McAfee Endpoint Suite Installer

2y ago
15 Views
2 Downloads
1.20 MB
47 Pages
Last View : 1m ago
Last Download : 5m ago
Upload by : Wren Viola
Transcription

an little or nothing for a select group of low-riskprocesses as configured, such as sqlserver.exe and sqlwriter.exe. A Default Processes policy has common file & directory exclusions specific to the system type towhich it is being deployed. File reads and writes by any process not classified as Low-Risk willtrigger normal file scanning, except on the database and other key files and directories, i.e., yourstandard AV exclusions.Quick Tip: Standard desktops and file servers might use a Default-only policy, as process exclusionsare not typically required. You can get additional information on Risk-Based Scanning from the McAfeeKnowledgebase articles KB55139 and KB66036, and the McAfee Quick Tips video What is Risk BasedScanning?.Host IPS PoliciesPlease note that McAfee Host IPS has two main components: kernel-level IPS protection and a firewall.The McAfee EPS suite contains the firewall only, while the EPA suite contains both components. If youare evaluating the EPS suite, skip to the section entitled Host IPS Firewall.The main function of McAfee Host IPS is to protect systems against known and unknown attacks. This isoften achieved without an update to the software, by use of patented buffer overflow and otherbehavioral protection. It has the additional benefit reducing the urgency and frequency of patching byprotecting vulnerabilities from exploit even before a patch has been applied. Consider the time spent onpatching within your organization. By deploying Host IPS, many of those vulnerabilities would beprotected from exploit, allowing you to patch on a more reasonable schedule. For example, McAfee HostIPS protected against 60% of all exploits against Microsoft vulnerabilities, and nearly 75% of all exploitsagainst Adobe vulnerabilities, disclosed between 2006 and 2011. Also consider the Host IPS ability toprotect systems against exploit on those occasions when a new vulnerability exists but the correspondingpatch is not yet available.Kernel Level Host IPSFor the initial stages of this evaluation, you will assign a policy that instructs Host IPS to block Highseverity, and log Medium and Low events. Blocking on High severity events is a minimum if you plan touse attack tools to test the product’s effectiveness. This is combined with logging of Medium and Lowseverity events. To accomplish more than simply log events, a policy such as this is often used inimplementation in live environments.Enabling Host IPSFollow these steps to assign a policy that enables Host IPS on your client systems.1 Click the System Tree button on the favorites bar.2 Highlight the Workstations group.3 Click the Assigned Policies tab.McAfee Suite InstallerPage 11

McAfee Suite Installer Setup Guide From the Product drop-down menu, select Host Intrusion Prevention 8.0: IPS. On the line that lists IPS Options, click Edit Assignment. For Inherit from, select Break inheritance and assign the policy and settings below. From the Assigned Policy drop-down menu, select POC - Host and Network IPS enabled. Click Save. The policy is now assigned to that group and all its subgroups.4 Repeat the above steps for your Laptops group.Setting Protection LevelFollow these steps to assign a policy that blocks High severity events, and logs any of Medium and Lowseverity. Logging provides detailed advanced knowledge of which signatures may require exclusionsprior to enforcing block on Medium events, thus guiding accurate policy tuning. One can elevate selectLow severity signatures to Medium later if desired, instead of maintaining all Lows active.1 Click the System Tree button on the favorites bar.2 Highlight the Workstations group.3 Click the Assigned Policies tab. From the Product drop-down menu, select Host Intrusion Prevention 8.0: IPS. On the line that lists IPS Protection, click Edit Assignment. For Inherit from, select Break inheritance and assign the policy and settings below. From the Assigned Policy drop-down menu, select POC - Block High events; Log Medium andLow. Click Save. The policy is now assigned to that group and all its subgroups.4 Repeat the above steps for your Laptops group.Assigning IPS RulesAs virtual systems are often used for evaluations, assigning this policy uses the standard signature set,but facilitates testing by changing VMWare protection and VNC detection signatures to a severity of Low.The McAfee Default policy maintains these signatures at their normal severity levels and should beconsidered before staging in a live environment.1 Click the System Tree button on the favorites bar.2 Highlight the Workstations group.3 Click the Assigned Policies tab. From the Product drop-down menu, select Host Intrusion Prevention 8.0: IPS. On the line that lists IPS Rules, click Edit Assignment. For Inherit from, select Break inheritance and assign the policy and settings below. From the Assigned Policy drop-down menu, select POC - VMware and VNC exception policy. Click Save. The policy is now assigned to that group and all its subgroups.4 Repeat the above steps for your Laptops group.Host IPS FirewallThe Host IPS Firewall is stateful and offers location awareness and other advanced features, including IPReputation filtering, part of McAfee’s Global Threat Intelligence (GTI). The firewall uses GTI to protectendpoints from botnets, distributed denial-of-service (DDoS) attacks, advanced persistent threats, andrisky web connections.McAfee collects data from billions of IP addresses and network ports, and calculates a reputation scorebased on network traffic, including port, destination, protocol, and inbound and outbound connectionrequests. The score reflects the likelihood that a network connection poses a threat, such as a connectionassociated with botnet control.Page 12McAfee Suite Installer

McAfee Suite Installer Setup GuideCoupling a single firewall rule with a GTI-only policy lets you immediately receive the benefit of cloudintelligence on known botnets and their command and control centers. This is achieved with little effort,minimal overhead, and no interference with your existing host or network firewall rules.Enabling the FirewallFollow these steps to assign a policy that simply enables the firewall and sets the sensitivity level for GTIat Medium risk or higher. At this point, no firewall ruleset is active or assigned.1 Click the System Tree button on the favorites bar.2 Highlight the Workstations group.3 Click the Assigned Policies tab. From the Product drop-down menu, select Host Intrusion Prevention 8.0: Firewall. On the line that lists Firewall Options, click Edit Assignment. For Inherit from, select Break inheritance and assign the policy and settings below. From the Assigned Policy drop-down menu, select POC – Enable FW and GTI. Click Save. The policy is now assigned to that group and all its subgroups.4 Repeat the above steps for your Laptops group.Assigning the GTI–Only RulesetThe steps below assign a policy that allows all traffic, but uses GTI to perform lookups of IP reputationsand block connections to any external addresses posing a threat.1 Click the System Tree button on the favorites bar.2 Highlight the Workstations group.3 Click the Assigned Policies tab. From the Product drop-down menu, select Host Intrusion Prevention 8.0: Firewall. On the line that lists Firewall Rules, click Edit Assignment. For Inherit from, select Break inheritance and assign the policy and settings below. From the Assigned Policy drop-down menu, select POC - GTI-Only Rule Set. Click Save. The policy is now assigned to that group and all its subgroups.4 Repeat the above steps for your Laptops group.Perhaps you have shied away from Host IPS, feeling that it would be a complex or lengthy process todeploy, or had concern about blocking legitimate processes. By following a logical, systematic approach,you can quickly realize the benefits of deploying Host IPS in your environment. While the policies appliedhere are sufficient for initial testing, prior to full production

McAfee Suite Installer Setup Guide Page 6 McAfee Suite Installer Configure the McAfee ePO Server Log in to ePolicy Orchestrator Log in with the User Name of Admin and the password that you designated during the installation. On first login, y

Related Documents:

access control with transparent full encryption of storage media to offer effective security for PCs running the Microsoft Windows operating system. Management, deployment and user recovery are handled by a centralised McAfee Endpoint Encryption Manager and communication between the McAfee Endpoint Encryption Client and this administrative

McAfee Management of Native Encryption (MNE) 4.1.1 McAfee Policy Auditor 6.2.2 McAfee Risk Advisor 2.7.2 McAfee Rogue System Detection (RSD) 5.0.4 and 5.0.5 McAfee SiteAdvisor Enterprise 3.5.5 McAfee Virtual Technician 8.1.0 McAfee VirusScan Enterprise 8.8 Patch 8 and Patch 9 McA

Vendor Product Version Endpoint Security 10.x Endpoint Security for Mac 10.x VirusScan 8.x VirusScan for Mac 9.x McAfee McAfee Security for Mi crosoft Exchange 8.5 Microsoft Windows Defender All known versions Symantec Endpoint Protection 12.1, 14 Endpoint Protection for Macintosh 12, 14 Sophos Endpoint Security 9.x, 10.x

ESET Endpoint Protection Standard v6.5.522.0 FireEye Endpoint Security v4 Fortinet FortiClient v5.6.2 G DATA EndPoint Protection Business v14.1.0.67 Kaspersky Lab Kaspersky Endpoint Security v10 Malwarebytes Endpoint Protection v1.1.1.0 McAfee Endpoint Security v10.5 Palo Alto Networks Traps v4.1 Panda Security Panda Adaptive Defense 360 v2.4.1

What is McAfee DLP?.13 Key features.14 How it works.14 McAfee DLP Endpoint and McAfee Device Control — Controlling endpoint content and removable media . Whitelisted text.129 Create and configure classifications.129 Create a classification.129 Create classification criteria.130 McAfee Cloud Data Protection Beta .

McAfee Dynamic Endpoint Threat Defense Next-generation endpoint security is a security category highlighting signature-less defenses and dominated by startup vendors and point tools. As this market matures however, traditional endpoint security vendors are catching up, offering the first true next-generation endpoint security solutions.

Symantec Corp Symantec Endpoint Protection 2011 12.1.671.4971 McAfee, Inc McAfee Total Protection for Endpoint 2010 4.5.0.1270 Microsoft Corp Microsoft Forefront Endpoint Protection 2010 2010 1.95.4146. Sophos Ltd Sophos Endpoint Security and Data Protection 2011 9.7 Kaspersky Lab Kaspersky Business Space Security 2011 6.0.4.1424

Andreas Werner The Mermin-Wagner Theorem. How symmetry breaking occurs in principle Actors Proof of the Mermin-Wagner Theorem Discussion The Bogoliubov inequality The Mermin-Wagner Theorem 2 The linearity follows directly from the linearity of the matrix element 3 It is also obvious that (A;A) 0 4 From A 0 it naturally follows that (A;A) 0. The converse is not necessarily true In .