on page 243.
n
What is a policy?
n
Policy inheritance.
n
Policy enforcement.
n
Setting policies.
n
Copying policies.
n
Importing and exporting policies.
n
Restoring the default policy settings.
What is a policy?
Policies are the configuration settings for each product that can be managed via
ePolicy Orchestrator. These settings determine how the product behaves on client
computers. For example, you can specify which types of files that you want
VirusScan Enterprise 7.0 to scan by choosing those settings on the corresponding
policy (.NAP) page. For instructions, see Setting policies on page 232.
Multi-lingual policy pages for all supported products available at release time are
automatically installed with the software. You can change the language version in
which the ePolicy Orchestrator console and policy pages appear at any time.
If a supported product is not available at release time, the corresponding policy
pages are made available with the product. You must add these to the Repository
manually before you can configure and deploy the corresponding product via
ePolicy Orchestrator. For instructions, see Adding policy pages to the Repository on
page 144.
226
All policy pages come with a set of default policy settings. You can customize these
settings at the Directory level, or at any console tree item under the Directory. To
simplify changing policy settings, you can copy or export policy settings for
selected products. For instructions, seeCopying policies on page 233 or Importing and
exporting policies on page 235. To effectively change policy settings, you need to
understand how policy inheritance works. For more information, see Policy
inheritance on page 227.
Figure 6-1. VirusScan Enterprise 7.0 policy page
Policy inheritance
Policy inheritance determines whether the policy settings for any one console tree
item under the Directory are taken from the item directly above it. All policy pages
come with a set of default policy settings. By default, all items under the Directory
inherit these settings. You can change the default settings as needed for each site
or group or even for each computer, then apply the new settings to all groups and
computers underneath. To do this, you need to turn off inheritance. The policy
page then no longer takes its settings from the items above it, and applies the new
settings to all items below it (assuming that they are still using inheritance).
Product Guide
227
For example, you want to use the default policy settings on the General tab in the
ePolicy Orchestrator Agent | Configuration policy page with one exception. You
want the agent icon to appear on the taskbar of the Information Technology (IT)
staff’s client computers. Since you’ve organized the Directory by department, all of
the IT computers are in one site. To change the default settings for this collection
of computers, do the following: select the site, select the agent policy page, deselect
Inherit on the General tab, change the desired settings, then click Apply All. The new
settings are applied to these computers during the next agent-to-server
communication interval (ASCI).
You can restore policy settings to the default settings at any time. For more
information, see Restoring the default policy settings on page 242.
Policy enforcement
How new policy settings are enforced on client computers varies slightly
depending on whether you are managing McAfee or Norton AntiVirus products.
228
n
How policies are enforced for McAfee products.
n
How policies are enforced for Norton AntiVirus products.
How policies are enforced for McAfee products
Policies for McAfee products are enforced immediately on the policy enforcement
interval and the agent-to-server communication interval (ASCI).
On the ASCI
On the policy
enforcement interval
The ePolicy Orchestrator server sends incremental
policy updates to the agent during the ASCI.
Server
Incremental
Policies
Agent
Agent
Policies
Policies
McAfee
Products
McAfee
Products
During both the ASCI and the policy enforcement
interval, the agent for Windows enforces policies on
client computers.
Figure 6-2. How policies are enforced for McAfee products
Product Guide
229
How policies are enforced for Norton AntiVirus products
There is a delay of up to three minutes after the policy enforcement interval and
the agent-to-server communication interval (ASCI), before policies for Norton
AntiVirus products are enforced.
230
On the ASCI
On the policy
enforcement interval
Server
The ePolicy Orchestrator server sends incremental
policy updates to the agent during the ASCI.
Incremental
Policies
Agent
Agent
Policies
Policies
GRC.DAT
File
GRC.DAT
File
Norton
AntiVirus
Products
Norton
AntiVirus
Products
During both the ASCI and the policy enforcement
interval, the agent updates the GRC.DAT file with the
current policy information. The GRC.DAT file stores
all changes made to client computers.
The version of the grc.dat file that is updated is
located in \DOCUMENTS AND SETTINGS\ALL
USERS\APPLICATION
DATA\SYMANTEC\NORTON ANTIVIRUS
CORPORATE EDITION\7.5 (for Windows 2000) or in
\PROGRAM FILES\NAV.
Norton AntiVirus products read the policy information
from the GRC.DAT and enforce the policies
approximately every three minutes.
Figure 6-3. How policies are enforced for Norton AntiVirus products
Product Guide
231
Setting policies
Use this procedure to define the product policy settings (for example, when to scan
files for viruses) that you want to enforce on client computers. Changes take effect
during the next agent-to-server communication.
1
2
In the console tree under ePolicy Orchestrator | <SERVER>, select the Directory,
<SITE>, <GROUP>, or <COMPUTER>. The Policies, Properties, and Tasks tabs
appear in the upper details pane.
3
Click the Policies tab. Products that you can manage via ePolicy Orchestrator
are listed on this tab.
4
Select the product (for example, VirusScan Enterprise 7.0) for which you want
to set policies. The corresponding product policy page appears in the lower
details pane.
5
Deselect Inherit.
6
Select Enforce Policies for <PRODUCT> (for example, Enforce Policies for
VirusScan Enterprise 7.0).
7
Select the option (for example, General Policies) under the product for which
you want to set policies. The corresponding policy page appears in the lower
details pane.
8
Deselect Inherit.
9
Make changes to policy settings as needed. For instructions on configuring
products for use with ePolicy Orchestrator, see the Configuration Guide for
each product. For instructions on configuring the agent for Windows, see
10 Click Apply to save the current entries.
232
Copying policies
Use this procedure to copy policy settings between console tree items under the
Directory on the same ePolicy Orchestrator server or to items on different servers.
Only the policy settings from the console tree item you select are copied. When you
paste policy settings to a console tree item, inheritance for that item is turned off,
but remains unchanged for items underneath it. Changes take effect during the
NOTE
You must be a global or site administrator to copy or paste policies.
1
2
Directory, <SITE>, <GROUP>, or <COMPUTER> from which you want to copy
policy settings, then select Policy | Copy.
Product Guide
233
3
Directory, <SITE>, <GROUP>, or <COMPUTER> to which you want to paste these
policy settings, then select Policy | Paste. The Policy Copy Options dialog box
appears.
Figure 6-4. Policy Copy Options dialog box
4
Verify that the Server and Item for the Source and Destination are correct
before you continue.
5
To copy policy settings for all products currently installed in the Repository,
click Add All.
To copy only policy settings for selected products, select them under
Products, then click Add.
234
6
To copy only those policy settings that differ from the inherited settings,
select Only custom policies. Otherwise, all policy settings are copied.
7
Click OK when done.
Importing and exporting policies
You can export your custom policy settings for products to policy files or policy
templates. This allows you to define enterprise-wide policy settings that can be
easily applied to any ePolicy Orchestrator server. Whether other ePolicy
Orchestrator administrators need access to these settings affects the format that
you choose.
n
Policy files and policy templates.
n
Exporting policies to policy files.
n
Importing policies from policy files.
n
Exporting policies to policy templates.
n
Importing policies from policy templates.
Policy files and policy templates
Policy files are saved to the local drive of the ePolicy Orchestrator server, but
cannot be accessed via a remote console. However, you can still share policy files
with other administrators, which they can then import into the Directory on any
server. Policy files are also useful for backup purposes.
Policy templates are stored in the ePolicy Orchestrator database and are available
to administrators from the console. Other administrators can change, import, or
delete policy templates at will. Whereas you can import policy files to any server,
policy templates are confined to the same server.
For example, let’s say you want to use more restrictive and secure policy settings
on your network during the weekend. You could define different policies for the
weekdays and weekends, then import the appropriate policies on Mondays and
Fridays.
Product Guide
235
Exporting policies to policy files
Use this procedure to export policy settings for selected products to a file. Only the
policy settings for the console tree item you select are exported. You can then
import the resulting policy file to a selected console tree item on another ePolicy
Orchestrator server, or use the file for backup purposes.
NOTE
You must be a global or site administrator to export policies.
1
2
Directory, <SITE>, <GROUP>, or <COMPUTER> from which you want to export
policy settings, then select Policy | Export. The Policy Export Options dialog
box appears.
Figure 6-5. Policy Export Options dialog box
3
236
Under Export to, select File.
4
In File Name, type the path where you want to save the policy file or click
Browse to specify a file name and location.
5
To export policy settings for all products currently installed in the
Repository, click Add All.
To export only policy settings for selected products, select them under
6
To export only those policy settings that differ from the inherited settings,
select Only custom policies. Otherwise, all policy settings are exported.
7
Click Export when done.
8
Import the policy file as needed. For instructions, see Importing policies from
policy files on page 237.
Importing policies from policy files
Use this procedure to import policy settings from a policy file to any console tree
item on any ePolicy Orchestrator server. When you import policy settings to a
console tree item, inheritance for that item is turned off, but remains unchanged
for items underneath it. Changes take effect during the next agent-to-server
communication.
NOTE
You must be a global or site administrator to import policies.
1
Export policies to a policy file. For instructions, see Exporting policies to policy
files on page 236.
2
Product Guide
237
3
Directory, <SITE>, <GROUP>, or <COMPUTER> to which you want to apply
policy settings, then select Policy | Import. The Policy Import Options dialog
box appears.
Figure 6-6. Policy Import Options dialog box
4
238
In File Name, type the path of the policy file or click Browse to select the
desired file, then click OK.
Exporting policies to policy templates
Use this procedure to export policy settings for selected products to the Policy
Templates folder in the console tree under ePolicy Orchestrator on the desired
ePolicy Orchestrator server. Only the policy settings for the console tree item you
select are exported.
NOTE
You must be a global or site administrator to export policies.
1
2
Directory, <SITE>, <GROUP>, or <COMPUTER> from which you want to export
policy settings, then select Policy | Export. The Policy Export Options dialog
box appears.
Figure 6-7. Policy Export Options dialog box
3
Under Export to, select Policy Templates.
Product Guide
239
4
In Name, type a descriptive name for the policy template. A folder with this
name is created in the console tree under ePolicy Orchestrator | <SERVER> |
Policy Templates.
5
To export policy settings for all products currently installed in the
Repository, click Add All.
To export only policy settings for selected products, select them under
6
To export only those policy settings that differ from the inherited settings,
select Only custom policies. Otherwise, all policy settings are exported.
7
Click Export when done.
8
Import the policy template as needed. For instructions, see Importing policies
from policy templates on page 240.
Importing policies from policy templates
Use this procedure to import policy settings from a policy template to any console
tree item under the Directory on the same ePolicy Orchestrator server. When you
import policy settings to a console tree item, inheritance for that item is turned off,
but remains unchanged for items underneath it. Changes take effect during the
NOTE
You must be a global or site administrator to import policies.
240
1
Export policies to a policy template. For instructions, see Importing policies
from policy files on page 237.
2
3
Directory, <SITE>, <GROUP>, or <COMPUTER> to which you want to apply
policy settings, then select Policy | Import. The Policy Import Options dialog
box appears.
Figure 6-8. Policy Import Options dialog box
4
Under Import policies from, select Policy Templates.
5
In Name, select the desired template, then click OK.
Product Guide
241
Restoring the default policy settings
Use this procedure to reset policies for selected products to their original settings.
NOTE
You can also restore the default policy settings on any policy page by
selecting Inherit, then clicking Apply.
1
2
Directory, <SITE>, <GROUP>, or <COMPUTER>, then select Policy | Reset
Inheritance. The Reset Policy Inheritance dialog box appears.
Figure 6-9. Reset Policy Inheritance dialog box
242
3
Select the Level at which you want to restore the default policy settings.
4
Specify whether you want to reset the default settings on All products or
Selected products.
5
If you choose Selected products, select the desired products from the
Products list.
6
Click OK.
Agent policies
You can make a number of settings in the agent policy that affect how the agent
behaves.
n
Agent activity log files.
n
Agent wakeup calls.
n
Agent-to-server communication interval.
n
Events.
n
Initial agent-to-server communication interval.
n
Policy enforcement interval.
n
Repository list.
n
Selective updating.
n
SuperAgent wakeup calls.
n
IP address information in the agent.
The agent affects a number of other areas covered elsewhere. For information on
these areas, see these topics:
n
Local distributed repositories on page 155.
n
SuperAgent distributed repositories on page 156.
n
Specifying how the nearest repository is selected on page 171.
n
Proxy server settings on page 173.
n
Repository list on page 200.
n
Properties on page 259.
n
Enabling or disabling agent AutoUpgrade on page 274.
n
Global updating on page 319.
Agent activity log files
You can enable or disable normal or detailed logging of agent activity, as well as
remote access to both the agent activity log (AGENT_<COMPUTER>.XML) and
detailed agent activity log (AGENT_<COMPUTER>.LOG) files. You can limit the size
of the agent activity log file, but the detailed agent activity log file has a 1MB size
limitation. When this log file reaches 1MB, a backup copy
(AGENT_<COMPUTER>_BACKUP.LOG) is made. For instructions, see Enabling or
disabling the logging of agent activity and remote access to log files on page 257.
Product Guide
243
The agent activity log file stores the same messages that appear in the ePolicy
Orchestrator Agent Monitor dialog box. This log file records agent activity related to
policy enforcement, agent-to-server communication, event forwarding, etc. The
detailed agent activity log file, intended for troubleshooting purposes only, stores
these messages plus troubleshooting messages.
If the operating system uses a DOCUMENTS AND SETTINGS folder, these log files are
located here:
<DOCUMENTS AND SETTINGS>\NETWORK ASSOCIATES\COMMON FRAMEWORK\DB
Where <DOCUMENTS AND SETTINGS> is the location of the DOCUMENTS AND
SETTINGS folder; for example, on computers using Windows 2000 Server, this folder
is located in \WINNT\PROFILES\<USER>.
If the operating system does not use a DOCUMENTS AND SETTINGS folder, these log
files are located in the DB folder in the agent installation directory. The default
location is:
C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\DB
Agent wakeup calls
You can prompt agents to contact the ePolicy Orchestrator server when needed
instead of waiting for the next agent-to-server communication interval (ASCI). You
can send agent wakeup calls on an on-demand basis or schedule them as client
tasks. Agent wakeup calls are useful during outbreak situations, or any time that
you have an urgent need to send new or updated policies and tasks to client
computers, or want to receive properties and events from the agent. To account for
bandwidth considerations, you can specify that agents contact the server
immediately, or randomly within an hour. You can also specify at which level
under the selected site, group, or computer to send the agent wakeup call. For
instructions, see Sending agent wakeup calls on page 296 or Creating client tasks on
page 263.
The agent and server exchange the same information during an agent wakeup call
as during the ASCI. For more information, see Agent-to-server communication interval
on page 245.
You can enable or disable agent wakeup calls. This setting is enabled by default
and effects both the agent and SuperAgent. For instructions, see Enabling or
disabling agent wakeup calls on page 253.
You can also schedule agent wakeup calls to run as client tasks. For instructions,
see Creating client tasks on page 263.
244
Agent-to-server communication interval
The agent-to-server communication interval (ASCI) determines how often the agent
and ePolicy Orchestrator server exchange information. The agent and server
exchange the same information during an agent wakeup call as during the ASCI. To
conserve bandwidth, only data that has changed since the last ASCI is transmitted.
Here’s a breakdown of the information exchanged:
n
The agent sends properties and events to the server.
n
The server provides new or updated policies and tasks to the agent.
n
The agent enforces new policies and tasks on the client computer.
n
The server provides updated repository list to the agent.
If you want more control over when agent-to-server communication occurs, you
can disable the ASCI, send agent wakeup calls on an on-demand basis, or schedule
agent wakeup calls to run as client tasks. For instructions, see Setting agent
communication intervals on page 254, Sending agent wakeup calls on page 296, or
Scheduling agent-to-server communication on page 298.
Recommended agent-to-server communication intervals
Recommended agent-to-server communications intervals (ASCI) based on network
size are listed below.
Network Size
Recommended ASCI
Gigabit LAN
60 minutes
100MB LAN only
60 minutes
WAN
360 minutes
* Dial-up or RAS
360 minutes
10MB LAN only
180 minutes
Wireless LAN
150 minutes
* When you connect to a corporate intranet via dial-up or RAS, the agent detects the
network connection and communicates to the ePolicy Orchestrator server.
Events
Events are generated by supported products and identify a wide range of activity
on client computers from service events (for example, starting or stopping
software) to infection detection events. Each event is assigned a severity ranging
from informational to critical. Events and properties comprise the data that
appears on reports and queries.
Product Guide
245
You can use the severity to determine the specific events that you want sent from
client computers to the ePolicy Orchestrator server, and stored in the ePolicy
Orchestrator database. For example, service events are informational and are not
stored in the database by default. For instructions, see Limiting events stored in the
database on page 335.
Although events are normally sent to the server during the agent-to-server
communication interval (ASCI), you can also prompt the agent for Windows to
send events more frequently. You specify the severity and maximum number of
events that you want sent and how often. This allows you to increase the ASCI —
which, in turn, reduces bandwidth — while still having the most current and
pertinent infection data on which to report. For instructions, see Enabling or
disabling immediate event forwarding on page 256.
Initial agent-to-server communication interval
When the agent communicates with the server for the first-time either immediately
after the agent is installed or when the agent service restarts (for example, when
the client computer is turned off and on), the actual agent-to-server
communication interval (ASCI) varies:
n
The initial ASCI is randomized over a ten-minute interval.
n
The second ASCI is randomized over the full ASCI as defined in the agent
policy (default is 60 minutes).
n
Subsequent communication use the full ASCI as defined in the agent policy
without randomization.
You can skip the initial ten-minute, randomized ASCI if the last agent-to-server
communication occurred within the time period (default is 24 hours) you specify.
For example, if users turn off their computers at night, agents will initially
communicate to the server randomly over the ASCI length instead of 10 minutes.
For instructions, see Setting agent communication intervals on page 254.
Policy enforcement interval
The policy enforcement interval determines how often the agent enforces the
policies it has received from the ePolicy Orchestrator server. Because policies are
enforced locally, this interval does not require any bandwidth. For instructions, see
Setting agent communication intervals on page 254.
Although tasks normally run based on the frequency you specify in the task
settings, you can specify that Product Deployment client tasks run during the policy
enforcement interval.
246
Repository list
McAfee anti-virus products that use AutoUpdate 7.0 use the repository list
(SITELIST.XML) to access distributed repositories and retrieve packages from them.
You can specify that client computers select distributed repositories using the
fastest ICMP ping response time, by comparing IP addresses of the client
computers and distributed repositories, or based on an order you specify.
In addition to the repositories you create in the Repository, you can add local
distributed repositories in the agent policy.
If you want to manually manage distributed update repositories, you can disable
the management of distributed repositories via ePolicy Orchestrator.
Selective updating
You can specify which version (Evaluation, Current, or Previous) of updates you
want client computers to retrieve. You can do this for full or incremental virus
definition (DAT) files, supplemental virus definition (EXTRA.DAT) files, virus
scanning engine, or SuperDAT (SDAT*.EXE) packages. You can redeploy a previous
version over the current version of one or more of these updates. You can also
deploy new versions of updates to selected client computers for testing purposes.
For instructions, see Specifying the branch to retrieve updates on page 314, Rolling back
updates to the previous version on page 315, and Deploying new updates to selected
computers for testing on page 316.
Product Guide
247
SuperAgent wakeup calls
You can prompt SuperAgents and all agents in the same subnet as each
SuperAgent to contact the ePolicy Orchestrator server when needed instead of
waiting for the next agent-to-server communication interval (ASCI).
Server
1
— Subnet —
SuperAgent
2
4
Agent
Agent
Agent
Agent
3
Figure 6-10. SuperAgent wakeup call
1
Server sends a wakeup call to all SuperAgents.
2 SuperAgents send a broadcast wakeup call to all agents in the same subnet.
3 All agents (regular agents and SuperAgents) exchange date with the server.
4 Any agents without an operating SuperAgent on its subnet will not be prompted to
communicate with the server.
248
The SuperAgent, agent, and server still exchange the same information during a
SuperAgent wakeup call as during an agent wakeup call, but how the wakeup call
is sent differs. The server sends a wakeup call to all SuperAgents, then each
SuperAgent sends an agent wakeup call to all agents in the same subnet as the
SuperAgent. Any agents that do not have a SuperAgent in its subnet will not be
contacted. For instructions, see Sending SuperAgent wakeup calls on page 297.
You can use SuperAgent wakeup calls in the same situations as agent wakeup
calls. Depending on your environment, you might find SuperAgent wakeup calls
to be a more efficient way to prompt agents to communicate with the server.
SuperAgent wakeup calls differ during a global update. For more information, see
Global updating on page 319.
You can enable or disable agent wakeup calls. This setting is enabled by default
and effects both the agent and SuperAgent. For instructions, see Enabling or
disabling agent wakeup calls on page 253.
IP address information in the agent
The ePolicy Orchestrator server uses the IP address, DNS name, or NetBIOS
computer name, in this order, to determine the network location of client
computers during agent wakeup calls.
When the agent for Windows is unable to connect to the ePolicy Orchestrator
server using the IP address, it uses the DNS name to determine the network
location of the server.
You can take more immediate control over complex environments. Static IP
addresses are unneeded; for example, you can use DHCP — when properly
configured — to resolve the ePolicy Orchestrator server name using the DNS
name.
Product Guide
249
Setting agent policies
Use this procedure to define the agent policy settings (for example, length of agent
communication intervals) that you want to enforce on client computers. Changes
1
2
3
Click the Policies tab. Products that you can manage via ePolicy Orchestrator
are listed on this tab.
4
Select ePolicy Orchestrator Agent | Configuration. The ePolicy Orchestrator
Agent | Configuration policy page appears in the lower details pane.
Figure 6-11. ePolicy Orchestrator Agent | Configuration policy page
5
Deselect Inherit.
6
Make changes to policy settings as needed. For instructions on making
specific policy settings, see these procedures:
w Showing or hiding the agent system tray icon on page 251.
250
w Enabling or disabling agent wakeup calls on page 253.
w Setting agent communication intervals on page 254.
w Specifying whether to send full or minimal properties on page 255.
w Enabling or disabling immediate event forwarding on page 256.
w Enabling or disabling the logging of agent activity and remote access to log files
on page 257.
w Enforcing the agent policy on page 258.
7
Showing or hiding the agent system tray icon
Use this procedure to show or hide the agent system tray icon. It is hidden by
default. Changes take effect during the next agent-to-server communication.
When shown, the agent icon appears in the system tray on client computers and
allows users perform selected agent tasks. For more information, see Agent system
tray icon on page 301.
1
page, deselect Inherit.
Product Guide
251
2
To show the agent system tray icon, select Show Agent Tray Icon.
To hide the agent system tray icon, deselect Show Agent Tray Icon.
3
Enabling or disabling agent wakeup calls
Use this procedure to enable or disable agent wakeup calls. This setting is enabled
by default. Changes take effect during the next agent-to-server communication.
When enabled, allows you to prompt agents on selected client computers to
contact the server immediately, or randomly within up to one hour. For more
information, see Agent wakeup calls on page 244.
1
2
To enable the agent wakeup calls, select Enable agent wakeup call support.
To disable the agent wakeup calls, deselect Enable agent wakeup call support.
3
252
Setting agent communication intervals
Use this procedure to define the policy enforcement and agent-to-server
communication interval. Also, use to enable or disable agent-to-server
communication. For more information, see Agent-to-server communication interval
on page 245, Initial agent-to-server communication interval on page 246, and Policy
enforcement interval on page 246. Changes take effect during the next
1
2
In Policy Enforcement Interval, accept the default interval (5 minutes) or
specify a different one.
3
To enable agent-to-server communication, select Enable Agent to server
communication, then accept the default interval (60 minutes) or specify a
different one.
To disable agent-to-server communication, deselect Enable Agent to server
communication.
Product Guide
253
4
In Policy agent to trigger 10 minute communication interval, specify the time
period since the last agent-to-server communication that prompts the agent
to skip the initial ten-minute, randomized ASCI.
5
Specifying whether to send full or minimal properties
Use this procedure to specify whether you want the agent to send the full set of
properties or minimal properties. Full properties are sent by default. For more
information, see Full or minimal properties on page 259. Changes take effect during
the next agent-to-server communication.
1
2
To send full properties, select Full properties.
To send minimal properties, select Minimal properties.
3
254
Enabling or disabling immediate event forwarding
Use this procedure to prompt the agent for Windows to send events to the ePolicy
Orchestrator server more frequently than the agent-to-server communication
interval (ASCI). Immediate event forwarding is enabled and major and critical
severity events are sent by default. For more information, see Events on page 245.
We recommend enabling immediate event forwarding if you plan on using global
updating to distribute critical updates. Update events are assigned critical severity.
For more information, see Global updating on page 319.
1
On the Events tab in the ePolicy Orchestrator Agent | Configuration policy
Figure 6-16. Events tab in the ePolicy Orchestrator Agent | Configuration policy page
2
To enable immediate event forwarding, select Enable uploading of events.
To disable immediate event forwarding, deselect Enable uploading of events.
3
Specify the lowest severity of events to send in Upload events of priority
<SEVERITY> and above.
4
Specify the event forwarding interval (how often to send specified events) in
Interval between immediate uploads.
Product Guide
255
5
Specify the maximum number of events to send at a time in Maximum events
per immediate upload. If the number of events exceeds this limit, the
remaining events are sent during the next event forwarding interval.
6
Enabling or disabling the logging of agent activity and remote
access to log files
Use this procedure to enable or disable the normal or detailed logging of agent
activity and remote access to the agent activity log (AGENT_<COMPUTER>.XML) and
detailed agent activity log (AGENT_<COMPUTER>.LOG) files. These settings are
enabled by default. For more information, see Agent activity log files on page 243.
We recommend enabling detailed logging only when you are trying to isolate
communication issues.
1
On the Logging tab in the ePolicy Orchestrator Agent | Configuration policy
Figure 6-17. Logging tab in the ePolicy Orchestrator Agent | Configuration policy page
2
To enable normal logging of agent activity, select Enable agent log.
To disable normal logging of agent activity, deselect Enable agent log.
256
3
To limit the size of the agent activity log file, select Limit log file size, then
specify the maximum number of messages. Click Reset to default to limit the
file to 200 messages. On average, 200 messages will result in a file about 16KB
in size.
4
To enable detailed logging of agent activity, select Enable detailed logging.
To disable detailed logging of agent activity, deselect Enable detailed logging.
5
To enable remote access to the agent activity log files, select Enable remote
access to log.
To disable remote access to the agent activity log files, deselect Enable remote
access to log.
6
Enforcing the agent policy
Use this procedure to ensure that agent retrieves the current agent policy settings
during the next agent-to-server communication. Agent policies are enforced by
default. Changes take effect during the next agent-to-server communication.
1
2
3
Click the Policies tab.
4
Select ePolicy Orchestrator Agent. The ePolicy Orchestrator Agent policy page
appears in the lower details pane.
Figure 6-18. ePolicy Orchestrator Agent policy page
5
Deselect Inherit.
6
Select Enforce Policies for ePolicy Orchestrator Agent.
7
Click Apply to save the current entries.
Product Guide
257
Properties
Properties about supported products and the client computer itself are collected by
the agent and contain the following information:
n
System Information — System or computer properties provide information
about the computer hardware, software, and corresponding settings
including the processor speed, operating system, time zone, and the most
recent date and time that properties were updated.
n
<PRODUCT> — Specific product properties (for example, VirusScan Enterprise
7.0) include the various policy settings for each product.
n
<PRODUCT> | General — General product properties (for example, VirusScan
Enterprise 7.0 | General) include the installation path, virus definition (DAT)
file version number, and product version number.
Depending on the timing and settings in the agent policy page, when and what
type of property information is collected and sent to the server differs. Once
properties are received, you can view them.
n
Complete and incremental properties.
n
Full or minimal properties.
n
Viewing properties.
Complete and incremental properties
The agent sends the complete set of properties during the initial agent-to-server
communication or if the properties version on the agent and ePolicy Orchestrator
server differ by more than two. After the initial communication, the agent sends
only those properties that have changed since the last agent-to-server
communication.
Remember, what defines the complete set of properties varies depending on
whether you specified that the agent collect full or minimal properties. For more
information, see Full or minimal properties on page 259.
Full or minimal properties
You specify whether to collect the full set of properties or only minimal properties.
Minimal properties include the general product properties and computer
properties and exclude the specific product properties. For instructions, see
Specifying whether to send full or minimal properties on page 255. Events and
properties comprise the data that appears on reports and queries.
258
Viewing properties
Use this procedure to view the properties for selected computers in the Directory.
1
2
<COMPUTER>. The Policies, Properties, and Tasks tabs appear in the upper
details pane.
3
Click the Properties tab.
4
To view computer properties, select System Information.
To view specific product properties, select the desired <PRODUCT>.
To view general product properties, select the desired <PRODUCT> | General.
Product Guide
259
Client tasks
You can schedule tasks that run on selected client computers. Remember, unless
you specify Greenwich Mean Time (GMT) in the task settings, client tasks run on
computers using the local time on that computer.
n
Default client tasks.
n
Task inheritance.
n
Creating client tasks.
n
Scheduling client tasks.
n
Changing client tasks.
n
Deleting client tasks.
Default client tasks
The default set of client tasks are described below. These tasks are always
available. Other tasks might also be available depending on the products that you
are managing. For a list of tasks that apply to each product, see the Configuration
ePolicy Orchestrator agent tasks
n
Agent Wakeup — Sends an agent wakeup call to agents on the selected client
computers. We recommend that you disable the agent-to-server
communication interval (ASCI) if you choose to schedule agent-to-server
communication via this task. You can specify whether to exchange complete
properties instead of incremental properties. The agent and server exchange
the same information during an agent wakeup call as during the ASCI. For
more information, see Agent-to-server communication interval on page 245 and
Complete and incremental properties on page 259.
n
Mirror — Copies the contents of the first repository in the repository list to the
local directory you specify on the client computer. If you share this location,
then define it as a local distributed repository in the repository list, other
client computers can retrieve updates from it. For more information, see Pull
and replication tasks on page 215.
n
Product Deployment — Installs or uninstalls the selected language version of
products. You can also specify a static or variable installation path on client
computers and command-line options for each product. For more
information, see Product deployment on page 308.
n
260
Update — Installs HotFix releases, service pack releases, SuperDAT
(SDAT.EXE) files, virus definition (DAT) files, supplemental DAT (EXTRA.DAT)
files, and the virus scanning engine. For more information, see Product update
Product-specific tasks
n
AutoUpdate — Updates the corresponding product with the latest virus
definition (DAT) files. For more information, see How AutoUpdate and
AutoUpgrade tasks work and when to use them on page 313 and the Configuration
n
AutoUpgrade — Upgrades the corresponding product to the latest available
version. You can also use this task to update the corresponding product with
the latest virus scanning engine and DAT files. For more information, see How
AutoUpdate and AutoUpgrade tasks work and when to use them on page 313 and
the Configuration Guide for that product.
n
Mirror AutoUpdate Site — Creates a mirror of the update site. For more
information, see the Configuration Guide for that product.
n
On-Demand Scan — Performs a virus scan on the client computer, including
all subdirectories. For more information, see the Configuration Guide for that
product.
Task inheritance
Task inheritance determines whether the client tasks you schedule for any one
console tree item under the Directory are taken from the item directly above it.
When you turn off inheritance for an item, tasks scheduled for the item above it are
ignored and the new task is scheduled for all items below it (assuming that they
are still using inheritance).
Product Guide
261
Creating client tasks
Use this procedure to create new client tasks. For a list of these tasks, see Default
client tasks on page 261.
NOTE
If client computers don't have the product needed to run a task, it is held
as pending until the product is installed.
1
2
Directory, <SITE>, <GROUP>, or <COMPUTER>, then select Schedule Task. The
Schedule Task dialog box appears.
Figure 6-19. Schedule Task dialog box
262
3
In New Task Name, type a descriptive name for the task.
4
Select the Software and Task Type.
5
Click OK. The task appears on the Tasks tab in the details pane.
6
Schedule the task to run on client computers. For instructions, see Scheduling
Scheduling client tasks
Use this procedure to schedule tasks that you want performed on client computers.
1
Create the desired client task. For instructions, see Creating client tasks on
page 263.
2
Click the Tasks tab in the details pane.
3
Right-click the desired Task Name, then select Edit Task. The ePolicy
Orchestrator Scheduler dialog box appears.
Figure 6-20. ePolicy Orchestrator Scheduler dialog box
4
Change the Name for the task as needed.
5
Deselect Inherit.
6
Select Enable; otherwise, the task won’t start regardless of settings in this
dialog box.
7
To limit the amount of time for which the task can run before it is
automatically cancelled, select Stop the task if it runs for, then specify the time
limit.
Product Guide
263
8
Click Settings to specify options for the task. For instructions on
product-specific tasks, see the Configuration Guide for the product. For
instructions on the default client tasks, see these topics:
w Scheduling agent-to-server communication on page 298.
w Defining mirror distributed repositories on page 165.
w Deploying products on page 309.
w Deploying product updates on page 317.
9
Click the Schedule tab, then deselect Inherit.
Figure 6-21. Schedule tab in the ePolicy Orchestrator Scheduler dialog box
10 Select the frequency for the task in Schedule Task, then specify the
corresponding frequency options that appear. For example, if you select Daily
in Schedule Task, Daily options appear.
11 Select the Start Time and whether to use the GMT Time or Local Time.
12 To start this task randomly on all selected client computers, select Enable
randomization, then specify the time within which you want to start the task.
13 To ensure that this task is started if the client computer was not available
during the scheduled time, select Run missed task. To delay the task after the
client computer becomes available, type the amount of delay in Delay missed
task by.
264
14 Schedule the task to be recurring. For instructions, see Scheduling recurring
15 Schedule the task to start in the future. For instructions, see Scheduling client
tasks to start in the future on page 267.
Scheduling recurring client tasks
Use this procedure to schedule recurring client tasks.
1
Create or change the desired client task. For instructions, see Creating client
tasks on page 263 or Changing client tasks on page 267, respectively.
2
On the Schedule tab in the ePolicy Orchestrator Scheduler dialog box, click
Advanced. The Advanced Schedule Options dialog box appears.
Figure 6-22. Advanced Schedule Options dialog box
3
the task to run.
4
Select End Date, then specify a ending date for the date range in which you
5
To specify the duration and frequency of a recurring task, select Repeat tasks,
then make the following selections:
6
a
In Every, specify the time interval that you want the task repeated.
b
In Until, specify the time limits for the recurring task.
Click OK to return to the ePolicy Orchestrator Scheduler dialog box.
Product Guide
265
Scheduling client tasks to start in the future
Use this procedure to schedule client tasks that you want to start in the future.
1
Create or change the desired client task. For instructions, see Creating client
tasks on page 263 or Changing client tasks on page 267, respectively.
2
On the Schedule tab in the ePolicy Orchestrator Scheduler dialog box, click
Advanced. The Advanced Schedule Options dialog box appears.
Figure 6-23. Advanced Schedule Options dialog box
3
the task to run.
4
Select End Date, then specify a ending date for the date range in which you
5
Changing client tasks
Use this procedure to change existing client tasks.
266
1
2
Directory, <SITE>, <GROUP>, or <COMPUTER>. The Policies, Properties, and
Tasks tabs appear in the details pane.
3
Click the Tasks tab.
4
Right-click the desired Task Name, then select Edit Task. The ePolicy
Orchestrator Scheduler dialog box appears.
5
Change the settings of this task as needed.
6
Click OK.
Deleting client tasks
Use this procedure to delete tasks you no longer want to run on client computers.
NOTE
You can only delete tasks at the same level at which you created them.
1
2
Directory, <SITE>, <GROUP>, or <COMPUTER>. The Policies, Properties, and
3
4
Right-click the desired Task Name, then select Delete.
Product Guide
267
268
7
Agent Deployment and
Management
Deploying and managing the ePolicy Orchestrator agent is a vital part of
deploying and managing products via ePolicy Orchestrator. These topics describe
when previous versions of the agent are automatically upgraded, how to prevent
this, how to enable the agent on unmanaged products, the numerous methods
available to deploy the agent, and ways to manage the agent once it has been
installed on client computers.
n
Agent installation directory.
n
Agent language deployment.
n
Agent AutoUpgrade.
n
How is the agent installation package created?
n
Permissions associated with installing the agent.
n
Agent deployment.
n
Agent installation command-line options.
n
Agent management.
Product Guide
269
Agent Deployment and Management
Agent installation directory
Once the agent has been installed, you cannot change its installation directory
without first uninstalling it. Depending on how the agent was initially installed,
the default installation directory differs. The agent can be installed as part of
another product installation (for example, VirusScan Enterprise 7.0) or using any
of the deployment methods available in ePolicy Orchestrator. These default
locations are:
n
As part of another product installation:
C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK
n
Using ePolicy Orchestrator deployment methods:
<SYSTEM_DRIVE>\EPOAGENT
Where <SYSTEM_DRIVE> represents the drive where the operating system is
installed; for example, C:.
If you are upgrading the agent from version 2.0, 2.5, or 2.5.1, the existing agent is
uninstalled before the new agent is installed, so the installation directory specified
for the new version of the agent is used.
The agent that is installed on the ePolicy Orchestrator server during the
installation is located in the COMMON FRAMEWORK folder in the software
installation directory.
270
Agent language deployment
Both the default agent installation package (FRAMEPKG.EXE), which is created by
the ePolicy Orchestrator server, and custom agent installation packages that you
create install only the English language version of the agent. To use other language
versions of the agent on client computers, you must check the desired agent
language packages into the master repository. Each agent language package
includes only those files needed to display the user interface for that language.
Agent language packages can then be replicated to distributed repositories in the
same manner as other product update packages. For more information, see
Software Repositories on page 147.
After the initial agent-to-server communication, the agent retrieves language
packages from repositories based on the locale being used on client computers
during the Update client task or a global update. For more information, see Product
update deployment on page 313 and Global updating on page 319, respectively. If the
in-use locale corresponds to an available language package, the agent retrieves the
new package and applies it. In this way, the agent retrieves only language
packages for the locales being used on each client computer.
NOTE
The agent software continues to appear in the current language until the
new language package has been applied.
Multiple language packages can be stored on client computers at the same time.
This allows end users to switch between available languages by changing the
locale. If a locale is selected for which a language package is not available locally,
the agent software appears in English.
Agent language packages are available for these languages:
n
Brazilian Portuguese
n
Chinese (Simplified)
n
Chinese (Traditional)
n
Dutch
n
English
n
French (Standard)
n
German (Standard)
n
Italian
n
Japanese
n
Korean
n
Polish
Product Guide
271
272
n
Spanish (Traditional Sort)
n
Swedish
Agent AutoUpgrade
If you upgrade the software from version 2.0, 2.5, or 2.5.1, agents are not
automatically upgraded to version 3.1 unless you enable agent AutoUpgrade.
If you want to migrate unmanaged products that already have a disabled agent
installed with them, you can enable the agent without deploying it.
If you upgrade the software from version 3.0 to a later version, agents are no longer
automatically upgraded; you must initiate the upgrade. For instructions, see Agent
n
Enabling or disabling agent AutoUpgrade.
n
Enabling the agent on unmanaged products.
n
Upgrading the agent 3.0 or later to the most current version.
Product Guide
273
Enabling or disabling agent AutoUpgrade
Use this procedure to enable or disable the automatic upgrade of agents version
2.0, 2.5, or 2.5.1 to version 3.1 or later. The version 2.0, 2.5, and 2.5.1 agents will
continue to send events and properties to the ePolicy Orchestrator server. Changes
1
2
To enable agent AutoUpgrade, select Enable Agent Upgrade from 2.x Agent to
3.0 Agent.
To disable agent AutoUpgrade, deselect Enable Agent Upgrade from 2.x Agent
to 3.0 Agent.
3
274
Enabling the agent on unmanaged products
Use this procedure to enable the agent on products that already have a disabled
agent installed with them.
NOTE
Because VirusScan Enterprise 7.0 was released with the agent 3.0
disabled, the agent is not automatically upgraded to version 3.1 once it
is enabled. We recommend deploying the agent 3.1 to these computers
after you enable the agent. For instructions, see Agent deployment on
page 277.
1
Export the repository list (SITELIST.XML) from the desired ePolicy
Orchestrator server. For instructions, see Exporting the repository list to a file on
page 200.
2
To enable the agent, run this command line on the client computer:
FRMINST.EXE /INSTALL=AGENT /SITEINFO=C:\TEMP\SITELIST.XML
Where FRMINST.EXE is located in agent installation directory. The default
location is:
NOTE
Once the agent has been installed, you cannot change the installation
directory without first uninstalling it.
And where /SITEINFO equals the location of the repository list
(SITELIST.XML) you exported.
Upgrading the agent 3.0 or later to the most current version
To upgrade the agent 3.0 or later to the most current version (for example, to
version 3.1), you must initiate the upgrade. Agent AutoUpgrade no longer
automatically upgrades these versions of the agent. For instructions, see Agent
Product Guide
275
How is the agent installation package created?
The agent installation package (FRAMEPKG.EXE) is created by the ePolicy
Orchestrator server. This is true for both the standard and custom packages. The
standard package is checked into the master repository as part of the software
installation. The standard package is updated whenever the repository list
(SITELIST.XML) is changed. For more information, see Repository list on page 200.
For this reason, we recommend making any needed changes to distributed update
repositories before you create a custom package. Depending on how you deploy
custom packages, you can use a command-line option to apply the most current
repository list when installing the agent. For instructions, see /SITEINFO on
page 291.
Permissions associated with installing the agent
Essentially, there is only one requirement to meet in order to install the agent. The
user account used to install the agent must belong to the local administrators
group on each computer. In additional, if the user account belongs to a remote
domain, the domain to which the ePolicy Orchestrator server belongs must trust
that remote domain.
Because users might not have local administrator permissions, you can provide (or
embed) the appropriate set of credentials as part of the agent installation package
(FRAMEPKG.EXE) itself. In this case, the user account you provide is used to install
the agent. This allows you to deploy (send and install) the agent installation
package to and from a variety of domains. For example, you can deploy the agent
across nontrusted resource domains by embedding a local administrator user
account that applies to the computers in those domains.
Even if you do not utilize full Windows trust relationships in your network
environment, you can easily deploy the agent from the ePolicy Orchestrator
console. For instructions, see Agent deployment on page 277.
276
Agent deployment
There are numerous methods you can use to install the agent on computers you
want to manage via ePolicy Orchestrator. You can deploy (send and install) the
agent installation package (FRAMEPKG.EXE) from the ePolicy Orchestrator console
or using third-party deployment tools, or you can manually install the program.
Once the agent 3.0 or later is installed on client computers, you can manage the
deployment of new versions using the Product Deployment task and distributed
update repositories. For instructions, see Deploying products on page 309.
NOTE
Depending on whether the computers belong to a domain, which operating
system computers are using, and your personal preference, use the procedures
listed below to deploy the agent:
n
Creating a custom agent installation package.
n
Deploying the agent from the console.
n
Deploying the agent while creating the Directory.
n
Distributing the agent manually.
n
Distributing the agent using third-party deployment tools.
n
Installing the agent for use with computer images.
n
Scheduling the deployment of the agent.
n
Updating logon scripts to install the agent.
Creating a custom agent installation package
Use this procedure to embed user credentials in the agent installation package
(FRAMEPKG.EXE). A custom agent installation package is useful when you cannot
send the agent from the console for some reason.
NOTE
If you want to install a custom agent installation package on computers
using Windows XP Home, you must enable network access on these
1
2
Product Guide
277
3
4
Click Agent Installation Package Creation Wizard.
5
Click Next. The User Credentials dialog box appears.
Figure 7-2. Agent Installation Package Creation Wizard — User Credentials dialog box
278
6
Type the User Name (<DOMAIN>\<USER>) and Password, then Confirm
Password of the logon information you want to embed in the agent
installation package, then click Next. The Install Directory dialog box appears.
Figure 7-3. Agent Installation Package Creation Wizard — Install Directory dialog box
7
Click Browse to open the Browse for Folder dialog box and select the path
where you want to save the custom agent installation package.
Product Guide
279
8
Click Next to open the Create Package dialog box.
Figure 7-4. Agent Installation Package Creation Wizard — Create Package dialog box
9
Click Next, then Finish.
10 Manually install the agent using any one of these procedures:
w Creating a custom agent installation package on page 277.
w Distributing the agent manually on page 284.
w Distributing the agent using third-party deployment tools on page 284.
w Installing the agent for use with computer images on page 285.
w Updating logon scripts to install the agent on page 287.
280
Deploying the agent from the console
Use this procedure to deploy (send and install) the agent installation package
(FRAMEPKG.EXE) from the ePolicy Orchestrator console to selected computers in the
Directory. This method uses Windows NT push technology. You can also deploy
the agent after finding the desired computers using predefined search queries. For
instructions, see Finding computers in the Directory on page 139.
NOTE
1
Product Guide
281
2
right-click <SITE>, <GROUP>, or <COMPUTER>, then select Send Agent Install.
The Send Agent Install dialog box appears.
Figure 7-5. Send Agent Install dialog box
3
To send the agent installation package to all selected computers regardless of
whether the agent is already installed on them, deselect Only send agent to
computers that currently have no agent. Otherwise, the package is sent only to
computers without an agent installed on them.
4
Under Level, specify the computers to which you want to deploy the agent.
5
installation GUI.
6
282
You can also click
7
NOTE
8
Click OK to send the agent installation package to the selected computers.
Setting up remote administration on Windows 95, Windows 98,
or Windows Me computers
If you want to deploy the agent from the ePolicy Orchestrator console to
computers using Windows 95, Windows 98, or Windows Me, you need to
complete the procedures listed below to set up remote administration on these
computers. If you deploy the agent to these computers using any other method,
you do not need to set up remote administration on them.
Depending on the operating system that you are using, these procedures vary. For
instructions, see the Microsoft product documentation. Depending on the current
settings on each computer, you might need to restart it to complete each
procedure.
1
Enable file sharing.
2
Control access by using a list of names (user-level access control) — Specify
the same network domain provided in the agent installation package
(FRAMEPKG.EXE).
3
Enable others to see resources on the computer (remote administration).
Enabling network access on Windows XP Home computers
If you want to deploy the agent from the ePolicy Orchestrator console or install a
custom agent installation package to computers using Windows XP Home, use this
procedure to enable network access on these computers.
1
Click the Start button, then point to Control Panel.
2
Click Performance and Maintenance.
3
Click Administrative Tools.
4
Select Local Security Policy. The Local Security Settings application window
appears.
5
In the console tree under Security Settings | Local Policies, select Security
Options. The available policies appear in the details pane.
Product Guide
283
6
Select Network access: Sharing and security model for local accounts to open
the Network access dialog box.
7
Select Classic - local user authenticate as themselves, then click OK. Local
users will be able to authenticate and access resources on the computer from
the network.
Deploying the agent while creating the Directory
You can send the agent installation package to computers at the same time that you
are adding sites, groups, and computers to the Directory. For instructions, see
Sending the agent to all computers in a newly added site on page 103, Sending the agent
to all computers in a newly added group on page 111, and Sending the agent to all newly
added computers on page 117.
Distributing the agent manually
You can distribute the agent installation package (FRAMEPKG.EXE) manually using
the methods listed below, then ask users to install it on their computers.
n
Network directory — Copy the agent installation package to a network
directory (for example, \\<COMPUTER>\<FOLDER>) to which users have
permissions.
n
Removable media — Copy the agent installation package to removable media
(for example, 3.5-inch disk).
n
E-mail — Attach the agent installation package to an e-mail message.
Be sure to distribute the agent installation package from the ePolicy Orchestrator
server that you want to manage the corresponding computers. The default location
of the standard agent installation package is:
C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3\DB\SOFTWARE\CURRENT\
EPOAGENT3000\INSTALL\0409
NOTE
If you cannot use the server credentials to install the agent on the
desired computers, you need to embed user credentials in the agent
installation package. For instructions, see Creating a custom agent
installation package on page 277.
Distributing the agent using third-party deployment tools
You can distribute the agent installation package (FRAMEPKG.EXE) using
third-party deployment tools; for example, Microsoft Systems Management Server
(SMS), IBM Tivoli, or Novell ZENworks. For instructions, see the product
documentation included with these tools.
284
Be sure to distribute the agent installation package from the ePolicy Orchestrator
server that you want to manage the corresponding computers. The default location
of the standard agent installation package is:
NOTE
Installing the agent for use with computer images
You can install the ePolicy Orchestrator agent on computers used to create
common images of software and hardware used to build computers. The first time
the user logs on to a computer built using a common image that includes the agent,
the computer is assigned a unique ID called a global unique identifier.
Product Guide
285
Scheduling the deployment of the agent
Use this procedure to deploy (send and install) the agent on selected client
computers. You can schedule the deployment of all supported products currently
checked into the master repository at once.
1
Create and schedule a Product Deployment client task. For instructions, see
Creating client tasks on page 263 and Scheduling client tasks on page 264.
2
Figure 7-6. Task Settings dialog box — Product Deployment tasks
286
3
Deselect Inherit.
4
Next to the desired product and product version, select Install in Action, then
select the language version of the product that you want to deploy in
Language.
5
Next to those products that you do not want to deploy, select Ignore in Action.
6
To specify command-line options used when installing the agent, click
next to the Agent. For instructions, see Agent installation command-line options
on page 289.
7
If you want this task to be enforced during the policy enforcement interval,
select Run this task at every policy enforcement interval; otherwise, this task
runs only once.
8
Updating logon scripts to install the agent
Use this procedure to update logon scripts to upgrade the ePolicy Orchestrator
agent from version 2.0, 2.5, or 2.5.1 to version 3.1, or to detect whether version 3.0
or later of the agent is installed and, if not, install it. You can also enable the agent
on computers that already have a disabled agent installed on them. For
instructions, see Enabling the agent on unmanaged products on page 275.
1
Copy the agent installation package (FRAMEPKG.EXE) to a network directory
(for example, \\<COMPUTER>\<FOLDER>) to which users have permissions.
The default location of the standard agent installation package is:
NOTE
2
Create a batch file (for example, EPO.BAT) that contains the lines you want to
execute on client computers. The contents of this batch file differs depending
on what you need to do:
w To upgrade the agent from version 2.0, 2.5, or 2.5.1 to version 3.1, include
these lines in the batch file. In this example, the agent is installed only if
a previous version of the agent is found.
IF EXIST “<AGENT INSTALLATION PATH>\NAIMAS32.EXE”
\\<COMPUTER>\<FOLDER>\UPDATE$\FRAMEPKG.EXE
/FORCEINSTALL /INSTALL=AGENT
Where <AGENT INSTALLATION PATH> is the location on the client
computer where the agent is installed. The default location of the agent
2.5.1 or earlier is:
<SYSTEM_DRIVE>/EPOAGENT
Where <SYSTEM_DRIVE> is the drive where the operating system is
installed.
Product Guide
287
w To detect whether agent 3.1 is installed and, if not, install it, include these
lines in the batch file:
IF EXIST “<AGENT INSTALLATION
PATH>\FRAMEWORKSERVICE.EXE” GOTO END_BATCH
\\<COMPUTER>\<FOLDER>\UPDATE$\FRAMEPKG.EXE
/FORCEINSTALL /INSTALL=AGENT
:END_BATCH
Where <AGENT INSTALLATION PATH> is the location on the client
computer where the agent is installed, and can include variables. For a
list, see Variables on page 528. The default location of the agent 3.0 or
later is:
C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\COMMON FRAMEWORK
And where \\<COMPUTER>\<FOLDER> is the network directory where
the agent installation package you want to install is located.
3
Place EPO.BAT on \\<PDC>\NETLOGON$, where <PDC> is the name of the
primary domain controller.
4
Add this line to the logon script:
CALL \\<PDC>\NETLOGON$\EPO.BAT
288
Agent installation command-line options
Depending on whether the agent is already installed, you can use these
command-line options when you run the agent installation package
(FRAMEPKG.EXE) or the agent framework installation (FRMINST.EXE) program.
NOTE
These options are not case-sensitive; their values are.
n
/DATADIR
n
/DOMAIN
n
/INSTALL
n
/INSTDIR
n
/PASSWORD
n
/REMOVE
n
/SILENT or S
n
/SITEINFO
n
/USELANGUAGE
n
/USERNAME
/DATADIR
Use the /DATADIR command-line option to specify a location other than the default
to store the agent data files.
FRAMEPKG /INSTALL=AGENT /DATADIR=<AGENT DATA PATH>
n
Where <AGENT DATA PATH> is the location on client computers used to store
the agent data files. The default location is:
ASSOCIATES\FRAMEWORK DATA
SETTINGS folder, which varies depending on the operating system.
n
If the operating system does not use a DOCUMENTS AND SETTINGS folder, the
default location is:
<AGENT INSTALLATION PATH>\DATA
Product Guide
289
/DOMAIN
Use the /DOMAIN command-line option to specify the domain name associated
with the user account you want to use to install the agent. You must also provide
a user name and password.
FRAMEPKG /INSTALL=AGENT /DOMAIN=<DOMAIN> /USERNAME=<USER>
/PASSWORD=<PASSWORD>
n
Where <DOMAIN> is the domain name, <USER> is the user name, and
<PASSWORD> is the password of a user account that belongs to the local
administrators group on the client computers.
If the computer is a member of a workgroup, <DOMAIN> is the computer
name.
/INSTALL
Use the /INSTALL command-line option to install or enable the agent or only
AutoUpdate 7.0. You can only install one component at a time. When you install
the agent, earlier versions of the agent are uninstalled before the new agent is
installed. Data from existing agents is not migrated.
FRAMEPKG /INSTALL=AGENT | UPDATER
n
Where AGENT is the agent 3.1.
n
And where UPDATER is AutoUpdate 7.0.
/INSTDIR
Use the /INSTDIR command-line option to specify where on client computers you
want to install the program files for the agent.
NOTE
FRAMEPKG /INSTALL=AGENT /INSTALLDIR=<AGENT INSTALLATION PATH>
n
Where <AGENT INSTALLATION PATH> is the location you want to install the
agent program files on client computers. You can use variables to define this
location. For a list, see Variables on page 528. The default location of the agent
is:
290
/PASSWORD
Use the /PASSWORD command-line option to specify the password associated with
the user account you want to use to install the agent. You must also provide a
domain name and user name.
n
/REMOVE
Use the /REMOVE command-line option to uninstall the agent.
FRMINST /REMOVE=AGENT
/SILENT or S
Use the /SILENT or /S command-line options to hide the installation of the agent
from the user.
FRAMEPKG /INSTALL=AGENT /SILENT | /S
/SITEINFO
Use the /SITEINFO command-line option to apply the specified repository list
(SITELIST.XML) file to the agent. For instructions, see Exporting the repository list to a
file on page 200.
FRAMEPKG /INSTALL=AGENT /SITEINFO=<REPOSITORY LIST PATH>
n
Where <REPOSITORY LIST PATH> is the location of the desired repository list.
/USELANGUAGE
Use the /USELANGUAGE command-line option to specify the language version of
the agent that you want to install.
If you select a locale other than English (United States), French (Standard), German
(Standard), Japanese, or Spanish (Traditional Sort), the software appears in
English.
Product Guide
291
If you install multiple language versions of the component, the locale you select in
Regional Settings determines the language version in which the component
appears.
FRAMEPKG /INSTALL=AGENT /USELANGUAGE <LOCALE ID>
n
Where <LOCALE ID> is the locale ID that represents the desired language. For
more information, see Locale IDs on page 526.
/USERNAME
Use the /USERNAME command-line option to specify the user name associated with
the user account you want to use to install the agent. You must also provide a
domain name and password.
n
292
Agent management
Once the agent has been successfully installed on client computers, you can use a
variety of tasks to manage the agent.
n
Switching servers that manage client computers.
n
Finding inactive agents.
n
Sending agent wakeup calls.
n
Sending SuperAgent wakeup calls.
n
Scheduling agent-to-server communication.
n
Viewing or saving the agent activity log file locally.
n
Viewing the agent activity log files remotely.
n
Agent system tray icon.
n
Command Agent command-line options.
n
Uninstalling the agent.
Switching servers that manage client computers
If you want to switch ePolicy Orchestrator servers that manage client computers,
deploy the repository list (SITELIST.XML) from the new server you want to start
managing to those computers. For instructions, see /SITEINFO on page 291.
You can also switch servers that manage client computers by deploying the agent
from the new server. For instructions, see Agent deployment on page 277.
Product Guide
293
Finding inactive agents
There are a number of methods you can use to determine whether agents are
communicating with the ePolicy Orchestrator server in a timely manner:
n
Agent to Server Connection Info report — You can specify the time period that
defines an inactive agent, then view report data on the corresponding
computers. For more information and instructions, see Agent to Server
Connection Info report template on page 425 and Running reports on page 347,
respectively.
n
Inactive Agent Maintenance server task — You can schedule a server task that
moves computers with inactive agents to a specified group or deletes them
from the Directory. You specify the time period that defines an inactive agent.
This task does not uninstall the agent. For instructions, see Scheduling Inactive
Agent Maintenance server tasks on page 295.
n
Find computers with inactive agents — Finds computers with agents that have
not communicated with the server within the time period you specify. You
can then perform selected commands on these computers. For instructions,
see Finding computers in the Directory on page 139.
294
Scheduling Inactive Agent Maintenance server tasks
Use this procedure to specify the time period that defines inactive agents and the
action that you want performed on computers with inactive agents. An inactive
agent is an agent that has not communicated with the ePolicy Orchestrator server
within the time period you specify. This task does not uninstall the agent.
If you need to delete computers with inactive agents on a routine basis, we
recommend that you first move these computers instead and adjust the time
period until the specified group contains the desired computers. Once you
determine the optimal time period, you can start deleting these computers.
1
Create an Inactive Agent Maintenance server task. For instructions, see
Creating server tasks on page 69. The Inactive Agent Maintenance Task page
appears.
Figure 7-7. Inactive Agent Maintenance Task page
2
In Period of inactivity, type the number of days that defines an inactive agent.
3
To move computers with inactive agents to another group, select Move under
Action to perform.
In Move inactive agents to this group, type the name of the group. If this group
doesn’t already exist, it is added to the Directory under the corresponding
site, regardless of whether inactive agents are found.
4
To delete computers with inactive agents from the Directory, select Delete
under Action to perform.
5
Click Finish when done. The task appears in the Scheduled Tasks tab.
Product Guide
295
Sending agent wakeup calls
Use this procedure to prompt agents on selected client computers to contact the
ePolicy Orchestrator server immediately, or randomly within up to one hour. For
more information, see Agent wakeup calls on page 244.
NOTE
You can enable or disable agent wakeup calls. This setting is enabled by
default. For instructions, see Enabling or disabling agent wakeup calls on
page 253.
1
2
In the console tree under ePolicy Orchestrator | Directory, right-click <SITE>,
<GROUP>, or <COMPUTER>, then select Agent Wakeup Call. The Agent Wakeup
Call dialog box appears.
Figure 7-8. Agent Wakeup Call dialog box
296
3
Select the Level at which you want to send the agent wakeup call.
4
Under Type, select Send Agent wakeup call.
5
Accept the default (1 minute) or type a different Agent randomization interval
(0 - 60 minutes). If you type 0, agents on all selected computers respond
immediately.
6
Typically, the agent only sends properties that have changed since the last
agent-to-server communication. To send the complete properties, select Get
full product properties.
7
Click OK to send the agent wakeup call.
Sending SuperAgent wakeup calls
Use this procedure to prompt SuperAgents on selected client computers and all
agents in the same subnet as the SuperAgent to contact the ePolicy Orchestrator
server immediately, or randomly within up to one hour. For more information, see
SuperAgent wakeup calls on page 248.
NOTE
You can enable or disable agent wakeup calls. This setting is enabled by
default. For instructions, see Enabling or disabling agent wakeup calls on
page 253.
1
2
In the console tree under ePolicy Orchestrator | Directory, right-click <SITE>,
<GROUP>, or <COMPUTER>, then select Agent Wakeup Call. The Agent Wakeup
Call dialog box appears.
Figure 7-9. Agent Wakeup Call dialog box
3
Select the Level at which you want to send the agent wakeup call.
Product Guide
297
4
Under Type, select Send SuperAgent wakeup call.
5
Accept the default (1 minute) or type a different Agent randomization interval
(0 - 60 minutes). If you type 0, agents on all selected computers respond
immediately.
6
agent-to-server communication. To send the complete properties, select Get
full product properties.
7
Click OK to send the SuperAgent wakeup call.
Scheduling agent-to-server communication
Use this procedure to schedule agent-to-server communication instead of using
the agent-to-server communication interval (ASCI). To disable the ASCI, see Setting
agent communication intervals on page 254.
1
Create and schedule an Agent Wakeup client task. For instructions, see
Creating client tasks on page 263 and Scheduling client tasks on page 264.
2
Figure 7-10. Task Settings dialog box — Agent Wakeup tasks
298
3
Deselect Inherit.
4
agent-to-server communication. To send the complete properties, select
Collect full properties.
5
Viewing or saving the agent activity log file locally
Use this procedure to view or save the agent activity log
(AGENT_<COMPUTER>.XML) file using the agent system tray icon on client
computers. For more information, see Agent activity log files on page 243.
NOTE
You can show or hide the agent system tray icon. It is hidden by default.
You can enable or disable the logging of agent activity. This setting is
enabled by default. For instructions, see Showing or hiding the agent
system tray icon on page 251 and Enabling or disabling the logging of agent
activity and remote access to log files on page 257.
1
2
At the desired client computer, right-click the agent system tray icon, then
select Status Monitor.
The current agent activity log file appears in the ePolicy Orchestrator Agent
Monitor dialog box.
Figure 7-11. ePolicy Orchestrator Agent Monitor dialog box
3
To save the agent activity log file, click Save Contents, then specify the
desired location and file name.
Product Guide
299
Viewing the agent activity log files remotely
Use this procedure to view the agent activity log (AGENT_<COMPUTER>.XML) or
detailed agent activity log (AGENT_<COMPUTER>.LOG or
AGENT_<COMPUTER>_BACKUP.LOG) files remotely. For more information, see Agent
activity log files on page 243.
NOTE
You can enable or disable logging of agent activity and remote access to
the agent activity log files. These settings are enabled by default. For
instructions, see Enabling or disabling the logging of agent activity and
remote access to log files on page 257.
1
To view the agent activity log file, go to this address in a web browser:
http://<COMPUTER>:<AGENT WAKEUP PORT>/AGENT_<COMPUTER>.XML
Where <COMPUTER> is the name of the client computer and <AGENT WAKEUP
PORT> is the number of the agent wakeup call port.
Figure 7-12. Agent activity log file
2
3
To view the detailed agent activity log file, click View debugging log.
To view the backup copy of the detailed agent activity log file, click View
backup debugging log.
300
Agent system tray icon
You can use the agent system tray icon to perform selected agent tasks locally on
client computers. You can perform some of these same tasks remotely. For
instructions, see Command Agent command-line options on page 304.
NOTE
For instructions, see Showing or hiding the agent system tray icon on
page 251.
You can access the following dialog boxes and commands from the agent system
tray icon.
n
ePolicy Orchestrator Agent Monitor dialog box.
n
ePolicy Orchestrator Agent Options dialog box.
n
Update Now command.
n
ePolicy Orchestrator Agent dialog box.
ePolicy Orchestrator Agent Monitor dialog box
Use the ePolicy Orchestrator Agent Monitor dialog box to prompt the agent to send
properties or events to the ePolicy Orchestrator server, enforce policies and tasks
locally, check the ePolicy Orchestrator server for new or updated policies and
tasks, then enforce them immediately upon receipt. Also, use to view selected
agent settings, and view or save the agent log file. You might find this dialog box
useful to monitor the activity of an individual agent.
Where to find
n
select Status Monitor. The ePolicy Orchestrator Agent Monitor dialog box
appears.
NOTE
page 251.
Definitions of pertinent options in this dialog box are listed below in alphabetic
order by item name.
Agent Settings
Opens the ePolicy Orchestrator Agent Options dialog box.
Agent Status
Displays the current status (started or stopped) of the McAfee
Framework Service. This is the name of the agent service.
Product Guide
301
Check New Policies
Prompts the agent to contact the ePolicy Orchestrator server for
new or updated policies, then enforce them immediately upon
receipt.
Collect and Send
Props
Prompts the agent to send properties to the ePolicy Orchestrator
server.
Enforce Policies
Prompts the agent to enforce policies locally.
log file
w
Component — Displays the name of the internal agent
component performing the action.
w
Date and Time — Displays the date and time that the action
occurred.
w
Type — Displays the log entry type (Normal or Detail).
w
Status — Displays a description of the action that occurred.
Product IDs are listed here in place of names. For a list, see
Product IDs on page 527.
Save Contents
Saves the contents of the agent log to a file you specify.
Send Events
Prompts the agent to send events to the ePolicy Orchestrator
server.
ePolicy Orchestrator Agent Options dialog box
Use the ePolicy Orchestrator Agent Options dialog box to view selected agent
settings including identification information and intervals.
Where to find
n
select Setting. The ePolicy Orchestrator Agent Options dialog box appears.
NOTE
page 251.
Definitions of pertinent options in this dialog box are listed below in alphabetic
order by item name.
302
Agent enforces
policies locally
every
Displays the policy enforcement interval.
Agent ID
Displays the unique ID (called a global unique identifier)
assigned to this client computer.
Agent to Server
communication
interval every
Displays the agent-to-server communication interval (ASCI).
Computer Name
Displays the name of this computer.
User Name
Displays the user name associated with currently logged on user
account.
Update Now command
Use the Update Now command to prompt the agent to retrieve product updates
from the nearest distributed repository. Product updates include HotFix releases,
legacy product plug-in (.DLL) files, service pack releases, SuperDAT (SDAT*.EXE)
packages, supplemental virus definition (EXTRA.DAT) files, and virus definition
(DAT) files.
Where to find
n
select Update Now. The McAfee AutoUpdate 7.0 dialog box displays the status
of the update task.
NOTE
page 251.
ePolicy Orchestrator Agent dialog box
Use the ePolicy Orchestrator Agent dialog box to view the version number of the
agent, the date and time of the most recent update, and the version number and
language version of all managed products installed on the client computer.
Where to find
n
select About. The ePolicy Orchestrator Agent dialog box appears.
NOTE
page 251.
Product Guide
303
Command Agent command-line options
You can use the Command Agent (CMDAGENT.EXE) program to perform selected
agent tasks remotely. You can perform these same tasks locally on client
computers using this program or the agent system tray icon. For instructions, see
Agent system tray icon on page 301.
The command agent program is in the location as the agent program files are
installed on client computers. You can use variables to define this location. For a
list, see Variables on page 528. The default location is:
n
/C (check new policies)
n
/E (enforce policies)
n
/P (collect and send properties and events)
/C (check new policies)
Use the /C command-line option to prompt the agent to contact the ePolicy
Orchestrator server for new or updated policies, then enforce them immediately
upon receipt.
CMDAGENT.EXE /C
/E (enforce policies)
Use the /E command-line option to prompt the agent to enforce policies locally.
CMDAGENT.EXE /E
/P (collect and send properties and events)
Use the /P command-line option to prompt the agent to send properties and events
to the ePolicy Orchestrator server.
CMDAGENT.EXE /P
304
Uninstalling the agent
You can remove the agent from client computers using several methods:
n
Command-line options — You can use the agent framework installation
(FRMINST.EXE) program to remove the agent. For instructions, see /REMOVE
on page 291.
n
Deployment task — You can use the Deployment task to schedule the removal
of the agent. For instructions, see Uninstalling products on page 311.
n
Directory Search — You can remove the agent from desired computers after
finding them using predefined search queries. For instructions, see Finding
computers in the Directory on page 139.
n
From the Directory — You can uninstall the agent from computers at the same
time that you remove the computer from the Directory. For instructions, see
Uninstalling the agent when you remove computers on page 305.
Uninstalling the agent when you remove computers
Use this procedure to remove the agent from computers in the Directory.
1
2
right-click the desired <SITE>, <GROUP>, or <COMPUTER>, then select Delete.
3
Click Uninstall agent from all connected computers.
4
Click Yes.
Product Guide
305
306
8
Product Deployment and
Updating
Once you have deployed the agent, set up the Repository and checked in the
products and product updates that you want to deploy into the Repository, you are
ready for product deployment. You can deploy products and product updates
using the default policies (configuration settings) or change these settings
beforehand. For instructions, see Setting policies on page 232. You schedule when
products are deployed and uninstalled from client computers.
In addition, you can deploy critical product updates as soon you check in the
corresponding packages into the master repository, then report on the status of the
global update immediately.
n
Product deployment.
n
Product update deployment.
n
Global updating.
Product Guide
307
Product Deployment and Updating
Product deployment
All supported products can be deployed from the ePolicy Orchestrator console to
client computers by scheduling a Product Deployment client task. You can schedule
the deployment of all products currently checked into the master repository at
once. The Product Deployment task enables you to schedule product installation
and removal during off-peak hours or during the policy enforcement interval. We
recommend using a single Product Deployment task to install and uninstall
products to avoid potential product version conflicts. For a list of supported
products, see Supported Products and Features on page 529.
Product Deployment tasks allow you to specify which products you want to install
or uninstall from selected client computers. You can also specify a static or variable
installation path on client computers and command-line options for each product.
To effectively schedule tasks, you need to understand how task inheritance works.
For more information, see Task inheritance on page 262.
n
Enforcement of product deployment.
n
Deploying products.
n
Viewing product activity log files remotely.
n
Uninstalling products.
Enforcement of product deployment
The frequency you specify in the Product Deployment task defines when product
installation and uninstallation is enforced on client computers. For example, if an
end user uninstalls a product that you’ve scheduled for deployment, the product
is installed again the next time the Product Deployment task runs. When the Product
Deployment task runs, the agent first determines whether the selected products are
already installed on client computers and installation requirements have been met
before it retrieves the product Setup (binary) files from the nearest repository.
If you are deploying a different language version of the same version of the
product, the selected version of a product is replaced even though it has already
been installed on client computers.
If you schedule the deployment of multiple versions of a product to the same client
computers, the later version is installed unless the operating system version is not
supported; in which case, the most current version supported on that operating
system is installed. For example, if you schedule the deployment of VirusScan 4.5.1
and VirusScan Enterprise 7.0 to the same client computers, VirusScan
Enterprise 7.0 is installed on all computers except those using Windows 95 or
Windows 98 on which VirusScan 4.5.1 is installed instead.
308
Deploying products
Use this procedure to send and install product Setup (binary) files on selected
client computers. You can schedule the deployment of all supported products
currently checked into the master repository at once. We recommend using a
single Product Deployment task to install and uninstall products to avoid potential
product version conflicts.
1
Check the desired product into the master repository. For instructions, see
Checking in packages on page 206.
2
Create a Product Deployment client task. For instructions, see Creating client
tasks on page 263.
3
Figure 8-1. Task Settings dialog box — Product Deployment tasks
4
Deselect Inherit.
5
Next to the desired product and product version, select Install in Action, then
select the language version of the product that you want to deploy in
Language.
6
Next to those products that you do not want to deploy, select Ignore in Action.
7
To specify command-line options for the Product Deployment task, click
next to the desired product. For instructions, see the Configuration Guide for
that product.
Product Guide
309
8
runs only once.
9
Viewing product activity log files remotely
Use this procedure to view the activity log files created by products remotely.
NOTE
You can enable or disable remote access to log files. For instructions, see
Enabling or disabling the logging of agent activity and remote access to log files
on page 257.
1
In the product policy, specify to save the product log file in the same location
as the agent activity log files. For instructions, see Setting policies on page 232
and the Configuration Guide for that product.
The default location is:
<DOCUMENTS AND SETTINGS>\ALL USERS\APPLICATION DATA\NETWORK
ASSOCIATES\COMMON FRAMEWORK\DB
SETTINGS folder.
If the operating system does not use a DOCUMENTS AND SETTINGS folder, the
C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\DB
2
To view product log files, go to this address in a web browser:
http://<COMPUTER>:<AGENT WAKEUP PORT>/<LOG FILE>
Where <COMPUTER> is the name of the client computer, <AGENT WAKEUP
is the number of the agent wakeup call port, and <LOG FILE> is the
name of the product log file.
PORT>
310
Uninstalling products
Use this procedure to uninstall specified products on selected client computers.
You can schedule the removal of multiple products at once. We recommend using
a single Product Deployment task to install and uninstall products to avoid
potential product version conflicts.
1
2
Directory, <SITE>, <GROUP>, or <COMPUTER>. The Properties, Policies, and
3
4
Select the existing Product Deployment client task, then right-click Edit Task.
The ePolicy Orchestrator Scheduler dialog box appears.
Product Guide
311
5
On the Task tab, click Settings. The Task Settings dialog box appears.
Figure 8-3. Task Settings dialog box -- Product Deployment tasks
6
Deselect Inherit.
7
Next to the desired product and product version, select Remove in Action,
then select the language version of the product that you want to remove in
Language.
8
Next to those products that you do not want to remove, select Ignore in
Action.
9
runs only once.
10 Click OK to return to the ePolicy Orchestrator Scheduler dialog box.
11 Make changes as needed.
312
Product update deployment
Updates to products can be deployed from the ePolicy Orchestrator console to
client computers by scheduling Update, AutoUpdate, or AutoUpgrade client tasks.
For more information, see Default client tasks on page 261.
Depending on the product and product version you are updating, the types of
updates that you can deploy from the console and the client task you use to deploy
them differs. To effectively schedule tasks, you need to understand how task
inheritance works. For more information, see Task inheritance on page 262.
n
How the Update task works and when to use it.
n
How AutoUpdate and AutoUpgrade tasks work and when to use them.
n
Specifying the branch to retrieve updates.
n
Rolling back updates to the previous version.
n
Deploying new updates to selected computers for testing.
n
Deploying product updates.
n
Deploying product updates using AutoUpdate and AutoUpgrade tasks.
How the Update task works and when to use it
The Update client task applies to VirusScan 4.5.1 and products that use
AutoUpdate 7.0 (for example, VirusScan Enterprise 7.0). You can schedule the
deployment of all product updates currently checked into the master repository at
once. We recommend using a single Update task to install product updates to avoid
potential product version conflicts. For a list of products that use legacy updating,
see Supported Products and Features on page 529.
When the Update task runs, the agent first determines whether product updates in
the master repository are already installed on client computers and the installation
requirements have been met. Next, the agent retrieves only the files it needs to
install the update from the nearest repository.
How AutoUpdate and AutoUpgrade tasks work and when to use
them
The AutoUpdate and AutoUpgrade client tasks apply to existing (or legacy)
products that use their own internal mechanism instead of AutoUpdate 7.0 to
install updates. VirusScan 4.5.1 is the only exception to this rule and uses the
Update client task to install updates. For a list of products that use legacy updating,
see Supported Products and Features on page 529.
Product Guide
313
When AutoUpdate or AutoUpgrade tasks run, the agent retrieves the update from
the location specified in the task settings, then the product installs the update. If
the update location you specify is a distributed software repository being managed
by ePolicy Orchestrator, you need to enable legacy product support when you
check the corresponding package into the master repository. For more
information, see Legacy product support on page 203.
Specifying the branch to retrieve updates
Use this procedure to specify the branch (evaluation, current, or previous) from
which client computers retrieve packages. For a list of supported package types,
see Package versioning and branches on page 205. If you need to move packages to
different branches, see Manually moving packages between branches on page 211.
1
On the Updates tab in the ePolicy Orchestrator Agent | Configuration policy
Figure 8-4. Updates tab (ePolicy Orchestrator Agent | Configuration policy page)
314
2
Under Selective updating, select Evaluation, Current, or Previous for each
update listed.
3
Rolling back updates to the previous version
Use this procedure to redeploy a previous version of an update over the current
version of one or more of these updates. For a list of supported package types, see
Package versioning and branches on page 205.
This procedure assumes that a current and previous version of the package type
are checked into the master repository, the current version has been deployed to
client computers, and you want to replace the current version with the previous
version. If you need to move packages to different branches, see Manually moving
packages between branches on page 211.
1
2
Under Selective updating, select Previous for each update (DAT, Engine, etc.)
that you want to replace.
3
Product Guide
315
Deploying new updates to selected computers for testing
Use this procedure to deploy new versions of updates to selected computers for
testing purposes. For a list of supported package types, see Package versioning and
branches on page 205.
This procedure assumes that you want to deploy a new update to a selected group
of computers, and the new version of the package has been checked into the
Evaluation branch in the master repository. If you need to move packages to
different branches, see Manually moving packages between branches on page 211.
1
316
2
Under Selective updating, select Evaluation for each update (DAT, Engine, etc.)
that you want to test.
3
Deploying product updates
Use this procedure to schedule the installation of product updates on selected
client computers. You can also specify whether users — especially mobile users —
can postpone updates to a more convenient time. You can schedule the
deployment of all supported product updates currently checked into the master
repository at once. We recommend using a single Update task to install all
supported product updates to avoid potential product version conflicts.
1
Check the desired product update into the master repository. For
instructions, see Checking in packages on page 206.
2
Create an Update client task. For instructions, see Creating client tasks on
page 263.
3
Figure 8-7. Task Settings dialog box — Update tasks
4
Deselect Inherit.
5
To display the progress of the update to users, select Show update process
dialog.
To install the update without notifying users, deselect Show update process
dialog.
6
To provide users the option to postpone the update, select Allow users to
postpone this update. Users will be able to specify how long to postpone the
update.
7
In Maximum number of postpones allowed, type the maximum number of
times users can postpone the update before it is installed automatically.
8
In Postpone timeout interval, type how long (in seconds) users have to
postpone the update before the update is installed automatically.
9
Click OK to return to the ePolicy Orchestrator Scheduler dialog box
Product Guide
317
Deploying product updates using AutoUpdate and AutoUpgrade
tasks
With the exception of new products that use AutoUpdate 7.0 (for example,
VirusScan Enterprise 7.0) and VirusScan 4.5.1, you need to use AutoUpdate and
AutoUpgrade client tasks to deploy virus definition (DAT) files and the virus
scanning engine to products. For instructions, see Creating client tasks on page 263
and the Configuration Guide for that product. For a list of supported product
updates, see Supported Products and Features on page 529.
318
Global updating
When global updating is enabled, you can deploy product updates as soon you
check in the corresponding packages to the master repository. You can then report
on the status of the global update immediately. For more information, see
Figure 8-8, Figure 8-9, and Figure 8-10. For instructions, see these procedures:
n
Setting up global updating.
n
Initiating and reporting on a global update.
1
Server
2
Master Repository
3
Global Distributed Repository
SuperAgent
4
Local Distributed
Repository
Distributed Repository
Global Distributed Repository
Figure 8-8. Global updating (1 of 3) — Package check-in and replication
1 Enable global updating and immediate event forwarding.
2 Check in product update packages. You can do this manually or by scheduling a pull task from a source
repository.
3 Package is immediately replicated to all SuperAgent and global distributed repositories. This is an
incremental replication.
4 Remember, you must manually copy new packages to local distributed repositories.
Product Guide
319
3
Server
Master Repository
Agent
1
— Subnet —
— Subnet —
3
SuperAgent
SuperAgent
3
2
2
3
Agent
Agent
Agent
3
Agent
4
Agent
Agent
3
Figure 8-9. Global updating (2 of 3) — Update notification and retrieval
320
5
Agent
1 Server sends a wakeup call along with the package version number to all SuperAgents.
2 SuperAgents send a broadcast wakeup call along with the package version number to all agents in the
same subnet.
3 All agents (regular agents and SuperAgents) retrieve the update from the nearest repository. Agent
retrieve updates randomly during the specified global update randomization interval you specified.
4 If the version number of the package does not match, the agent skips that repository and checks the next
one in the repository list.
5 Any agents without an operating SuperAgent on its subnet will not receive notification of the global
update.
Product Guide
321
— Subnet —
SuperAgent
1
Server
2
1
Reports
Agent
Agent
Agent
Agent
1
3
Agent
Figure 8-10. Global updating (3 of 3) — Status update and reporting
1 Agents send update events to the server.
2 You can now begin to report on the status of the global update.
3 Any agents without an operating SuperAgent on its subnet will not receive notification of the global
update.
322
Setting up global updating
Use this procedure to set up global updating. For more information, see Global
updating on page 319.
1
Set up distributed software repositories. For instructions, see Creating
2
Deploy at least one SuperAgent to every subnet on the network. For
instructions, see Deploying SuperAgents on page 324.
3
Enable immediate event forwarding. For instructions, see Enabling or
disabling immediate event forwarding on page 256.
Initiating and reporting on a global update
Use this procedure to initiate, then report on the status of a global update. You
need to set up global updating before you can initiate a global update. For
instructions, see Setting up global updating on page 323.
1
Enable global updating. For instructions, see Enabling or disabling global
updating on page 325.
2
Schedule a pull task from the desired source repository. For a list of package
types and instructions, see Product and product update packages on page 203
and Scheduling Repository Pull server tasks on page 215, respectively.
— OR —
Manually check in the desired product update packages. For a list of package
types and instructions, see Product and product update packages on page 203
and Checking in packages on page 206, respectively.
Packages are immediately replicated to all SuperAgent and global
distributed repositories. Remember, you must manually copy new packages
to local distributed repositories.
3
Run one or more coverage reports to determine the status of the global
update. For more information and instructions, see Coverage report templates
on page 424 and Running reports on page 347.
Product Guide
323
Deploying SuperAgents
Use this procedure to set the policy for SuperAgents, then deploy at least one to
every subnet on the network. We recommend that you deploy an additional
SuperAgent to each subnet as a backup, because agents without an operating
SuperAgent on its subnet will not receive notification of global updates. Changes
NOTE
1
324
2
Select Enable agent wakeup call support.
3
Select Enable Super Agent functionality.
4
Make changes to other policy settings as needed. For instructions, see Setting
5
Enabling or disabling global updating
Use this procedure to enable or disable global updating.
1
2
3
In the details pane, click the Settings tab.
Figure 8-12. Settings tab
4
To enable global updating, select Enable global updating.
To disable global updating, deselect Enable global updating.
5
Specify the Global updating randomization interval (default is 20 minutes) to
determine the time period during which agents randomly retrieve updates
from repositories.
6
Click Apply settings to save the current entries.
Product Guide
325
326
9
Reporting
The ePolicy Orchestrator software includes enterprise-wide reporting
functionality. You can produce a wide range of useful reports and queries from
events and properties sent by the agent to the ePolicy Orchestrator server, then
stored in the ePolicy Orchestrator database.
The ePolicy Orchestrator software includes a number of predefined report and
query templates. These templates are stored in the Report Repository and Query
Repository under Reporting in the console tree. You can use any template found
here to create reports and queries using data on any database server. For
information, see Report and Query Templates on page 423.
Although you can log on to multiple ePolicy Orchestrator database servers at once,
reports and queries can only display data from a single database at a time. To
create reports or queries that combine data from multiple databases, you can
merge databases together or import selected events into the database. You can also
control which events are stored in the database by limiting or deleting unwanted
ones from the database.
You can produce reports and queries for a group of selected client computers. You
can also limit report results by product or computer criteria; for example, product
name, product version number, or operating system. You can export reports into
a variety of file formats, including HTML and Microsoft Excel.
n
How security affects reporting.
n
ePolicy Orchestrator database servers.
n
Events.
n
Global reporting settings.
n
Reports.
n
Queries.
n
Reorganizing the Report Repository.
n
Reorganizing the Query Repository.
Product Guide
327
Reporting
How security affects reporting
The authentication method and user account that you use to log on to ePolicy
Orchestrator database servers affect the tasks you can perform, and the data on
which you can report.
n
Database authentication.
n
How authentication method affects working with events.
n
How user account affects working with events and reports.
n
How user account affects data that appears in reports.
Database authentication
When using SQL authentication, the DBO database role is created automatically
during the installation. This database role is assigned to the default SQL user
account (sa), and contains all of the permissions you need to access ePolicy
Orchestrator databases.
When using NT authentication, local administrators on the database server have
the same level of database access as the default SQL user account.
How authentication method affects working with events
The authentication method that you use to log on to ePolicy Orchestrator database
servers affects whether you can limit, remove, import, or repair events in the
ePolicy Orchestrator database.
If you use ePolicy Orchestrator authentication, global administrators can view and
change all options on all tabs available from Events under Reporting | ePO
Databases | <DATABASE SERVER> in the console tree. Other users can only view this
information.
If you use Windows NT or SQL authentication, all users can only view and change
options on the Removal tab available from Events under Reporting | ePO Databases
| <DATABASE SERVER> in the console tree.
328
Reporting
How user account affects working with events and reports
The ePolicy Orchestrator user account that you use to log on to ePolicy
Orchestrator database servers affects the tasks you can perform, and the data on
which you can report.
You must be a global administrator to perform the following tasks:
n
Change reporting options.
n
Limit events.
n
Import events.
n
Repair events.
n
Delete events.
How user account affects data that appears in reports
When you remove computers from the Directory, the events associated with them
remain in the ePolicy Orchestrator database. You must be a global administrator
or global reviewer to view events associated with these computers in infection
reports. In addition when you use a global administrator or global reviewer user
account to run infection reports, the computer name itself is not provided
regardless of whether the computer currently appears in the Directory.
You must be a site administrator or site reviewer to view the names of computers
currently in the Directory within infection reports.
Site administrators and site reviewers can only report on those client computers in
sites to which they have rights.
Product Guide
329
Reporting
ePolicy Orchestrator database servers
Before you can run reports or queries, you need to log on to the ePolicy
Orchestrator database server that contains the data on which you want to report.
Database servers can reside on the same computer as the ePolicy Orchestrator
server or on a separate computer. You can be logged on to multiple database
servers at once. Note that you log on to database servers separately from the
ePolicy Orchestrator server itself. You can also log off or remove database servers
from the console tree as needed.
n
Logging on to or adding ePolicy Orchestrator database servers.
n
Logging off ePolicy Orchestrator database servers.
n
Removing ePolicy Orchestrator database servers.
Logging on to or adding ePolicy Orchestrator database servers
Depending on whether the desired ePolicy Orchestrator database server already
appears in the console tree under Reporting | ePO Databases, you need to complete
different steps to log on to it.
If the ePolicy Orchestrator database resides on the same computer as the ePolicy
Orchestrator server, the database server appears automatically in the console tree.
For instructions on changing this setting, see Specifying global reporting options on
page 343.
330
n
If the database server appears in the console tree, use Logging on to ePolicy
n
If the database server doesn’t appear in the console tree, use Adding ePolicy
Reporting
Logging on to ePolicy Orchestrator database servers
Use this procedure to log on to an ePolicy Orchestrator database server that
already appears in the console tree under Reporting | ePO Databases.
Typically, you must log on to database servers every time you start the software.
If you are using Windows NT or SQL authentication to log on to database servers,
you can save the logon information for individual database servers, so that you do
not need to manually log on to them. For instructions on cancelling this setting, see
Clearing saved logon information on page 332. You can also save logon information
for all database servers. For instructions, see Specifying global reporting options on
page 343.
WARNING
If you select Save connection information and do not prompt again, be
sure to password-protect the corresponding database server.
Otherwise, other users might be able to gain direct access to it via the
ePolicy Orchestrator console.
1
In the console tree under Reporting | ePO Databases, right-click <DATABASE
SERVER>, then select Connect. The ePO Database Login dialog box appears.
Figure 9-1. ePO Database Login dialog box
2
If Connection Information items do not appear in this dialog box, click Options
to display them. These items allow you to select the authentication method.
3
Under Connection Information, select the Authentication Type that you want
to use to verify the authenticity of the logon information.
4
Make selections based on the Authentication Type you choose in Step 3:
Product Guide
331
Reporting
If you select Currently logged on user, the logon information you entered to
log on to this computer is used.
If you select ePO authentication, make these selections:
a
Type the User name and Password of an ePolicy Orchestrator user
account.
b
Type the HTTP port number that corresponds to the ePolicy Orchestrator
server as entered during the installation.
If you select SQL authentication, make these selections:
a
Type the User name and Password of a SQL Server user account.
b
To save the logon information for the selected database server, select
Save connection information and do not prompt again.
If you select Windows NT authentication, make these selections:
5
a
Type the User name and Password of a Windows NT user account.
b
Type the Domain name to which this account belongs.
c
To save the logon information for the selected database server, select
Save connection information and do not prompt again.
Click OK to connect to the specified database server using the logon
information provided.
Clearing saved logon information
Use this procedure to clear logon information for ePolicy Orchestrator database
servers that has been previously saved. Once you clear the logon information, you
will need to log on to the database server every time you start the software.
1
Remove the desired database server. For instructions, see Removing ePolicy
2
Exit the software.
3
Log on to the desired database server. Be sure to deselect Save connection
information and do not prompt again. For instructions, see Logging on to or
adding ePolicy Orchestrator database servers on page 330.
332
Reporting
Adding ePolicy Orchestrator database servers
Use this procedure to add an ePolicy Orchestrator database server to the console
tree under Reporting | ePO Databases and log on to it. You can add multiple
database servers to the console tree. This enables you to work with more than one
database server in the same session.
1
In the console tree under Reporting, right-click ePO Databases, then select
Add new server. The New ePO Database Server dialog box appears.
Figure 9-2. New ePO Database Server dialog box
2
Select the Authentication Type that you want to use to verify the authenticity
of the logon information.
3
In Server name, type or select the name of the database server to which you
want to connect. To select the local server, type or select (local).
4
Make selections based on the Authentication Type you choose in Step 2:
If you select Currently logged on user, accept the default Database name
(EPO_<SERVER>) or type the name of another one.
If you select ePO authentication, make these selections:
a
Type the HTTP port number that corresponds to the database server to
which you want to connect.
b
Type the User name and Password of an ePolicy Orchestrator user
account.
Product Guide
333
Reporting
If you select SQL authentication, make these selections:
a
Accept the default Database name (EPO_<SERVER>) or type the name of
another one.
b
Type the User name and Password of a SQL Server user account.
If you select Windows NT authentication, make these selections:
5
a
Accept the default Database name (EPO_<SERVER>) or type the name of
another one.
b
Type the User name and Password of a Windows NT user account.
c
Type the Domain name to which the user account belongs.
Click OK to connect to the specified database server using the logon
information provided.
Logging off ePolicy Orchestrator database servers
Use this procedure to log off the selected ePolicy Orchestrator database server, but
leave its icon in the console tree.
n
SERVER>, then select Disconnect.
Removing ePolicy Orchestrator database servers
Use this procedure to log off the selected ePolicy Orchestrator database server (if a
connection currently exists) and remove its icon from the console tree.
n
334
SERVER>, then select Remove.
Reporting
Events
You can define the events that you want stored in the ePolicy Orchestrator
database, import events from another database into the current one, repair events
and computer names to ensure that infection reports are accurate, and
permanently delete events from the database.
n
Limiting events stored in the database.
n
Importing events into the database.
n
Repairing events and computer names in the database.
n
Deleting events from the database.
Limiting events stored in the database
Use this procedure to define the specific events that you want sent from client
computers to the ePolicy Orchestrator server, and then stored in the ePolicy
Orchestrator database for reporting purposes. Events that are already in the
database are not affected.
Because service events (for example, starting or stopping software) are numerous,
they are not collected by default. We recommend that you accept these default
selections to reduce the size of the database.
NOTE
You must be a global administrator to limit events. Other users can only
view these settings.
1
Log on to the desired ePolicy Orchestrator database server using ePolicy
Orchestrator authentication and a global administrator user account. For
instructions, see Logging on to or adding ePolicy Orchestrator database servers on
page 330.
2
In the console tree under Reporting | ePO Databases | <DATABASE SERVER>,
select Events. The Filtering, Import, Repair, and Removal tabs appear in the
details pane.
Product Guide
335
Reporting
3
On the Filtering tab, select Send only the selected events to ePO, then select
checkboxes that correspond to events that you want to collect.
Figure 9-3. Filtering tab
The severity icons of events are listed in order of severity (from least to most
severe) below:
Informational
Warning
Minor
Major
Critical
336
4
To collect all events, select Do not filter events (send all events).
5
Click Apply to save the current entries. The new set of events is sent to the
server and stored in the database at the next agent-to-server communication
interval (ASCI).
Reporting
Importing events into the database
Use this procedure to import events from another ePolicy Orchestrator database
into the current one, so that the selected events are available for reporting
purposes. You can also merge multiple databases together into one for reporting
purposes. For instructions, see Creating merged databases on page 399.
NOTE
You must be a global administrator to import events.
1
Back up both databases. For instructions, see Backing up and restoring ePolicy
Orchestrator databases on page 394.
2
Orchestrator authentication and a global administrator user account. For
instructions, see Logging on to or adding ePolicy Orchestrator database servers on
page 330.
3
details pane.
4
Click the Import tab.
Figure 9-4. Import tab
5
In Select the SQL Server from which events will be imported, select or type the
name of the SQL server that contains the database from which you want to
import events.
Product Guide
337
Reporting
6
7
8
In Name of database to import events from, accept the default database server
name, or type the name of a different database server from which you want
to import events.
If using version...
Then, the default database name is...
1.0
NAIEVENTS
1.1
AVINFORMANTDB
2.0
EPO_<SERVER>
2.5
EPO_<SERVER>
2.5.1
EPO_<SERVER>
3.0
EPO_<SERVER>
Type the SQL Login ID and Password of an administrator account on the
selected database.
Select either Only import events that have not already been imported or Import
all events.
NOTE
Be aware that the Import all events option might add duplicate events
into the database.
9
Click Start to import events from the selected database into the current one.
10 Repair events. For instructions, see Repairing events and computer names in the
Repairing events and computer names in the database
Every computer is assigned a unique ID called a global unique identifier. These
IDs are stored with events in the ePolicy Orchestrator database and identify which
client computers generated each event. In addition, it’s important to track when
computers are renamed. These associations are necessary to ensure that infection
reports are accurate.
Certain conditions cause computers to be assigned a new ID. In these cases, the ID
stored in the database no longer matches the ID assigned to the computer. You
need to update the events in the database that correspond to these mismatched
IDs, to ensure that infection data is reported accurately.
Here are some common examples of situations that cause computers to be
assigned a new ID:
338
n
Changing the MAC address on computers.
n
Changing the network interface card (NIC) in computers.
Reporting
n
Renaming computers.
n
Uninstalling, then reinstalling the agent. Note that agent AutoUpgrade does
not generate a new ID.
n
Using a common image of the software and hardware to build computers.
n
Using a docking station with laptop computers.
Repairing events in the database
Use this procedure to synchronize the ID in events in the selected ePolicy
Orchestrator database with the IDs of computers on the network.
1
Back up the database. For instructions, see Backing up and restoring ePolicy
2
Orchestrator authentication. For instructions, see Logging on to or adding
ePolicy Orchestrator database servers on page 330.
3
details pane.
4
Click the Repair tab.
Figure 9-5. Repair tab
Product Guide
339
Reporting
5
Click Start to synchronize the IDs in events with IDs of computers on the
network.
6
If Events not matched to computers is greater than zero after the repair
process has completed, you need to also repair computer names. For
instructions, see Repairing computer names associated with events in the database
on page 340.
Repairing computer names associated with events in the
database
Use this procedure whenever computer names have changed to update events
with the new computer names.
1
Repair events in the database. For instructions, see Repairing events in the
2
In your database maintenance tool (for example, SQL Server Enterprise
Manager), run the following SQL statement on the database for each
renamed computer or create a SQL script that contains a SQL statement for
each renamed computer:
UPDATE EVENTS SET HOSTNAME=’<NEW COMPUTER>’ WHERE
HOSTNAME=’<OLD COMPUTER>’
Where <NEW COMPUTER> and <OLD COMPUTER> are the current and previous
computer names, respectively.
3
Repair events in the database again. For instructions, see Repairing events in
the database on page 339.
Deleting events from the database
Use this procedure to delete events permanently from the ePolicy Orchestrator
database.
340
1
Back up the database. For instructions, see Backing up and restoring ePolicy
2
Log on to the desired ePolicy Orchestrator database server. For instructions,
see Logging on to or adding ePolicy Orchestrator database servers on page 330.
3
details pane.
Reporting
4
Click the Removal tab.
Figure 9-6. Removal tab
5
Select the range of events that you want to delete from the database.
6
Click Start to delete the specified events from the database.
Product Guide
341
Reporting
Global reporting settings
Some reporting settings affect all ePolicy Orchestrator database servers, reports,
and queries. You might find it helpful to review these settings before you run
reports and queries to ensure that the desired data is displayed in them.
342
n
Specifying global reporting options.
n
Limiting report and query results by client computer.
Reporting
Specifying global reporting options
Use this procedure to specify settings that affect all ePolicy Orchestrator database
servers, reports, and queries.
Typically, you must log on to database servers every time you start the software.
If using Windows NT or SQL authentication to log on to database servers, you can
save the logon information for all database servers, so that you do not need to
manually log on to them. You can also save logon information for individual
database servers. For instructions, see Logging on to ePolicy Orchestrator database
servers on page 331.
WARNING
If you select Encrypt and save passwords between sessions, be sure to
password-protect all database servers. Otherwise, other users might be
able to gain direct access to them via the ePolicy Orchestrator console.
1
In the console tree, right-click Reporting, then select Options. The Reporting
dialog box appears.
Figure 9-7. Reporting dialog box
2
To add a local database server under ePO Databases every time you start the
software, select Add local machine to server list if ePO server is detected.
Product Guide
343
Reporting
344
3
To save logon information for all database servers using Windows NT or
SQL authentication, select Encrypt and save passwords between sessions.
4
Accept the default Query time-out (600 seconds) to specify when to interrupt
attempts to return report or query results. If you are experiencing network
delays or time-out messages (for example, SQL time-out messages), try
increasing this value.
5
Accept the default Login time-out (10 seconds) to specify when to interrupt
attempts to log on to the database. If you are experiencing network delays or
time-out messages (for example, SQL time-out messages), try increasing this
value.
6
Under Select Reporting Time, specify whether to display event information in
infection reports in local time as reported on the client computer (Local), or
in Greenwich mean time (GMT).
7
Click OK when done.
Reporting
Limiting report and query results by client computer
Use this procedure to limit the results of reports and queries to client computers
under a selected site or group, and all groups and computers underneath it. For
example, if the Directory is organized by functional group, you might want to
produce separate reports and queries for each department.
1
2
SERVER>, then select Set Directory Filter. The Directory Filtering dialog box
appears.
Figure 9-8. Directory Filtering dialog box
3
Select the site or group for which you want to generate reports and queries.
4
Verify that the desired site or group appears in Current Branch.
5
Click OK.
Product Guide
345
Reporting
Reports
In addition to your user account, there are several ways in which you can control
what data appears on reports. For example, you can define the version number of
virus definition files, virus scanning engines, and supported products that need to
be installed on client computers for them to be considered compliant based on
your company’s anti-virus and security program. You can also limit the results of
reports by selected product criteria; for example, computer name, operating
system, virus name, or action taken on infected files.
Once the results of a report appear, you can perform a number of tasks on the data.
You can view details on desired report data; for example, to determine which client
computers do not have a compliant version of VirusScan installed on them. Some
reports even provide links to other reports, called subreports, that provide data
related to the current report. You can also print reports or export report data into
a variety of file formats, including HTML and Microsoft Excel.
346
n
Running reports.
n
Saving and reusing report input settings.
n
Saving customized reports selections as report templates.
n
Working with reports in the report window.
n
Viewing the details of report data.
n
Refreshing data in reports.
n
Printing reports.
n
Exporting report data to other formats.
n
Finding text in reports.
n
Zooming in or out of reports.
n
Paging through reports.
n
Hiding or showing the report group tree.
Reporting
Running reports
Use this procedure to create reports using data in the selected ePolicy Orchestrator
database. You can save the selections you make in the Enter Report Inputs and
Report Data Filter dialog boxes for future use. For instructions, see Saving and
reusing report input settings on page 359 and Saving customized reports selections as
report templates on page 365, respectively.
1
2
In the console tree under Reporting | ePO Databases | <DATABASE SERVER> |
Reports | <REPORT GROUP>, select <REPORT>.
3
If the Current Protection Standards dialog box appears, specify the version
numbers of virus definition files or the virus scanning engine on which you
want to report.
Figure 9-9. Current Protection Standards dialog box
Product Guide
347
Reporting
4
If the Enter Report Inputs dialog box appears, make the following selections:
Figure 9-10. Enter Report Inputs dialog box
348
a
If there are tabs labeled Rules (for example, Product Version Rules),
define compliance rules for the report. For instructions, see Defining
compliance rules for reports on page 350.
b
If there is a Layout tab, specify viewing and printing options for the
report. For instructions, see Specifying viewing and printing options for
reports on page 352.
c
If there is a Data Grouping tab, define how data is grouped on the report.
For instructions, see Defining how to group data on reports on page 354.
d
If there is a Within tab, limit the results of the report to a time period or
data group. For instructions, see Limiting report results within a time
period or data group on page 355.
Reporting
e
5
If there is a Saved Settings tab, save the selections you make in the Enter
Report Inputs dialog box for future use. For instructions, see Saving and
reusing report input settings on page 359.
To limit the results of the report by product criteria, click Yes when asked
whether you want to customize the report. The Report Data Filter dialog box
appears. For instructions, see Limiting report results by selected criteria on
page 356.
Figure 9-11. Report Data Filter dialog box
After you provide all of the requested data, the main section of the desired
report appears in the report window.
6
View report details. For instructions, see Viewing the details of report data on
page 368.
Product Guide
349
Reporting
Defining compliance rules for reports
Use this procedure to create rules that define what compliance means in your
company. These rules define the cutoff criteria for data that appears on selected
reports. In other words, the data that does not meet the rules you specify is the data
that appears on the report. For example, if you define the 2.5 version of the agent
as being compliant, data for client computers with the 2.0, 1.1, or 1.0 version of the
agent appear on the report.
1
Run the desired report. For instructions, see Running reports on page 347.
2
In the Enter Report Inputs dialog box, click the <DATA> Rules tab; for
example, Product Version Rules.
Figure 9-12. Product Version Rules tab in the Enter Report Inputs dialog box
3
350
In Select Parameter Field, select the desired item. A definition of the selected
item appears under Select Parameter Field.
Reporting
4
In Enter Value, select or type the cutoff value. The current settings appear
under Current Parameter Settings.
5
Repeat Step 3 and Step 4 to define rules for each item listed in Select
Parameter Field.
6
To change a setting, select the desired item in Select Parameter Field, then
select or type a different value in Enter Value.
7
To delete a settings, select the desired item in Select Parameter Field, then
clear the value in Enter Value.
Product Guide
351
Reporting
Specifying viewing and printing options for reports
Use this procedure to specify options that affect the appearance and behavior of
selected reports. You can select the type of chart that appears in the main section
of the report. In addition, you can specify how data is retrieved. This affects the
speed that report results are returned and whether you can view report details or
related report data. It also allows you to select a printable version of the report.
1
2
In the Enter Report Inputs dialog box, click the Layout tab.
Figure 9-13. Layout tab in the Enter Report Inputs dialog box
352
3
Select Chart Type in Select Parameter Field, then select the desired chart type
in Enter Value. The current settings appear under Current Parameter Settings.
4
To specify how data is retrieved, select Layout in Select Parameter Field, then
select the desired option in Enter Value. The current settings appear under
Current Parameter Settings.
Reporting
w
Drilldown (subreports) — Allows you to view report details and related
report data by clicking on data in reports.
w
Fast Drilldown (no subreports) — Allows you to view report details only
by clicking on data in reports. We recommend using this option for the
best performance running reports from remote consoles.
w
No Drilldowns (Printable) — Returns all report details, but without links.
This allows you to print all pages of the report.
5
6
Product Guide
353
Reporting
Defining how to group data on reports
Use this procedure to specify how data is grouped on selected reports. You can
group data in up to four different levels.
1
2
In the Enter Report Inputs dialog box, click the Data Groupings tab.
Figure 9-14. Data Groupings tab in the Enter Report Inputs dialog box
354
3
In Select Parameter Field, select the desired item (First Group, Second Group,
Third Group, or Fourth Group). A definition of the selected item appears under
Select Parameter Field.
4
In Enter Value, select the desired data value. The current settings appear
5
Repeat Step 3 and Step 4 for each level of report details that you want to
appear on the report.
Reporting
6
7
Limiting report results within a time period or data group
Use this procedure to limit the results of selected reports to data recorded within
the time period you specify; for example, within the last three days. Also, use this
procedure to limit the results of selected reports by custom data groups; for
example, within anti-virus products only.
1
2
In the Enter Report Inputs dialog box, click the Within tab.
Figure 9-15. Within tab in the Enter Report Inputs dialog box
Product Guide
355
Reporting
3
To specify a static time period, select the item labeled Date in Select Parameter
Field; for example, Agent Connection Date. A definition of the selected item
appears under Select Parameter Field.
To specify a relative time period, select the item labeled Rule in Select
Parameter Field; for example, Agent Connection Rule. A definition of the
selected item appears under Select Parameter Field.
4
In Enter Value, select the desired time period. The current settings appear
5
6
Limiting report results by selected criteria
Use this procedure to limit the data that appears on selected reports by the
computer, infection, or product criteria you specify. For example, you might want
to view only coverage information about VirusScan Enterprise 7.0. For information
on the criteria available for each report, see Report and Query Templates on page 423.
You can also save the selections you make in the Report Data Filter dialog box for
future use. For instructions, see Saving customized reports selections as report
templates on page 365.
356
1
2
Click Yes when asked whether you want to customize the report. The Report
Data Filter dialog box appears.
3
Select the tab (for example, Product Version) that corresponds to the criteria
for which you want to limit the report results.
Reporting
4
Select an operator (for example, any value, equal to, one of, and others) in the
condition drop-down list.
Figure 9-16. Condition drop-down list
5
Further refine the condition in the following ways:
w If you select greater than or less than, select or equal to as needed.
w If you select any operator other than any value, select Not to exclude the
specified values.
Product Guide
357
Reporting
w If you select between, select or type the beginning and ending range of
values.
Figure 9-17. Beginning and ending range
w If you select equal to, less than, or greater than, select or type the desired
data field.
w If you select one of, starting with, or like, select or type the desired data
field, then click Add to include that value in the data list.
Figure 9-18. Value in data list
358
Reporting
6
Repeat Step 3 through Step 5 for each desired criteria.
7
Click OK when done. The Data Filter Criteria dialog box appears.
Figure 9-19. Data Filter Criteria dialog box
8
To display the SQL statement that represents the product criteria you
defined in the Report Data Filter dialog box on the report, select Show On
Report. This statement is useful to highlight that the report is based on a
subset of the data in the database.
9
Click Yes.
Saving and reusing report input settings
You can save the selections you made in the Enter Report Inputs dialog box for
future use. The next time that you run that report, you can apply the report input
settings that you saved, then change or delete them as needed.
n
Saving report input settings for reuse.
n
Applying report input settings.
n
Changing existing report input settings.
n
Saving existing report input settings to a new name.
n
Deleting report input settings.
Product Guide
359
Reporting
Saving report input settings for reuse
Use this procedure to save the selections you made in the Enter Report Inputs
dialog box for future use. You can save multiple sets of report input settings.
1
2
In the Enter Report Inputs dialog box, click the Saved Settings tab.
Figure 9-20. Saved Settings tab in the Enter Report Inputs dialog box
360
3
In Select Parameter Field, select Save.
4
In Enter Value, type a descriptive name for the report input settings. The
current settings appear under Current Parameter Settings.
Reporting
Applying report input settings
Use this procedure to apply report input settings that you saved in the Enter Report
Inputs dialog box to the current report.
1
2
3
In Select Parameter Field, select Open.
4
In Enter Value, select the desired report settings. The current report settings
appear under Current Parameter Settings.
5
Make changes as needed.
Product Guide
361
Reporting
Changing existing report input settings
Use this procedure to change the settings in the selected report input settings.
1
2
362
3
4
In Enter Value, select the desired report settings.
5
6
Click the Saved Settings tab.
Reporting
7
In Select Parameter Field, select Save As.
8
In Enter Value, select the same report settings you selected in Step 4. The
current report settings appear under Current Parameter Settings.
Saving existing report input settings to a new name
Use this procedure to save the selected report input settings to a different name.
1
2
3
4
In Enter Value, select the desired report settings.
5
Product Guide
363
Reporting
6
Click the Saved Settings tab.
7
In Select Parameter Field, select Save.
8
In Enter Value, type a descriptive name for the report input settings, then click
Save. The current settings appear under Current Parameter Settings.
Deleting report input settings
Use this procedure to permanently remove report input settings that you saved in
the Enter Report Inputs dialog box.
1
2
In the Enter Report Inputs dialog box, select the Saved Settings tab.
364
Reporting
3
In Select Parameter Field, select Delete.
4
In Enter Value, select the desired report input settings.
Saving customized reports selections as report templates
Use this procedure to save the selections you made in the Current Protection
Standards, Enter Report Inputs, and Report Data Filter dialog boxes as a report
template. This is the only way you can save the selections you made in the Current
Protection Standards and Report Data Filter dialog boxes for future use.
You can save the selections you made in the Enter Report Inputs dialog box at the
same time that you are making them. For instructions, see Saving and reusing report
input settings on page 359.
1
2
Export the report as a Report Template (.RPT) file. For instructions, see
Exporting report data to other formats on page 371.
3
Add the Report Template file to the Report Repository. For instructions, see
Adding report templates on page 376.
Product Guide
365
Reporting
Working with reports in the report window
The results of reports appear in the report window. You use the report window
exclusively to work with generated reports, including viewing details of report
data, printing reports, and exporting report data. For this reason, it is important to
understand the components in the report window before you begin working with
reports.
2
1
3
4
5
7
6
Figure 9-25. Report window components
1 Report group tree — Lists data on which you can view details. Appears on the
Preview, groups, and details tabs. You can hide the report group tree. For
instructions, see Hiding or showing the report group tree on page 372.
2 Preview tab — When selected, displays the main section of the report.
3 Group tab — When selected, displays the corresponding group section of the report.
4 Details tabs — When selected, displays the corresponding details section of the
4report.
5 Subreport tabs — When selected, displays the corresponding subreport.
5
6 Report sections — Displays summary-level data (main section), group-level data
(group section), detailed data (details section), or related data (subreport).
7 Report toolbar — Provides access to common reporting tasks. For more information,
see The report toolbar on page 367.
366
Reporting
The report toolbar
The report toolbar is one of the main components found in the report window.
Each button on this toolbar is described below.
Close current report view — Closes the active details section of the
report.
Go to first page — Goes to the first page in the selected section of the
report.
Go to previous page — Goes to the previous page in the selected
section of the report.
Current page number — Displays the current page number and the
total number of page in the selected section of the report.
Go to next page — Goes to the next page in the selected section of the
report.
Go to last page — Goes to the last page in the selected section of the
report.
Cancel reading records — Stops updating the report with data.
Print — Prints the selected section of the report.
Printer Setup — Sets printing preferences.
Refresh Data — Updates the current report with data that has been
saved into the ePolicy Orchestrator database since you initially ran the
report.
Available only when you select the Preview tab.
Export — Exports the selected section of the report in a variety of file
formats.
Toggle group tree — Hides or shows the report group tree.
Magnification Factor — Reduces or enlarges the display of the
selected section of the report.
Search text— Specifies that words or phrases that you want to find in
the selected section of the report.
Search — Locates the words or phrases you specify in the selected
section of the report.
Total records — Displays the total number of records in the database.
Percent read — Displays the percentage of records that were relevant
to the report.
Product Guide
367
Reporting
Records read — Displays the number of relevant records in relation to
the total number of records in the database.
Launch Crystal Analysis — Starts Crystal Analysis. Available only
when this application is installed.
Viewing the details of report data
Use this procedure to view details of report data. For a list of detailed data
available in each report, see Report and Query Templates on page 423.
1
Run the report. For instructions, see Running reports on page 347. The main
section of the desired report appears in the report window.
Figure 9-26. Main section of a report
2
368
To highlight data on which you can view details, select the desired data from
the Preview or groups tab in the report group tree. The data appears with a
group selection box around it. Note that the pointer changes to a magnifying
glass when you point to data that you can select.
Reporting
In the example below, when you select VirusScan Enterprise in the report
group tree, VirusScan Enterprise is highlighted in the main report section.
Figure 9-27. Highlighting report data
3
To view the group-level report data, double-click the desired data. The
group-level data appears in the report window. A group tab for the selected
data also appears and allows you to move between sections of the report.
In the example below, when you double-click VirusScan Enterprise in the
main section of the report, the corresponding group section appears in the
report window and the VirusScan Enterprise group tab also appears.
Figure 9-28. Viewing group-level report data
Product Guide
369
Reporting
4
If additional data is listed in the report group tree, repeat Step 2 and Step 3
to view more group-level report data.
If no additional data is not listed, you’ve reached the details section of the
report for the selected data.
In the example below, since the report group tree under the 7.00.3001 tab
doesn’t list any other data, this is a details tab.
Figure 9-29. Viewing details on report data
5
To continue viewing details on report data, click the Preview tab or a groups
tab, then repeat Step 2 and Step 3 to view details on other data.
6
To view related report data, click the subreport icons or links that appear in
selected report.
Refreshing data in reports
Use this procedure to update the current report with data that has been saved into
the ePolicy Orchestrator database since you initially ran it.
370
1
Run the report. For instructions, see Running reports on page 347.
2
Click the Refresh Data button on the report toolbar.
3
To stop updating the report with new data, click the Cancel reading records
button on the report toolbar.
Reporting
Printing reports
Use this procedure to print the selected section of the report.
1
Add a printer. For instructions, see printing-related topics in the Microsoft
Windows Help file.
2
3
To set printing preferences, click the Printer Setup button on the report
toolbar. The Print Setup dialog box appears. For instructions on setting
printing preferences, see printing-related topics in the Microsoft Windows
Help file.
4
To print the selected section of the report, click the Print button on the report
toolbar.
Exporting report data to other formats
Use this procedure to export the selected section of the report in a variety of file
formats.
1
2
View report details. For instructions, see Viewing the details of report data on
page 368.
3
To export the selected section of the report, click the Export button on the
report toolbar. The Export dialog box appears.
4
Select the desired Format.
5
Click OK. The Choose Export File dialog box appears.
6
Specify the name and location of the file, then click Save.
Finding text in reports
Use this procedure to locate words or phrases in the selected section of the report.
1
2
Type the desired words in the Search Text box, then click the Search button
on the report toolbar.
Product Guide
371
Reporting
Zooming in or out of reports
Use this procedure to reduce or enlarge the display of the selected section of the
report.
1
2
In the Magnification Factor box on the report toolbar, select a magnification
between 25 and 400 percent.
Paging through reports
Use this procedure to page through each report section.
1
2
Click the Go to next page, Go to last page, Go to previous page, or Go to first
page buttons on the report toolbar. The current page number and total
number of pages in this section of the report also appear in the toolbar.
Hiding or showing the report group tree
Use this procedure to hide or show the report group tree. The Preview tab and
details tabs appear in the report window regardless of whether the report group
tree also appears.
372
1
2
Click the Toggle group tree button in the report toolbar.
Reporting
Queries
In addition to the predefined queries that are available, if you have experience
writing SQL SELECT statements and working with SQL databases, you can also
create your own custom queries. In addition, you can refresh query data or go to
specific rows in a query.
n
Running queries.
n
Refreshing data in queries.
n
Going to specific rows in a query.
Running queries
Use this procedure to create queries using data in the selected ePolicy Orchestrator
database.
1
2
To limit the results to the client computers in a selected site or group, set a
query filter. For instructions, see Limiting report and query results by client
computer on page 345.
3
In the console tree under Reporting | ePO Databases | <DATABASE SERVER> |
Queries | <QUERY GROUP>, right-click <QUERY>, then select Run.
4
The resulting query appears in the details pane.
NOTE
You can copy and paste query results into other applications; for
example, Microsoft Excel.
Refreshing data in queries
Use this procedure to update queries with data that has been saved into the ePolicy
Orchestrator database since you initially ran the query.
1
Run the query. For instructions, see Running queries on page 373.
2
Right-click anywhere in the query, then select Run.
Product Guide
373
Reporting
Going to specific rows in a query
374
1
2
To go to the first or last row in the query, right-click anywhere in the query,
then select First or Last, respectively.
3
To go to a specific row, do the following:
a
Right-click anywhere in the query, then select Row. The Go to Row
dialog box appears.
b
Type or select the Row number, then click OK.
Reporting
Reorganizing the Report Repository
You can organize the Report Repository to add reports that you exported as report
templates (for example to save custom selections you made when you ran the
report) or to add custom report templates. For example, you could group reports
that you run daily, weekly, and monthly under report groups with the same name.
n
Adding report templates.
n
Changing report templates.
n
Deleting report templates.
n
Creating report groups.
n
Deleting report groups.
Product Guide
375
Reporting
Adding report templates
Use this procedure to add report templates to the desired report group in the
Report Repository.
1
2
In the console tree under Reporting | Report Repository, select <REPORT
GROUP>; for example, Anti-Virus; or create a new one. For instructions, see
Creating report groups on page 379.
Right-click <REPORT GROUP>, then select Add report template. The New Report
Definition dialog box appears.
Figure 9-30. New Report Definition dialog box
3
Type the Name of the Report as you want it to appear in the console tree.
4
Type the path of the Report Template (.RPT) file in Report file or click the
browse button (>>) to select one.
5
Type a literal Description of the report.
6
If you are adding a custom report template that requires external files, click
Add to include them under Report Components.
NOTE
The predefined report templates do not use external files.
376
Reporting
7
Click OK when done. The report template appears in the Report Repository.
The report appears under Reporting | ePO Databases | <DATABASE SERVER>
the next time you log on to a database server.
8
Changing report templates
Use this procedure to change existing report templates.
1
In the console tree under Reporting | Report Repository | <REPORT GROUP>,
click <REPORT TEMPLATE>. The Report Definition dialog box appears.
Figure 9-31. Report Definition dialog box
Product Guide
377
Reporting
2
Click Organize to open the Organize Report dialog box.
Figure 9-32. Organize Report dialog box
3
Change the Name of the Report as needed.
4
Specify a different Report file as needed.
5
Change the Description as needed.
6
Click OK when done.
7
Deleting report templates
Use this procedure to permanently delete report templates from the Report
Repository that you no longer want to use to create reports.
n
378
In the console tree under Reporting | Report Repository | <REPORT GROUP>,
right-click <REPORT TEMPLATE>, then select Remove.
Reporting
Creating report groups
Use this procedure to create report groups in the Report Repository; for example, if
you want to reorganize the Report Repository.
1
In the console tree under Reporting, right-click Report Repository or <REPORT
GROUP>, then select New report group. The New Report Group dialog box
appears.
Figure 9-33. New Report Group dialog box
2
Enter the name for the new group, then click OK. The new group appears in
the console tree.
Deleting report groups
Use this procedure to permanently delete report groups and all of the report
templates stored in them from the Report Repository.
n
In the console tree under Reporting | Report Repository, right-click <REPORT
GROUP>, then select Remove.
Product Guide
379
Reporting
Reorganizing the Query Repository
You can organize the Query Repository to suit your needs, or add your own custom
query templates.
n
Adding custom query templates.
n
Changing query templates.
n
Deleting query templates.
n
Creating query groups.
n
Deleting query groups.
Adding custom query templates
Use this procedure to add custom query templates to the desired query group in
the Query Repository.
1
In the console tree under Reporting | Query Repository, select <QUERY GROUP>
or create a new one. For instructions, see Creating query groups on page 383.
2
Right-click <QUERY GROUP>, then select Add query template. The New Query
Definition dialog box appears.
Figure 9-34. New Query Definition dialog box
380
Reporting
3
Type the Name of the Query as you want it to appear in the console tree.
4
Type a literal Description of the query.
5
In SQL Script, type the SQL statement of the query that you want to add.
NOTE
You can only specify one SELECT statement. This statement cannot
execute stored procedures or use an UNION clause.
6
To verify the syntax of the SQL Script, do the following:
a
Click Check Syntax. If you are currently logged on to more than one
database server, the Choose Server dialog box appears.
b
Select the desired database server, then click OK.
7
Click OK when done. The query template appears in the Query Repository.
8
Product Guide
381
Reporting
Changing query templates
Use this procedure to change existing query templates.
1
In the console tree under Reporting | Query Repository, click <QUERY
TEMPLATE>. The Query Definition dialog box appears in the details pane.
2
Click Edit to open the Edit Query Definition dialog box.
Figure 9-35. Edit Query Definition dialog box
3
Change the Name of the Query as needed.
4
Change the Description of the query as needed.
5
In SQL Script, change the SQL statement of the query as needed.
NOTE
You can only specify one SELECT statement. This statement cannot
execute stored procedures or use an UNION clause.
6
382
To verify the syntax of the SQL Script, do the following:
a
Click Check Syntax. If you are currently logged on to more than one
database server, the Choose Server dialog box appears.
b
Select the desired database server, then click OK.
Reporting
7
Click OK when done.
8
Deleting query templates
Use this procedure to permanently delete query templates from the Query
Repository that you no longer want to use to create queries.
n
In the console tree under Reporting | Query Repository | <QUERY GROUP>,
right-click <QUERY TEMPLATE>, then select Remove.
Creating query groups
Use this procedure to add query groups to the Query Repository; for example, if
you want to group custom query templates together or to reorganize the Query
Repository.
1
In the console tree under Reporting, right-click Query Repository or <QUERY
GROUP>, then select New query group. The New Query Group dialog box
appears.
Figure 9-36. New Query Group dialog box
2
Enter the name for the new group, then click OK. The new group appears in
the console tree.
Deleting query groups
Use this procedure to permanently delete query groups and all of the query
templates stored in them from the Query Repository.
n
In the console tree under Reporting | Query Repository, right-click <QUERY
GROUP>, then select Remove.
Product Guide
383
Reporting
384
10
Maintaining ePolicy
Orchestrator Databases
You can use a combination of tools to maintain ePolicy Orchestrator databases.
You will use a slightly different set of tools depending on whether you are using a
Microsoft Data Engine (MSDE) or SQL Server database as the ePolicy Orchestrator
database. Note that you can use Microsoft SQL Server Enterprise Manager to
maintain both MSDE and SQL Server databases.
n
Securing ePolicy Orchestrator databases.
n
Changing SQL Server user account information.
n
Maintaining ePolicy Orchestrator databases.
n
Backing up and restoring ePolicy Orchestrator databases.
n
Merging ePolicy Orchestrator databases together.
n
Changing the default server connection protocol.
Product Guide
385
Maintaining ePolicy Orchestrator Databases
Securing ePolicy Orchestrator databases
When SQL Server, Microsoft Data Engine (MSDE), or Microsoft SQL Server 2000
Desktop Engine (MSDE 2000) is installed, their Setup program does not assign a
password to the System Administrator (sa) user account.
If you are using SQL authentication, we recommend that you assign a password to
the sa user account after you install any of these database applications or before
you upgrade to a new version of the ePolicy Orchestrator software.
n
If you are using SQL Server as the ePolicy Orchestrator database, see the SQL
Server product documentation for instructions on assigning an sa password.
n
If you are using MSDE 2000 as the ePolicy Orchestrator database, see
Securing ePolicy Orchestrator MSDE databases on page 386.
Securing ePolicy Orchestrator MSDE databases
Use this procedure to change the password on the System Administrator (sa) user
account for Microsoft Data Engine (MSDE) or Microsoft SQL Server 2000 Desktop
Engine (MSDE 2000) databases. When MSDE or MSDE 2000 is installed, the Setup
program does not assign a password to the sa user account.
If you are using SQL authentication, we recommend that you assign a password to
the sa user account after you install any of these database applications or before
you upgrade to a new version of the ePolicy Orchestrator software.
1
At the command prompt, type the following, then press ENTER:
OSQL -U <USER> -Q “SP_PASSWORD ‘<CURRENT PASSWORD>’, ‘<NEW
PASSWORD>’, ‘<USER>’”
For example:
OSQL -U SA -Q “SP_PASSWORD NULL, ‘<NEW PASSWORD>’, ‘SA’”
If the password is blank, type NULL as the password without single quotes.
2
386
At the Password prompt, type the current password, then press ENTER.
3
Start the Server Configuration program (CFGNAIMS.EXE). The default location
is:
If you upgraded the ePolicy Orchestrator software from version 2.0, 2.5, or
2.5.1, the default location is:
Figure 10-1. Server Configuration program
Product Guide
387
4
In the Server Configuration dialog box, click the Administrator tab.
Figure 10-2. Administrator tab in the Server Configuration dialog box
388
5
Select Use SQL authentication.
6
Type the new Password.
7
Changing SQL Server user account information
Use this procedure to change the SQL Server user account information in ePolicy
Orchestrator when you make changes to the SQL Server user account in another
program; for example, SQL Server Enterprise Manager.
1
Start the Server Configuration program (CFGNAIMS.EXE). The default location
is:
location is:
Figure 10-3. Server Configuration program
2
In the Server Configuration dialog box on the SQL Server tab, select the
desired SQL server name and Database name.
Product Guide
389
3
To change the credentials on the ePolicy Orchestrator global administrator
user account, click the Administrator tab.
a
Select the authentication method.
b
Type a User Name and Password of a local or domain administrator user
account.
c
If you select Use Windows NT authentication, type the Domain name.
Figure 10-4. Administrator tab in the Server Configuration dialog box
4
390
To change the credentials on the ePolicy Orchestrator reviewer user account,
click the Reviewer tab.
a
Select the authentication method.
b
Type a User Name and Password of a local or domain administrator user
account.
c
If you select Use Windows NT authentication, type the Domain name.
5
Click OK when done.
6
Restart the computer to apply the changes.
Maintaining ePolicy Orchestrator databases
We recommend that you make maintenance settings on ePolicy Orchestrator
databases. These settings differ depending on which database software you are
using.
n
Maintaining MSDE databases.
n
Maintaining SQL Server databases.
Maintaining MSDE databases
Use this procedure to make the recommended maintenance settings on MSDE
databases being used as ePolicy Orchestrator databases. We recommend running
this command on a weekly basis.
n
Type the following at the command prompt:
NOTE
These options are case-sensitive; use the capitalization as shown.
<MSDE INSTALLATION PATH>MSSQL\BINN\SQLMAINT -S <SERVER> -U
“<USER>” -P “<PASSWORD>” -D <DATABASE> -ReBldIdx 5
-RmUnusedSpace 50 10 -UpdOptiStats 15
Where <MSDE INSTALLATION PATH> is the location of the MSDE database. If
you installed the database software using the ePolicy Orchestrator Setup
program, this is the location where the ePolicy Orchestrator software was
installed.
And where <SERVER> is the name of the ePolicy Orchestrator server.
And where <USER> and <PASSWORD> are the user name and password of the
user account.
And where <DATABASE> is the name of the ePolicy Orchestrator database.
The default name of ePolicy Orchestrator databases is EPO_<SERVER>, where
<SERVER> is the name of the ePolicy Orchestrator server.
Product Guide
391
Maintaining SQL Server databases
Use this procedure to make the recommended maintenance settings on SQL Server
databases being used as ePolicy Orchestrator databases.
1
In SQL Server Enterprise Manager under Microsoft SQL Servers | SQL Server
Group | <DATABASE SERVER> | Databases in the console tree, right-click
<DATABASE>, then select Properties. The Properties dialog box for the selected
ePolicy Orchestrator database appears.
2
3
Under Recovery, select Simple in Model, then click OK.
4
In the console tree under Microsoft SQL Servers | SQL Server Group |
<DATABASE SERVER> | Management, right-click Database Maintenance, then
select New Maintenance Plan. The Database Maintenance Plan Wizard appears.
5
Click Next. The Select Databases dialog box appears.
6
Select These databases, then select the user database and deselect the system
databases: master, model, and msdb.
The name of the user database is the name of the ePolicy Orchestrator
database. The default name of ePolicy Orchestrator databases is
EPO_<SERVER>, where <SERVER> is the name of the ePolicy Orchestrator
server.
7
Click Next. The Update Data Optimization Information dialog box appears.
8
Select Reorganize data and index pages.
9
Select Change free space per page percentage to, and type 10 as the
percentage.
10 Select Remove unused space from database files.
11 Schedule the data optimization tasks to execute during off-peak times. Click
Change to change the default schedule.
12 Click Next. The Database Integrity Check dialog box appears.
13 Select Check database integrity and Perform these checks before doing
backups.
14 Click Next. The Specify the Database Backup Plan dialog box appears.
15 Schedule the database backup tasks to execute during off-peak times. Click
Change to change the default schedule.
16 Click Next. The Specify Backup Disk Directory dialog box appears.
392
17 Select Use the default backup directory.
18 Click Next. The Specify the Transaction Log Backup Plan dialog box appears.
19 Select Back up the transaction log as part of the maintenance plan and Verify
the integrity of the backup when complete.
20 Schedule the transaction log backup tasks to execute during off-peak times.
Click Change to change the default schedule.
21 Click Next. The Specify the Transaction Log Backup Disk Directory dialog box
appears.
22 Select Use the default backup directory.
23 Click Next three times. The Completing the Database Maintenance Plan Wizard
dialog box appears.
24 Click Finish.
Product Guide
393
Backing up and restoring ePolicy Orchestrator
databases
We recommend that you back up ePolicy Orchestrator databases regularly to
guard against hardware failure. You can then restore the database should you ever
need to reinstall the software.
n
If you are using Microsoft SQL Server as the ePolicy Orchestrator database,
see the SQL Server product documentation.
n
If you are using Microsoft Data Engine (MSDE) as the ePolicy Orchestrator
database, you can use the Database Backup Utility (DBBAK.EXE) to back up
and restore ePolicy Orchestrator MSDE databases on the database server. For
instructions, see Backing up ePolicy Orchestrator MSDE databases on page 394
and Restoring ePolicy Orchestrator MSDE databases on page 396.
Backing up ePolicy Orchestrator MSDE databases
Use this procedure to back up ePolicy Orchestrator Microsoft Data Engine (MSDE)
databases using the McAfee Database Backup Utility (DBBAK.EXE). You can back up
and restore MSDE databases to the same path on the same database server using
this utility. You cannot use it to change the location of the database.
394
1
Stop the McAfee ePolicy Orchestrator 3.0 Server service and ensure that the
SQL Server (MSSQLSERVER) service is running. For instructions, see the
operating system product documentation.
2
Close all ePolicy Orchestrator consoles and remote consoles.
3
Start the Database Backup Utility (DBBAK.EXE). The default location is:
location is:
Figure 10-5. Database Backup Utility
4
Type the Database Server Name.
5
Select NT Authentication or SQL Account.
If you selected SQL Account, type a user Name and Password for this
database.
6
Type the Backup File path.
7
Click Backup.
8
Click OK when the backup process is done.
9
Start the McAfee ePolicy Orchestrator 3.0 Server service and ensure that the
MSSQLSERVER service is running. For instructions, see the operating system
product documentation.
Product Guide
395
Restoring ePolicy Orchestrator MSDE databases
Use this procedure to restore ePolicy Orchestrator Microsoft Data Engine (MSDE)
databases that you backed up using the Database Backup Utility (DBBAK.EXE). You
can back up and restore MSDE databases to the same path on the same database
server using this utility. You cannot use it to change the location of the database.
1
Stop the McAfee ePolicy Orchestrator 3.0 Server service and ensure that the
2
Close all ePolicy Orchestrator consoles and remote consoles.
3
Start the Database Backup Utility (DBBAK.EXE). The default location is:
location is:
Figure 10-6. Database Backup Utility
4
Type the Database Server Name.
5
Select NT Authentication or SQL Account.
If you selected SQL Account, type a user Name and Password for this
database.
396
6
Type the Backup File path.
7
Click Restore.
8
Click Yes when asked whether you want to overwrite the entire ePolicy
Orchestrator database.
9
Click OK when the restore process is done.
10 Start the McAfee ePolicy Orchestrator 3.0 Server service and ensure that the
Product Guide
397
Merging ePolicy Orchestrator databases together
Although you can log on to multiple ePolicy Orchestrator database servers at once,
reports and queries can only display data from a single ePolicy Orchestrator
database at a time. To create reports or queries that combine data from multiple
databases, you can merge them into a new or existing database. This allows you to
create reports and queries that contain data for all of the databases that you
merged together.
398
n
Creating merged databases.
n
Saving database merge settings for reuse.
n
Merging databases using predefined settings.
Creating merged databases
Use this procedure to merge multiple ePolicy Orchestrator databases into a new or
existing database. You can only combine databases created using the current
version of the software. You can import events from databases created using
previous versions of the software. For instructions, see Importing events into the
You can save the settings you make in the DB Merge Tool to a Merge Settings (.TXT)
file for reuse. For instructions, see Saving database merge settings for reuse on
page 404.
1
Start the DB Merge Tool (AVIDB_MERGE_TOOL.EXE). The default location is:
C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3\AVI
location is:
C:\PROGRAM FILES\MCAFEE\EPO\3\AVI
Figure 10-7. Choose Destination Database dialog box
Product Guide
399
2
Specify the new or existing database into which you want to merge
databases:
a
In the Choose Destination Database dialog box, select or type the name
of the SQL Server (database server) and Database.
b
Type the User name and Password of an administrator user account on
the database server you specify.
c
Click Next. The Choose Source Databases dialog box appears.
Figure 10-8. Choose Source Databases dialog box
400
3
Specify the databases that you want to merge together:
a
Click New to open the Source Database dialog box.
Figure 10-9. Source Database dialog box
b
Select or type the name of the SQL Server (database server) and
Database.
c
d
Click OK to save the current entries and return to the Choose Source
Databases dialog box.
e
Repeat Step a through Step d for each desired database.
Product Guide
401
4
Specify merge settings for all of the databases that are being merged together.
If you are merging databases into an existing database, these settings do not
affect that database.
a
Click Options to open the Merge Tool - Options dialog box.
Figure 10-10. Merge Tool - Options dialog box
b
Accept the default Query time-out (600 seconds) to specify when to
interrupt attempts to return report or query results.
c
Accept the default Login time-out (10 seconds) to specify when to
interrupt attempts to log on to the database.
d
To save entries about the merge process to a log file, select Log progress
to a file, then specify the path of the Merge Log (AVIMERGE.LOG) file. If
you select an existing file, entries are appended to the end of it. The
e
Under Event Import, specify whether to include events in the destination
database.
NOTE
We recommend deleting events from the destination database before
using the Import all events option to avoid creating duplicate events in
the destination database.
402
f
Under Coverage Data Purge, specify whether to include computer and
product properties in the destination database.
g
h
Click Next to open the Import Data dialog box.
Figure 10-11. Import Data dialog box
5
Click Start to begin the merge process.
If you chose Import new events only, you can stop the merge process any time
by clicking Cancel.
6
Click Close when done.
If the merge process could not connect to a server, the merge database is not
created; see Changing the default server connection protocol on page 412.
n
Logging on to or adding ePolicy Orchestrator database servers
n
Running reports
Product Guide
403
Saving database merge settings for reuse
Use this procedure to save the settings you make in the DB Merge Tool to a Merge
Settings (.TXT) file. This allows you to run the program later using these predefined
database merge settings. You might find this helpful if you merge the same ePolicy
Orchestrator databases together on a routine basis.
1
location is:
404
2
Specify the new or existing database into which you want to merge
databases:
a
In the Choose Destination Database dialog box, select or type the name
of the SQL Server (database server) and Database.
b
c
Click Next. The Choose Source Databases dialog box appears.
Figure 10-13. Choose Source Databases dialog box
Product Guide
405
3
Specify the databases that you want to merge together:
a
Click New to open the Source Database dialog box.
Figure 10-14. Source Database dialog box
406
b
Select or type the name of the SQL Server (database server) and
Database.
c
d
e
Repeat Step a through Step d for each desired database.
4
Specify merge settings for all of the databases that are being merged together.
If you are merging databases into an existing database, these settings do not
affect that database.
a
Click Options to open the Merge Tool - Options dialog box.
Figure 10-15. Merge Tool - Options dialog box
b
Accept the default Query time-out (600 seconds) to specify when to
interrupt attempts to return report or query results. If you are
experiencing network delays or time-out messages (for example, SQL
time-out messages), try increasing this value.
c
Accept the default Login time-out (10 seconds) to specify when to
interrupt attempts to log on to the database. If you are experiencing
network delays or time-out messages (for example, SQL time-out
messages), try increasing this value.
d
To save entries about the merge process to a log file, select Log progress
to a file, then specify where you want to save the Merge Log
(AVIMERGE.LOG) file. If you select an existing file, entries are appended
to the end of it. The default location is:
e
Under Event Import, specify whether to include events in the resulting
merged database.
Product Guide
407
f
Under Coverage Data Purge, specify whether to include computer and
product properties in the resulting merged database.
g
h
Click Next to open the Import Data dialog box.
Figure 10-16. Import Data dialog box
5
6
408
Save the current settings for reuse as needed:
a
Click Save to open the Save As dialog box.
b
Specify a path and name of the Merge Settings (.TXT) file (for example,
C:\PROGRAM FILES\MCAFEE\EPO\3\AVI\SETTINGS.TXT).
c
Click Save to return to the Import Data dialog box.
Merging databases using predefined settings
You can merge ePolicy Orchestrator databases together using predefined database
merge settings. After you create a Merge Settings (.TXT) file, you can drag it to the
application window or run the program from the command line. For example, if
you want to use a third-party scheduling tool to schedule the merge process, you
can run the program in the background using predefined settings.
n
Merging databases using predefined settings (drag-and-drop operation).
n
Merging databases from the command line using predefined settings.
n
Merging databases in the background using predefined settings.
Product Guide
409
Merging databases using predefined settings (drag-and-drop
operation)
Use this procedure to drag the Merge Settings (.TXT) file that contains predefined
database merge settings to the application window, make changes to these settings
as needed, then run the merge process.
1
Create a Merge Settings (.TXT) file. For instructions, see Saving database merge
settings for reuse on page 404.
2
location is:
410
3
In Windows Explorer, locate the desired Merge Settings (.TXT) file.
4
Drag the desired Merge Settings file to the Choose Destination Database
dialog box.
5
6
In the Import Data dialog box, click Start to begin the merge process.
7
Merging databases from the command line using predefined
settings
Use this procedure to run the DB Merge Tool from the command line using
predefined database merge settings, make changes to these settings as needed,
then run the merge process.
1
2
At the command line, type the path of the DB Merge Tool
(AVIDB_MERGE_TOOL.EXE) followed by the path of the Merge Settings (.TXT)
file.
For example, if the program and Merge Settings file are in the default
location, type the following:
C:\PROGRAM FILES\NETWORK
ASSOCIATES\EPO\3\AVI\AVIDB_MERGE_TOOL.EXE C:\PROGRAM
FILES\NETWORK ASSOCIATES\EPO\3\AVI\SETTINGS.TXT
3
4
In the Import Data dialog box, click Start to begin the merge process.
5
Merging databases in the background using predefined
settings
Use this procedure to merge ePolicy Orchestrator databases together in the
background while using predefined database merge settings. You might find this
helpful if you want to use a third-party scheduling tool to schedule the merge
process.
1
2
At the command line, type the path of the DB Merge Tool
(AVIDB_MERGE_TOOL.EXE), type the silent parameter to run the program in the
background followed by the path of the Merge Settings file.
For example, if the program and Merge Settings file are in the default
location, type the following:
C:\PROGRAM FILES\NETWORK
ASSOCIATES\EPO\3\AVI\AVIDB_MERGE_TOOL.EXE /SILENT
C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3\AVI\SETTINGS.TXT
3
A Anti-Virus Informant DB Merge Tool - Choose Destination Database taskbar
button appears on the taskbar to indicate that the merge process is running.
Product Guide
411
Changing the default server connection protocol
Use this procedure to change the protocol used to connect to the ePolicy
Orchestrator database server to the recommended protocol: TCP/IP. You might
experience connection issues when using the default protocol (Named Pipes).
412
1
Click the Start button, then point to Run. The Run dialog box appears.
2
In Open, type CLICONFG.EXE, then click OK. The SQL Server Client Network
Utility (CLICONFG.EXE) dialog box appears.
3
On the General tab, select TCP/IP in Disabled protocols, then click Enable to
move it to Enabled protocols by order.
4
Use the arrows keys under Enabled protocols by order to move TCP/IP above
Named Pipes.
5
Click OK.
Troubleshooting
11
Common issues and their resolutions are provided below:
n
I can’t connect to the ePolicy Orchestrator server from remote consoles.
n
How do I check the connection and communication between the ePolicy
Orchestrator server and the ePolicy Orchestrator agent for NetWare?
You might also find the following procedures useful for troubleshooting issues:
n
Creating a User DSN in Data Sources (ODBC).
n
Enabling logging for the agent for NetWare.
n
Disabling logging for the agent for NetWare.
Product Guide
413
Troubleshooting
I can’t connect to the ePolicy Orchestrator server from remote consoles.
If you cannot connect to the ePolicy Orchestrator server from remote consoles,
there are a number of possible resolutions.
n
Verify that the remote console meets the minimum system requirements,
including Internet Explorer 6.0 and operating system. For a complete list of
system requirements, see the ePolicy Orchestrator 3.0 Installation Guide.
n
Verify that the port used for console communications is open between the
remote console and server. The default console port number is 81.
n
Verify that the port number specified for console communications is the
same on the remote console and server.
n
Verify that server name you are providing during logon is correct.
If the server name is still not accepted, use the IP address of the server
instead.
414
n
On the remote console, verify that the McAfee Framework Service is started.
n
On the server, verify that the McAfee ePolicy Orchestrator 3.0 Server and
McAfee Framework Service are started. Depending on the operating system
that you are using, this procedure varies. For instructions, see the Microsoft
n
Make sure that an ODBC connection is set up between the remote machine
and the SQL database. Contact Microsoft support or manuals for more
information on setting up an ODBC connection.
n
Set up a user data source name (DSN) on the remote console to the server. For
instructions, see Creating a User DSN in Data Sources (ODBC) on page 416.
n
If the remote console and server are in different domains, verify that there is
a two-way trust relationship setup between these domains, and that the
console port is not being blocked; for example, by firewall software.
n
Verify whether other applications, including the ePolicy Orchestrator agent
are using the port specified for console communications. The agent and
console cannot use the same port to communicate with the server. For
instructions on viewing the agent port number on the server, see Changing
ePolicy Orchestrator server settings on page 66.
n
If the remote console and server are not both in a domain (for example, one
is in a workgroup), verify that DNS is synchronized between the two
computers. You might need to change the DNS host file. For more
information, see Microsoft product documentation.
n
Verify that the Windows NT user account you are using to log on to the
computer where the remote console is installed has dbo access to the SQL
Server database.
Troubleshooting
n
Verify that the remote console and server have ePolicy Orchestrator 3.0
installed.
n
Be sure to log on to the server using an ePolicy Orchestrator user account.
n
If the message, “Out of licenses for this server” appears, you might be using
Per Seat SQL Server licenses. We recommend using Per Processor licenses.
For information on upgrading to Per Processor licenses, see Microsoft
product documentation. At press time, this information was available on the
Microsoft web site:
www.microsoft.com/sql/howtobuy/production.asp
How do I check the connection and communication between the ePolicy
Orchestrator server and the ePolicy Orchestrator agent for NetWare?
1
Enable logging for the agent for NetWare. By default, logging is disabled.
You can record agent activity to the agent log (AGENT.LOG) file, or to the agent
log file and the NetWare server console. For instructions, see Enabling logging
for the agent for NetWare on page 417 and Disabling logging for the agent for
NetWare on page 417.
NOTE
We recommend that you only enable logging temporarily on a few
agent connections at a time in order to troubleshoot issues.
2
Check the activity in the agent log file or NetWare server console to
determine whether the agent is connecting to the ePolicy Orchestrator server.
If activity indicates that the agent is sending data to and receiving data from
the server, the connection has been established.
If the message, “Failed to connect to server” appears, verify that the IP
address, name, and HTTP ports are correct in the SITEINFO.INI file on the
ePolicy Orchestrator server.
3
In ePolicy Orchestrator, verify that a site or group with the same name as the
Novell tree where the NetWare server resided has been added to the
Directory under ePolicy Orchestrator | <SERVER> in the console tree.
This site or group appears the first time that the agent communicates with the
ePolicy Orchestrator server. For more information, see Initial agent-to-server
communication interval on page 246.
If this site or group doesn’t appear, select Directory under ePolicy
to refresh the data.
Orchestrator | <SERVER> in the console tree, then click
4
Check for related known issues in the README file. For more information,
see Getting more information on page 19.
Product Guide
415
Troubleshooting
Creating a User DSN in Data Sources (ODBC)
Use this procedure to create a user data source name (DSN) in ODBC. Also, use to
select the authentication method for the database.
NOTE
If using Windows NT authentication, you must set of the necessary
access and permissions on the SQL Server database before you create a
user DSN.
1
In the Control Panel, start Data Sources (ODBC). The OBDC Data Source
Administrator dialog box appears.
2
On the User DSN tab, click Add to open the Create New Data Source dialog
box.
3
Under Name, select SQL Server, then click Finish. The Create a New Data
Source to SQL Server dialog box appears.
4
In Name, type a descriptive name for the data. We recommend using
EPO_<SERVER>, where <SERVER> is the name of the ePolicy Orchestrator
server.
5
In Description, type a literal description of the data source.
6
In Server, select desired database server, then click Next.
7
Select the desired authentication method (Windows NT or SQL Server).
8
Click Client Configuration to open the Add Network Library Configuration
dialog box.
9
In Server alias, type the name of the database server.
10 Under Network libraries, select TCP/IP, then click OK to return to the Create a
New Data Source to SQL Server dialog box.
11 Click Next twice, then click Finish. The ODBC Microsoft SQL Server Setup
dialog box appears.
12 Click OK to return to the OBDC Data Source Administrator dialog box.
13 Click OK.
416
Troubleshooting
Enabling logging for the agent for NetWare
Use this procedure to enable logging for the ePolicy Orchestrator agent for
NetWare. Logging is disabled by default. You can record the activity of the to the
agent log (AGENT.LOG) file, or to the agent log file and the NetWare server console.
The agent log file lists activity using this date and time format: YYYYMMDDHHMMSS
(for example, 20020121154223 is January 21, 2002 at 3.42 pm). The agent log file can
be found in SYS\MCAFEE\EPOAGENT.
NOTE
1
On the NetWare server console with the agent for NetWare running (i.e.,
NLM is loaded), type one of the following commands:
a
To enable logging and record agent activity to the agent log file:
NAINAE 1
b
To enable logging and record agent activity to the agent log file and the
NetWare server console:
NAINAE 11
Disabling logging for the agent for NetWare
Use this procedure to disable logging for the ePolicy Orchestrator agent for
NetWare.
NOTE
n
On the NetWare server console with the agent for NetWare running (i.e.,
NLM is loaded), type the following command:
NAINAE 9
Product Guide
417
Troubleshooting
418
Using ePolicy Orchestrator
Over the Internet
A
The ePolicy Orchestrator software was designed for Internet use. It allows
agent-to-server communication over the Internet if the firewall is configured to
allow the correct range of IP addresses.
n
Internet scenarios.
n
Remote access via VPN and RAS.
n
Corporate intranet.
n
Connecting through an ISP and a firewall.
n
Configuring the firewall for ePolicy Orchestrator.
n
Agent-to-server communications packet size.
Product Guide
419
Using ePolicy Orchestrator Over the Internet
Internet scenarios
The following options are discussed here:
Behind a firewall
n
Microsoft Remote Access Service (RAS), where a remote user (agent) dials
into one of the ports to access the network behind the firewall.
n
Virtual Private Networks (VPN), where remote users (agents) dial into a port
provided by a commercial carrier, but access is still behind a single firewall.
Open to the Internet
n
Internet Service Provider (ISP), where transactions between the user (agent)
and the server cannot be contained behind a firewall because the IP address
remains open to the Internet.
Remote access via VPN and RAS
Many situations require that ePolicy Orchestrator consoles or agents are deployed
outside the physical perimeter of the corporate intranet. To minimize
configuration and security issues, it is highly recommended that remote agents or
consoles access the server via a VPN or Microsoft RAS connection. Use of proxies
is not supported.
Corporate intranet
There are many network topologies in which the ePolicy Orchestrator software
and its components can be deployed. The simplest deployment and the highest
level of security are achieved when you deploy all of the ePolicy Orchestrator
components within a particular corporate intranet, behind a single firewall. In this
scenario, all components of the network topology are located in fixed physical
locations, all with the appropriate access to the corporate intranet.
This topology is the simplest to implement for system administrators.
In this scenario, administrators can leverage existing corporate infrastructure to
allow seamless access to ePolicy Orchestrator services. Any firewall issues are
hidden by the VPN and RAS transports.
420
Connecting through an ISP and a firewall
Agent
The agent can access ePolicy Orchestrator servers via an ISP (Internet Service
Provider) with several restrictions:
n
The ISP must be able to resolve the ePolicy Orchestrator server IP address.
n
The ISP can use DHCP to assign random IP addresses, which the corporate
firewall must accept.
n
The ePolicy Orchestrator server cannot push the ePolicy Orchestrator agent
over a firewall. In this environment, the agent must be delivered via alternate
media.
n
The port on the firewall used for agent-to-server communication is port 80. It
must be configured for incoming and outgoing agent-to-server traffic. The
default value for this port is 80, but you can define a different value during
server installation.
n
The port on the firewall used for console-to-server communications is port
81. The default value is 81, but you can define a different value during server
installation.
n
The port on the firewall used for agent wakeup calls is port 8081. You can
change this value dynamically using the server configuration feature,
described in Server Settings on page 186.
Console
Using an ISP to connect the console to the server is strongly discouraged for the
following reasons:
n
The ePolicy Orchestrator console cannot operate over some older firewalls,
because the it uses the HTTP “Keep Alive” function for many of its
transactions. Removing “Keep Alive” from the console would significantly
impact performance in usage scenarios where the console is “inside” the
corporate intranet.
n
Accessing SQL server inside the company firewall creates a significant
security risk.
Product Guide
421
Configuring the firewall for ePolicy Orchestrator
Any of the following three options allows agent-to-server communications:
No firewall
n
If there is no firewall, agent-to-server communication is open.
Firewall with open HTTP port
n
If the HTTP port is already open in the firewall, no action is needed.
Communications are open.
Firewall with no open HTTP port
n
Destination rule — Create a destination rule for the firewall configuration
that opens only the ePolicy Orchestrator server to communicate with the
agents outside the firewall. A destination rule specifies only the ePolicy
Orchestrator server IP address as the destination for incoming HTTP traffic.
n
Source rule — Create a source rule in the firewall configuration that allows
only designated client computers to talk to the ePolicy Orchestrator server.
This allows a range of IP addresses access to the server via the port.
Precautions must be made to prevent someone hijacking the IP address and
using it improperly.
Agent-to-server communications packet size
Following is an example of packet sizes:
Table A-1. Typical Packet Size for Agent-to-Server Communication
Activity (per computer)
*Full Size (KB)
*Incremental
Size (KB)
Agent sends properties
10
2
Agent checks for new policies (no new policies)
2
—
Agent checks for new policies (new policies)
5–9
—
* The packet size can vary significantly, depending on events collection.
422
Report and Query Templates
B
The ePolicy Orchestrator software includes a number of predefined anti-virus
report and query templates. These templates and any custom templates you
provide are stored in the Report Repository and Query Repository under Reporting
in the console tree. Any template found here can be used to create reports and
queries using the data on any ePolicy Orchestrator database server. For
instructions on working with database servers, reports, and queries, see Reporting
on page 327.
The data that each report and query template provides and samples of each report
is provided here. Depending on which products you have checked into the
Repository, you may see additional templates that are not described here. For
information on them, see the Configuration Guide for that product.
n
Coverage report templates.
n
Infection | Action Summaries report templates.
n
Infection | Detections report templates.
n
Infection | Top Tens report templates.
n
Infection | WebShield report templates.
n
Coverage and Infection subreports.
n
Criteria used to limit report results.
n
Computer query templates.
n
Events query templates.
n
Installations query templates.
Product Guide
423
Coverage report templates
These are the predefined report templates available under Reporting |Anti-Virus |
Coverage:
424
n
Agent to Server Connection Info report template.
n
Agent Versions report template.
n
Compliance Issues report template.
n
Compliance Summary report template.
n
DAT/Definition Deployment Summary report template.
n
DAT Engine Coverage report template.
n
Engine Deployment Summary report template.
n
Product Protection Summary report template.
n
Products By Custom Data Groups report template.
n
Product Updates By Custom Event Groups report template.
Agent to Server Connection Info report template
Usage
Use this report to specify the time period that defines an inactive agent, then view
report data for active (current) agents, inactive (late) agents, and no agent, in a pie
chart format. You can also view historical data for computers using the Tasks,
Policies, Update, and Infection subreports. For more information on subreports,
see Coverage and Infection subreports on page 494.
A variation of this report is included in the predefined settings of the Products By
Custom Data Groups report. For more information, see Products By Custom Data
Groups report template on page 441.
Connection status of agents is grouped into these categories:
n
Current — Computers that have communicated with the server after the
specified cutoff date and time.
n
Late — Computer that haven’t communicated with the server since the
specified cutoff date and time.
n
(No Agent) — Computers without an agent installed on them.
Within
You can limit the report results to data recorded within the time period you specify
on the Within tab in the Enter Reports Input dialog box:
n
Agent Connection Date — Specifies a cutoff date and time that defines an
inactive agent. Agents that have not communicated with the server since the
date you specify are reported as inactive (late).
n
Agent Connection Rule — Specifies a relative time period (for example,
Current Week) that defines an inactive agent.
Limit report results
You can limit the results of this report using the criteria listed in Coverage reports
criteria on page 504.
Product Guide
425
Sample report
Figure B-1. Sample Agent to Server Connection Info report
426
Agent Versions report template
Usage
Use this report to view the versions of ePolicy Orchestrator agents, SuperAgents,
and SuperAgent distributed repositories that are currently in use on client
computers, in a bar chart format. Use this report for an overall view of how
up-to-date the agents are on client computers.
Sample report
Figure B-2. Sample Agent Versions report
Product Guide
427
Compliance Issues report template
Usage
Use this report to view all compliance issues on computers that violate the
compliance rules you specify. You can also view computers with unresolved
detections. In addition, you can view historical data for computers using the Tasks,
Compliance violations are grouped into these categories:
n
Inactive agents.
n
No agent.
n
No anti-virus protection.
n
Out-of-date agent.
n
Out-of-date virus definition (DAT) files.
n
Out-of-date virus scanning engine.
n
Out-of-date anti-virus products.
n
Unresolved infections.
Rules
Use the Product Version Rules and Engine\DAT tabs in the Enter Reports Input
dialog box to define compliance rules for this report. Specify the minimum version
number of the following that meets your compliance requirements. The report
includes data for computers with older versions installed.
428
n
The ePolicy Orchestrator agent.
n
Supported products.
n
McAfee virus definition (DAT) files.
n
McAfee virus scanning engine.
n
Symantec virus definition files.
n
Symantec engine.
Within
on the Within tab (Enter Reports Input dialog box):
n
Late Agent Connection Date — Specifies a cutoff date and time for agent
communication. Data for computers with agents that have not
communicated with the ePolicy Orchestrator server since this date and time
n
Late Agent Connection Rule — Specifies a relative time period (for example,
Current Week) for agent communication. Data for computers with agents that
have not communicated with the ePolicy Orchestrator server since the time
period you specify appear on the report.
n
Recent Infection Date — Specifies a cutoff date and time for unresolved
infection events. Events created after this date and time appear on the report.
n
Recent Infection Rule — Specifies a relative time period (for example, Current
Week) for unresolved infection events. Events created after the time period
you specify appear on the report.
Product Guide
429
Sample report
Figure B-3. Sample Compliance Issues report
430
Compliance Summary report template
Usage
Use this report to view a one-page summary of compliance and infection
resolution by product. By default, this report uses the same compliance rules you
defined for the Compliance Issues report.
Within
n
Recent Infection Date — Specifies a cutoff date and time for unresolved
infection events. Events created after this date and time appear on the report.
Product Guide
431
Sample report
Figure B-4. Sample Compliance Summary report
432
DAT/Definition Deployment Summary report template
Usage
Use this report to view the versions of McAfee and Symantec virus definition files
that are currently in use on client computers, in a pie chart format. You can also
this report for an overall view of how up-to-date your anti-virus protection is
across client computers, and to determine which client computers need to be
updated with the most current virus definition files. In addition, you can view
historical data for computers using the Tasks, Policies, Update, and Infection
subreports. For more information on subreports, see Coverage and Infection
subreports on page 494.
The versions of virus definition files are grouped into these categories:
n
Current or newer.
n
One version out-of-date.
n
Two versions out-of-date.
n
Three versions out-of-date.
n
Four versions out-of-date.
n
Five or more versions out-of-date.
n
Unprotected (no virus definition file present).
Rules
Use the McAfee and Symantec tabs (Current Protection Standards dialog box) to
define compliance rules for this report. Specify up to five version numbers of
McAfee or Symantec virus definition files that meet your compliance
requirements. Computers with older versions of virus definition files installed on
them are reported as non-compliant.
Product Guide
433
Within
on the Within tab (Current Protection Standards dialog box):
n
Agent Connection Date — Specifies a cutoff date and time for agent
n
Sample report
Figure B-5. Sample DAT/Definition Deployment Summary report
434
DAT Engine Coverage report template
Usage
Use this report to view the versions of McAfee and Symantec virus definition files
and virus scanning engines that are currently in use on client computers, in a pie
chart format. You can also use this report for an overall view of how up-to-date
your anti-virus protection is across client computers, and to determine which
client computers need to be updated with the most current virus definition files or
engine. In addition, you can view historical data for computers using the Tasks,
The versions of virus definition files and engines are grouped into these categories:
n
Current or newer.
n
DAT out-of-date.
n
Engine out-of-date.
n
Both out-of-date.
n
Unprotected (no virus definition file or engine present).
Rules
define compliance rules for this report. Specify the version numbers of McAfee or
Symantec virus definition files or the virus scanning engine that meet your
compliance requirements. Computers with older versions of virus definition files
or engines installed on them are reported as non-compliant.
Within
n
n
Product Guide
435
Sample report
Figure B-6. Sample DAT Engine Coverage report
436
Engine Deployment Summary report template
Usage
Use this report to view the versions of McAfee and Symantec virus scanning
engines that are currently in use on client computers, in a pie chart format. You can
also use this report for an overall view of how up-to-date your anti-virus
protection is across client computers, and to determine which client computers
need to be updated with the most current engine. In addition, you can view
historical data for computers using the Tasks, Policies, Update, and Infection
subreports. For more information on subreports, see Coverage and Infection
subreports on page 494.
The versions of the virus scanning engine are grouped into these categories:
n
Current or newer.
n
One version out-of-date.
n
Two versions out-of-date.
n
Three or more versions out-of-date.
n
Unprotected (no engine present).
Rules
define compliance rules for this report. Specify up to three version numbers of the
McAfee or Symantec engine that meet your compliance requirements. Computers
with older versions of engines installed on them are reported as non-compliant.
Within
n
n
Product Guide
437
Sample report
Figure B-7. Sample Engine Deployment Summary report
438
Product Protection Summary report template
Usage
Use this report to compare product version numbers for McAfee products, Norton
AntiVirus products, all versions of non-compliant anti-virus products, and
computers without any anti-virus protection software and computers without an
agent, in a stacked column chart format. In addition to computers without any
anti-virus protection software, client computers that are using anti-virus products
that the software does not currently support (for example, Trend OfficeScan) are
reported in this report as if no anti-virus protection software were present.
Product Guide
439
Sample report
Figure B-8. Sample Product Protection Summary report
440
Products By Custom Data Groups report template
Usage
Use this report to define custom settings for coverage reports, then save them for
future use.
Group by
You can specify how data is grouped on this report on the Data Groupings tab
(Enter Reports Input dialog box). You can group data in up to four different levels.
Within
n
communication. Computers that have communicated with the server after
this date are categorized as current; those that haven’t communicated since
this date are categorized as late.
n
Current Week) for agent communication. Computers that have
communicated with the server after this date are categorized as current;
those that haven’t communicated since this date are categorized as late.
n
Connection Type — Specifies whether to include data for all computers,
current computers only, or late computers only.
n
Product Type — Specifies the type of products to include on the report. You
can select the agent only, all products, anti-virus products only, or security
products only.
Saved Settings
You can save the selections you make in the Enter Report Inputs dialog box for
A number of predefined settings are provided for you:
n
Agent Version — Provides the same data as the Agent Version report, but also
groups data by connection status.
n
Domain to Group — Organizes sites and groups by the domains to which they
belong. Use this report to match the Directory structure to the domain layout.
Product Guide
441
n
Engine DAT — Provides the same data as the DAT/Definition Deployment
Summary, DAT Engine Coverage, and Engine Deployment Summary
reports, but groups data by version number instead of by out-of-date
versions. Use this report to view summary data at the virus definition file
and virus scanning engine level.
n
Group to Domain — Groups domains by the site or group to which they
belong. Use this report to match the Directory structure to the domain layout.
n
Language — This report replaces the Language Summary report from
previous versions of the software. Use this report to view the language
versions of supported anti-virus and security products installed on client
computers.
n
Last Contact — Provides the same data as the Agent To Server Connection
Info report, but allows you to change the format of the chart that appears on
the main page of the report.
n
OS Product — Lists supported anti-virus and security product versions
installed on client computers by operating system version.
n
Product Protection — Provides the same data as the Product Protection
Summary report. It is provided here as a base for you to customize as desired.
n
Connections by OS Platform — Lists the last connection of client computer by
operating system platform. Use this report to identify laptop computers, or
connection issues on critical computers; for example, servers.
442
Sample report
Figure B-9. Sample Products By Custom Data Groups report
Product Guide
443
Product Updates By Custom Event Groups report template
Usage
Use this report to define custom settings for reports on product updates, then save
them for future use. You can use these reports to focus on product updates, update
history and distributed software repositories.
Group by
Within
n
Product Upgrade Date — Specifies a cutoff date and time for product update
events. Events created after this date and time appear on the report.
n
Product Upgrade Rule — Specifies a relative time period (for example, Current
Week) for product update events. Events created after the time period you
specify appear on the report.
Saved Settings
n
Initiator summary — Summarizes product updates by the updating method:
global updating, the Update client task based updating, or client-based pull
updating.
n
Server activity — Provides the distribution of update activity across
distributed software repositories servers and the types of product or product
update packages (for example, HotFix releases, service pack releases, virus
definition (DAT) files, etc.) being replicated to repositories.
n
Update Errors — Lists updating messages grouped by message ID number.
n
Weekly updates — Provides the updates that occurred each week by product
or product update type and version number.
444
Sample report
Figure B-10. Sample Product Updates By Custom Event Groups report
Product Guide
445
Infection | Action Summaries report templates
Here are the predefined report templates located under Reporting | Anti-Virus |
Infection | Action Summaries:
446
n
Action Summary By Top 10 Files Resolved report.
n
Action Summary By Top 10 Files Unresolved report.
n
Action Summary By Top 10 Viruses report.
n
Action Summary report template.
Action Summary By Top 10 Files Resolved report
Usage
Use this report to view the ten most frequently infected files that have been
successfully resolved by the scanning engine. Data is grouped by file name, action
taken, and infection name.
You can limit the results of this report using the criteria listed in Infection | Action
Summaries reports criteria on page 505.
Sample report
Figure B-11. Sample Action Summary By Top 10 Files Resolved report
Product Guide
447
Action Summary By Top 10 Files Unresolved report
Usage
Use this report to view the ten most frequently infected files that have been
unsuccessfully resolved by the scanning engine. Data is grouped by file name,
action taken, and infection name.
Sample report
Figure B-12. Sample Action Summary By Top 10 Files Unresolved report
448
Action Summary By Top 10 Viruses report
Usage
Use this report to view the actions performed on the ten most detected viruses, in
a stacked bar chart format. It provides a good indication of the most common
viruses that are being detected by your organization, and the actions that were
performed to prevent them from infecting your organization. Data is grouped by
infection name, action taken, and product version number.
A variation of this report is included in the predefined settings of the Infections By
Custom Data Groups report. For more information, see Infections By Custom Data
Sample report
Figure B-13. Sample Action Summary By Top 10 Viruses report
Product Guide
449
Action Summary report template
Usage
Use this report to view the actions performed when viruses were detected by
supported anti-virus protection products, in a bar chart format. It provides a good
overall view of the detection activity across your organization, and can indicate the
effectiveness of your current anti-virus setup. Data is grouped by infection name,
action taken, and product version number.
Sample report
Figure B-14. Sample Action Summary report
450
Infection | Detections report templates
Infection | Detections:
n
Infection History report template.
n
Infections By Custom Data Groups report template.
n
Number Of Infections Detected By Product For Current Quarter (3D Bars)
report template.
n
Number Of Infections Detected Monthly Showing Viruses report template.
n
Number Of Infections For the Past 24 Hours report template.
n
Outbreaks - Weekly History report template.
n
Outbreaks - Current report template.
n
Product Events By Severity report template.
n
Number Of Infections From Removable Media report template.
n
Security Summary report template
n
Virus Type report template.
n
Viruses Detected report template.
Product Guide
451
Infection History report template
Usage
Use this report to view the following information:
n
Number of virus infections by year (bar chart at the top of page 1).
n
Top ten virus infections and the corresponding action taken (stacked bar
chart at bottom of page 1 on the left side).
n
Top ten users and the viruses that infected them (stacked bar chart at the
bottom of page 1 on the right side).
n
Number of times each type of action taken was made (bar chart on the left
side of page 2).
n
Top ten files and the action taken on them (stacked bar chart on the right side
of page 2).
Use this report for a complete view of virus infection activity over time, and to see
the relationship between virus infections, action taken, users, and files.
You can view report details on year, month, week, and day. The details sections for
year, month, and week shows the same information as the main report section. The
details section for day shows the date and time that the virus infection was
detected, user name, engine version number, virus definition file version number,
virus name, action taken, and the name and location of the infected file.
You can click the virus name to go to the AVERT web site for a description of that
virus.
You can limit the results of this report using the criteria listed in Infection |
Detections reports criteria on page 506.
452
Sample report
Figure B-15. Sample Infection History report
Product Guide
453
Infections By Custom Data Groups report template
Usage
Use this report to define custom settings for infection reports and save them for
future use. Use these reports to focus on infection events and service events (for
example, starting or stopping software) events.
Group by
Within
n
Event Date — Shows only events occurring after the listed date.
n
Event Rule — Shows only events occurring after the listed date.
n
Event Type — Allows you to specify the type of event to retrieve:
w
All
w
Infections
w
Infection-cleaned
w
Infection-deleted
w
Infection-moved
w
Infection-Unresolved (for example, clean error, move error, etc.)
w
Non Infection
Saved Settings
n
Action summary for last 4 weeks — Provides the same data as the Action
Summary report, but provides data over the past four weeks.
n
n
Events by severity – all events — Lists event descriptions by severity.
Events by severity – noninfection events — Lists non-infection events
descriptions by severity.
454
n
Infection History — Provides the same data as the Infection History report. It
is provided here as a base for you to customize as desired.
n
Infections by Task Type — Provides an infection summary by scan task type.
n
Infections over last 24 hours — Provides the same data as the Number Of
Infections For the Past 24 Hours report. It is provided here as a base for you
to customize as desired.
n
Monthly infections by product — This report replaces the Number Of
Infections Detected Monthly report from previous versions of the software,
but groups data by product name. Use this report to view detected infections
for each calendar month. It allows you to compare monthly infection levels.
n
Monthly infections by virus name — This report replaces the Number Of
Infections Detected Monthly report from previous versions of the software,
but groups data by virus name. Use this report to view detected infections for
each calendar month. It allows you to compare monthly infection levels.
n
Virus actions over last 4 weeks — This report replaces the Action Summary
For Current Month report from previous versions of the software, but
provides data over the past four weeks. Use this report to view all actions
performed over the past four weeks by anti-virus products when viruses
were detected. It provides a good overall view of the detection activity across
your organization.
n
Viruses found over last 7 days — Provides the same data as the Viruses
Detected report, but provides data on all detected viruses over the last seven
days.
n
Weekly infections by product over last 4 weeks — This report replaces the
Infections Detected By Product For The Last 4 Weeks report from previous
versions of the software. Use this report to view detected infections by
anti-virus product over the past 28 days. It allows you to compare the
anti-virus products across your organization, and identify common entry
methods (for example, e-mail messages or floppy disks) for viruses.
n
Weekly infections by virusname — This report replaces the Infections
Detected By Product For The Last 4 Weeks report from previous versions of
the software, but groups data by virus name. Use this report to view detected
infections by anti-virus product over the past 28 days. It allows you to
compare the anti-virus products across your organization, and identify
common entry methods (for example, e-mail messages or floppy disks) for
viruses.
Product Guide
455
Sample report
Figure B-16. Sample Infection By Custom Data Groups report
456
Number Of Infections Detected By Product For Current Quarter
(3D Bars) report template
Usage
Use this report to view a three-dimensional bar chart of the detected infections for
each of the anti-virus products on your computers for the current quarter. It allows
you to compare the detection levels of the anti-virus products over the three
months.
The current quarter is measured as the current calendar quarter, and not as a fixed
number of days from the time that the report is generated. Therefore, generating
this report in the first month of a quarter only shows information for that month.
The quarters are January–March, April–June, July–September,
October–December.
Drill down within a product to view virus counts by Product Version followed by
Virus Name, then the detailed list of occurrences for that product and virus.
Product Guide
457
Number Of Infections Detected Monthly Showing Viruses report
template
Usage
Use this report to view the detected infections for each month, with a breakdown
of the individual levels for each virus. It allows you to view the monthly infection
levels, with extra details on the individual viruses.
The months are measured as calendar months, and not as a fixed number of days
from the time that the report is generated.
Drill down within a virus name to view virus counts by Product Name, followed
by Product Version, then the detailed list of occurrences for that month, product,
and virus.
458
Sample report
Figure B-17. Sample Number Of Infections Detected Monthly Showing Viruses report
Product Guide
459
Number Of Infections For the Past 24 Hours report template
Usage
Use this report to view the detected infections in the last 24 hours, with a
breakdown of the individual levels for each product. Data is grouped by product
name and product version number.
460
Outbreaks - Weekly History report template
Usage
Use this report to view historical data on detected infections within an outbreak for
each week within a quarter, in a three-dimensional bar chart format.
The report allows the user to enter an outbreak definition. A historic outbreak is
defined as occurring over at least a minimum number or distinct computer and/or
distinct files infected within the time frame of a week.
Sample report
Figure B-18. Sample Outbreaks - Weekly History report
Product Guide
461
Outbreaks - Current report template
Usage
Use this report to view detected infections within an outbreak, in a
three-dimensional bar chart format.
This report defines outbreaks within a shorter time span than a week. Its designed
to show outbreaks that have occurred recently over a narrower time span than the
weekly outbreak history report. An outbreak can be defined in terms of hours. A
current outbreak is defined as occurring over at least a minimum number or
distinct computer (x) and/or distinct files (y) infected within a time frame
specified in hours (z). In others words, an outbreak is said to have occurred if x
distinct computers or y distinct files have been infected by the same virus within z
hours.
462
Sample report
Figure B-19. Sample Outbreaks - Current report
Product Guide
463
Product Events By Severity report template
Usage
Use this report to view events by severity. Data is grouped by severity and event
description.
Sample report
Figure B-20. Sample Product Events By Severity report
464
Number Of Infections From Removable Media report template
Usage
Use this report to view a pie chart of the number of detected viruses from a
removable media source such as a floppy drive. Specify the drive letter (default is
a:), the report number then shows the number coming from that drive versus those
from other sources.
Drill down within a rule number to view the detailed list of occurrences for that
given media type.
Sample report
Figure B-21. Sample Number Of Infections From Removable Media report
Product Guide
465
Security Summary report template
Usage
Use this report to view a one-page summary of detections by McAfee anti-virus
products, intrusions detected by McAfee Desktop Firewall, and security
vulnerabilities reported by McAfee ThreatScan.
Sample report
Figure B-22. Sample Security Summary report
466
Virus Type report template
Usage
Use this report to see what types of viruses have infected the enterprise. This report
shows the number of virus infections by virus type, in bar chart format.
You can view report details by virus type, virus subtype, virus name, and product
name.
For definitions of virus types (for example, trojan horse), see the Virus Glossary on
the AVERT web site:
http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/vir
us-glossary.asp#m
Product Guide
467
Sample report
Figure B-23. Sample Virus Type report
468
Viruses Detected report template
Usage
Use this report to view the number of virus infections for the top ten viruses by
year, in a stacked bar chart format. You can view details on virus name, quarter,
month, week, and day.
You can click the AVERT link next to each virus name to go to the AVERT web site
for a description of that virus.
Product Guide
469
Sample report
Figure B-24. Sample Viruses Detected report
470
Infection | Top Tens report templates
Infection | Top Tens:
n
Top 10 Detected Viruses report template.
n
Top 10 Infected Files report template.
n
Top 10 Infected Machines report template.
n
Top 10 Infected Users report template.
Product Guide
471
Top 10 Detected Viruses report template
Usage
Use this report to view a pie chart of the ten most detected viruses. The segment
sizes are proportional to how often the viruses were detected. It allows you to
identify the most common viruses that are being detected by your organization.
Drill down within a virus name to view virus counts by Product Name, followed
by Product Version, then the detailed list of occurrences for that product, and
virus.
Sample report
Figure B-25. Sample Top 10 Detected Viruses report
472
Top 10 Infected Files report template
Usage
Use this report to view the ten most infected files, in bar chart format. It allows you
to identify the most common infected files that are being accessed by your
organization.
Drill down within files to view counts by virus name, product name, and product
version number, then the detailed list of occurrences for that file, product, and
virus.
Sample report
Figure B-26. Sample Top 10 Infected Files report
Product Guide
473
Top 10 Infected Machines report template
Usage
Use this report to view the ten most infected client computers, in bar chart format.
It allows you to identify the most common computers within your organization
that are attempting to access infected files. You may want to investigate how the
computers are being used and the external information sources that are being
accessed (possible sources for the infections).
Drill down within machines to view counts by virus name, product name, and
product version number, then the detailed list of occurrences for that machine,
product, and virus.
Sample report
Figure B-27. Sample Top 10 Infected Machines report
474
Top 10 Infected Users report template
Usage
Use this report to view the ten most infected users, in bar chart format. It allows
you to identify the most common users within your organization that are
attempting to access infected files. You may want to investigate how they are using
their computers and the external information sources that they are accessing
(possible sources for the infections).
Drill down within users to view counts by virus name, product name, and product
version number, then the detailed list of occurrences for that user, product, and
virus.
Sample report
Figure B-28. Sample Top 10 Infected Users report
Product Guide
475
Infection | WebShield report templates
Infection | WebShield:
476
n
Content Filter Report By Rule template.
n
Content Filter Report By Rule And Time template.
n
Content Filter Report Rules Triggered template.
n
Content Scanning Detections By Appliance report template.
n
Infection History report template (WebShield).
n
Spam Detections By Appliance report template.
n
Top Ten Spammers report template.
n
URLs Blocked report template.
n
Virus Detections By Appliance report template.
n
Virus Detections Timing report template.
n
Virus Type report template (WebShield).
n
Viruses Detected report template (WebShield)
Content Filter Report By Rule template
Usage
Use this report to view the number of times each content rule was triggered for the
quarter, in pie chart format.
You can view report details by month, week, and day. The details section of this
report shows the event date and time, WebShield appliance name (WebShield),
WebShield appliance IP address, blocked spam addresses (User Name), action
taken, and portion of the e-mail message that contained the offending content
(Message Part).
WebShield reports criteria on page 508.
Sample report
Figure B-29. Sample Content Filter Report By Rule
Product Guide
477
Content Filter Report By Rule And Time template
Usage
Use this report to view the number of times each content rule was triggered over
the quarter, in a line chart format. You can view report details by month, week, and
day.
The details section of this report shows the event date and time, WebShield
appliance name (WebShield), WebShield appliance IP address, blocked spam
addresses (User Name), action taken, and portion of the e-mail message that
contained the offending content (Message Part).
Sample report
Figure B-30. Sample Content Filter Report By Rule And Time
478
Content Filter Report Rules Triggered template
Usage
Use this report to view the number of times individual users triggered a content
rule by month, in a stacked bar chart format.
You can view report details by computer name, month, week, and content rule.
appliance IP address, blocked spam addresses (User Name), action taken, and
portion of the e-mail message that contained the offending content (Message Part).
Sample report
Figure B-31. Sample Content Filter Report Rules Triggered
Product Guide
479
Content Scanning Detections By Appliance report template
Usage
Use this report to view the number of broken content rules by WebShield
appliance for the current quarter, in a bar chart format.
You can view report details by broken content rule. The details section of this
report shows the event date and time, portion of the e-mail message that contained
the offending content (Affected Area), and e-mail address of the sender (User
Name).
Sample report
Figure B-32. Sample Content Scanning Detections By Appliance report
480
Infection History report template (WebShield)
Usage
Use this report for a complete view of virus infection activity over time, and to see
the relationship between virus infections, action taken, users, and files. You can
view report details by year, month, week, and day.
The main section of this report shows the following information:
n
Number of virus infections by year (bar chart at the top of page 1).
n
Top ten virus infections and the corresponding action taken (stacked bar
chart at the bottom of page 1 on the left side).
n
Top ten users and the viruses that infected them (stacked bar chart at the
bottom of page 1 on the right side).
n
Number of times each type of action taken was made (bar chart on the left
side of page 2).
n
Top ten files and the action taken on them (stacked bar chart on the right side
of page 2).
The details section shows the event date and time, e-mail address or IP address of
the user responsible for triggering the event (User Name), scanning engine version
number, virus definition (DAT) file version number, virus name, action taken, and
portion of the e-mail message that contained the offending content or name of the
infected file (File Name).
You can click the virus name to go to the AVERT web site for a description of that
virus.
Product Guide
481
Sample report
Figure B-33. Sample Infection History report (WebShield)
482
Spam Detections By Appliance report template
Usage
Use this report to view the number of broken spam rules by WebShield appliance
for the current quarter, in a bar chart format.
The details section of this report shows the event date and time, spam rule name,
IP address of the spam source, and e-mail address of the sender (User Name).
Sample report
Figure B-34. Sample Spam Detections By Appliance report
Product Guide
483
Top Ten Spammers report template
Usage
Use this report to view the number of broken spam rules by the top ten users for
the current quarter, in a bar chart format.
The details section of this report shows the event date and time, spam rule name,
IP address of the spam source, and e-mail address of the sender (User Name).
Sample report
Figure B-35. Sample Top Ten Spammers report
484
URLs Blocked report template
Usage
Use this report to view the number of blocked Uniform Resource Locators (URL)
by WebShield appliance for the year, in a stacked bar chart format. You can view
report details by quarter, month, week, and day.
appliance IP address (IP Address), IP address of the source that triggered the event
(Offending IP), action taken, and the URL that triggered the event (Blocked URL).
Sample report
Figure B-36. Sample URLs Blocked report
Product Guide
485
Virus Detections By Appliance report template
Usage
Use this report to view the number of detected virus infections by WebShield
appliance, in a pie chart format. You can view report details on virus name.
The details section of this report shows the event date and time, e-mail address of
sender or IP address of source that triggered the event (User Name), scanning
engine version number, virus definition (DAT) file version number, action taken,
and name of the infected file.
486
Sample report
Figure B-37. Sample Virus Detections By Appliance report
Product Guide
487
Virus Detections Timing report template
Usage
Use this report to view the number of detected virus infections by the hour for the
year, in a bar chart format. Use this report to determine if virus infections are
concentrated during a specific time of day.
The details section of this report shows the event date and time, user name,
scanning engine version number, virus definition (DAT) file version number, virus
name, action taken, and name of the infected file.
You can click each virus name to go to the AVERT web site for a description and
other information about that virus.
488
Sample report
Figure B-38. Sample Virus Detections Timing report
Product Guide
489
Virus Type report template (WebShield)
Usage
Use this report to view the number of virus infections by virus type, in a bar chart
format. You can view report details on virus type, virus subtype, virus name, and
product name. Use this report to see what types of viruses have infected the
enterprise.
The details section of this report shows the event date and time, name of the
WebShield Appliance item in the Directory and -- if a report filter has been applied
-- group name in the Directory (Computer Name/Group), WebShield appliance IP
address, virus definition (DAT) file version number, scanning engine version
number, action taken, and name of the infected file.
For definitions of virus types (for example, trojan horse), see the Virus Glossary on
the AVERT web site:
http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/vir
us-glossary.asp#m
490
Sample report
Figure B-39. Sample Virus Type report (WebShield)
Product Guide
491
Viruses Detected report template (WebShield)
Usage
Use this report to view the number of virus infections for the top ten viruses by
year, in a stacked bar chart format. You can view report details on virus name,
quarter, month, week, and day.
appliance name (Computer Name), virus definition (DAT) file version number,
scanning engine version number, action taken, and name of the infected file.
492
Sample report
Figure B-40. Sample Viruses Detected report (WebShield)
Product Guide
493
Coverage and Infection subreports
Most coverage reports and several infection reports include links to subreports
that provide historical data on computers, compliance, upgrades, and infections
and detailed data on policies, tasks, updates, and infections.
494
n
Compliance Summary subreport.
n
Computer Summary subreport.
n
Infection History subreport.
n
Infection Summary subreport.
n
Policy subreport.
n
Task subreport.
n
Update Errors subreport.
n
Upgrade History subreport.
Computer Summary subreport
Usage
Use this subreport to compare compliant versus non-compliant computers over
time.
Sample subreport
Figure B-41. Sample Computer Summary subreport
Product Guide
495
Compliance Summary subreport
Usage
Use this subreport to view the percentage of compliant computers over time.
Sample subreport
Figure B-42. Sample Compliance Summary subreport
496
Infection History subreport
Usage
Use this subreport to view the infection history on client computers.
Sample subreport
Figure B-43. Sample Infection History subreport
Product Guide
497
Infection Summary subreport
Usage
Use this subreport to compare detected and unresolved infections and to view the
number of infected computers over time.
Sample subreport
Figure B-44. Sample Infection Summary subreport
498
Policy subreport
Usage
Use this subreport to view the policy settings on client computers.
Sample subreport
Figure B-45. Sample Policy subreport
Product Guide
499
Task subreport
Usage
Use this subreport to view the tasks scheduled on client computers.
Sample subreport
Figure B-46. Sample Task subreport
500
Update Errors subreport
Usage
Use this subreport to view client computer messages related to updating.
Sample subreport
Figure B-47. Sample Update Errors subreport
Product Guide
501
Upgrade History subreport
Usage
Use this subreport to view the product upgrade history of client computers.
Sample subreport
Figure B-48. Sample Upgrade History subreport
502
Criteria used to limit report results
You can limit the results of reports in the Report Data Filter dialog box using these
criteria. The criteria vary depending on the report.
n
Coverage reports criteria.
n
Infection | Action Summaries reports criteria.
n
Infection | Detections reports criteria.
n
Infection | Top Tens reports criteria.
n
Infection | WebShield reports criteria.
n
Descriptions of the criteria.
Product Guide
503
— — — — — — X
— — X
— — X
— — X
X
X
— X
DAT/Definition Deployment
Summary
DAT Engine Coverage
Engine Deployment Summary
Product Protection Summary
Products By Custom Data
Groups
Product Updates By Custom
Event Groups
X
X
X
X
X
X
— X
— X
— — X
— — X
— — X
— — X
— — X
— X
X
X
X
X
X
X
— — — X
Compliance Summary
X
— — X
X
— — —
Compliance Issues
Agent Type
X
Computer Name
X
DAT
Agent Versions
Agent Version
X
Day
X
Directory
Agent to Server Connection
Info
This report...
Date Time
Can be limited by...
Domain Name
X
X
X
X
X
X
X
X
X
X
Hotfix
ExtraDAT
Engine
X
IP Address
— X
X
X
Language
X
X
Last Contact
— X
X
X
OS Platform
Month
— X
— X
— X
OS Type
X
X
X
OS Version
X
X
X
Quarter
Product Version
Product Name
X
X
User Name
X
X
— —
— —
Week
— — — — —
— — — X
— — — X
Year
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
— — — X
X
X
X
X
X
X
X
X
X
X
X
X
— X
— X
— X
— X
— X
— X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
— X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
— X
— X
— X
— X
— X
— X
X
X
— —
— —
— —
— —
— —
— — — — — — — — — — — — — — — — —
X
— — X
— — X
Service Pack
504
You can limit the results of Coverage reports in the Report Data Filter dialog box using these criteria.
Coverage reports criteria
X
X
X
X
Action Summary By Top 10 Files
Resolved
Action Summary By Top 10 Files
Unresolved
Action Summary By Top 10
Viruses
Action
Action Summary
This report...
DAT
Computer Name
X
X
— X
X
X
— X
Date Time
X
X
— X
X
X
— X
Directory
Domain Name
X
X
X
X
Engine
X
X
X
X
Event ID
X
X
X
X
Month
IP Address
File Name
X
X
X
OS Platform
X
— X
— X
— — X
X
X
— — X
OS Type
X
X
X
X
Product Name
X
X
X
X
Product Version
X
X
X
X
Quarter
X
Severity
X
X
— X
— X
X
Task Name
X
X
X
X
Virus Name
User Name
X
X
— X
X
X
— X
Virus Subtype
X
X
X
X
Virus Type
X
X
X
X
Week
X
X
X
— —
— —
X
Year
You can limit the results of Infection | Action Summaries reports in the Report Data Filter dialog box using these
criteria.
Infection | Action Summaries reports criteria
Product Guide
505
X
X
X
— — — — — — — — — — — — — X
Outbreaks - Weekly History
Outbreaks - Current
Security Summary
— X
— X
— X
X
X
X
X
X
X
X
— — X
— — X
X
X
X
X
X
X
X
— — — — — — X
X
X
X
Product Version
X
X
X
X
X
X
X
X
X
X
X
X
Severity
X
X
X
X
Task Name
X
X
X
X
X
X
X
X
— X
X
X
User Name
X
X
X
— X
X
— — X
X
X
X
X
X
X
Virus Name
Virus Subtype
X
X
X
X
X
X
X
X
X
Virus Type
— X
— X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
— —
— —
X
X
X
— —
X
— —
X
— —
X
Week
— — — — — — — — —
— — — — X
— — — — X
X
X
X
— X
X
— X
X
— X
X
Quarter
— — — — X
— X
X
X
— — — — — — — — — X
— — X
— X
— X
X
— — — X
X
X
X
X
X
Infection History
— X
X
X
— X
X
X
X
X
— — — X
X
X
— — X
X
X
— X
X
Viruses Detected
— X
X
X
X
X
— — X
X
X
X
X
X
X
X
X
X
Virus Type
X
X
X
X
X
X
X
X
— X
X
X
X
X
Number Of Infections From
Removable Media
— X
X
X
— X
X
X
X
X
— X
X
X
Product Events By Severity
Action
X
Engine
X
Event ID
Number Of Infections For the Past
24 Hours
Domain Name
X
File Name
X
X
X
IP Address
Number Of Infections Detected
Monthly Showing Viruses
Date Time
X
Month
X
DAT
X
OS Platform
Infections detected weekly by
product this quarter (3D bars)
Computer Name
X
OS Type
X
Product Name
Infections By Custom Data Groups
This report...
Directory
Year
506
You can limit the results of Infection | Detections reports in the Report Data Filter dialog box using these criteria.
Descriptions of each criteria follow.
Infection | Detections reports criteria
X
X
X
X
Top 10 Infected Files
Top 10 Infected Machines
Top 10 Infected Users
Action
Top ten detected Viruses
This report...
DAT
Computer Name
X
X
X
X
X
X
— X
Date Time
X
X
X
X
X
X
— X
Directory
Domain Name
X
X
X
X
Engine
X
X
X
X
Event ID
X
X
X
X
Month
IP Address
File Name
X
X
X
X
X
X
X
OS Platform
— X
— X
— X
— — X
OS Type
X
X
X
X
Product Name
X
X
X
X
Product Version
X
X
X
X
Quarter
X
Severity
— X
— X
— X
X
Task Name
X
X
X
X
Virus Name
User Name
X
X
X
X
X
X
— X
Virus Subtype
X
X
X
X
Virus Type
X
X
X
X
Week
X
— —
— —
— —
X
Year
You can limit the results of Infection | Top Tens reports in the Report Data Filter dialog box using these criteria.
Infection | Top Tens reports criteria
Product Guide
507
Infection | WebShield reports criteria
You can limit the results of Infection | WebShield reports in the Report Data Filter
dialog box using these criteria.
— — — — X
X
Content Filter Report By Rule And
Time
X
— — — — X
X
X
X
X
— — — — X
X
Content Filter Report Rules
Triggered
X
— — — — X
X
X
X
X
— — — — X
X
Content Scanning Detections By
Appliance
X
— — — — X
X
X
X
X
— — — — X
X
Spam Detections By Appliance
X
— X
— — — — X
X
X
X
X
— — — —
Top Ten Spammers
X
— X
— — — — X
X
X
X
X
— — — —
URLs Blocked
X
— — — — X
X
X
X
X
— — — — X
X
Viruses Detected
X
X
— X
— X
X
— — X
— — — — X
X
Virus Detections By Appliance
X
X
— X
— X
X
— — X
— — — — X
X
Virus Detections Timing
X
X
X
X
Virus Type
X
X
— X
— X
X
Infection History
X
X
— X
— X
X
508
X
— — — — X
Year
Spam Source
X
Week
Server
X
Virus Type
Rule Type
X
Virus Name
Rule Name
X
Spammer
Quarter
— — X
Month
— X
File Name
X
Engine
DAT
Content Filter Report By Rule
Date Time
This report...
Action
— — X
X
— —
— — X
— — X
X
X
X
— — X
— — — — X
X
Descriptions of the criteria
You can limit the results of reports in the Report Data Filter dialog box using these
criteria. The criteria vary depending on the report. Criteria for all predefined
reports are described below:
n
Action — Limits results by the action taken by anti-virus product upon
detection.
n
Agent Type — Limits results by agents, SuperAgents, or SuperAgent
n
Agent Version — Limits results by agent version number.
n
Computer Name — Limits results by client computer name.
n
DAT — Limits results by the virus definition file version number.
n
Date Time — Limits results by the date and time of events.
n
Day — Limits results by day. Use this format YYYY-MM-DD (year-month-day);
for example, 2003-04-23.
n
Directory — Limits results to the computers in the selected site or group
under the Directory. Data for groups and computers under the selected site
or group are not included on the report.
n
Domain Name — Limits results by Windows NT domain name.
n
Engine — Limits results by the virus scanning engine version number.
n
Extra DAT — Limits results by the supplemental virus definition (EXTRA.DAT)
file version number.
n
File Name — Limits results based on the name and location of infected files.
n
HotFix — Limits results by HotFix release number.
n
IP Address — Limits results using the IP address of client computers.
n
Language — Limits results by language version.
n
Last Contact — Limits results by the date and time that the agent
communicated with the ePolicy Orchestrator server.
n
Month — Limits results by month. Use this format YYYY-MONTH
(year-month); for example, 2003-April.
n
OS Platform — Limits results by platform; for example, Server or
Workstation.
n
OS Type — Limits results by operating system name.
n
OS Version — Limits results by operating system version number.
Product Guide
509
n
Product Name — Limits results by product.
n
Product Version — Limits results by product version number.
n
Quarter — Limits results by quarter. Use this format YYYY-Q (year-quarter);
for example, 2003-2.
n
Rule Name — Limits results by content rule.
n
Rule Type — Limits results by content rule type; for example, content
scanning.
n
Server — Limits results by WebShield appliance name.
n
Service Pack — Limits results by service pack release number.
n
Severity — Limits results by event severity. The severity levels in order from
most to least severe are Critical, Major, Minor, Warning, and Informational.
n
Spam Source — Limits results by the portion of the e-mail message that
contains the offending content; for example, header, subject, or body.
n
Spammer — Limits results by the e-mail address of the spammer.
n
Task Name — Limits results by the scanning task that resolved the infection;
for example, on-demand scan or on-access scan.
n
User Name —Limits results using the user name logged on to the client
computer.
510
n
Virus Name — Limits results by the virus name.
n
Virus Subtype — Limits results by virus subtype.
n
Virus Type — Limits result by virus type; for example, Trojan Horse.
n
Week — Limits results by week. Use this format YYYY-WW (year-week); for
example, 2003-17.
n
Year — Limits results by year.
Computer query templates
The computer queries provide information on the computers in your organization:
n
All Connecting Computers query template.
n
Hourly ASCI Count query template.
n
Computers With No Protection query template.
n
Computers By Language query template.
n
Computers By OS Type query template.
n
Computers By Timezone query template.
n
Computers By ePONode query template.
n
Count Of All Connecting Computers query template.
n
OS Summary query template.
n
Policy Changes (Computers) query template.
n
Policy Changes (Groups) query template.
All Connecting Computers query template
Use this query to view the computer properties of all client computers with agents
that have connected to the ePolicy Orchestrator server, sorted by computer name.
Hourly ASCI Count query template
Use this query to view connections made during agent-to-server communication
intervals (ASCI) by the hour. Use this query to identify throughput bottlenecks.
Computers With No Protection query template
Use this query to view properties of all computers without any supported
anti-virus protection software, sorted by each computer’s location in the Directory
(ePONodeName). In addition to computers without any supported anti-virus
protection software, client computers that are using anti-virus products that
ePolicy Orchestrator does not currently detect (for example, Trend OfficeScan) are
reported in this query as if no anti-virus protection software were present.
Product Guide
511
Computers By Language query template
Use this query to view properties of all computers, sorted by locale ID and each
computer’s location in the Directory (ePONodeName). For information, see Locale
IDs on page 526. Because this query provides the locale settings of client
computers, you can use it to determine which language version of products to
deploy to them.
Computers By OS Type query template
Use this query to view properties of all computers, sorted by operating system
type, version and each computer’s location in the Directory (ePONodeName).
Because this query provides operating system information of client computers,
you can use it to determine whether they meet the minimum requirements for
products before you deploy them.
Computers By Timezone query template
Use this query to view properties of all computers, sorted by time zone and each
computer’s location in the Directory (ePONodeName). Because this query identifies
the time zone in which client computers are operating, you can use it to determine
the best time to schedule tasks and other operations that affect network traffic.
Computers By ePONode query template
Use this query to view properties of all computers sorted by their location in the
Directory (ePONodeName).
Count Of All Connecting Computers query template
Use this query to view the total number of computers that are connected and
whose properties are stored in the ePolicy Orchestrator database.
OS Summary query template
Use this query to view the number of operating systems installed on client
computers. Use with the Computers by OS Type query to view outdated software
and upgrade requirements.
Policy Changes (Computers) query template
Use this query to view policy changes by computer.
Policy Changes (Groups) query template
Use this query to view policy changes by group.
512
Events query templates
The event queries provide information on events. These queries are based on
events stored in the ePolicy Orchestrator database. McAfee Security recommends
that you configure the alert filter for the database before generating any queries, so
that your future queries do not include any surplus information.
n
All Scanning Events query template.
n
All Scanning Events By ePONode query template.
n
All Product Update Events query template.
n
Count Of All Scanning Events query template.
n
Count Of All Product Update Events query template.
n
Count of All Infections query template.
n
Scanning Event Summary query template.
n
First Virus Occurrence query template.
n
Summary of Past Outbreak Events query template.
n
Upgrade Summary query template.
n
Upgrade Summary by Date query template.
n
Server Task Log query template.
n
All Infections query template.
n
All Infections By Virus Name query template.
All Scanning Events query template
Use this query to view all events generated when files are scanned on client
computers, sorted by date and time.
All Scanning Events By ePONode query template
Use this query to view all events generated when files are scanned on client
computer, sorted by its location in the Directory (ePONodeName).
All Product Update Events query template
Use this query to view all events generated when product updates are installed on
client computer, sorted by date and time.
Product Guide
513
Count Of All Scanning Events query template
Use this query to view the total number of events generated when files are scanned
on client computers.
Count Of All Product Update Events query template
Use this query to view the total number of events generated when product updates
are installed on client computer.
Count of All Infections query template
Use this query to view the total number of events.
Scanning Event Summary query template
Use this query to view events generated when files are scanned on client
computers and their descriptions, sorted by severity. You might find this query
helpful to optimize event filtering.
First Virus Occurrence query template
Use this query to view when and where infections first entered the network.
Summary of Past Outbreak Events query template
Use this query to view a summary of outbreaks starting from the most recent.
Upgrade Summary query template
Use this query to view a summary of updating activity including repository name
(SITE NAME) and package type (UPGRADE TYPE).
Upgrade Summary by Date query template
Use this query to view a summary of updating activity by date.
Server Task Log query template
Use this query to view the server task log.
All Infections query template
Use this query to view all infection events, sorted by the event date and time.
514
All Infections By Virus Name query template
Use this query to view all infection events, sorted by virus name.
Product Guide
515
Installations query templates
The installation queries provide information on the anti-virus products installed
on client computers. These queries are based on the computer and product
properties stored in the ePolicy Orchestrator database.
n
All AV Installations by Last Contact query template.
n
All Installations query template.
n
All Installations By ePONode query template.
n
Compliance Comparison query template.
n
Count Of All AV Installations query template.
n
Count Of All Installations query template.
All AV Installations by Last Contact query template
Use this query to view all anti-virus product installations and computer
properties, sorted by the date that agents last communicated with the ePolicy
Orchestrator server. You might find this query useful in viewing the properties
received during the most recent agent-to-server communication.
All Installations query template
Use this query to view all installations (anti-virus scanners and support products),
sorted by product and each computer’s location in the Directory (ePONodeName).
All Installations By ePONode query template
Use this query to view all installations (anti-virus scanners and support products),
sorted by each computer’s location in the Directory (ePONodeName) and product.
Compliance Comparison query template
Use this query to view computers without anti-virus protection, unresolved
infections, and non-compliant products, etc.
Count Of All AV Installations query template
Use this query to view the total number of anti-virus product installations.
Count Of All Installations query template
Use this query to view the total number of product installations.
516
Handling Virus Outbreaks
C
The most effective response to viruses is to know your system, have current
anti-virus software installed, detect outbreaks early, then respond quickly and
efficiently. An effective strategy includes both prevention as well as response.
The ePolicy Orchestrator software can help reduce the costs of managing an
outbreak. When you use ePolicy Orchestrator, you can manage all of your sites
from a central location, which makes management easier, more efficient, and
ensures consistently applied policies across your enterprise
The following topics are covered in this section:
n
Before an outbreak occurs.
n
Recognizing an outbreak.
n
Responding to an outbreak.
Product Guide
517
Before an outbreak occurs
You can prepare your site or company before an outbreak occurs. Use the Are you
prepared for an outbreak? checklist to determine your level of preparedness.
Checklist — Are you prepared for an outbreak?
n
The ePolicy Orchestrator software has been fully installed and implemented,
and is providing 100% coverage on your computers, including web servers
and mail servers. If you have less than 100% coverage on your computers,
you are not fully protected.
You can use the Product Production Summary report, as well as the various
DAT and engine reports, to determine if your computers are 100% covered.
For more information and instructions, see Coverage report templates on
page 424 and Running reports on page 347.
n
An anti-virus software product; for example, McAfee VirusScan
Enterprise 7.0; has been installed and configured on your computers.
n
You know your network. To determine if your network is experiencing an
outbreak, you must first know how the system behaves under normal
circumstances. In order to do this, you need effective monitoring tools (for
example, tools from Sniffer Technologies) to monitor network performance
indicators such as available bandwidth, e-mail server function, etc.
n
You are performing regular, scheduled updates of the virus scanning engine
and virus definition (DAT) files for each of the anti-virus products that you
manage through ePolicy Orchestrator.
n
You are performing regular, scheduled updates of products through ePolicy
Orchestrator. For instructions, see Product Deployment and Updating on
page 307.
n
You are running regular reports to identify the following. For instructions,
see Running reports on page 347.
w Possible infections.
w Scanning engine and DAT files are up-to-date at the latest company
approved versions.
w Products are fully covered.
518
n
You have enabled the agent wakeup call and tested the agent’s
communication with the computers on your network.
n
You have a plan in case of an outbreak, and have tested the plan.
Recognizing an outbreak
There are several key indicators that you can use to determine if your network is
experiencing an outbreak. The following key indicators are covered in this section:
n
Network utilization key indicators.
n
E-mail utilization key indicators.
n
Virus detection events.
Network utilization key indicators
The following are indicators that network utilization may be affected by an
outbreak:
n
Users complain of slowness. Users are often the first to notice when a
full-scale outbreak is taking place. Computers slow down, network systems
stop responding, and applications start displaying messages.
n
Monitoring tools (for example, tools from Sniffer Technologies) detect a
change in the network utilization levels.
E-mail utilization key indicators
The following are indicators that e-mail utilization may be affected by an outbreak:
n
Users complain of slowness. Users are often the first to notice when a
full-scale outbreak is taking place. E-mail slows down or does not work at all.
n
CPU
n
Monitoring tools (for example, tools from Sniffer Technologies) detect a
change in the e-mail utilization levels.
n
Microsoft Exchange Performance Monitor counters register a change in the
e-mail utilization levels.
n
McAfee Outbreak Manager notifies you via e-mail that a potential outbreak
may be indicated. McAfee Outbreak Manager analyzes incoming e-mail
messages and identifies behaviors that are indicative of an outbreak.
n
The McAfee WebShield e500 appliance collects data that can help identify if
an outbreak is occurring. For instructions, see Running reports on page 347.
utilization of Microsoft Exchange servers goes up significantly.
Product Guide
519
Virus detection events
The following events are indicators that a virus has been detected:
520
n
An ePolicy Orchestrator report identifies that a virus has been detected.
n
McAfee Outbreak Manager notifies you via e-mail that a potential outbreak
may be indicated.
n
McAfee Alert Manager notifies you that a virus has been detected.
Responding to an outbreak
When an outbreak occurs, you can respond in many ways. Use the You think an
outbreak is occurring checklist to respond to an outbreak.
Checklist — You think an outbreak is occurring
n
Visit the AVERT home page to get the latest virus information. For more
information, see Contacting McAfee Security & Network Associates on page 21.
n
Submit samples of potentially infected files to WebImmune for testing. For
more information, see AVERT WebImmune on page 22.
n
Modify the firewall and network security settings to block viral activity. To
help you determine what to block and how the virus behaves, visit the Virus
Information Library on the AVERT web site. For more information, see
Contacting McAfee Security & Network Associates on page 21.
n
Increase detection settings for all anti-virus products to meet the threat. Visit
the Virus Information Library for an analysis of the threat. For more
information, see Contacting McAfee Security & Network Associates on page 21.
n
Update your software. If the virus exploits security holes in the software that
you are running, for example Microsoft Internet Explorer, visit the vendor’s
web site to determine if a security patch is available. If it is available,
download it and install it.
n
Regularly enforce agents with an agent wakeup call, and run coverage
reports to determine that protection is in place.
NOTE
To ensure full coverage, you must have the ePolicy Orchestrator agent
installed on each computer.
n
Use the global updating feature to perform the following. For instructions,
see Global updating on page 319.
w Download supplemental (EXTRA.DAT) and full virus definition (DAT)
files.
w Update the virus scanning engine.
n
Perform an on-demand scan of infected systems.
n
Run anti-virus coverage reports to ensure that anti-virus coverage on
infected systems is complete.
If you do not have a McAfee anti-virus product installed or do not have the
ePolicy Orchestrator agent deployed to each computer, you must manually
scan the system or computer using the command-line scanner, or use another
anti-virus product.
Product Guide
521
522
Reference
n
How to read operating system data.
n
Action taken numbers.
n
Locale IDs.
n
Product IDs.
n
Variables.
D
Product Guide
523
Reference
How to read operating system data
The agent for Windows retrieves data about the operating system of client
computers from the operating system itself. For this reason, the data that appears
in reports, queries, and in the computer properties might not be immediately
obvious. Use the table below to determine the version number that corresponds to
each operating system. This table is helpful when using operating system name or
version number to limit report results. For example, Windows 95 and Windows
NT use the same version number.
524
Operating System Name
Operating System
Version Number
Windows 95
4.0
Windows 98
4.10
1998
Windows 98 SE
4.10
2222A
Windows NT
4.0
Windows 2000
5.0
Windows Me
4.9
Windows XP Professional
5.1
Service Pack
Reference
Action taken numbers
When viewing queries, use this table to determine how supported anti-virus
products responded to detected viruses.
Action Taken Number
Description
(blank)
Unknown
2
Continued Scan
3
4
50
Cleaned
51
Clean Error
52
Deleted
53
Delete Error
54
Excluded
55
Exclude Error
56
Access Denied
57
Moved
58
Move Error
59
Not Scanned
60
Continued Scan
61
Deleted
62
Heuristic Error
63
Moved
64
Heuristic Error
65
Cleaned
66
Heuristic Error
67
Continued Scan
68
Test Virus
69
Scan Timed Out
Product Guide
525
Reference
Locale IDs
Occasionally, you might need to know the locale ID that corresponds to each
language. The ePolicy Orchestrator software uses this ID to identify languages.
526
Locale ID
Language
0000
More than one language
0404
Chinese (Taiwan); also known as Traditional Chinese
0405
Czech
0406
Danish
0407
German (Standard)
0409
English (United States)
0410
Italian
0411
Japanese
0412
Korean
0413
Dutch
0414
Norwegian
0415
Polish
0416
Portuguese (Brazil)
0419
Russian
0804
Chinese (People's Republic of China); also known as Simplified Chinese
0809
English (United Kingdom)
0810
Italian (Switzerland)
040a
Spanish (Traditional Sort)
040b
Finnish
040c
French (Standard)
041d
Swedish
0c04
Chinese (Hong Kong)
Reference
Product IDs
The software uses a unique product ID to identify each version of every supported
product. In some places within the software (for example, in log file entries or
within directory structures), the product ID appears instead of the product name
and version number. Use this table to identify the product name and version
number that corresponds to each product ID.
Product ID
Product Name and Version Number
ALERTMNG4500
Alert Manager 4.5
EPOAGENT2000LYNX
Agent for WebShield appliances 2.0
EPOAGENT3000
Agent for Windows 3.0
GSDOMINO5000
GroupShield Domino 5.0.0
LWI____6000
Setup program for VirusScan TC 6.0
NAE____2100
Agent for NetWare 2.1.0
NAV____7500
Norton AntiVirus Corporate Edition 7.50, 7.51, 8.0
NETSHLD_4500
NetShield 4.5 for Windows NT
NSNW___4600
NetShield NetWare 4.6.0
PCR____1000
Product Coverage Reports 1.0
VIRUSCAN4500
VirusScan 4.5
VIRUSCAN6500
VirusScan 4.5.1, VirusScan 4.5.1 with Service Pack 1
VIRUSCAN6000
VirusScan TC 6.0
VIRUSCAN7000
VirusScan Enterprise 7.0.0
Product Guide
527
Reference
Variables
You can use these predefined variables in various dialog boxes and policy pages.
You can also use system environment variables.
Client computers use the values from user environment variables, then system
environment variables. For more information on environment variables, see the
Windows product documentation.
NOTE
The location you specify using these variables must exist on client
computers. For example, avoid using the
<PROGRAM_FILES_COMMON_DIR> variable on Windows 95 and
Windows 98 computers as these operating systems do not use a
Windows common folder.
528
n
<COMPUTER_NAME> — Represents the name of the client computer. This is
the NetBIOS name on Windows computers, the DNS name on Unix
computers, and NDS name on Netware computers.
n
<DOMAIN_NAME> — Represents the domain name or workgroup name to
which the client computer belongs.
n
<PROGRAM_FILES_COMMON_DIR> — Represents the path of the Windows
common folder; for example, C:\PROGRAM FILES\COMMON.
n
<PROGRAM_FILES_DIR> — Represents the path of the program files folder; for
example, C:\PROGRAM FILES.
n
<SOFTWARE_INSTALLED_DIR> — Represents the installation directory of the
corresponding McAfee product .
n
<SYSTEM_DIR> — Represents the Windows system directory; for example,
C:\WINNT\SYSTEM32 or C:\WINDOWS\SYSTEM.
n
<SYSTEM_DRIVE> — Represents the drive where the operating system is
installed; for example, C:.
n
<SYSTEM_ROOT> — Represents the path of the Windows root directory; for
example, C:\WINNT or C:\WINDOWS.
n
<TEMP_DIR> — Represent the Windows temporary directory; for example,
C:\TEMP.
n
<USER_NAME> — Represents the user name of the currently logged on user
account.
Supported Products and
Features
E
The list of products that are supported in this version of the software along with
which major features each product supports is provided in Table E-1 on page 530.
The following products are no longer supported in this version of the software:
n
Klez/Elkern stand-alone scanner 1.0 or later.
n
NetShield 4.0.3 for Windows NT.
n
Nimda stand-alone scanner 1.0 or later.
n
VirusScan 4.0.3 for Windows NT.
n
VirusScan 4.0.3 for Windows.
n
VirusScan 4.5 for Windows.
n
WebShield 4.5 SMTP.
Product Guide
529
No
No
Yes
No
No
No
No
No
McAfee AVERT Stinger
McAfee Desktop Firewall 7.5.1
McAfee GroupShield 5.0 for Microsoft
Exchange 5.5
McAfee GroupShield 5.2 for Lotus
Domino
McAfee GroupShield 5.2 for Microsoft
Exchange 2000
McAfee GroupShield® 5.0a for Lotus
Domino on Microsoft Windows
No
No
Yes
Definition File
Updates? *
No
Yes
No
Yes
—
—
—
—
Engine
Updates?
No
No
No
No
—
—
—
—
HotFix
Updates?
No
No
No
No
No
—
No
Yes
Service Pack
Updates?
No
No
No
No
No
—
No
Yes
Yes
Yes
Yes
Yes
—
—
—
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Task
Enforcement?
Yes
Yes
Yes
Yes
—
Yes
—
—
Event
Collection?
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Property
Collection?
Yes
Yes
Yes
Yes
Yes
Yes
—
—
Coverage
Reports?
Yes
Yes
Yes
Yes
Yes
Yes
Yes
**
Yes
**
Yes
Yes
Yes
Yes
No
Yes
No
No
Infection
Reports?
§ Minimal operating system properties are reported.
†† VirusScan TC is installed using LWI.
† DAT files and engines are updated using NetShield 4.6 for NetWare.
** The Alert Manager product version number appears in the appropriate reports.
* Definition files updates include virus definition (DAT) files for the anti-virus products, IDS signature files for Desktop Firewall products, and
modules for ThreatScan products.
— This feature does not apply to this product.
No
No
McAfee Alert Manager™ 4.5 (included
with NetShield 4.5 for Windows NT)
Yes
Yes
Deployment?
Yes
Uninstallation?
McAfee Alert Manager 4.7
Product Name and Version
Legacy
Updating?
530
Policy
Enforcement?
Table E-1. List of supported products and features
Supported Products and Features
Yes
—
Yes
Yes
Yes
No
††
No
††
Yes
—
No
No
Yes
No
††
No
††
McAfee NetShield® 4.5 with Service
Pack 1 for Microsoft Windows NT
McAfee Outbreak Manager™
McAfee ThreatScan 2.1
McAfee ThreatScan® 2.0
McAfee VirusScan Enterprise™ 7.0
McAfee VirusScan ThinClient 6.1
McAfee VirusScan ThinClient™ 6.0
Definition File
Updates? *
No
No
Yes
No
No
—
No
No
No †
Engine
Updates?
No
No
Yes
No
No
—
No
No
No †
HotFix
Updates?
No
No
Yes
No
No
—
No
No
No
Service Pack
Updates?
No
No
Yes
No
No
—
No
No
No
Legacy
Updating?
Yes
Yes
No
No
No
—
Yes
Yes
Yes
Policy
Enforcement?
Yes
Yes
Yes
No
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
—
Yes
Yes
Yes
Event
Collection?
Yes
Yes
Yes
No
No
—
Yes
Yes
Yes
Property
Collection?
Yes
Yes
Yes
No
No
—
Yes
Yes
Yes
Coverage
Reports?
Yes
Yes
Yes
No
No
—
Yes
Yes
Yes
Yes
Yes
Yes
No
No
—
Yes
Yes
Yes
Infection
Reports?
Product Guide
No
No
No
McAfee NetShield for Network
Appliance NetApp Filers and EMC
Celerra
Deployment?
No
Uninstallation?
McAfee NetShield 4.6 for Novell
Netware
Task
Enforcement?
Table E-1. List of supported products and features (Continued)
531
No
No
Yes
No
No
No
No
McAfee WebShield 4.5 Maintenance
Release 1 SMTP
McAfee WebShield® 2.6 for e500
Appliance
Symantec AntiVirus Corporate
Edition 8.0 and 8.01
Symantec Norton AntiVirus Corporate
Edition 7.50, 7.51, and 7.6
No
Definition File
Updates? *
No
No
No
No
Yes
Engine
Updates?
No
No
No
No
Yes
HotFix
Updates?
No
No
No
No
No
Service Pack
Updates?
No
No
No
No
No
Legacy
Updating?
Yes
Yes
No
No
No
Yes
Yes
No
No
Yes
Yes
Yes
No
No
Yes
Event
Collection?
Yes
Yes
Yes
Yes
Yes
Property
Collection?
Yes
Yes
Yes
§
No
Yes
Coverage
Reports?
Yes
Yes
No
No
Yes
Yes
Yes
Yes
Yes
Yes
Infection
Reports?
Yes
Deployment?
No
Uninstallation?
McAfee VirusScan® 4.5.1
Policy
Enforcement?
532
Task
Enforcement?
Table E-1. List of supported products and features (Continued)
Glossary
agent
See ePolicy Orchestrator agent.
agent host
See client computer.
Agent Monitor
A dialog box for prompting the agent to send properties or events to the ePolicy Orchestrator server;
enforce policies and tasks locally; check the ePolicy Orchestrator server for new or updated policies
and tasks, then enforce them immediately upon receipt.
agent policies
Settings that affect how the agent behaves.
agent-to-server communication
A communications technique where the agent contacts the server at a predefined interval to see if
there are any new policies or tasks for the agent to enforce or execute.
agent-to-server communications interval (ASCI)
Determines how often the agent and ePolicy Orchestrator server exchange information.
agent wakeup call
A scheduled task or on-demand command that prompts agents to contact the ePolicy Orchestrator
server when needed, rather than waiting for the next ASCI.
See also SuperAgent wakeup call.
alert
A message or notification regarding computer activity such as virus detection. It can be sent
automatically according to a predefined configuration, to system administrators and users, via
e-mail, pager, or phone.
anti-virus policy
See policy.
appliance
WebShield appliance; an item in the console tree.
client computer
A computer on which the ePolicy Orchestrator agent is installed.
Product Guide
533
Glossary
client tasks
Tasks that are executed on client computers.
computers
In the console tree, the physical computers on the network to be managed via ePolicy Orchestrator.
Computers can be added under existing sites or groups in the Directory.
console tree
The left pane of the console, which contains all console tree items.
console tree items
Every item in the console tree.
DAT
files
Virus definition files that allow the anti-virus software to recognize viruses and related potentially
unwanted code embedded in files. See the documentation accompanying the anti-virus software for
more information.
See also incremental DAT file, EXTRA.DAT file and SuperDAT.
deployment
Sending and installing products and the agent to groups, computers and users.
details pane
The right pane of the console, which shows details of the currently selected console tree item.
Depending on the console tree item selected, the details pane can be divided into upper and lower
panes.
See also upper details pane and lower details pane.
Directory
Lists all computers to be managed via ePolicy Orchestrator, and is the link to the primary interfaces
for managing these computers.
distributed software repository
Architecture of ePolicy Orchestrator for deploying products and product updates throughout an
enterprise; it creates a central library of supported products and product updates in the master
repository.
ePolicy Orchestrator agent
An intelligent link between the ePolicy Orchestrator server and the anti-virus and security products.
It enforces policies and tasks on client computers; gathers and reports data; installs products;
enforces policies and tasks; and sends events back to the ePolicy Orchestrator server.
534
Glossary
ePolicy Orchestrator console
A view of all virus activity and status, with the ability to manage and deploy agents and products. It
provides the ability to set and enforce anti-virus and security policies to all agents on client
computers, or to selected computers; provides a task scheduling feature that targets specific
computers or groups with scheduled tasks and policies; and allows viewing and customizing reports
to monitor deployment, virus outbreaks, and current protection levels.
ePolicy Orchestrator server
A repository for all data collected from distributed ePolicy Orchestrator agents. It includes a database
that accrues data about product operation on client computers in the network; a report-generating
engine for monitoring the virus protection performance in your company; a software repository that
stores products and product updates for deploying to your network.
events
Generated by supported products, events identify activity on client computers from service events to
infection detection events. Each event is assigned a severity from informational to critical. Events
and properties comprise the data that appears on reports and queries.
EXTRA.DAT
file
Supplemental virus definition file that is created in response to an outbreak of a new virus or a new
variant of an existing virus.
See also DAT file, incremental DAT file, and SuperDAT.
fallback repository
The repository from which client computers retrieve updates when none of the repositories in their
repository list (SITELIST.XML) are available. Only one fallback repository can be defined.
force install, force uninstall
See product deployment client task.
FRAMEPKG.EXE
The agent installation package. When it executes, this file installs the ePolicy Orchestrator agent on a
client computer.
global administrator
A user account with read, write, and delete permissions, and rights to all operations. Operations that
affect the entire installation are reserved for use only by global administrator user accounts.
Compare to site administrator and global reviewer.
global distributed repository
An identical copy of the packages in the master repository.
global reviewer
A user account with read-only permissions; the global reviewer can view all settings in the software,
but cannot change any of these settings.
Compare to site reviewer and global administrator.
Product Guide
535
Glossary
global updating
A method for deploying product updates as soon as the corresponding packages are checked into the
master repository. Packages are immediately replicated to all SuperAgent and global distributed
repositories; the ePolicy Orchestrator server sends a wakeup call to all SuperAgents; SuperAgents
send a broadcast wakeup call to all agents in the same subnet; then all agents retrieve the update from
the nearest repository.
global reporting settings
Reporting settings that affect all ePolicy Orchestrator database servers, reports, and queries.
group
In the console tree, a logical collection of entities assembled for ease of management. Groups can
contain other groups or computers. You can assign IP address ranges or IP subnet masks to groups
to sort computers by IP address. If you create a group by importing a Windows NT domain, you can
automatically send the agent installation package to all imported computers in the domain.
host, host computer
See client computer.
inactive agent
An agent that has not communicated with the ePolicy Orchestrator server within a specified time
period.
incremental DAT files
New virus definitions that supplement the virus definitions currently installed. Allows the update
utility to download only the newest DAT files rather than the entire DAT file set.
See also DAT file, EXTRA.DAT file and SuperDAT.
inheritance
See task inheritance and policy inheritance.
item
See console tree item.
local distributed repository
Locations accessible only from the client computer; for example, a mapped drive or FTP server whose
address can only be resolved from a local DNS server. Local distributed repositories are defined in
the agent policy for selected client computers.
log
A record of the activities of a component of McAfee anti-virus software. Log files record the actions
taken during an installation or during the scanning or updating tasks.
See also events.
536
Glossary
Lost&Found group
A location on the ePolicy Orchestrator server for computers whose appropriate location in the
Directory cannot be determined. The server uses the IP management settings, computer names,
domain names, and site or group names to determine where to place computers. Only global
administrators have full access to the global Lost&Found; site administrators can access only
Lost&Found groups in sites for which they have rights.
lower details pane
In the console, the lower division of the details pane, which displays the configuration settings for
the products listed on the Policies tab in the upper details pane.
See also details pane and upper details pane.
McAfee AutoUpdate Architect
McAfee Security software that works with ePolicy Orchestrator to deploy products and product
updates throughout an enterprise.
master repository
The ePolicy Orchestrator server; it maintains an original copy of the packages in the source
repository, and can replicate packages to distributed repositories. At the master repository level, you
can check in product and product update packages; schedule tasks to replicate packages to global or
SuperAgent distributed repositories; and schedule tasks to pull packages from source or fallback
repositories, and integrate them into the master repository.
mirror distributed repository
A local directory on client computers whose replication is done using a Mirror client task and other
client computers can retrieve updates from it.
mirror task
Tasks that copy the contents of the first repository in the repository list to the local directory you
specify on the client computer.
.NAP file
Network Associates Package file. This file extension is used to designate McAfee software program
files that are installed in the software repository for ePolicy Orchestrator to manage.
node
See console tree item.
on-access scanning
An examination of files in use to determine if they contain a virus or other potentially unwanted code.
It can take place whenever a file is read from the disk and/or written to the disk.
Compare to on-demand scanning.
on-demand scanning
A scheduled examination of selected files to determine if a virus or other potentially unwanted code
is present. It can take place immediately, at a future scheduled time, or at regularly scheduled
intervals.
Product Guide
537
Glossary
Compare to on-access scanning.
package
Contains binary files, detection and installation scripts, and a package catalog (PKGCATALOG.Z) file
used to install products and product updates.
package catalog file
A file (PKGCATALOG.Z) that contains details about each update package, including the name of the
product for which the update is intended, language version, and any installation dependencies.
package signing, package security
A signature verification system for securing packages created and distributed by Network
Associates. Packages are signed with a key pair using the DSA (Digital Signature Algorithm)
signature verification system, and are encrypted using 168-bit 3DES encryption. A key is used to
encrypt or decrypt sensitive data.
pane
A subsection of the console.
See details pane and console tree.
POAGINST.EXE
See FRAMEPKG.EXE.
policy
Configuration settings for each product that can be managed via ePolicy Orchestrator, and that
determine how the product behaves on client computers.
Compare to task. See also agent policies.
policy enforcement interval
Determines how often the agent enforces the policies it has received from the ePolicy Orchestrator
server. Because policies are enforced locally, this interval does not require any bandwidth.
policy inheritance
Determines whether the policy settings for any one console tree item under the Directory are taken
from the item directly above it.
policy pages
Part of the ePolicy Orchestrator console; they allow you to set policies and create scheduled tasks for
products, and are stored on individual ePolicy Orchestrator servers (they are not added to the master
repository).
product deployment client task
A scheduled task for deploying all products currently checked into the master repository at once. It
enables you to schedule product installation and removal during off-peak hours or during the policy
enforcement interval.
538
Glossary
properties
Characteristics about supported products and the client computer, which are collected by the agent
and contain system information (for example, computer hardware, software, and corresponding
settings; specific policy settings for each product; and general product properties).
pull task
See Repository Pull server task.
replication task
See Repository Replication server task.
remote console
The console running on a computer that does not have the ePolicy Orchestrator server running on it.
Remote consoles allow more than one person access to the server to review actions or to manage sites
and installations.
See also ePolicy Orchestrator console.
Report Repository, Query Repository
A library of report and query templates, under Reporting in the console tree.
repository
The location that stores policy pages used to manage products. On the console tree, it is the Software
item under ePolicy Orchestrator.
repository list
The SITELIST.XML file that McAfee anti-virus products using AutoUpdate 7.0 use to access distributed
repositories and retrieve packages from them.
Repository Pull server task
A task that specifies the source or fallback repository from which to retrieve packages, then integrate
the packages into the specified branches in the master repository.
Repository Replication server task
A task that updates global and SuperAgent distributed repositories to maintain identical copies of all
packages in all branches that are in the master repository. You can also update selected distributed
repositories.
scanning
An examination of files to determine if a virus or other potentially unwanted code is present.
See on-access scanning and on-demand scanning.
selective updating
Specifying which version (Evaluation, Current, or Previous) of updates you want client computers to
retrieve.
Product Guide
539
Glossary
server tasks
Tasks that the server performs for maintenance on the ePolicy Orchestrator database and Repository.
Default server tasks include Inactive Agent Maintenance, Repository Pull, Repository Replication,
and Synchronize Domains.
site
In the console tree, a logical collection of entities assembled for ease of management. Sites can contain
groups or computers, and can be organized by IP address range, IP subnet mask, location,
department, and others.
site administrator
A user account with read, write, and delete permissions, and rights to all operations (except those
restricted to the global administrator) on the specified site and all groups and computers underneath
it on the console tree.
Compare to global administrator and site reviewer.
site reviewer
A user account with read-only permissions; the site reviewer can view the same settings as the site
administrator, but cannot change any of these settings.
Compare to global reviewer and site administrator.
source repository
A location from which a master repository retrieves packages.
SPIPE
Secured PIPE, a secured communications protocol used by ePolicy Orchestrator servers.
SuperAgent
An agent with the ability to contact all agents in the same subnet as the SuperAgent, using the
SuperAgent wakeup call. It is used in global updating and supports distributed software
repositories, alleviating the need for a dedicated server. It provides a bandwidth-efficient method of
sending agent wakeup calls.
See also ePolicy Orchestrator agent.
SuperAgent distributed repository
A replication of the master repository, used in place of dedicated servers for global distributed
repositories.
SuperAgent wakeup call
A scheduled task or on-demand command that prompts SuperAgents (and all agents in the same
subnet as each SuperAgent) to contact the ePolicy Orchestrator server when needed, rather than
waiting for the next ASCI.
See also agent wakeup call.
540
Glossary
SuperDAT
A utility that installs updated virus definition (SDAT*.EXE) files and, when necessary, upgrades the
scanning engine.
See also DAT file, EXTRA.DAT file, and incremental DAT file.
supplemental virus definition file
See EXTRA.DAT file.
task
An activity (both one-time such as on-demand scanning, and routine such as updating) that is
scheduled to occur at a particular time, or at specified intervals.
Compare to policy.
task inheritance
Determines whether the client tasks scheduled for any one console tree item under the Directory are
taken from the item directly above it.
updating
The process of installing updates to existing products or upgrading to new versions of products.
update package
Package files from Network Associates that provide updates to a product. All packages are
considered product updates with the exception of the product binary (Setup) files.
upper details pane
In the console, the upper division of the details pane, which contains the Policies, Properties, and
Tasks tabs.
See also details pane and lower details pane.
user accounts
The ePolicy Orchestrator user accounts include global administrator, global reviewer, site
administrator, and site reviewer. Administrator-level user accounts have read, write, and delete
permissions; reviewer-level user accounts have read-only permissions.
See also global administrator, global reviewer, site administrator, and site reviewer.
Product Guide
541
Glossary
542
Index
A
accounts (See user accounts)
Action summary
by top 10 viruses report, 449
adding
computer to the Directory, 116
custom report templates, 376
new group to the Directory, 108
new site to the Directory, 100
source repositories, 167
user accounts, 61
WebShield appliances to the Directory, 122
your own queries, 380
administrator accounts (See user accounts)
agent
collecting properties, 249
deployment, 277
deployment and management, 269
distributing, using third-party deployment
tools, 284
for NetWare, disable logging, 417
for NetWare, enable logging, 417
for WebShield appliances, ASCI, 245
for Windows, ASCI, 245
installation
packages, creating custom, 277
using search feature to send agent
install, 139
introduction, 28
maintenance, new features, 45
policies, 243 to 258
SuperAgent wakeup call, 248
support, new features, 38
64-bit, 44
Windows 2003, 44
tasks, default, 261
wakeup call, 244
Agent Monitor, 301
Agent versions report, 427
agent wakeup call, 244
SuperAgent, 248
using search feature to send,
139
agent-to-server communication
new features, 47
packet size, 422
agent-to-server communication interval
about, 245
agent for WebShield appliances, 245
agent for Windows, 245
connection interval report, 425
frequency, 245
alerts (See events)
appliances, adding WebShield, 122
architecture, distributed update repository, 34
ASCI (See agent-to-server communication interval)
audience for this manual, 17
AutoUpdate, 261, 263
AutoUpgrade, 261, 263
AVERT
contacting if outbreak occurs, 521
WebImmune, 22
AVERT Anti-Virus Emergency Research Team,
contacting, 21
B
bandwidth
monitoring network performance, 518
product deployment improvements, 34
beta program, contacting, 21
C
checking in packages,
client tasks
changing, 267
creating, 263
default, 261
206
Product Guide
543
Index
deleting, 268
recurring, 266
scheduling, 264
database, securing ePolicy Orchestrator MSDE,
default report templates, 423
definition of terms (See the Glossary)
386
starting in the future, 267
collecting properties
IP address information, 249
common implementations, 152 to 153
mid-sized business scenario, 152
pre-deployment testing scenario, 153
deleting
client tasks, 268
computers from the Directory
using search feature, 139
events from the ePolicy Orchestrator
database, 340
small business scenario, 152
compliance reports
Product Protection Summary, 439
configuring
ePolicy Orchestrator database filter,
user accounts, 63
deployment
agent, 269, 277
improvement in bandwidth usage, 34
of all product updates, 37
product, and updating, 307
devices, adding WebShield appliances, 122
Directory, 93 to 142
adding a computer, 116
adding a new group, 108
adding a site, 97
importing a computer from a domain, 114
importing a computer from a text file, 119
Lost&Found groups, 95, 123
sorting computers using IP management
settings, 131
tree, sorting computers using IP management
settings, 131
updating domains, 137
discarding unwanted events, 335
distributed repositories
architecture for update, 34
global, 155
local, 155
mirror, 156
domain synchronization
manual, 137
new features, 45
download web site, 21
duplicate computer names, 139
335
products via ePolicy Orchestrator (See product
Configuration Guide)
report filter, 345
console (See ePolicy Orchestrator software)
console tree items
computers, 113
Directory, 93 to 142
groups, 105
Lost&Found groups, 123
organizing the Directory, 141
sites, 97
WebShield appliances, 122
contacting McAfee Security, 21
continuous updating, 40
conventions used in this manual, 18
copying Help topics, 24
creating
SQL queries, 373
your own SQL query tables, 380
custom compliance reporting, new features, 43
customer resources, 22
customer service, contacting, 21
cut and paste, moving items in the Directory, 141
D
DAT file
deployment summary report,
engine coverage report, 435
DAT file updates, web site, 21
544
433
E
Engine deployment summary report,
ePolicy Orchestrator database
backing up, 394
437
Index
filter, 335
maintaining, 385 to 412
removing events, 340
your own custom query tables, 380
getting more information, 19
Getting Started wizard for small businesses
restoring, 394
system requirements (See the Installation Guide)
ePolicy Orchestrator software
configuring the firewall for, 422
connecting through an ISP and a firewall, 421
console, introduction, 28
new features, 46
using, 85 to 91
global
administrator (See user accounts)
distributed repositories, 155
reviewer (See user accounts)
installing (See Installation Guide)
new features, 30 to 49
system requirements (See the Installation Guide)
using over the Internet, 419
events
definition of, 245
disabling immediate event forwarding, 256
enabling immediate event forwarding, 256
filtering, 335
forwarding immediate and enabling or
disabling, 256
removing, 340
unwanted, discarding, 335
executive summary security reports, new
features, 43
exporting
report data to other formats, 371
repository list to a file, 200
updating, new features,
glossary, 533 to 541
F
fallback repository, 157
features
comparison, 31
new,
30
36
H
handling virus outbreaks
developing a plan, 518
overview, 517
recognizing an outbreak, 519
responding to an outbreak, 521
HELP application, 19
using, 24
What’s This? Help, 25
Help topics
copying, 24
finding information in, 24
hiding the Help navigation pane, 25
highlighting search words in, 25
moving through Help topics you’ve seen, 25
printing, 25
showing the Help navigation pane, 25
viewing information about items in dialog
boxes, 25
highlighting search words in Help topics, 25
filter
report, 345
specifying the ePolicy Orchestrator
database, 335
finding
duplicate computer names in Directory,
information in Help, 24
G
generating
SQL queries,
373
I
139
immediate event forwarding
definition of, 245
enabling or disabling, 256
implementations, common (See common
implementations)
importing
a computer from a domain, 114
a computer from a text file, 119
a group to the directory, 106
Product Guide
545
Index
a network domain as a site, 98
information
about the default report templates,
McAfee AutoUpdate Architect
importing repositories, 148
McAfee Security customer contacts,
423
20 to 21
filtering events, 335
installing ePolicy Orchestrator
Small Business Edition (See the Getting Started
Guide)
software (See the Installation Guide)
integration, new features
McAfee Security University, contacting, 21
Microsoft Remote Access Service (RAS), 420
mid-sized business implementation scenario, 152
Minimum Escalation Resource Tool (MERTool), 22
mirror
agent tasks, 261
Norton AntiVirus 8.0 and 8.01, 49
VirusScan Enterprise 7.0, 49
integrity check, IP address, 125
Internet Service Provider (ISP), 420
interval
agent-to-server communication, 245
initial agent-to-server communication,
policy enforcement, 246
setting agent communication, 254
IP address
checking integrity, 125
information in the agent, 249
IP management
rules, 94
search order, 95
sorting computers by, 133
wizard for sorting, 131
items (See console tree items)
AutoUpdate site, product-specific task, 262
monitoring network performance, 518
moving items, 141
using search feature to move computers in the
Directory, 139
with cut and paste, 141
multiple server management, new features, 41
246
K
KnowledgeBase search,
21
L
local distributed repositories, 155
Lost&Found groups, 95, 123
M
managed products, 143 to 146
management of
agent, 269
mid-sized business implementation, 152
multiple servers, new features, 41
small business implementation, 152
master repository, 154
546
N
named pipes network library connection
changing, 412
navigating through Help topics you’ve seen, 25
network library connection
changing, 412
new features, 30 to 49
64-bit support for the agent, 44
agent support, 38
agent-to-server communication, more control
over, 47
automatic domain synchronization, 45
automatic inactive agent maintenance, 45
continuous updating, 40
deployment of product updates, new
features, 37
Getting Started wizard for small businesses, 46
global updating, 36
integration with Symantec Norton AntiVirus 8.0
and 8.01, 49
integration with VirusScan Enterprise 7.0, 49
multiple server management, 41
reporting, 43
on product updates, 38
performance improvements, 48
updating for mobile computers, enhanced, 39
Index
Windows 2003 support for the agent,
nodes (See console tree items)
Norton AntiVirus software management
44
agent-to-server communication interval, 245
how policies are enforced, 230
integration with ePolicy Orchestrator, new
features, 49
policy enforcement, 230
policy enforcement interval, 246
number of infections detected
monthly showing viruses report,
458, 460
O
old events, removing, 340
on-demand scanning, 261, 263
online Help
copying topics, 24
finding information in, 24
highlighting search words in, 25
moving through Help topics you’ve seen, 25
printing, 25
viewing information about items in dialog
boxes, 25
organizing the Directory
settings, 131
outbreaks, 517 to 521
preparation checklist, 518
recognizing, 519
responding, 521
overview
agent deployment and management, 269
Directory, 93
ePolicy Orchestrator servers, 51
handling virus outbreaks, 517
introducing ePolicy Orchestrator, 27
managing products, 143
policies, properties, client tasks, 225
product deployment and updating, 307
reporting, 327
software repositories, 147
P
packages, 203
checking in, 206
dependencies, 205
ordering, 205
signing and security, 204
unsigned, 204
versioning and branches, 205
password, changing on user accounts,
64
performance, reporting improvements, new
features, 48
policies, 226 to 258
how to set a policy, 232
policy enforcement
for Norton AntiVirus products, 230
interval, 246
pre-deployment testing implementation
scenario, 153
PrimeSupport, 21
printing
Help topics, 25
your report, 371
product deployment and updating, 307 to 325
Product Protection Summary report, 439
product training, contacting, 21
product updates
deployment, new features, 37
reporting on, new features, 38
pull now task, initiating, 217
Q
queries, 373 to 374
SQL, 373
templates, 423 to 516
query results, copy and paste,
373
R
README file, 20
real-time events (See immediate event forwarding)
release features
Product Protection Summary report, 439
removing
events from the ePolicy Orchestrator
database, 340
Product Guide
547
Index
user accounts, 63
replication tasks
initiating, 221
scheduling
client tasks, 264
report filter, 345
setting, 345
report templates, default,
reporting, 327 to 383
about, 327
overview, 327
recurring tasks, 266
search
feature, using to delete computers, 139
for computers in the Directory, 139
servers, 51 to 84
introduction, 28
423
reports
Action Summary By Top 10 Files Resolved,
and queries, 327
default, 423
exporting data to other formats, 371
Product Protection Summary, 439
refreshing data in, 370
regenerating, 370
specifying options, 343
templates, 446 to 516
repositories, 147 to 223
creating, 158 to 170
fallback, 157
global distributed, 155
local distributed, 155
master, 154
mirror distributed, 156
source, 156
types, 154 to 157
types of, 154
repository list
exporting, 153
exporting to a file, 200
importing, 148
McAfee AutoUpdate Architect, 148
used in mirror tasks, 156
Repository Replication server tasks, 220
resources
available for customers, 22
contacting McAfee Security, 21
S
scheduled tasks
AutoUpdate,
548
447
tasks, scheduling Repository Replication, 220
service portal, PrimeSupport, 21
setting
policy, 232
report filter, 345
site administrator (See user accounts)
site reviewer (See user accounts
SITELIST.XML ( See repository list)
small business
Getting Started wizard, 85
implementation scenario, 152
software repositories, 147 to 223
settings, 133
source repositories, 156
adding, 168
defining, 167
specifying
ePolicy Orchestrator database filter, 335
reporting options, 343
SQL
queries, generating, 373
transaction log is full, 392
submitting a sample virus, 21
SuperAgent
wakeup call, 248
Symantec Norton AntiVirus software (See Norton
AntiVirus software management)
synchronizing domains, 137
T
261, 263
tasks
AutoUpdate,
261, 263
Index
creating client, 263
default, product-specific,
global reviewer, 60
removing, 63
site administrator, 60
262
deleting, 268
ePolicy Orchestrator agent, default,
inheritance, 262
scheduling, 264
scheduling recurring, 266
TCP/IP network library connection
261
changing, 412
technical support, 21
templates
Infection | Action Summaries reports, 446
report and query, 423 to 516
Top 10 reports
detected viruses report, 472
infected files bar report, 473
infected machines bar report, 474
infected users bar report, 475
training web site, 21
troubleshooting, 413 to 417
checking connection and communication
between ePolicy Orchestrator server and
ePolicy Orchestrator agent for NetWare, 415
connecting to the ePolicy Orchestrator server
from remote consoles, 414
creating a user data source name, 416
disabling logging for the NetWare agent, 417
enabling logging for the NetWare agent, 417
U
updating
continuous, 40
domains, 137
enhanced for mobile computer, new
features, 39
global, new features, 36
product, and deployment, 307
upgrade web site, 21
user accounts, 59 to 65
adding, 61
changing passwords, 64
deleting, 63
global administrator, 59
site reviewer, 61
utilities
Agent Monitor, 301
V
version, determining for server, console, policy
pages, 56
viewing information about items in dialog boxes,
Virtual Private Networks (VPN), 420
virus definition files (See DAT files)
Virus Information Library, 21 to 22
virus outbreaks, handling, 517
virus, submitting a sample, 21
VirusScan Enterprise 7.0
integration, new features, 49
25
W
wakeup call
agent, 244
SuperAgent, 248
WebImmune, 22
What’s this? Help, 25
Windows 2003
support for the agent, new features, 44
wizard
add repository, 168
Check-in package, 206
Copy package, 211
Export repository list, 201
IP Sorting, 131
Pull Now, 217
Replicate Now, 221
Small Business Getting Started, 85
Software Repository Configuration, 144
Product Guide
549
Index
550

ePolicy Orchestrator 3.0 Product Guide

Transcription

Similar documents

Piano Spec Sheet Template

Building User-defined Runtime Adaptation Routines for

"Thanksgiving, 1621," "John Billington`s Exile," "Waking in Plymouth"

RESULTS COMMERCIAL INSIGHTS CHALLENGES

McAfee ePolicy Orchestrator 4.6.0 Software Guide

StairMaster Gauntlet - Tower Fitness Equipment Services Inc.

Exploring the Coming Repositories of Reproducible

19 FT Center Console Boat Comparison | Yamaha Boats

OSS Identity Management