McAfee Web Protection Admin Guide

Transcription

McAfee SaaS Web
Protection Customer
Administration Training
Guide
Developed by: MacAfee SaaS Email and Web Protection Education Services
Document Version: V 6.4
Document Release Date: June 21, 2010
Proprietary and Confidential
McAfee SaaS Web Protection Administration Training Guide
Table of Contents
1
Web Protection Course Overview ........................................................ 1-1
1.1
Course Description .................................................................................. 1-1
1.2
Course Objectives ................................................................................... 1-1
1.3
Web Protection Service Overview .......................................................... 1-1
1.3.1 Web Protection Package Options ..................................................... 1-2
1.3.2 Customers Provisioned for Web Protection...................................... 1-2
1.4
Supported Browsers ................................................................................ 1-2
2
Accessing the Control Console ............................................................ 2-1
2.1
Module Objectives ................................................................................... 2-1
2.2
Signing into the Control Console ............................................................ 2-1
2.3
Create / Change a Password .................................................................. 2-2
2.4
Sign into the Control Console with a Password ...................................... 2-5
2.5
Getting Locked out of the Control Console ............................................. 2-6
2.5.1 Unlocking a user account.................................................................. 2-6
2.6
Control Console Overview ...................................................................... 2-8
2.7
Navigation Options .................................................................................. 2-9
2.7.1 Primary Selectors .............................................................................. 2-9
2.7.2 Main Menu Options ........................................................................... 2-9
2.7.3 Global Search Tool ......................................................................... 2-11
3
Account Management ............................................................................ 3-1
3.1
3.2
Account Management Overview ............................................................. 3-1
3.3
Customers Menu Option ......................................................................... 3-3
3.3.1 Distribution Lists ................................................................................ 3-3
3.3.2 How Distribution Lists work ............................................................... 3-4
3.3.3 Distribution Groups ........................................................................... 3-6
3.3.4 Performance Reports ........................................................................ 3-6
Sample Performance Report ......................................................................... 3-8
3.4
Domain Management .............................................................................. 3-9
3.5
User Management ................................................................................. 3-11
3.5.1 User Management Overview .......................................................... 3-11
3.5.2 User Roles & Permissions .............................................................. 3-12
3.5.3 Accounts Page ................................................................................ 3-15
3.5.4 User Details ..................................................................................... 3-15
3.5.4.1 Edit User Details ....................................................................... 3-15
SaaS Email and Web Protection Education Services
Page i
3.5.4.2 User Status ............................................................................... 3-16
3.5.5 Delete Button .................................................................................. 3-18
3.5.5.1 Change Group .......................................................................... 3-18
3.5.5.2 Preferences............................................................................... 3-19
3.5.5.3 Web Protection Settings ........................................................... 3-19
3.5.6 My Account ..................................................................................... 3-20
3.6
Create user accounts ............................................................................ 3-21
3.6.1 Delete Users ................................................................................... 3-24
3.6.2 User Agent ...................................................................................... 3-25
3.6.3 Aliases ............................................................................................. 3-25
3.6.4 User Authentication ......................................................................... 3-25
3.7
Groups ................................................................................................... 3-28
3.7.1 Creating Groups .............................................................................. 3-29
3.7.2 Adding Users to a Group ................................................................ 3-30
3.7.3 View User Group Assignment ......................................................... 3-32
4
Directory Synchronization..................................................................... 4-1
4.1
Overview.................................................................................................. 4-1
4.1
Customer Configuration .......................................................................... 4-1
4.1.1 Sync Setup ........................................................................................ 4-2
4.1.1.1 Sync Setup Fields ....................................................................... 4-3
4.1.2 Automatic Synchronization Settings ................................................. 4-6
4.2
User Synchronization .............................................................................. 4-6
4.2.1 The Synchronization Process ........................................................... 4-8
4.2.1.1 Sync History ................................................................................ 4-9
4.2.2 User Synchronization Details .......................................................... 4-10
4.2.2.1 Add Records ............................................................................. 4-11
4.2.2.2 Delete Records ......................................................................... 4-11
4.2.2.3 Alias Switch............................................................................... 4-11
4.2.2.4 Alias to Primary ......................................................................... 4-11
4.2.2.5 Primary to Alias ......................................................................... 4-11
4.2.2.6 Type Changes........................................................................... 4-11
4.2.2.7 Rejections ................................................................................. 4-12
4.2.2.8 Rejection Messages ................................................................. 4-13
4.2.3 The Distribution List Type ............................................................... 4-14
5
Web Protection Setup Details ............................................................... 5-1
5.1
Objectives ................................................................................................ 5-1
5.2
Activating the Web Protection Service .................................................... 5-1
5.3
Access Control Types ............................................................................. 5-2
5.3.1 Explicit User Authentication .............................................................. 5-3
5.3.2 IP Address Range Authentication ..................................................... 5-4
5.3.2.1 Adding IP Addresses .................................................................. 5-4
5.3.2.2 IP Address Validation ................................................................. 5-5
5.3.3 Choosing multiple Access Controls .................................................. 5-5
5.4
WDS Connector ...................................................................................... 5-7
Page ii
5.4.1
5.4.2
5.4.3
5.4.4
5.4.5
6
What setup steps need be performed? ............................................ 5-8
Why create user accounts in the Control Console? ......................... 5-8
How does the WDS Connector work? .............................................. 5-9
WDS Connector Authentication…things to note............................... 5-9
WDS Connector Technical Considerations ...................................... 5-9
Configuring Policy Sets ......................................................................... 6-1
6.1
Objectives ................................................................................................ 6-1
6.2
Policy Set Overview ................................................................................ 6-1
6.3
Define a Policy ........................................................................................ 6-3
6.3.1 Create a new Policy .......................................................................... 6-3
6.3.2 Customize Policy Rules .................................................................... 6-4
6.3.2.1 Threat Policy Configuration ........................................................ 6-5
6.3.3 Content Policy Configuration ............................................................ 6-6
6.3.4 Trusted Sites ..................................................................................... 6-8
6.3.5 Blocked Sites .................................................................................... 6-9
6.4
Schedule Policies .................................................................................... 6-9
6.4.1 Editing Subscriptions ...................................................................... 6-11
6.4.2 Prioritizing Schedules ..................................................................... 6-12
6.4.3 Applying schedules & user time zones ........................................... 6-14
6.5
Web Access User Experience............................................................... 6-15
6.5.1 Exception Messages ....................................................................... 6-16
6.6
Request a URL Re-categorization ........................................................ 6-17
7
Reporting ................................................................................................. 7-1
7.1
Objectives ................................................................................................ 7-1
7.2
Reports Overview .................................................................................... 7-2
7.2.1 Reporting Data History...................................................................... 7-2
7.3
Report Navigation.................................................................................... 7-4
7.4
Traffic Overview Report .......................................................................... 7-6
7.5
Threat Filtering Report – Summary Report............................................. 7-7
7.5.1 Threat Filtering Report – Detail Report ............................................. 7-9
7.6
Allowed Content by User – Summary Report ....................................... 7-11
7.6.1 Allowed Content by User – Detailed Report ................................... 7-12
7.7
Allowed Content by Site – Summary Report ........................................ 7-13
7.7.1 Allowed Content by Site – Detailed Reports................................... 7-14
7.8
Blocked Content Report – Summary Report ........................................ 7-15
7.8.1 Blocked Content Report – Detail Report ........................................ 7-16
7.9
Audit Trail Report .................................................................................. 7-17
7.10 User Level Reporting .............................................................................. 7-18
7.10.1 Web Activity .................................................................................... 7-19
7.11
Detailed Download (CSV) ...................................................................... 7-20
7.12
Downloading Reports ............................................................................. 7-21
Page iii
7.13
Understanding the Reporting Data ......................................................... 7-21
7.14 Forensics Reporting ............................................................................... 7-22
7.14.1 Enter Forensics Criteria .................................................................. 7-23
7.14.2 Forensics Search Results ............................................................... 7-25
7.14.3 Sort Forensics Results .................................................................... 7-26
8
Support .................................................................................................... 8-1
8.1
8.2
McAfee Customer Support ...................................................................... 8-1
8.3
Preferences ............................................................................................. 8-3
8.4
eService Requests .................................................................................. 8-3
8.4.1 Creating a Password ......................................................................... 8-3
8.4.2 Changing a Password ....................................................................... 8-3
8.4.3 Creating a Service Request .............................................................. 8-4
8.4.4 Reviewing or Updating a Service Request ....................................... 8-6
8.5
Supporting Documentation...................................................................... 8-6
8.6
Education Services Contact .................................................................... 8-7
Page iv
1 Web Protection Course Overview
1.1 Course Description
Learn how to use the Control Console to establish policies identifying how the Web Protection
Service will react when Threats and unwanted content are detected. Threats include websites that
are considered Phishing Sites, or contain Spyware or Viruses. You will become familiar with
configuring policy details, creating and managing user accounts and generating web activity
reports. You will also understand the response the user will receive when threats or blocked
content are detected.
The focus of this document is for the role of Customer Administrator. Other roles permissions are
outlined in the section of this document titled ‘User Roles & Permissions’
1.2 Course Objectives
Understand the purpose of the Web Protection Service
Sign In successfully to the Control Console
Discuss the Entities & Console Roles
Create user accounts
Setup and Maintain Policy Sets
Understand and Identify user Authentication Type
Run and analyze Web Protection Reports
Understand where to log eService Tickets
1.3 Web Protection Service Overview
McAfee Web Protection comprises multiple components that work together to perform web site
analysis, filtering, protection, and data management.
Purpose: keep an organization’s systems and networks safer from threats entering through Web
browsers.
McAfee Web Protection solution enables customers to:
Authenticate user access
Select and block web sites that contain threats that could potentially harm computers and
networks: virus / phishing / spyware
Select and block web sites that their users / employees should not be visiting, such as
pornography and gaming web sites
Monitor and log user web surfing
Monitor and log the most popular Web protocols and web sites accessed by users
Page 1-1
1.3.1 Web Protection Package Options
Content Control – URL filtering by category and Anti-Virus
Threat Control – Anti-Phishing (AP), Anti-Spyware (AS), and Anti-Virus (AV)
Total Control – contains all of the above; URL, AP, AS, and AV
Content Control + IP Range Authentication- URL filtering and Anti-Virus , and IP Range
Authentication Access Control Type option
Threat Control + IP Range Authentication – Anti-Phishing (AP), Anti-Spyware (AS), and AntiVirus (AV), and IP Range Authentication Access Control Type option
Total Control + IP Range Authentication – contains all of the above; URL, AP, AS, and AV,
and IP Range Authentication Access Control Type option
Email & Web Security Service Bundle – include all package options: URL, AP, AS, and AV
and include all three access control types
Complete Security Service Bundle - include all package options: URL, AP, AS, and AV and
include all three access control types
All package options include Anti-virus protection. This feature cannot be
disabled. All package options also include the WDS Connector Access Control
Type.
1.3.2 Customers Provisioned for Web Protection
Customers with the Customer Type of Enterprise can be provisioned with the Web Protection
Service.
Customers with the Customer Type of Service Provider cannot be provisioned for any Web
Protection Service, nor do they have access to the Group Membership Functionality.
1.4 Supported Browsers
The following is a list of supported browsers for Web Protection Service:
Internet Explorer 7.x on Vista
Internet Explorer 7.x on XP
Internet Explorer 6.x on XP
Firefox 3.x on Vista
Firefox 3.x on XP
Firefox 3.x on OS X 10.5
Firefox 2.x on Vista
Firefox 2.x on XP
Page 1-2
Safari 3.x on OS X 10.5 (Web Protection End user only)
Safari 3.x on OS X 10.4 (Web Protection End user only)
Page 1-3
McAfee Education Services
2 Accessing the Control Console
2.1 Module Objectives
Upon completion of this module, you will be able to:
Understand how to obtain your Sign In information
Understand how to create or change your Control Console Password
Understand how to Unlock a user who has been locked out of the Control Console
Interpret the Customer Overview page
Locate the navigation methods used within the Control Console
2.2 Signing into the Control Console
To Sign into the control console, you need the:
Control Console URL
Sign in ID
Password
The URL & Sign in ID are obtained by following the ‘Getting Started’ instruction in the Welcome
Email received by the Technical Contact on your account. Once you access the Control Console
Sign In page, following the instructions to create your own password.
Page 2-1
2.3 Create / Change a Password
When signing in as a Customer Administrator for the first time, you must create your own
password. The following steps are the same when you are creating your initial password, or if you
have forgotten your existing password and need to change it. To do this:
1. Navigate to the Control Console at the URL listed in your Service Activation Guide. The
URL will be either: console.mxlogic.com or portal.mxlogic.com
2. Click the Forgot your password or need to create a password link
3. On the Change Password page, enter the username listed in the Service Activation
Guide
4. Choose whether you prefer to have the password information sent to the username
address you entered or to your Domain (Technical) Contact email address
Page 2-2
5. You will see a confirmation page that confirms an email was sent to the desired address
6. Once you have received the email, click on the URL included in the body copy, which will
direct you to the Change Password page.
7.
Create your password
All passwords must:
Page 2-3
•
Be a minimum of 8 characters and contain at least 2 of the following character types:
Letters (upper / lower)
Numbers
Special Characters
()`~!@#$%^&*-+=|\{}[]:;"'<>,.?/
Passwords are case sensitive
8. You will then be prompted to supply the answer to a security question, such as “Mother’s
birthplace” or “Name of first pet.” Please note that answers to the security questions,
unlike passwords, are not case sensitive.
The first time a user signs in with a password, but no security question, they will be prompted to
enter a security question. The Security Question Answer is used if a user forgets their password
and walks through the above steps to Change an existing password
Page 2-4
2.4 Sign into the Control Console with a Password
The Control Console Address is referenced in the customers Service Activation Guide. The Sign
In window will allow users to select their language preference.
The drop down menu lists all languages available; the default language is English
English
Chinese, Simplified
Chinese, Traditional
Korean
French (universal)
Italian
German
Spanish (universal)
Japanese
Danish
Dutch
Finnish
Norwegian
Portuguese, Brazilian
Portuguese, Iberian
Russian
Polish
Swedish
Users may also select their language preference via the Setup/Preferences window.
The only windows changed to the selected language are user-level windows; all administrative
windows are always displayed in English
Page 2-5
2.5 Getting Locked out of the Control Console
A user account is locked out of the Console after 5 consecutive unsuccessful login attempts within
30 minutes.
A user is notified their account has been locked out on the Control Console Sign in Page
2.5.1 Unlocking a user account
There are four ways for a user account to be unlocked:
1. Wait 30 minutes until the lock out automatically expires and attempt to sign into the
control console with the correct password
2. Change the user account password by clicking on the Forgot password link on the
Control Console Sign in page and walking through remaining steps
3. Ask the Customer Administrator to change the user account password
4. Ask the Customer Administrator to unlock the user account so they can attempt to sign in
again with their correct password
Note: user accounts with the role of Customer Administrators can assign and
change other user account passwords. User accounts logged in with the Role of
Partner Administrator or higher cannot assign passwords for any user account
other than their own
Page 2-6
All administrative roles that have access to manage user accounts can unlock a user. There is a
Locked column on the Accounts page within User Management. View this page to identify if any
users have been locked out.
To unlock a user account, access the user account details by double clicking on the user account
name. Click the Unlock button inside the user details
Page 2-7
2.6 Control Console Overview
When signing into a customer account that only subscribes to the Web Protection Services, the
landing page will be the Traffic Overview Report.
This report provides a snapshot of Web Activity for Customer including a summary for Allowed
Content Requests, Blocked Content Requests, and Data Volume. The data displayed on this page
will default to a reporting period of the current day.
If you subscribe to the Email Protection, Web Protection and Message Archiving services, the
landing page will be the Customer Overview page; a summarization of the last 24 hour email
activity
Page 2-8
2.7 Navigation Options
2.7.1 Primary Selectors
There are four primary navigation options, which organize the functions within the Control Console:
Account Management
Email Protection
Message Archiving
Web Protection
Note: The Account Management Product Selector will be viewable by all
customers. Only those customers who subscribe to the Email Protection,
Message Archiving Service or the Web Protection services will see the
additional Product Selectors.
2.7.2 Main Menu Options
Once the primary navigation option is selected, the associated main menu options are displayed.
There are specific functional areas to assist Administrators in managing the various entities with
the Control Console.
Account Management
Customer – Customer management
Domains – Domain configuration
Users – User management
Groups – Group configuration
Email Protection
Page 2-9
Overview – 24 hour snap shot of activities
Quarantine – Message Quarantine
Policies – Policy configuration
Setup - Configuration
Reports – Reporting and Statistics
Message Archiving
Overview – Current snap shot of the overall status of Message Archiving
Message Archiving – Searching and Exporting of archived messages
Mail Source – Configuration setting for the Message Archiving Mail Sources
Web Protection
Policies – Policy configuration
Setup - Configuration
Reports – Reporting and Statistics
End-Users of Web Protection will not have access to the Web Protection portion
of the console. Only user accounts with the role of customer administrator &
reports manager will have access to the Web Protection portions of the console.
Page 2-10
2.7.3 Global Search Tool
The Global Search tool reduces the number of clicks needed to obtain information for
Domains and Users. The Global Search tool is located at the top right corner of each window
and is displayed by default.
The available options from the Search drop-down list will change depending on the user role.
Options include users, domains, and customers.
Use the Go button to execute the search once the system has accepted the entry.
The system will validate the entry. If the entry does not exist, the entry will appear in RED
text
When entering a partial value, the database will return all matches in the dropdown menu
The global search tool can be minimized
Page 2-11
3 Account Management
Understand the functional areas within Account Management
Explain how the information within Account Management relates to the Email Protection,
the Web Protection , and the Message Archiving services
Understand with functions within the Customer Area
Configure Domain information
Describe and Configure the user account details
Create new user accounts individually or via batch file
Understand User Authentication options
Create and manage Groups
Explain how Groups are associated to Policy Sets
3.2 Account Management Overview
The account management area focuses on the creation and management of user accounts.
The functional areas within Account Management are:
Customers – Distribution List setup & Performance Report settings
Domains – Domain Management
Users – User Management
Groups – Group Management
Page 3-1
User accounts created within Account Management:
Are only ever created one time and are used for all product lines to which the customer
subscribes: Email Protection, Web Protection and Message Archiving
Every user account created must be unique and would not be able to be duplicated
Users deleted within Account Management:
Are deleted from a three services; Email Protection, Web Protection and Message
Archiving
Are removed from all groups they were assigned; both for Email Protection, Web
Protection and Message Archiving
All Quarantined messages are deleted
Groups deleted in Account Management:
Will be removed from association for both the Email Protection and Web Protection
policy sets
The users will be implicitly associated with Default policy sets
Page 3-2
3.3 Customers Menu Option
There are two menu links within the Customer Menu Option; Distribution Lists and
Performance Reports
3.3.1 Distribution Lists
Distribution lists allow for the creation of lists to be used in different areas of the Control
Console. When activated, distribution lists send multiple instances of a notification-type email
to be sent to the members you place in the list.
Distribution Lists have members must be any valid, fully qualified email address. The
members added to a Distribution list do not have to reside as User Accounts in the Control
Console, and do not need to be associated to the customer’s domain.
Distribution Lists can be activated in the following areas of the Control Console:
Email Protection Policies Attachment Filename Silent Copy
Email Protection Policies Content Groups Silent Copy
Account Management Users Sync Setup Exception Notification
Account Management Customer Performance Reports
Note: Distribution Lists are not the same thing, nor are they a replacement of
Distribution Groups for email delivery, which are maintained on the Customer
Mail Server
Page 3-3
Creating and implementing a distribution list is a two step process:
1. Create a New Distribution List and add email addresses into the list
Distribution Lists can contain any valid recipient email address, including:
Email addresses for a User with a user account in the Control Console
Email Addresses for a User outside of the Control Console
Distribution Group email addresses
2. Activate the Distribution List in one or more of the following places:
Email Protection Policies Attachment Filename Silent Copy
Email Protection Policies Content Groups Silent Copy
Account Management Users Sync Setup Exception Notification
Account Management Customers Performance Reports
3.3.2 How Distribution Lists work
When a Distribution Lists are activated in email Protection Policies:
When the policy (rule) is violated, and a Distribution List has been selected in that policy, a
blind carbon copy (silent copy) of an email is sent to all members in the selected Distribution
List. They are then ‘notified’ with a copy of the email that caused the policy violation.
Example: your policy states to Quarantine a message if a message contains a .php
attachment and a distribution list is activated. When a message comes in that has an .php file
attached, the message will be placed into Quarantine and a blind carbon copy of the message
that invoked the violation will be sent to all email addresses in the Distribution List.
When a Distribution List is activated in Sync Setup:
Page 3-4
When Automatic Directory Integration Synchronization is activated, an email will be sent to the
email addresses in the selected distribution List, notifying them of the exceptions during the
automatic synchronization. The ability to determine which exceptions you want to be notified
about is available.
When a Distribution List is activated in Performance Reports:
You are identifying that all members in the selected Distribution List will receive a .PDF
version of the Performance Report.
Page 3-5
3.3.3 Distribution Groups
McAfee distribution lists are not the same thing, nor are they a replacement of the customer’s
email distribution groups.
Distribution groups are created and maintained on the customer’s email server
Distribution lists are created and assigned using the Control Console
Any distribution group maintained on the customer’s email server must have an
associated primary user account in the Control Console. When a valid email is
received for that primary user account, the service delivers the message to the
customer’s email server once, to the primary user account. The customer’s
mail server distributes that message to all members of the customer’s
distribution group.
3.3.4 Performance Reports
Performance reports contain statistical information on the performance of Email Protection and
Web Protection Services and are emailed as a PDF attachment.
To receive Performance Reports, you must opt into performance reports. Opting into Performance
Reports is a two step process:
1. Create a Distribution List and enter the email addresses of the people you would like to
receive the performance report (see the Distribution List section of this document for
steps on creating a Distribution List)
2. Access the Performance Reports link and select the created Distribution List in the
Deliver to drop list
After the Distribution list(s) have been created, the Performance report can be delivered
immediately.
Page 3-6
Performance reports contain:
Statistical information on the performance of Email Protection Service and Web
Protection Service
Graphical traffic and threat data
Can be formatted in grid, pie chart or line graph formats, and represent a wide variety of
traffic and threat categories
Give insight into the on-going performance of the Email and Web security services
Definitions for each report field and can be configured for weekly or monthly delivery
Reports are emailed to the distribution lists recipients as a .pdf attachment
Modifying the Time Zone field under Performance Reports only apply to the Performance
Reports and not to individual users.
Performance Report Frequency
Performance Reports can be produced in one of two ways, manually or scheduled. After the
Distribution list has been created, open the Performance Reports link.
Deliver To - Select the distribution list to which the report should be sent
Time Zone – The time zone used to create the report
Frequency - Check the box to specify the frequency of the Performance Reports.
Weekly – includes data for the previous full week
Monthly - includes data for the previous full month
The Send Now button emails the Performance Report from the last full reporting period
Page 3-7
Sample Performance Report
Page 3-8
3.4 Domain Management
If multiple domains are being filtered by McAfee, your domains can be configured one of two ways:
Separate Primary Domains
Primary Domain with Domain Aliases
Typically, customers who only subscribe to Web Protection will only have one primary domain
All primary domains will be listed when you access the Domain Management area. You can select
the Show Domain Aliases checkbox to view the domain aliases associated to your primary
domains
To view details about a Domain, click on the Domain within the Domain list
Review the Domain information and contact McAfee Customer Support if there are any changes
you need to make to a primary domain
The options available on the Domain Details window may vary depending on which User Role has
logged in
As the Customer Administrator, you are able to:
•
View your Domain Details
•
Add Domain Aliases
Customer Administrators do not have the ability to add new Primary Domains,
edit the Primary Domain details, or delete the Primary Domain
Page 3-9
Note: The Contact Email listed inside the Primary domain can be used when a user account is
creating or changing their password. When creating or changing a password, the user has the
ability to determine where the confirmation email is sent, allowing the user to change/ create their
password. When the 2nd radio button is selected, email password information to my domain
contact, the email is sent to the email address listed in the Contact Email field within the primary
domain.
Page 3-10
3.5 User Management
3.5.1 User Management Overview
User Management is where user accounts are created, managed, deleted and grouped.
User accounts created within Account Management:
Are only ever created one time and are used for all product lines to which the customer
subscribes: Email Protection, Web Protection and Message Archiving
Every user account created must be unique and would not be able to be duplicated
Users deleted within Account Management:
Are deleted from a three services; Email Protection, Web Protection and Message
Archiving
Are removed from all groups they were assigned; both for Email Protection, Web
Protection and Message Archiving
All Quarantined messages are deleted
Groups deleted in Account Management:
Will be removed from association for both the Email Protection and Web Protection
policy sets
The users will be implicitly associated with Default policy sets
Page 3-11
3.5.2 User Roles & Permissions
Every user account has a role assigned to it, which determine what permissions this user will have
when they sign into the control console. The roles and associated permissions below include a
customer that subscribes to Email Protection, Web Protection and Message Archiving
All Roles
Can manage their own user account including:
Password
Security question & answer
Email Protection Spam Quarantine Mail
Message Continuity Inbox
Email Protection Allow List & Deny List
Their own Spam Quarantine Report delivery preferences
User Aliases
Their own Archived Messages
Partner Administrator Role
The Partner Administrator has access to manage all of their downstream customer’s
information. They can perform the same functions as the Customer Administrator with a few
exceptions:
The Partner Administrator can, in addition to all Customer Administrator functions:
Create new Customers
Create Primary Domains
The Partner Administrator cannot:
Create or change passwords on any user account
View any user accounts Message Continuity Inbox
Customer Administrator Role
The Customer Administrator is the highest customer level role. This is the only Customer level role
that can create users, initial Directory Synchronization, Install the WDS Connector and create and
edit Policies. More than one user account can be assigned the role of Customer Administrator
Domain Level Permissions:
Create Distribution Lists
Opt into Performance Reports
Create & change Domain Aliases
Manage/ edit existing user accounts
Create user accounts
View all users message continuity mail (view only)
Page 3-12
Create & change user passwords
Activate Directory synchronization
Determine password authentication options
Create groups
Create & manage Email & Web Protection Policies
Configure Email Protection Setup
1.
Add change mail servers/ disaster recovery configuration/ user creation mode
Manage Quarantine for all domains
Setup Message Archiving services
Search for all users archived messages
Determine Web Protection Access Control types
Generate Email & Web Protection Reports
The Customer Administrator Cannot:
Add new Primary domains
Edit Primary Domain Details (contact email, domain name, etc.)
Delete a Primary Domain
Domain Administrator Role
Edit existing user accounts allow & deny list
Edit existing user accounts quarantine
Configure Email Protection Setup
2. Add change mail servers/ disaster recovery configuration/ user creation mode
Manage Quarantine for all domains
Can view information only for the logged into. Example: The customer has two primary
domains, the Domain Admin logs in with a login ID to one of those primary domains; they can
only see the information relevant to that primary domain.
Quarantine Manager Role
Manage Quarantine Mail
Manage User Level Quarantine
Manage User Level Allow/ Deny Lists
Can view information only for the logged into
Page 3-13
Reports Manager Role
User Role
None
Note: Users only have access to Email Protection & Message Archiving. If a
user and the customer only subscribes to Web Protection, the user will have no
access to the Control Console (even if they have a login ID and password).
Page 3-14
3.5.3 Accounts Page
The Accounts window lists all user accounts in the designated domain and is where you can
manage individual account details by editing user accounts. Click the users email address to edit /
view specific details.
3.5.4 User Details
User details are organized into several areas; General, Email Protection & Web Protection.
The details listed in this area cover only the functions applicable to the Web Protection service
3.5.4.1 Edit User Details
Clicking the Edit button will allow you to change some general user preferences such as their
Password, Time Zone and User Role.
Page 3-15
Note: user accounts with the role of Customer Administrators can assign and
change other user account passwords. User accounts logged in with the Role of
Partner Administrator or higher cannot assign or change passwords for any
user account other than their own
3.5.4.2 User Status
One of three status types can be assigned to each primary user account.
Active Status
The user is active within the Control Console and will be granted the appropriate resources
and functionality as provided through policy settings
Note: All new users added to the console, using SMTP Discovery, Explicit or
Active Directory Integration are added with an Active status, have the role of
User and are Ungrouped
Inactive Status
If the user creation mode for a domain is currently set for Explicit user creation, email will not
be delivered to users set to Inactive
The user account will be denied for access to the Control Console either through direct login
or via execution of links within the Spam Quarantine Report (SQR).
The user account will be denied access to functionality associated with user authentication
for Web Protection
The Inactive users allow and deny lists will not be used when filtering mail for this user
With regard to Directory Integration, Inactive users are user accounts in the Control Console that
are not in the customers Active Directory. Upon synchronization, these user accounts are not
deleted, instead they are to Inactive until the administrator changes the status on the Control
Console or adds the user to your Active Directory.
Note: Mail will still be processed for the user account but will not be accessible until status is
changed to Active on the Control Console.
Protected Status
Normally used for Customer Administrative type accounts and insures that accidental deletion, via
bulk or batch processes, does not occur
Cannot be deleted via bulk or batch processes within the Control Console
The account cannot be bulk deleted until the account is set to “Active” or “Inactive” or deleted from
within the user account
Will not set the account to inactive when an Directory Sync is performed (see below)
Page 3-16
Using Active Directory Sync
There are times with a user account resides in the control console, however the associated
email address does not reside on the customers active directory. For example, if the user
account name is ‘[email protected]’, it is unlikely that is an email
address on the customer’s mail server. In these cases, it is recommended that the user
account status be changed to Protected.
The protected status will ‘protect’ this user account from being inactivated when directory
synchronization is run. If the user account status is not protected and directory
synchronization is run, the synchronization process will inactivate the user account in the
Control Console because it did not reside on the customer’s mail server. Inactive user
accounts are not able to sign into the control console
Page 3-17
Status Behaviors
Active
Inactive
Protected
SMTP Discovery User Creation Mode; mail flows normally
X
X
X
SMTP Discovery User Creation Mode; mail follows policy to which
user is associated
X
X
X
Explicit User Creation Mode; mail flows normally
X
No
X
Explicit User Creation Mode; mail follows policy to which user is
associated
X
No
X
No
X
No
user account can be edited by an Administrator
X
X
X
user account can be edited by User
X
No
X
Spam Quarantine Links remain active
X
No
X
All previous Spam Quarantine Links become disabled
No
X
No
Spam Quarantine Report delivered according to policy
X
No
X
Quarantined Mail is managed at Domain Quarantine Area
X
X
X
user account can be deleted by an Administrator
X
X
X
User can sign into the Control Console from the sign in screen
X
No
X
user account counts in Active User Count
X
No
X
Web Protection User Authentication; user still gets authenticated
X
No
X
Explicit User Creation Mode; mail gets denied; no delivery to server,
no policy enforcement (recipient is considered invalid)
3.5.5 Delete Button
The Delete button will delete the user account fully from Account Management and all services to
which the customer subscribes.
3.5.5.1 Change Group
The Change Group area allows the user to be placed into a previously created group. Each group
is assigned to a policy. Each group can be assigned to a policy tied to a unique service. See the
Group section of this document for information on creating groups.
Page 3-18
3.5.5.2 Preferences
The preferences page allows for the selection of the users time zone, and general Email Protection
options
3.5.5.3 Web Protection Settings
Web Activity & Detailed Download (CSV) links
Web Activity page will allow user-level Web Activity reporting to be generated. This option will
contain data if you subscribe to the Web Protection service, and you have chosen Explicit User
Authentication or Installed the WDS Connector as the Access Control Type.
The Web Activity Link allows for the generation of different Web Activity Reports, including:
3.
4.
5.
6.
Threat Summary
Allowed Content by Site
Allowed Content by User
Blocked Content
The Detailed Download (CSV) link allows for the generation of one report that contains the last 7
days of data for both Allowed and Blocked web activity
See the Reporting section in this document to get additional reporting specifics.
Page 3-19
3.5.6 My Account
The My Account option will take the Administrator directly to their account to modify all areas of
their own user account.
The Administrator can edit any details to their own user account, with the exception of Delete.
Page 3-20
3.6 Create user accounts
When you subscribe to the Web Protection Service, you will not always need to create individual
user accounts.
All user accounts created in the Account Management area are available for use for all services to
which the customer is provisioned. I.e. if you currently subscribe to the Email Protection Service,
your user accounts already reside in the Control Console. We will use the existing user accounts; a
second list of user accounts is not required for use with Web Protection
If you subscribe only to the Web Protection Service, but you choose IP Address Range
Authentication as your Access Control Type, you do not have to create user accounts.
If you subscribe to the Web Protection Service and choose Explicit User Authentication and/ or the
WDS Connector as your Access Control Type(s), each User that will have their Web Activity
filtered by Web Protection DOES need to have a user account created in the Control Console.
You can create user accounts either manually using the Create Users page, or by allowing McAfee
to synchronize with your Active Directory. See the Directory Synchronization section in this
document for additional details on the Directory Synchronization option.
Page 3-21
There are two ways in which to manually create user accounts:
1. Individual Creation Mode
When you create a user via the Individual Creation Mode, the only required field is the Email
address.
The optional fields you can select are:
Role
Password
Type (typically only used with the Email Protection service)
Group Membership
Time zone
Page 3-22
2. Batch Creation Mode
•
Create multiple Primary user accounts at one time
–
Batch file needs to be a .txt file with a 100KB max file size
–
One fully qualified email address on each line
–
If adding user aliases, separate the primary user account (fully qualified) by the Alias
name with a single space
–
All users created via batch file are created with a user role of User and will not have
passwords created
–
May select the time zone for user accounts
Sample Batch File:
Page 3-23
3.6.1 Delete Users
The Delete Users allows for the deletion of up to 100 users at one time. When you delete a user
account, the user’s Primary user account is deleted, and all User alias accounts are deleted.
Using the filter options can help you identify user accounts you may need to delete. A maximum of
1,000 users can be displayed within the filter list
User accounts with the status of Protected are not displayed and cannot be deleted from the
Delete Users page. Protected accounts can be deleted only from within their individual user
account.
If a user account is deleted and the customer subscribes to Email Protection,
Web Protection, and Message Archiving, the user account is deleted from all
services.
The More Options button is used to upload a batch file containing names that can be deleted.
Example: A portion of the company was sold and the employees now have new email addresses.
Page 3-24
3.6.2 User Agent
Only customers who subscribed to the Legacy McAfee WPS service utilize the User Agent Page.
The User Agent function allows the McAfee Customer Support Team to import users from the old
WPS application into the Control Console and have those users authenticate via the Legacy
McAfee WPS Authentication.
Note: All existing Control Console User Accounts are displayed on this page,
however this is not where user accounts are created or managed. The alias
column is where the Legacy McAfee WPS User Account would be input; this is
not where you would add or manage a User Accounts Alias email address
Please contact the McAfee Customer Support team for details on migrating users and utilizing the
Legacy McAfee WPS Authentication.
3.6.3 Aliases
The aliases page applies only to the Email Protection service
3.6.4 User Authentication
There are two functions on the User Authentication Page: Authentication Type and Batch
Password Upload
Note: user accounts with the role of Customer Administrators can assign user
account passwords. User accounts logged in with the Role of Partner
Administrator or higher cannot assign passwords for any user account other
than their own. The More options button will not display for user accounts with
the role of Partner Administrator or higher.
The Authentication Type determines the method used to validate the user password in two areas:
1. When signing into the Control Console via the Sign In window
2. When using the Explicit User Authentication Access Control Type with Web Protection
Passwords - Validates the user password against the password listed in the control console
user account. Password is the default authentication type.
LDAP Authentication - When the user logs into the Control Consol, the password is
authenticated against the user’s password in Active Directory (AD)
POP3 Authentication - When the user logs into the Control Consol, the password is
authenticated against the user’s password on the mail server
Page 3-25
IMAP Authentication - When the user logs into the Control Consol, the password is
authenticated against the user’s password on the mail server
How Authentication when using an Authentication Type other than Password
In this scenario, we will are assuming the customer has chosen the ‘LDAP Authentication’ option.
When the user logs in to the Control Console, the control console communicates with the
customers AD to verify the user’s password.
The AD verifies the user password and sends the control console the verification results. The
service caches the user’s password. The cache has a Time to Live (TTL) of 4 hours. Should the
user sign into the console within the TTL period, the authentication is not repeated. If the user
attempts to sign into the Control Console after the TTL period, the Authentication process is
repeated.
If the user attempts to log into the Control Console after the TTL and the AD server is down/
unavailable to verify the user’s password, the console will verify the entered password against the
cached password. If the passwords match, the user is granted access to the control console
If the user has changed their AD password since they last signed into the console, the password
the user enters on the sign in page will most likely be their new/ changed AD password. In this
scenario, the password entered and the password cached will not match. The user will not be
granted access to the Control Console.
The user must then recall their previous AD password that was cached in order to gain access to
the Control Console
If the user has never logged into the control console and the AD is down, they will not be able to
sign into the console, as we have no password cached. The Customer Administrator would need to
change the Authentication Type to Passwords, and then individually create a password for the user
inside their control console user account.
Note: only one authentication type can be used at a type: either all users
passwords are verified against the control console password, or the other
server level option selected. You cannot have some users access the console
with their console password and others with their AD password.
Batch Passwords
If you are an existing Email Protection customer, your primary user accounts will already be
created. With Email Protection, your user accounts are not required to have passwords assigned.
When you add the Web Protection Service and choose the Explicit User Authentication as your
Access Control Type, all user accounts will need to have passwords assigned.
Passwords are also helpful to batch assign if the customer subscribes to the Email Protection
message Continuity service.
The Batch Passwords Update option allows you to assign or change existing user’s passwords in
the control console. These passwords only affect the user account password; they are never
pushed to the customer’s mail server. Passwords can be assigned for an individual user account,
or by uploading a Batch File.
Page 3-26
Note: user accounts with the role of Customer Administrators can assign user account
passwords. User accounts logged in with the Role of Partner Administrator or higher cannot
assign passwords for any user account other than their own. The More options button will not
display for user accounts with the role of Partner Administrator or higher.
To assign/update an individual password, enter the following:
Email Address
Password
Confirm the password
Click the Save button to add the entry to the list (right side)
Click the Save button (at the top) to apply the password change
To assign/update passwords via a batch file, create a batch file in a .txt format with a 100k size
limit. The batch file has one fully qualified email address per line, followed by a comma with no
spaces, followed by the password. The email address must be for an existing user account in the
Control Console.
Strong Passwords are required for all newly created or changed passwords
Minimum of 8 characters
At least 2 of the following character types:
Letters (upper / lower)
Numbers
Special Characters
–
()`~!@#$%^&*-+=|\{}[]:;"'<>,.?/
Passwords are case sensitive
Strong passwords are only enforced when we are validating the User Password within the Control
Console. If a Customer is using LDAP Authentication and their AD Password is not strong, they are
not required to change their AD password.
Page 3-27
3.7 Groups
Groups are used when there are users in the organization whose web activity should be filtered
according to a policy other than the default policy. Creating and applying Groups is a two step
process:
1. Create a new Group and associate individual user accounts to the group
2. Create a new Policy with special web filtering rules and associate the Group to the
Policy
Once completed, the users in the Group will have their web activity filtered according to the newly
created policy, instead of the web filtering rules in the Default Policy.
There is not a column currently displayed showing the Web Protection Policy to
which this group is assigned. This is because each group has one schedule,
and a schedule is comprised of multiple policy sets, each enforced for a
different time during the day. Because the group to policy is not necessarily a
one to one ratio for Web Protection, there is no Web Protection column
displayed.
Page 3-28
Groups apply only when Explicit User Authentication or WDS Connector Access
Control Types are used to authenticate users. All Users authenticated via IP
Address Range Authentication will utilize the Default Web Protection Policy for
every day of the week, all times of the day.
3.7.1 Creating Groups
Customer Administrators, Partner Administrator and Global Administrators have access to create
Groups. Groups are defined within Account Management. One Group can include user accounts
from one, more or all of the Primary Domains.
There is a 5,000 limit to the number of user accounts that can be associated to
a group. Each user account can only be associated to one group.
Once a Group is created, it can be associated to up to three different services, depending on the
services to which the customer subscribes.
One group can be assigned to:
•
One Email Protection Inbound Policy
•
One Email Protection Outbound Policy
•
One Web Protection Schedule, which is comprised of one or more Web Protection
Policies
Page 3-29
A user account can be associated with a Group at the time of user account creation or at any time
after the account has been created
If the user account is not associated with a Group, the Account is considered an Ungrouped User.
All ungrouped users are automatically associated to the Default Policy
When creating a Group, enter the Group name and Description. While the Description field is not
required, other administrators will find it helpful in understanding the purpose of the group.
3.7.2 Adding Users to a Group
Select the Group and click the Users tab
All users for the selected Primary Domain are displayed. Use the Shift key, the Ctrl key, or add
users one by one to the Group.
You can filter the Users listed by selecting ‘Users Not in this Group’ or ‘Users Not in a Group’. You
can search for user accounts by using the filter at the bottom of the window
Click Save
You can add users from multiple Primary Domains into one group.
1.
2.
3.
4.
Add the Users from the first Primary Domain
Select a different Domain in the Domain Drop list
Re-select the Group & click the Users tab
Add the user accounts from the second domain to the Group
Page 3-30
Be sure to associate this group to a schedule, which will be comprised of one
more policies. The users in this group follow the rules in the new schedule they
are assigned to, instead of the rules in the Default Web Filtering Policy.
Page 3-31
3.7.3 View User Group Assignment
There is currently a Group column on the Account Management Users Accounts page. With
the addition of Schedule Based Policies, the Web Protection policy will no longer be displayed on
this page. Because a Group is comprised of one schedule with one or more policies, the is no
longer a one to one relationship between the Group and Policy for Web Protection Once a user
account is assigned to a group, you can view the user accounts group assignment.
Page 3-32
4
Directory Synchronization
4.1 Overview
The Directory Synchronization (sync) function will communicate with the Customers Active
Directory (AD) to create user accounts.
The AD Sync will:
•
Create Primary user accounts
•
Create User Alias accounts
•
Inactivate Control Console user accounts (that are not in a Protected status) that do not
reside on the Customers AD
•
Convert existing Primary Control Console user accounts to User Alias accounts if they
reside as User Alias accounts on the Customer AD
•
Convert existing User Alias Control Console user accounts to Primary user accounts if
they reside as Primary user accounts on the customers AD
The AD Sync will not:
•
Pull in the user account AD password
•
Pull in the AD group assignment
4.1 Customer Configuration
In order to use McAfee Directory Integration, McAfee must be able to reach your LDAP server via
either static IP or resolvable hostname. This can be accomplished through port routing at the
firewall, but we do need some mechanism to make the requests.
By default, email is used as the attribute key. There is no need to add an Active Directory
username since the search queries by email address.
Page 4-1
4.1.1 Sync Setup
Perform the setup process for Directory Integration:
1. Sign In to the Control Console using your Administrative user account and Password
2. Navigate to the Sync Setup tab under Account Management
3. Ensure that the correct domain is chosen for synchronization with the Active
Directory (AD) server. This can be seen in the Domain tab above the User Sync
Setup Heading
4. Fill out the Active Directory information on this page based on the Active Directory
server configuration settings used
5. If settings of the Active Directory have been changed from the default settings, the
customer’s IT manager may need to use the Advanced Settings field to ensure
communication with the Active Directory
6. Once the configuration field has been completed, click the Test Settings button.
Customers will be notified if the test was successful or if they need to check the
settings again to ensure proper communication with the Active Directory
See the Directory Integration Guide for descriptions of the Window
Components.
Do not check the Enable Automatic Synchronization box until you have
successfully tested the connection with the Active Directory.
Page 4-2
4.1.1.1 Sync Setup Fields
Test Settings button: Click this button to request a test transaction to your Active Directory Server.
This button is enabled after you have completed the Setup form and also when any changes have
been made to a saved Directory Settings. The test will include connection to the Server Hostname
or IP, will validate successful connection to the server managing your Active Directory and when
successful will provide a sample listing of user accounts discovered by Directory Integration.
Save button: Click this button to apply all changes in this window and set the Directory Integration
method to this type. This button is not available until a successful test transaction has been
completed by clicking the Test LDAP button. If you exit this window without clicking the Save
button, all unsaved changes will be discarded.
Cancel button: Click this button to discard unsaved modifications to this window. The information
contained within this window will reset to the previously saved information.
Help button: click this button to open a window with help information about the current window.
Directory Type drop list: Designates the type of Microsoft Active Directory® implementation in use
by your company. When selecting the appropriate AD type, the normal installation defaults from
AD will be used to assist in the configuration of Directory Integration.
Server Hostname field: Designate the fully qualified hostname or IP address of the LDAP server.
For proper operation, Directory Integration requires access to either
•
An externally DNS resolvable hostname, OR
•
An externally accessible IP address
If your Active Directory server is maintained behind a firewall and / or within a private IP network
space, the firewall and routing between the external IP and your Active Directory server should be
enabled for connections from the following IPs.
These IP addresses are shared between the McAfee Email Protection Solution, so take care when
updating the appropriate firewall rules to include connections from the EDS service and the
Directory Integration service.
208.65.144.0/21
Alternate IP Settings:
Include All Listed Subnets
208.65.144.0/24
208.65.145.0/24
208.65.146.0/24
208.65.147.0/24
Page 4-3
208.65.148.0/24
208.65.149.0/24
208.65.150.0/24
208.65.151.0/24
Enable SSL checkbox: Click to indicate whether the Active Directory server uses the Secure
Socket Layer protocol, a protocol for transmitting private documents via the Internet. Directory
Integration supports the use of “named” certificates from a Certificate Authority (CA), or the use of
Self Signed Certificates. Self signed certificates are normally distributed with Microsoft Active
Directory. Please check with your provider or technical liaison for further information.
Enable SSL: LDAP server does NOT use the SSL protocol
Enable SSL: LDAP server does use the SSL protocol
Server Port field: Designates the port on the Active Directory server that the McAfee Account
Management will use to connect to it. The following is the standard AD port usage:
•
389 (If SSL is not enabled)*
•
636 (if SSL is enabled)*
Customer Configurable (Specialized Port Usage)
McAfee will display the default port for customers. This information is validated
when the customer clicks on Test Settings.
Search Bind DN field: Designates the Berkeley Internet Name Daemon (BIND); Distinguished
Name (DN), Common Name (CN) and the Domain Controller (DC) of the user account on the
Active Directory server that has permission to search and retrieve information from the Active
Directory. The format of this field uses “commas”, as a separator and requires the CN of the
authorized account information, the CN of the attribute for Common Name (default for AD is
“users”, the DC for all subdomain references, the DC for the Top Level Domain (TLD) and the DC
for the Country Code Top-Level Domain (ccTLD) or the Generic Top-Level Domain (gTLD).
Example: the user account for access to the customer’s Active Directory is setup as
“directorysync” and their Active Directory support email services for corporate.domain.com,
and then the setting for Search Bind DN using the default implementation for Active Directory
would be the following:
“CN=directorysync,CN=users,DC=corporate,DC=domain,DC=com”
Search Bind Password field: Designate the password for the user with the Distinguished Name.
This is the Active Directory password for the Distinguished User that has authorized access for
Directory Integration. This password is stored encrypted within the Control Console and is not
accessible for either support or operational personnel. This password must be synchronized
between the McAfee solution and the customer Active Directory installation.
Page 4-4
Search Base DN field: Designates the Distinguished Name of the directory entry under which all
users for the configured domain can be located within the Active Directory.∗
Example: if the Search Bind DN for access to the customer Active Directory is setup as
“directorysync” and their Active Directory support email services for corporate.domain.com,
then the setting for Search Bind DN using the default implementation for Active Directory
then the Search Base DN would be the following:
“CN=users,DC=corporate,DC=domain,DC=com”
Enable Advanced Setting field:
Advanced Setting Dis-abled
Advanced Setting En-abled
If your Active Directory implementation is not customized, the Advanced Settings should be disabled as the default configuration settings for each Active Directory configuration will be used. If
you are not sure of this setting, configure the default setting and perform Test Setting. If the Test
Settings returns a sample of your email address, then this setting is correct. If the test is not
successful, please consult with your Active Directory administrator for the customized settings for
your implementation.
Email Attribute field: Designates the Active Directory attribute that contains a user’s email
address.∗ If your Active Directory has been modified from the default installation, please consult
with your Active Directory administrator for the customized settings for your implementation.
Search Filter field: Designates a search filter to use other than the default search filter of &
(proxyAddresses=*) (name=*)), which is the default setting when Advanced Settings are dis-abled.
If your Active Directory has been modified from the default installation, please consult with your
Active Directory administrator for the customized settings for your implementation.
∗
This will normally be configured with the same information used for Search Bind DN for the Distinguished Name.
∗
Typically, the attribute is proxyAddresses for Active Directory. This is the default setting when Advanced Settings
are disabled.
Page 4-5
4.1.2 Automatic Synchronization Settings
After a minimum of three successful manual synchronizations, customers may enable the
automatic synchronization of the AD by selecting the Enable Automatic Synchronization.
Customers may also select the frequency of the automatic synchronization requests at this time.
Enable Automatic Synchronization and Approval checkbox: allows for automatic
synchronization and results approval between the Control Console with their Active Directory.
Schedule droplist: allows customers to schedule synchronizations between the Control Console
and their Active Directory. Once customers have saved their selection, synchronization will occur
the next hour.
Ex. – Customer saves selection at 10:40 a.m.; synchronization will take place at 11:00 a.m.
Options to scheduled synchronizations are as follows:
•
1 time per day – occurs the same time every 24 hours
•
2 times per day – occurs every 12 hours
•
4 times per day – occurs every 6 hours
Customers do not have the ability to schedule a specific day and time for synchronization.
Exception Notification
Once a Distribution List has been created, it can be enabled within the Exception Notification
Distribution drop list. When an Automatic Synchronization is run and automatically approved, the
members added within the selected Distribution List will be notified via email the selected
exceptions or rejections that occurred during the automatic synchronization
4.2 User Synchronization
In the Control Console, User Synchronization creates primary and alias accounts, moves alias
accounts from one primary account to another, and can switch a user alias from one primary
account to another based on the customer’s Active Directory configuration. The User
Page 4-6
Synchronization window allows you to provision all users in your company's Active Directory (AD)
automatically, rather than provisioning the users manually or using SMTP Discovery.
NOTE: When the Control Console synchronizes with the customer Active Directory, data from the
Active Directory takes precedence over data in the Control Console. This means that any primary
or alias accounts currently in the Control Console will be modified to match the data received from
the customer’s Active Directory, such as a primary user account that changes to a user alias, a
user alias that changes to a primary user account, or a user alias that needs to be moved from one
primary user account to another.
Page 4-7
4.2.1 The Synchronization Process
Before starting the Sync process, make sure the Admin email address is in the "Protected" state, to
ensure future successful access to the Control Console.
To initiate the sync process:
1. Click the Request Sync button
2. Click the Sync Users menu link to “refresh” the screen and see if the Sync has
finished.
Page 4-8
NOTE: The amount of time between the request for Sync Users and the "Updated synchronization
data is available" is determined based on the connection speed for the LDAP or Active Directory
and the number of users who are contained within the LDAP or Active Directory.
3. Click the Review button to see the "User Synchronization Details” window.
NOTE: you will need to review all users in all Tabs on this window.
For more information, click the Help button on the User Synchronization Details window.
4.2.1.1 Sync History
To view the Sync History, click the Users Sync button. The Sync History shows a list of
Accepted or Rejected Sync Requests. Click on one of the rows in this list to view the User
Synchronization Details area.
Page 4-9
4.2.2 User Synchronization Details
The User Synchronization Details window shows the Administrator to Approve or Reject the
user email addresses that appear here or Download a spreadsheet list of all users that were in the
customer’s Active Directory at the time the Request Sync was initiated.
The "Status" remains as Pending in this window until you click the Approve button or the Reject
button, unless you are viewing a Sync History (see below). Customers can also use the
Download button to save the information in .CSV format.
IMPORTANT: Unless the customer is in a situation where they know their Active Directory is not
being changed, it is best to review and click Approve as soon as possible since this imported data
is time-stamped.
NOTE: The following message will be displayed if Approve is selected:
Page 4-10
4.2.2.1 Add Records
The Add Records tab shows primary user accounts and user aliases contained within the
customer’s Active Directory that are not contained within the Control Console. If "Accepted," all of
these primary user accounts and associated user aliases are added to the Control Console and
assigned as ungrouped users with the role of user without a password. These users have their
web activity filtered by the default policy settings in the console.
4.2.2.2 Delete Records
The Delete Records column displays primary user accounts and user aliases in the Control
Console but not in the customer’s Active Directory. This can include Primary and user alias that
have been removed from the customer’s Active Directory. If "Accepted," these primary accounts
will be set to a status of Inactive, and all associated user aliases will deleted.
4.2.2.3 Alias Switch
The Alias Switch column displays user aliases currently assigned to a Primary account within the
Control Console but are assigned to a different primary user account in the customer Active
Directory. If “Accepted”, these user aliases will be reassigned from their current primary user
accounts in the console to the primary user accounts represented in the Active Directory. The user
alias user preferences and settings will follow the settings from the new Primary account.
4.2.2.4 Alias to Primary
The Alias to Primary column displays user aliases currently assigned to a primary user account
within the Control Console but are a primary user account within the customer Active Directory. If
"Accepted," the user alias is removed as a user alias and made a primary user account in the
Control Console. All user preferences and settings will remain with the old primary user account
and the newly added primary user account will be assigned to the ungrouped users as a user
and will follow the default policy settings for this group.
4.2.2.5 Primary to Alias
The Primary to Alias column displays primary user accounts in the Control Console currently
assigned as a user alias in the customer Active Directory. If "Accepted," the primary user account
is removed from the Control Console and is added as a user alias to either the existing primary
user account in the console or the corresponding, newly created primary user account. The user
alias user preferences and settings will follow the setting from the Primary account.
4.2.2.6 Type Changes
Accounts will appear in the Type Changes tab if a Sync event changes their type from a User type
to a Distribution List type or vice versa. Accounts now have a Type attribute that can be "User" for
Page 4-11
normal email addresses that go to a single person or Distribution List for email addresses that are
intended to represent more than one recipient.
4.2.2.7 Rejections
Rejections occur when either a primary domain or domain alias does not exist in the Control
Console.
The domain for a primary user account or user alias does not match any of the registered domains
in the Control Console because it was never added in the first place.
The domain for a user alias is not listed under a registered primary domain because it was either
not entered, deleted, moved, etc.
NOTE: Rejections could also be necessary should any errors occur during the sync process.
Results:
Page 4-12
4.2.2.8 Rejection Messages
Rejections
Address
[email protected]
Type
User
Primary
domain.com
One of the
following
reasons will be
displayed
Alias has been rejected
- The email address was rejected during the import.
Primary has been rejected
- The email address was rejected during the import.
Alias is poorly formatted
- The email address is formatted incorrectly in the LDAP or Active
Directory.
Primary is poorly formatted
- The email address is formatted incorrectly in the LDAP or Active
Directory.
Attempted to delete a protected address
- If an email address is protected in the Control Console but doesn't
exist in the LDAP or Active Directory, it will not be modified.
Attempted to convert a protected primary account to an alias
- If an email address is protected in the Control Console and the
LDAP or Active Directory tries to make it an alias of another email
account, the "alias" change will not be modified.
Unknown domain
- The domain of this email address does not exist in EDS either as a
primary domain or as an alias domain for the selected Primary domain
for synchronization.
Attempt to insert a pre-existing primary or alias
- The LDAP or Active Directory contains an email address that is
listed as both a Primary address and an Alias address.
Page 4-13
4.2.3 The Distribution List Type
User accounts identified as Users in the customers Active Directory (AD), upon synchronization,
are added in the Control Console under the default type of User. Users identified in the customer
AD as part of a Distribution List, upon synchronization, are added in the Control Console with their
Type set to Distribution List.
User accounts with the Type = to Distribution List:
Are not allowed access to the Control Console from the Sign in page
Are not counted as a user in the customer’s Existing User count
Note: Identifying a user account with the Type = Distribution List does not affect
customer billing
Page 4-14
5 Web Protection Setup Details
5.1 Objectives
Understand how to activate the Web Protection Service
Understand and select your Access Control Types
1. Explicit User Authentication
2. IP Address Range Authentication
3. WDS Connector
Enter or upload IP Address/ IP Address Range
Download the WDS Connector
Understand the reporting differences based on the selected Access Control Type
5.2 Activating the Web Protection Service
•
To finalize the Web Protection service, the Customer must route web traffic to McAfee’s
HTTP proxy servers for the McAfee Web Protection Service
•
The Web Protection Service Proxy Server Setup Guide will provide instructions on the
way to route web traffic to McAfee’s proxy servers
•
Firewall Lockdown
–
It is recommended that you configure your firewall to completely block all port 80
traffic. This helps to prevent your users from deliberately or inadvertently bypassing
the protection that the Web Protection Service provides
–
Note: Only block port 80 traffic once all Web users have been configured to proxy
traffic via McAfee’s service, otherwise their Web access will be interrupted
Page 5-1
5.3
Access Control Types
All users of Web Protection will need to be authenticated by the Web Protection Service upon
launching a web browser. This allows us to determine whether or not the user should have access
to the web at all, and also allows us to determine which Web Protection policy to enforce when the
user browses the web.
The Access Controls window allows you to define the manner in which users will be authenticated
when accessing the World Wide Web (WWW). There are three access control types from which to
choose:
1. Explicit User Authentication
2. IP Address Range Authentication
3. WDS Connector
All customers will have access to Explicit User Authentication & WDS Connector.
Explicit User Authentication is the default Access Control Type and is automatically selected. The
Explicit User Authentication option must be selected when using the WDS Connector.
Only those customers whose package includes IP Address Range Authentication will see the IP
Range Authentication menu link.
If a customer does not subscribe to IP Address Range Authentication, the IP Range Authentication
menu link will not be displayed; however, the Explicit User Authentication option will be
automatically enabled and selected behind the scenes.
Page 5-2
In order to have access to the IP Range Authentication Access Control Type, the package you
subscribe to must include ‘+ IP Range Authentication’. All Web Protection Package options
include the Explicit User Authentication and WDS Connector Access Control Types. All Service
Bundles that include the Web Protection Service include all Access Control Types.
The Access Control Type Selected will determine the type of data reflected in the Web Protection
Reports
If you choose Explicit User Authentication, you can view User details in the reports an can
also generate reports inside individual user accounts
If you choose IP Address Range Authentication, you can view IP Addresses inside the Web
Activity Reports; no individual user reports can be generated
If you choose both Explicit User Authentication and IP Address Range Authentication access
control types, you will see a combination of IP Address and User level details. However the
user was authenticated is the detail displayed in the Web Protection Reports
If you choose WDS Connector, you can view user details in the Web Activity Reports. You
can also generate reports inside individual user accounts.
5.3.1 Explicit User Authentication
When Explicit User Authentication is used, each time a user launches a web browser a pop-up box
will appear asking the user to enter their login credentials. This includes the user control console
sign in id and their password. There is a ‘remember me’ checkbox, that, if selected will retain the
users entered credentials. The pop-up box will still appear when future browsers are launched;
however, the user will not have to enter their credentials. If a user is using a tabbed browser, each
tab is not considered a new browser session and will not result in the user having to be
authenticated
All users must have a primary user account in the Control Console
Access to the WWW is granted by users entering their Control Console User ID and
Password
A login/authentication window will appear for the user each time a new web browser is
launched
You will be able to view user-level reporting
Explicit User Authorization is the default Access Control Type
Page 5-3
The use of Group Policies is applicable when users are being authenticated
using Explicit User Authentication. If a user logs in explicitly, we can determine
to which Group they are associated, and to which Policy that group is
associated. The Users web activity will then be filtered according to the policy
their group is associated.
5.3.2 IP Address Range Authentication
Access to the WWW is granted by validating that the IP address the user is utilizing matches
one of the IP addresses listed in the IP Range box
You will not be able to view user-level reporting if this is the only Access Control selected.
You will be able to generate all of your Web Activity Reports, however the reporting detail will
show the IP Address, not the user name
The use of Group Policies is not applicable when users are authenticated via IP
Address Range Authentication. All users authenticating via their IP Address will
follow the Default Web Filtering Policy. Note: No schedule based policies can
be applied if authenticating a user by their IP Address.
5.3.2.1 Adding IP Addresses
Type the fully qualified IP address in the Add IP Range field
Wildcard characters are not allowed in the IP address. For example, 159.456.* is an invalid
entry
The Web Protection Services supports IP Address ranges from /20 to /32.
You cannot enter IP addresses that begin with 192.168.*, 10.*, 172.16.* or 169.254*, as they
are internal addresses
A maximum of 100 IP addresses/ranges can be entered.
You can upload a list of IP Addresses by utilizing a .txt file
–
If the Upload List function is used and the file contains more than 100 entries, the
entries will be in view. The console will display a warning message to the
administrator. The Apply button will not enable until the administrator has reduced
the list to 100 entries
You can download the entered IP Addresses into a .csv file by utilizing the Download function
A range of IP addresses can be designated using standard Classless Inter-Domain Routing (CIDR)
format.
Page 5-4
For example, "/32" in 205.178.190.0/32 is the IP network prefix and signifies how many addresses
are covered by the CIDR address. IP addresses that fall within IP ranges reserved for private
networks are not allowed. (e.g. 192.168.*, 10.*, 172.16.* or 169.254.*).
5.3.2.2 IP Address Validation
The IP address or range information identifies authorized addresses from the Customer’s
environment. Machines using these addresses will be allowed access to the web and provided
protection by following the Default Web Filtering Policy.
When IP Addresses are entered and saved, the Web Protection service will verify that the IP
addresses entered are not already associated with another customer.
5.3.3 Choosing multiple Access Controls
Choosing both the IP Address Range and Explicit User Authentication Access Control Types is a
good option if you would prefer to utilize the IP Address Range Authentication; however, some of
your Users work remotely or travel frequently. The Users IP Address my not remain static when
working remotely.
If both Access Control types are selected:
The system will first check for the IP addresses listed in the list IP Address List box. If the
Users IP address matches one of the IP Addresses listed, they will be granted access to the
WWW. No user-level reporting will be available
If the user IP address does not match one of the IP addresses listed, the user will be
prompted to authenticate by entering their Control Console User ID and Password. Userlevel reporting will be available if the user authenticates using their Control Console Sign in ID
and password.
If both Authentication types are selected, your reports will reflect both IP addresses and
specific User names
Page 5-5
Page 5-6
5.4
WDS Connector
The WDS Connector is often referred to as the Transparent User Authentication as it
communicates with the customers Active Directory (AD) to verify the user’s credentials. The user
will not receive a popup asking for their sign in credentials; however, the administrator still can view
user details when generating the users Web Activity Reports.
The WDS Connector must be downloaded onto the customer’s server; it runs on a Windows 2003
or later server within the customer’s network and allows users to access the web by authenticating
against their existing local network domain credentials. This capability eliminates the need for Web
Protection to authenticate a user each time the user opens a browser as with Explicit User
Authentication.
Key Notes:
This is a onetime download on the customer server; the WDS Connector is not
installed on each User’s PC
All users being authenticated by the WDS Connector MUST have an Active
Directory Email Address
All users being authenticated by the WDS Connector MUST have a user account in
the Control Console
The Explicit User Authentication Access Control Type must be checked when
using the WDS Connector
Page 5-7
5.4.1 What setup steps need be performed?
There are three setup steps needed to activate the WDS Connector
The Administrator installs the WDS Connector on their server, typically on the Domain Controller
that communicates with the customers Active Directory Tree. This allows their Active Directory to
authenticate the user and to communicate with the Web Protection Service.
In order to be authenticated by the WDS Connector a User Account must reside in the Control
Console for the correlating Active Directory Email Address.
This step may include creating User Alias accounts in the Control Console if Active Directory Email
Address is not the same as the Control Console Primary User Account. This step may be
performed on an ongoing basis.
5.4.2 Why create user accounts in the Control Console?
User Accounts are required for each person to be authenticated by WDS Connector. There are
also two other benefits to creating user accounts in the control console when using the WDS
Connector:
1. The administrator would like users to be in groups and have different Web Filtering
Policies applied
9. The administrator would like to generate web activity reports for individual user accounts
Page 5-8
5.4.3 How does the WDS Connector work?
The Customer Administrator performs setup steps, and routes their users’ browsers through the
McAfee Proxy. When a User launches a web browser, the WDS Connector does the following:
Signs the credential using customer private key
Encrypts the credential using the WDS public key
Sends the signed and encrypted Web access request to Web Protection
The WDS Connector then does the following:
Validates and unencrypts the request
Applies the applicable policies to the request
Grants access to the user’s intended Web destination
In this way, the user is automatically authenticated, using the user’s network credentials, each time
the user opens a browser.
The following diagram shows the Transparent Authentication process
5.4.4 WDS Connector Authentication…things to note
User’s Active Director (Domain) password NEVER leaves the domain
The first time a User launches a web browser and is using the WDS Connector, we
perform the Authentication process against the customers Active Directory
We do not perform the Authentication Process every time a user launches a web
browser; only the first time a user is authenticated and each time the cache expires
5.4.5 WDS Connector Technical Considerations
The WDS Connector is currently a Windows 2003 only solution
Customers can utilize both Explicit User Authentication and WDS Connector; the
authentication process is enforced based on the browsers proxy configuration
Page 5-9
Any traveling users will need to use the Classic Explicit User Authentication method.
In order for the WDS Connector to be enabled, the user must be able to connect to
their network. If the user cannot connect to their network (via VPN, etc.) WDS
Connector cannot be utilized.
Page 5-10
6 Configuring Policy Sets
6.1 Objectives
Understand how to:
Define Policy Sets
Schedule Policy Sets
Understand:
That schedule based policies are applicable based on the users Access Control Type
Policies affect what the User sees when accessing the WWW
How schedule based policies work when a user’s policy changes when they are on-line
6.2 Policy Set Overview
Different policies can be applied based on how the user is being authenticated. I.E based on the
Access Control Type (Authentication type) being applied for the user.
All users being authenticated via the IP Address Range authentication type cannot be placed into
groups, and therefore will only follow the rules in the Default Policy. The Default policy will be
enforced for those users being authenticated by their IP Address 24 x 7. No schedule based
policies can be applied.
Users being authenticated by either Explicit User Authentication or WDS Connector can be place
into Groups. Groups can then have a Schedule applied; within one schedule, you can subscribe
different policies to be enforced for different times of the day.
To activate a policy other than the Default Policy, perform a two-step process:
1. Define the policy
Change or create a new policy and modify the settings, ‘rules’, to be applied
2. Schedule the policy
Once defined, the policy is made active once it’s schedule has been subscribed to a
Group
All existing and new policies will be scheduled for every day of the week, 24
hours per day unless another policy is subscribed within the Groups’ schedule
Page 6-1
The McAfee Web Protection Service includes five policy sets:
1. Default Web Policies – By default, all users within your Customer entity will follow this
policy set. These users are considered ‘ungrouped’
2. No Web Access – If a group is assigned to this policy, the users in this group will be
denied access to the WWW
3. Lenient Policy - has the least category restrictions for web browsing
4. Moderate Policy - has more category restrictions than lenient, but still allows some
freedom for browsing
5. Strict policy - has the most category restrictions
Administrators can change any pre-defined policy set or create and define new policy sets.
The Default Web Policy:
can be modified
can be used as a template to define new web policy sets
Page 6-2
is applied to all users within your account
is applied to all ungrouped user accounts
is applied to all users being authenticated via the IP Address Range Access control type
cannot be deleted
All other Policies:
are not active until a Schedule is applied
can be modified
can be created by using any other policy set as a baseline
6.3 Define a Policy
Define new policies and name them appropriately based on the schedule to which they will be
applied. Some commonly defined policies:
Work day Policy
Lunch time policy
After hours policy
6.3.1 Create a new Policy
Click the New button
Enter the Web Policy Name
Enter the Web Policy Description
Select any previously defined policy from the Copy From drop list to utilizes its rules as a
baseline
Select the Copy Trusted Sites List / Copy Blocked Sites checkboxes to perform a one-time
copy of the lists from the policy which you are copying
Click Save
When creating a new policy, you must copy the rules from any previously defined policy
Lists can also be copied from the policy from which you are performing the Copy From
Copy Trusted Sites List
Copy Blocked Sites List
Page 6-3
6.3.2 Customize Policy Rules
The Tabs that you see when you select a Web Policy are Package-Aware.
Total Control package will give you access both the Threat & Content Tab
Threat Protection package will give you access to the Threat tab, but not the Content tab
Content Protection package will give you access to the Content tab, but not the Threat tab
Page 6-4
6.3.2.1 Threat Policy Configuration
The Threat tab allows you to enable or disable anti-phishing and anti-spyware filtering
Phishing: A phishing web site masquerades as a legitimate business and attempts to fraudulently
capture sensitive information such as passwords or credit card details.
Spyware: Spyware is software that takes control of your computer, modifies computer settings,
collects or reports personal information, or misrepresents itself by tricking users to install,
download, or enter personal information. This includes drive-by downloads; browser hijackers;
dialers; intrusive advertising; any program which modifies your homepage, bookmarks, or security
settings; and key loggers. It also includes any software that bundles spyware (as defined above) as
part of its offering. Information collected or reported is "personal" if it contains uniquely identifying
data, such as email addresses, name, social security number, ip address, etc. A site is not
classified as spyware if the user is reasonably notified that the software will perform these actions
By default, Anti-Phishing and Anti-Spyware are both enabled (on)
Threat filtering is only available with the following Web Protection service packages: Threat Control
and Total Control
Anti-Virus filtering is available for all Web Protection service packages and
cannot be disabled
McAfee will scan files up to 400 MB in size for viruses. Files greater than 400
MB in size can be downloaded, however these files are not filtered for Viruses.
Page 6-5
6.3.3 Content Policy Configuration
The Content tab allows you to select one, more or all categories of Web sites that you do or do not
want your users to access while browsing. Content filtering is disabled (off) on the Default policy.
It can be enabled or disabled on each policy that allows access to the web.
To enable content filtering, select the ‘enable content filtering’ check box. You can then select one,
many or all of the content categories. Any category with deny selected will be blocked when a
User attempts to access a URL or information on that URL with that categorization.
The Help button provides a description of each content category.
Safe Search Options:
Safe Search forces several search engine’s Safe Search function to be turned on and utilized when
a search is performed. This prevents leading search engines from returning sexually explicit
search results. Although it may not catch all inappropriate material, it will significantly decrease the
chances of displaying unwanted content.
Safe Search only applies to the following search engines: Google and Yahoo
Content Filtering
Each content category is placed into a category group. All category groups are collapsed by
default. A solid radio button means that all categories within the grouping have the same action
(allow or deny). A partially filled radio button means some of the categories within the group have
the allow action and others have the deny action
The McAfee Content Filtering is very intelligent and will display partial pages.
I.e. a user attempts to access a URL whose content category is allowed, however the page
requested pulls information from other web pages with a different category. If those other
categories are not allowed on the policy, that information will not be returned or displayed. McAfee
will display the part of the page that is allowed, but not display the content that has been blocked
based on its content categorization.
Page 6-6
The Uncategorized category:
The Uncategorized category is enforced when a user attempts to access a site that has not
previously been accessed, and therefore a categorization has not been assigned. This category is
often used when organizations only want their users to access the Trusted Sites entries, or want
strict control to ensure only those categories allowed can be accessed.
When a user attempts to access a site that McAfee has not previously been categorized, the
service will:
1. Perform an initial algorithm to determine if the site is High Risk. (E.g. Pornography,
gambling, weapons, etc.). If it is deemed a high risk site, the appropriate category is
dynamically assigned and the customer policy is enforced.
2. Perform a 2nd algorithm, if the site was not deemed high risk, to determine its
categorization based on a broader range of categories. If a categorization is made, the
category is written to the Category Database.
3. If the category cannot be immediately assigned, the uncategorized category is assigned,
and the customer’s uncategorized policy is applied. The automatic categorization continues
and is typically assigned within a few moments.
4. If no automatic categorization is made, the site is submitted for manual categorization and
the uncategorized policy is applied. The priority for site categorization is based on traffic for
that site.
Page 6-7
6.3.4 Trusted Sites
The Trusted Sites tab allows you to identity a list of host names or IP addresses that the Web
Protection service will not filter
The Trusted Sites list a ‘white list’ of allowed sites.
A total of 250 Trusted Sites may be entered per policy
Only fully-qualified host names or IP addresses can be entered. You cannot use a wildcard
character in the host name or IP address.
Upload an existing Trusted Site list by utilizing a .txt file. The trusted site file must:
• contain one entry per line
• be available for your browser to access
Download the existing Trusted Sites to a .csv file by utilizing the Download Trusted Sites List
button
The Trusted Sites window is available with all Web Protection service packages.
If a site is on the Trusted Sites list, it will be allowed even if its category is checked on the Content
Page
URL’s listed on the Trusted Sites list will still be protected from all Threats selected on the Threat
Policy Configuration Tab
If an entry is on the Trusted Site list, all sub pages of that site will also be trusted.
I.e. the Trusted Site entry = www.microsoft.com, will also allow www.microsoft.com/downloads
If a site is on your trusted site list, the site will still be
filtered for the enabled Threats prior to the search results
being displayed. The site will be blocked if it contains a
Virus, Spyware or is considered a Phishing site.
Page 6-8
6.3.5 Blocked Sites
The Blocked Sites tab allows you to create a list of specific Web sites that will always be blocked.
Access to these sites will be blocked even if you have allowed access to their associated
categories
You can upload an existing list of domains and IP Addresses to be blocked by utilizing the More
Options button and clicking on the Upload List button
A total of 250 Blocked Sites may be entered per policy
The existing Blocked Sites List file must:
•
be a text file with a 100k size limit
•
contain one entry per line
You also can download a list to your local drive by clicking the Download Trusted Sites List button.
It downloads the list to a file in CSV format in Microsoft Excel.
6.4 Schedule Policies
Activate the defined policies by applying schedules to them. A grey grid displays a graphical
representation of all policies scheduled for the selected group. By default, the grid is solid grey,
representing the Default policy is being applied for all times of the day, for each day of the week.
After subscribing new schedules for this group, the grid will reflect the new policy schedule. The
‘Subscription’ area is a legend showing all policies applied to this schedule.
To schedule a policy, you must have created a Group. Select the Available Groups drop list to view
all Groups.
Page 6-9
Business Scenario: The customer wants two set of rules enforced for his group of users:
A workday policy with strict rules to during the user’s workday; 8a-5p
A lunchtime policy with more lenient rules during the user’s lunchtime; 12p-1pm
Note: For all remaining times not explicitly defined, the default policy is enforced
Steps:
1.
2.
3.
4.
5.
Select appropriate group from the Available Group drop list
Select Create Subscription
Select Policy to be applied
Identify the policy schedule:
Choose the start time
Choose the end time
Choose the days of the week
Click Done
Once Done is selected, the grid is updated to reflect the additional schedule subscription. Now the
Work Day policy is enforced from 8a-5pm Monday- Friday for the users in our selected group.
6. Create one additional subscription for the Lunchtime policy.
Page 6-10
6.4.1 Editing Subscriptions
Once a schedule has been subscribed to, you may need to edit it to change the time, the days of
the week for which it applies, or the policy altogether. There are three ways to edit a subscription:
1. Change the date & time directly from the subscriptions legend
2. Click on the legend color block
3. Click on the grid color block
When editing a subscription via options 2 or 3, you will receive a pop-up box with the subscription
details:
Page 6-11
6.4.2 Prioritizing Schedules
The subscription priority determines, when multiple policy times overlap, which policy takes
precedence. This happens when, for example, you want to implement the following:
Work day schedule from 8-5p, except during 12-1p, lunchtime.
If you first create the lunchtime subscription from 12-1 and then you create the work day policy
from 8-5, there is an overlap of time, in which both policies cover the hours of 12-1.
In the scenario below, there are two subscriptions listed in the legend, however in the grid we only
see the work day policy. This is because the work day policy has a higher priority than the lunch
time policy. If we leave the scenario as show, the lunch time policy will not be enforced.
Page 6-12
By editing the lunchtime policy, we can ‘increase’ its priority and take precedence over the work
day policy during the overlapping times. Click the lunch time policy color block in either the legend
or grid. Click Increase within Subscription priority. When Done is clicked, the Lunch time policy is
now represented on the grid, as its priority, during 12-1p is higher than the work day policy.
Page 6-13
6.4.3 Applying schedules & user time zones
When applying schedules, if the user account has a time zone set in their preferences, that time
zone is used. If no time zone is set in the User Account preferences, the default time zone of
Denver Mountain Time will be used.
Selecting the user’s local time zone proves very helpful, as it will allow you to create one policy
schedule and have it apply to users in multiple time zones
When a schedule changes while a user is browsing
A ‘Check policy’ is performed for every web request, which means a users policy can change
during an existing browser session.
E.g. A user has a lunchtime policy from 12-1pm and after 1pm their workday policy is applied,
which has a more strict set of rules.
If the user is browsing at 12:59p, the Lunchtime policy is enforced. Their next browser request
after 1pm is treated with the users work day policy schedule.
The result is that a user could be allowed access to a page, but when they click on a link within that
page, they could be denied further access.
The blocked page received by the user will identify that the page was blocked because of the
category; the blocked page will not identify the policy schedule that is being applied.
Page 6-14
6.5 Web Access User Experience
The user will receive an exception message when accessing a site that is:
Phishing site
Spyware site
Site containing a virus
Blocked for specific content
Depending on the site categorization, the site may be completely blocked or only have areas of the
website blocked
Access to any the Web will be denied if:
the Access Control type of Explicit User Authentication is selected and the user does not
have a primary user account in the Control Console
if the Access Control type of IP Address Range Authentication is selected and the user’s IP
address is not within the IP ranges entered
The Access Control Type of WDS Connector is utilized and the user cannot connect to their
Network
The user is in a group associated to the No Web Access policy
Page 6-15
6.5.1 Exception Messages
The user can click on the exception to view the
exception definition
Page 6-16
In this scenario, the user logged in
was assigned to a group that had Real
Estate sites blocked. They were able
to see the information listed as text,
but no images related to the listing.
6.6 Request a URL Re-categorization
Log onto the eService Portal and submit a Service Request requesting a recategorization of a
specific URL.
See the Support module in this document on details regarding accessing the eService Portal and
opening a Service Request.
Page 6-17
7 Reporting
7.1 Objectives
Navigate within reports
Sort report content
Generate and analyze Customer Level Reports:
–
Traffic Overview
–
Threat Filtering
–
–
–
Blocked Content
–
Audit Trail
Generate and analyze User Level reports:
–
Detailed Download
–
Threat Filtering
–
Allowed Content
–
Blocked Content
Generate Forensics reports:
–
Input criteria
Download reports
Page 7-1
7.2 Reports Overview
The Reports window displays graphic reports about the web filtering being performed by the
McAfee Web Protection Service
Reports assist the Administrator in:
Web site analysis, policy actions and traffic summaries
Monitoring user web surfing and time spent on the Internet
Monitoring the most popular Web protocols and web sites accessed by users
The Reporting details will be captured at an IP Address Level, a user account Level, or both,
depending on the Access Control Type(s) utilized
All reports can be generated for a specific reporting period:
Today
Daily
Weekly
Monthly
All reports can be downloaded to a .csv file for sorting, printing and storage
Note: When interpreting the data on the reports, know that a request may be
made to a site that a user did not specifically visit. One request made by a user
could result in many requests being to other web pages to return data on the
requested site
7.2.1 Reporting Data History
The length of time the Web Protection Reporting Data is maintained in the system varies
depending on the report.
The reporting data for all Summary Reports is maintained in the Control Console for the
current month, plus 30 days back. The summary reports are:
Threat Filtering --> Main View
Allowed Content by Site--> Main View
Allowed Content by User--> Main View
Blocked Content --> Main View
6.
7.
8.
9.
The reporting data for all Detailed Reports* is maintained in the Control Console for 7 days.
*Detailed Report = any drill down detail within a Summary Reports’ Main View to obtain additional
detail
The Reports
Traffic Overview
Page 7-2
Threat Filtering
Blocked Content
Audit Trail
All reports generated from Web Protection Reports will show reporting activity at the Customer
Account level. To obtain User-level reporting, go to the specific user account in Account
Management. To obtain the User level reporting, Explicit User Authentication or WDS Connector
must be used as the Access Control Type and user accounts must exist in the Control Console.
User level Web Activity reports are not available if the IP Address Range Authentication Access
Control Type is being used.
Page 7-3
7.3 Report Navigation
You can click the icons on the top right corner of each bar graph to view it in an alternate format.
Pie chart formats cannot be changed.
Most reports allow you to drill down into deeper levels for more detailed and informative reporting.
Two angle brackets to the right of a listing indicate that more information is available for that
category. Click the link to access this additional information.
The Download button at the top of the window allows you to download all the report information to
a .csv spreadsheet. If the report is saved to a text file, the output is formatted line by line
Page 7-4
When the list of categories is large, you may want to find a specific category. Enter the category
name or a limited entry in the Search list for field. Your list of categories will be dynamically
updated.
Page 7-5
7.4 Traffic Overview Report
Traffic Overview report provides you with an overall understanding of the traffic and bandwidth
trends. This gives you information on the number of Content Requests that were allowed and
blocked in the selected reporting period, as well as information on the data volume utilized. All
numbers are also represented in graphical format.
Allowed Traffic Requests: Displays the aggregates of allowed requests by users over a specified
time period. These numbers include one or more hits on a single visit to a Web page.
Blocked Traffic Trends: Displays the aggregates of blocked requests for the specified time
period. These numbers include one or more content requests on a single visit to a Web page.
Data Volume In Trends: Displays inbound bandwidth usage.
Data Volume Out Trends: Displays outbound bandwidth usage.
Page 7-6
7.5 Threat Filtering Report – Summary Report
The Threat Filtering report provides you with an overview of the threats that Web Protection
filters for the specified time period. You can obtain additional levels of detail on the Threat Filtering
Report. Clicking a threat area that has a double arrow will give you the specific URL where the
threat was detected
From there, click on the specific URL where the threat was detected to view the additional details
like the User or the IP Address that initiated the request.
If Explicit User Authentication is selected as the Access Control Type, the
Threat Filtering Report will report on specific URL and associated User detail
Malware Trojans: Code created by hackers to detect PC activity, allowing the hacker to assume
the user's identity. Note: Reporting of Malware Trojans must be enabled at the system level to be
available in the Control Console.
Phishing: A form of Internet fraud that uses Web sites appearing to be legitimate to steal valuable
information such as credit cards, social security numbers, user IDs, and passwords.
Spyware Effects: Sites to which spyware reports its findings or from which it downloads
advertisements. These sites usually contain serious privacy issues; for example, "phone home"
sites to which software can connect and send user information, sites that make extensive use of
Page 7-7
tracking cookies without a posted privacy statement, and sites to which browser hijackers redirect
users.
Spyware / Malware Sources: Software that takes control of your computer, modifies computer
settings, collects or reports personal information, or misrepresents itself by tricking users to install,
download, or enter personal information.
Viruses: Programs are code that attach themselves to a legitimate, executable program, and then
reproduce themselves when that program is run.
Threat Distribution: Displays the distributed percentage values for the threat types for the
specified time period.
Threat Trends: Displays the aggregates of blocked requests over a specified time period,
grouped by threat type (i.e. phishing, viruses, or spyware). Each threat type is color-coded. These
numbers include one or more content requests on a single visit to a Web page.
Top Sites and Top Protected Users: Lists the top sites and top protected users for the particular
threat you selected on the Main View of Threat Filtering.
Top Viruses: Displays the top viruses for the specified time period. (This section only displays if
you selected Viruses on the Main View of Threat Filtering and only if the selected Customer has
the threat filtering package.)
Page 7-8
7.5.1 Threat Filtering Report – Detail Report
Clicking a threat area that has a double arrow will give you the specific URL where the threat was
detected
From there, click on the specific URL where the threat was detected to view the user that initiated
the request to the threat site
You can continue obtaining more levels of detail to find out how often one user has requested
access to a site or category
Page 7-9
Spyware Effects - will give you a good indication if any of your users PCs have previously been
infected with Spyware and that Spyware is ‘phoning home’. This will save you time (and PC &
network vulnerability) by concentrating on cleaning these users PC’s
Page 7-10
7.6 Allowed Content by User – Summary Report
The two Allowed Content Reports; Allowed Content by Site and Allowed Content
by User display similar data. The difference in the reports is the order in which the
drill down for detail happens.
Allowed Content by User: Drill Down Order: Category User Site
Business Use: The Allowed Content by User report is helpful when you are trying to determine
which users have a lot of web activity within a specific category. This is helpful when the specific
Site is less important than the general category. (e.g., who is accessing Game sites, Sports sites,
etc.).
The focus of the Allowed Content by User is the User
Scenario: I want to find out what specific users are playing the most games during the business
day. I am less interested in the actual site on which they are playing, as my objective is to find out
who is playing the most. The Allowed Content by User will allow you to find specific Users within a
Category. If you need, you can drill down within that User to see the specific Sites that user has
accessed.
The All Categories - Traffic list will show you the most requested categories, in ascending
order. Review this list to ensure the heavily requested categories are work appropriate and should
not be blocked on the Content area of your Policy.
Page 7-11
The All Categories- Data Volume will show you the categories taking up the most network
bandwidth. While a category may not be the most heavily requested, it may be taking up too much
bandwidth. Review this list to ensure these categories should continue to be allowed.
All Categories – Traffic: Displays a ranked list of categories.
All Categories - Data Volume In: Displays a ranked list of top data volume usage.
Traffic Trends - All Categories: Displays the aggregates of allowed requests for the specified
time period. These numbers include one or more content requests on a single visit to a Web page.
Data Volume In Trends: Displays inbound data volume usage for the specified time period.
7.6.1 Allowed Content by User – Detailed Report
Page 7-12
7.7 Allowed Content by Site – Summary Report
Allowed Content by Site: Drill down order: Category Site User
Business Use: The Allowed Content by Site report allows the drill down from a
Category to a specific Site and from there to the User level detail. This report is
very helpful when the customer would like to find out all users accessing a specific Site. (e.g.
Facebook.com, Myspace.com, Monster.com)
The focus of the Allowed Content by Site report is the Site
Scenario: I want to find out what users are going to careerbuilder.com and job searching. The
Allowed Content by Site will allow you to find a specific Site within a Category and drill down within
that site to see the User names who have been allowed access to that site.
Top Users – Traffic: Lists the users with the most traffic to that specific category.
Top Users - Data Volume In: Lists the users with the highest inbound data volume usage for the
specified time period.
Traffic Trends: Displays the aggregates of allowed requests for the specified time period. These
numbers include one or more content requests on a single visit to a Web page.
Page 7-13
Data Volume in Trend: Displays inbound data volume usage for the specified time period.
7.7.1 Allowed Content by Site – Detailed Reports
Page 7-14
7.8 Blocked Content Report – Summary Report
The Blocked Content report contains data relevant to all blocked requests for the specified time
period, organized by category. Use this summary report to ensure that the categories you have
chosen to block are still appropriate blocked categories.
When drilling down to obtain additional detail within the Blocked Content Report, you can view the
specific URL blocked by either the User Name or the IP Address.
Clicking a blocked content category that has a double arrow will give you the specific URL of the
blocked category. From there, click on the specific URL of the blocked category to view the user
that initiated the request to the threat site
If Explicit User Authentication is selected as the Access Control Type, the Blocked Content Report
will report on specific URL and associated User detail
Top Categories: Displays a ranked list of categories.
Traffic Trends - All Categories: Displays the aggregates of blocked requests for the specified
time period. These numbers include one or more content requests on a single visit to a Web page.
Page 7-15
7.8.1 Blocked Content Report – Detail Report
Page 7-16
7.9 Audit Trail Report
The Audit Trail report displays the audit log items for all actions performed by customer
administrators and above within the Web Protection Console for the specified time period, such as
configuration changes.
Page 7-17
7.10 User Level Reporting
When you are in any of the reports and find that one of your users has a lot of web activity, you
may wish to generate web activity reports for one specific user account. To do that, we must
access the user account in the Account Management area of the control console.
The User Level reports are available when either the Explicit User
Authentication or the WDS Connector Access Control Types are used.
Identify the user for which you would like to generate web activity reports
Enter the user name in the global search tool
Click Go
You will be taken to that user account in Account Management
User Level web activity reports are considered Detailed Reports. Detailed
reporting data is maintained in the Control Console for 7 days.
Page 7-18
There are two reports inside an individual user account: the Detailed Download and Web Activity
Links.
7.10.1
Web Activity
Within the Web Activity area, the same reports generated at the Customer Level can be generated
for the individual user account:
•
Threat Filtering
•
Allowed Content
•
Blocked Content Report
The information obtained on the User Level Allowed, Content & Threats reports is the same as on
the Customer Level reports, it just reflects the data for the selected user
Page 7-19
7.11 Detailed Download (CSV)
The Detailed download report is very helpful as it is one report that contains both Allowed and Blocked web activity for the selected user.
This eliminates the need to generate individual Allowed Content and Blocked Content reports for the selected user. The data is displayed
for the past 7 days; starting from when the Detailed Download link is clicked.
The Detailed Download report also shows additional details, beyond what the existing Allowed Content & Blocked Content Reports show.
The Detailed Download shows, in addition to the Site (host) name; a column showing the remainder of the URL
Note: Observed = Allowed
Page 7-20
7.12 Downloading Reports
You can download reports that are generated at a Company level (within Web Protection Reports) or at a User level (within Account Management User Details). User level reporting is
available if you select Explicit User Authentication as your Access Control type
Within any level of reports, click the Download button. The reporting data will be downloaded to a
MX Excel .csv format file.
7.13 Understanding the Reporting Data
The numbers displayed in the reports are based on the objects the URL pulls down to create a
page. One user request may result in one or more requests to many URLs; all of which are needed
to create the single URL page explicitly requested.
I.e. if a user makes a request to go to msn.com, the user has made one explicit request. However,
in order for MSN.com to return its page, it has to make requests to other web pages on the user’s
behalf. It may need to request information from 17 different news sites, 9 shopping sites, 4 email
sites, etc.
All of the requests needed to return a page are what is displayed within the Web Protection
Reports. The result is that a report may show, for example, a gaming site was accessed 15
times. However, this does not mean that your user base tried to access the same URL or a
gaming category 15 times.
Page 7-21
7.14 Forensics Reporting
The McAfee SaaS Web Forensics tab allows administrators to delve into the available Web Activity log
to review their service. Administrators can filter, sort and export data from the logs to determine what
any or all users requested, the resulting action, bandwidth usage, virus detection, etc. The forensics
report provides in-depth information about the Web Protection Service.
There are three functions within Forensics Reporting:
1. Filter: allows you to identify search criteria for specific web activity
Note: only the first 1,000 results are displayed in the control console
2. Sort: allows you to sort the displayed search results
3. Download: allows you to download the report into MS Excel CSV file
Note: the Download function will download all results, while the Control Console will limit the
results displayed to 1,000
Page 7-22
7.14.1
Enter Forensics Criteria
Enter as much information as possible into any/all of the following filter fields. Fields designated with an asterisk (*) are required
Field Name
Description
Business Use
*Start Date
Select a Start Date for the search. The Date is based your
Control Console User Account time zone
Helps to determine if certain days incur peak web use and
should have a different policy applied for that day
*Start Time
Select a Start Time for the search. The Date is based your
Helps to determine if certain times of the day incur peak
web use and should have a different policy applied for that
time of day
*End Date
Select an End Date for the search. The Date is based your
Helps to determine if certain days incur peak web use and
should have a different policy applied for that day
*End Time
Select an End Time for the search. The Date is based your
Helps to determine if certain times of the day incur peak
web use and should have a different policy applied for that
time of day
User Name
The user name entered must exactly match their existing
Control Console user account. The User Name can be a
Primary or User Alias; the results returned are based on what
user account was entered when the user was authenticated.
Helps determine if a user is inappropriately or over using
the Web. Might result in placing the user in a group and
enforcing a schedule based policy
E.g. A user entered their Primary user account when
authenticating on Monday and their User Alias when
authenticating on Tuesday. A search on the Users primary
user account will only return the web activity for Monday.
Enter a limit of one user name at a time
URI Scheme
This lists the http, https protocol
View which sites were accessed via HTTP versus HTTPS
to help you determine if users are accessing sites that are
insecure (i.e. via HTTP) and subject to attacks.
URI = Universal resource indicator
Requested
Host
The Host name of the URL request (e.g. google.com)
View the URLs accessed frequently, potentially resulting in
a policy change
Requested
Path
The Path of the URL request.(ex. /images/logo.gif)
View the URLs accessed frequently, potentially resulting in
a policy change
Page 7-23
Category
The returned Category of the URL
View the Categories accessed frequently, potentially
resulting in a policy change
Result
The URL was either Observed or Denied
Helps ensure users have access to the sites they need,
and do not have access to sites the organization deems
inappropriate.
Server to
Client Bytes
The number of bytes in the URL response (downloaded
Bandwidth). An exact byte must be entered; future releases
include the ability to search for greater or lesser than bytes
Rarely used in search criteria, but helpful when viewing
search results. View sites using the most bandwidth to
determine if policies should be changed.
Client to
Server Bytes
Data sent to the Internet (uploaded Bandwidth.) An exact byte
must be entered; future releases will include the ability to
search for greater or lesser than bytes
Rarely used in search criteria, but helpful when viewing
search results. View sites are using the most bandwidth, o
determine if policies should be changed.
Source IP
The IP address that initiated a web request
When viewing search results, determine if one IP location
has too much web activity
HTTP Action
The http request definition (ex. Get, Post, Connect)
Helpful to determine if someone is spending a lot of time
logging / uploading (post or put) information to a site. E.g.,
too much time blogging. It can be beneficial to include a
specific URL when searching for a specific HTTP Action.
Virus
The Virus identifier. This will show the specific virus type (e.g.
Phishing) or the Virus name (e.g. conficker)
See which PC’s might be infected with a virus to prioritize
the scanning/ cleaning of those pc’s.
Page 7-24
7.14.2
Forensics Search Results
Your search results will display the first 1000 results according to your chosen filters. To view
all results that matched the search criteria, click the Download button to generate a .csv file
containing all search results.
Note: Large data sets may take an exceptionally long time to download. It is recommended that
you refine your search as best possible to limit your response time.
Page 7-25
7.14.3
Sort Forensics Results
You can sort your search results within the control console by the columns listed below. To sort your
results by any other column, download the results and sort within the downloaded file.
Requested Time
User Name
Requested Host
Category
Result
Server to Client Bytes
Client to Server Bytes
You can identify up to three columns when sorting the results.
Click on the Sort header
Sort By: Select the first column on which you would like to sort
Order: Select if the column selected above should be sorted in Ascending or Descending
order
You can enter an additional two columns and their sort order.
Click the Search button or your keyboard Enter Key
Page 7-26
8 Support
Describe how McAfee Customer Support interacts with Customers
Explain how to generate an eService request
Locate the McAfee documentation
Identify helpful addresses and tools
8.2 McAfee Customer Support
For McAfee Direct Customers, customer support is available seven days a week / 24 hrs a day, 365
days a year.
A support ticket can be opened by contacting Customer Support directly at
720-895-5701 (Colorado) or 877-695-6442 (Toll Free) or opening eService requests in the
eService portal (McAfee customers only)
Once a Service Request (SR) has been opened, a confirmation of the request and the
tracking number is emailed
If the customer had their service provisioned by a McAfee Partner, please contact your
partner for specific support details
Customers can access the McAfee eService support portal at https://support.mcafeesaas.com
E-mail login ID and password information is required to access SR and account information
in the portal
E-mail logins will be the account’s technical contact email address
Each account is allowed a maximum of three technical contacts
The first time you access the eService portal, you must request a temporary password. This
password is e-mailed to the accounts technical contact email address
Customers have the ability to view all their service requests
Customers can add notes to the SR, which generate an alert the McAfee support
representative that is managing the SR
Customers can close the SR
Customers can update their contact information and opt out of some of the automated alerts
Page 8-1
1. Search – Allows the customer to search the McAfee Knowledge base for answers to their
questions.
2. Top Issues – the top 10 issues are listed, automatically reordered, and displayed based on
the most frequently searched questions and answers.
3. Reference Materials – Administrator/User guides and recorded materials can be accessed
or downloaded.
4. Service Requests – Customers can sign in to create a new, update or close their Service
Request(s). Customers can also download their Service Activation guide.
5. Helpful Links - Customers can sign in to edit their account information, access their SR’s,
access their McAfee service, make payments or install the Delete as Spam add-in (DAS) for
Microsoft Outlook®.
6. Service Alerts – Allows quick access to current or upcoming service alerts.
Page 8-2
8.3 Preferences
Customers can change their contact information and password after logging in and selecting
the “Update Your Contact Information” link.
Password requirements are different then the password controlled within the McAfee Control
Console
8.4 eService Requests
Service requests are documented records of customers’ provisioning questions, billing inquiries,
service questions and service issues.
Service requests are always associated with the customer account within McAfee Systems.
Customers have the ability to view all Service Requests, their open/ closed status and all status
changes and note updates for their service requests. In addition, customers will also be able to
submit note updates for the service request.
8.4.1 Creating a Password
A password is required to access portions of the eService portal. To have a password emailed to
the email address:
1. Access the eService portal at https://support.mcafeesaas.com
2. Under the Helpful Links section, click the My Account link.
3. Click the Edit Your Customer Account Information link.
4. Click the Forgot your password? link. Enter your email address and click the Send button.
5. A password will be emailed to the email address.
8.4.2 Changing a Password
1.
Access the eService portal at https://support.mcafeesaas.com.
2.
Under the Helpful Links section, click the My Account link.
3.
Click the Edit Your Customer Account Information link.
4.
Enter your email address, password and click the Submit button.
Page 8-3
5.
Enter your new password and click the Submit button.
8.4.3 Creating a Service Request
Customers can create service requests using the eService portal at
https://support.mcafeesaas.com
Service requests may also be created for the customer by a McAfee customer support
representative.
1. From the McAfee eService portal.
a) Click the Create Service Request link.
b) Select the service by clicking one of the icons of selecting it from the Request Type drop list
box.
c) Login using your email address and password.
2. Fill out the SR. (All fields starting with a red asterisk are required entries).
Page 8-4
3. Add additional information if needed:
Enter additional information using the Additional Details dialog box
Attach a file, such as a screen shot using the Attach a File option
o
Attachment file size up to 5MB
o
Attachments may be added by customers or by McAfee Customer Support
Note: SRs will display different options depending for which service the SR is
being created.
4. Click the Submit button to create and submit the SR.
An email message is sent to the customer notifying them of the SR number. The SR number
has two sections. The first section is the SR number; the second section is the date the SR
is created
Customers can go to View My Issues link to view the SR and add note details
Page 8-5
8.4.4 Reviewing or Updating a Service Request
From the McAfee support site, log into the eService portal at https://support.mcafeesaas.com
1. Click on the My Service Requests link.
Login with your email address and password
All service requests are displayed
The Search Criteria fields can be used to locate a specific SR
2. Click the SR’s Reference Number to change::
What Control Console is used
The Domain name
The Primary Issue
Add details, send a message or upload a file.
o
If the customer adds a note, an email alert is sent to McAfee support
8.5 Supporting Documentation
1. Login to https://support.mcafeesaas.com
2. Click the Reference Materials link
Page 8-6
Web Protection Administration Guide
Identifies how to setup Web Protection Service, create and manage user accounts, configure Web
Protection policies and generate Web Activity Reporting
Web Protection Service Setup Guide
Provides information on redirecting the organization’s web traffic through McAfee’s Web proxy
servers
•
Recorded Tutorials
~10 minute recorded sessions walking through specific Control Console functional
areas
Group Policies
This tutorial shows how an administrator can use Groups and Policy Sets to create
and use Group Policies for different situations.
User Experience – The Spam Quarantine Report and Online Quarantine
This tutorial shows an end user how to use their Email Protection Spam Quarantine
report and their personal online quarantine to manage their quarantined email.
Web Protection Reporting
This tutorial shows a customer administrator how to use the Web Protection reports
to give them insight on their organization’s web activity at both an organization and
user level.
WDS Connector
This tutorial shows the steps to install the WDS Connector onto the Customer
Server.
More available soon
8.6 Education Services Contact
For additional training information, please contact the McAfee Education Services Department at
[email protected]
Page 8-7

McAfee Web Protection Admin Guide

Transcription

Similar documents

Piano Spec Sheet Template

RESULTS COMMERCIAL INSIGHTS CHALLENGES

StairMaster Gauntlet - Tower Fitness Equipment Services Inc.

Cybex Trazer

19 FT Center Console Boat Comparison | Yamaha Boats

ETRM Solutions - Primetech Systems Inc.

UniPixel Investor Presentation November XX, 2015 NASDAQ: UNXL

DVU Log-in Credentials

Teacher Pages

Aggie Agenda 87 - Department of Soil and Crop Sciences