ePolicy Orchestrator 3.0 Product Guide
Transcription
ePolicy Orchestrator 3.0 Product Guide
Product Guide ePolicy version 3.0 Orchestrator™ Revision 1.0 COPYRIGHT © 2003 Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or affiliate companies. To obtain this permission, write to the attention of the Network Associates legal department at: 5000 Headquarters Drive, Plano, Texas 75024, or call +1-972-308-9960. TRADEMARK ATTRIBUTIONS Active Firewall, Active Security, Active Security (in Katakana), ActiveHelp, ActiveShield, AntiVirus Anyware and design, AVERT, Bomb Shelter, Certified Network Expert, Clean-Up, CleanUp Wizard, CNX, CNX Certification Certified Network Expert and design, Covert, Design (stylized N), Disk Minder, Distributed Sniffer System, Distributed Sniffer System (in Katakana), Dr Solomon’s, Dr Solomon’s label, Enterprise SecureCast, Enterprise SecureCast (in Katakana), ePolicy Orchestrator, Event Orchestrator (in Katakana), EZ SetUp, First Aid, ForceField, GMT, GroupShield, GroupShield (in Katakana), Guard Dog, HelpDesk, HomeGuard, Hunter, LANGuru, LANGuru (in Katakana), M and design, Magic Solutions, Magic Solutions (in Katakana), Magic University, MagicSpy, MagicTree, McAfee, McAfee (in Katakana), McAfee and design, McAfee.com, MultiMedia Cloaking, Net Tools, Net Tools (in Katakana), NetCrypto, NetOctopus, NetScan, NetShield, NetStalker, Network Associates, Network Policy Orchestrator, NetXray, NotesGuard, nPO, Nuts & Bolts, Oil Change, PC Medic, PCNotary, PortalShield, Powered by SpamAssassin, PrimeSupport, Recoverkey, Recoverkey – International, Registry Wizard, Remote Desktop, ReportMagic, RingFence, Router PM, Safe & Sound, SalesMagic, SecureCast, Service Level Manager, ServiceMagic, SmartDesk, Sniffer, Sniffer (in Hangul), SpamKiller, SpamAssassin, Stalker, SupportMagic, ThreatScan, TIS, TMEG, Total Network Security, Total Network Visibility, Total Network Visibility (in Katakana), Total Service Desk, Total Virus Defense, Trusted Mail, UnInstaller, Virex, Virus Forum, ViruScan, VirusScan, WebScan, WebShield, WebShield (in Katakana), WebSniffer, WebStalker, WebWall, Who’s Watching Your Network, WinGauge, Your E-Business Defender, ZAC 2000, Zip Manager are registered trademarks or trademarks of Network Associates, Inc. and/or its affiliates in the US and/or other countries. Sniffer® brand products are made only by Network Associates, Inc. All other registered and unregistered trademarks in this document are the sole property of their respective owners. This product includes or may include software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes or may include cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes or may include some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that Network Associates provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein. LICENSE AGREEMENT NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO NETWORK ASSOCIATES OR THE PLACE OF PURCHASE FOR A FULL REFUND. Issued April 2003 / ePolicy Orchestrator™ software version 3.0 DOCUMENT BUILD 3.0.0.13 9 Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Getting more information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Contacting McAfee Security & Network Associates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Minimum Escalation Resource Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Virus Information Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 AVERT WebImmune . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 McAfee Security Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Network Associates Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Using online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Copying Help topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Finding information in Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Hiding or showing the Help navigation pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Highlighting search words in Help topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Moving through Help topics you've seen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Printing Help topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Viewing definitions of options in the interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 1 Introducing ePolicy Orchestrator . . . . . . . . . . . . . . . . . . . . . . . . . 27 The ePolicy Orchestrator server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 The ePolicy Orchestrator agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 The ePolicy Orchestrator console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 What’s new in this release? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Feature comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Enterprise-scalable product deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Global updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Deployment of all product updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Reporting on all product updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Support for and controlled upgrade of agents 2.0, 2.5, and 2.5.1 . . . . . . . . . . . . . . . 38 Enhanced updating for mobile computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Product Guide iii Contents Continuous updating from Network Associates to desktops . . . . . . . . . . . . . . . . . . . 40 Multiple server management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Custom compliance reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Daily executive summary security reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Windows 2003 support for the agent and server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 64-bit support for the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Automatic inactive agent maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Automatic domain synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Getting Started wizard for small businesses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 More control over agent-to-server communication . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Reporting performance improvements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Integration with Symantec Norton AntiVirus 8.0 and 8.01 . . . . . . . . . . . . . . . . . . . . . 49 Integration with McAfee VirusScan Enterprise 7.0 . . . . . . . . . . . . . . . . . . . . . . . . . . 49 2 ePolicy Orchestrator Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Managing multiple ePolicy Orchestrator servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Logging on to or adding ePolicy Orchestrator servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Logging on to ePolicy Orchestrator servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Adding ePolicy Orchestrator servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Logging off ePolicy Orchestrator servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Removing ePolicy Orchestrator servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Version of the server, console, or policy pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Determining the version number of the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Determining the version number of policy pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 User accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Types of user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Global administrator user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Global reviewer user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Site administrator user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Site reviewer user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Adding user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Deleting user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Changing passwords on user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Server settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Changing ePolicy Orchestrator server settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Setting the IP address of ePolicy Orchestrator servers . . . . . . . . . . . . . . . . . . . . . . . 67 Server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Default server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 iv ePolicy Orchestrator™ software version 3.0 Contents Creating server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Scheduling recurring server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Scheduling server tasks to start in the future . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Changing server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Deleting server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Reviewing the status of server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Server events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Viewing server events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Refreshing server events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Saving server events to a file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Printing server events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 The Small Business Getting Started wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Using the Small Business Getting Started wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 3 The Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Automatic IP address sorting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Guidelines for IP management settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Search order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Importing sites based on network domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Adding sites manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Assigning IP management settings to a newly added site . . . . . . . . . . . . . . . . 102 Sending the agent to all computers in a newly added site . . . . . . . . . . . . . . . 103 Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Importing groups based on network domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Adding groups manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Assigning IP management settings to a newly added group . . . . . . . . . . . . . . 110 Sending the agent to all computers in a newly added group . . . . . . . . . . . . . . 111 Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Importing computers based on network domains . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Adding computers manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Sending the agent to all newly added computers . . . . . . . . . . . . . . . . . . . . . . 117 Importing computers from text files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Format of text files used to import computers . . . . . . . . . . . . . . . . . . . . . . . . . 120 Sample text file used to import computers . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Adding WebShield appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Lost&Found groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Verifying the integrity of the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Product Guide v Contents Finding duplicate computer names in the Directory . . . . . . . . . . . . . . . . . . . . . . . . . 124 Verifying the integrity of IP management settings . . . . . . . . . . . . . . . . . . . . . . . . . . 125 List of IP management conflicts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 IP management settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Assigning IP management settings to existing sites or groups . . . . . . . . . . . . . . . . 127 Changing IP management settings of existing sites or groups . . . . . . . . . . . . . . . . 128 Deleting IP management settings from existing sites or groups . . . . . . . . . . . . . . . 130 Manual IP address sorting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Specifying how to sort computers by IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Sorting computers by IP address manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Managing the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Synchronizing domains automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Synchronizing domains manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Finding computers in the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Pattern matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Moving items in the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 4 Managed Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Adding policy pages to the Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Adding report templates to the Report Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Removing policy pages from the Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 5 Software Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Importing McAfee AutoUpdate Architect repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Enabling or disabling the management of distributed repositories . . . . . . . . . . . . . . . . . . 150 Setting up distributed software repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Common implementations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Small business scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Mid-sized business scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Pre-deployment testing scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Repository types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Master repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Global distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Local distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Mirror distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 SuperAgent distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Source repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Fallback repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 vi ePolicy Orchestrator™ software version 3.0 Contents Creating repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Creating global distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Defining local distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Defining mirror distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Creating SuperAgent distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Defining source repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 Specifying how the nearest repository is selected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Proxy server settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Using Internet Explorer proxy server settings (master repository) . . . . . . . . . . . . . . 173 Defining custom proxy server settings (master repository) . . . . . . . . . . . . . . . . . . . 175 Using Internet Explorer proxy server settings (client computers) . . . . . . . . . . . . . . 179 Setting custom proxy server policies (client computers) . . . . . . . . . . . . . . . . . . . . . 180 Managing repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Redefining the default source repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Redefining the fallback repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Switching source and fallback repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Changing global distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 Changing local distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 Changing SuperAgent distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 Viewing the master repository settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Deleting global distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Removing local distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Deleting SuperAgent distributed repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 Removing source or fallback repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Repository list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 When does the repository list change? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Exporting the repository list to a file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Distributing the repository list manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Product and product update packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 Legacy product support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 Package catalog files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Package signing and security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Package versioning and branches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 Package ordering and dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 Checking in and managing packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Checking in packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Manually moving packages between branches . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211 Viewing information about packages in repositories . . . . . . . . . . . . . . . . . . . . . . . . 213 Product Guide vii Contents Deleting packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 Pull and replication tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 Scheduling Repository Pull server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 Running a pull task immediately . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Scheduling Repository Replication server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 Running a replication task immediately . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 6 Policies, Properties, and Client Tasks . . . . . . . . . . . . . . . . . . . . 225 Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226 What is a policy? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226 Policy inheritance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 Policy enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 How policies are enforced for McAfee products . . . . . . . . . . . . . . . . . . . . . . . 229 How policies are enforced for Norton AntiVirus products . . . . . . . . . . . . . . . . 230 Setting policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 Copying policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 Importing and exporting policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Policy files and policy templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Exporting policies to policy files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236 Importing policies from policy files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 Exporting policies to policy templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239 Importing policies from policy templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 Restoring the default policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242 Agent policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 Agent activity log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 Agent wakeup calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244 Agent-to-server communication interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Recommended agent-to-server communication intervals . . . . . . . . . . . . . . . . 245 Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Initial agent-to-server communication interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 Policy enforcement interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 Repository list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 Selective updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 SuperAgent wakeup calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 IP address information in the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 Setting agent policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Showing or hiding the agent system tray icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 Enabling or disabling agent wakeup calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 viii ePolicy Orchestrator™ software version 3.0 Contents Setting agent communication intervals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 Specifying whether to send full or minimal properties . . . . . . . . . . . . . . . . . . . . . . . 255 Enabling or disabling immediate event forwarding . . . . . . . . . . . . . . . . . . . . . . . . . 256 Enabling or disabling the logging of agent activity and remote access to log files . . 257 Enforcing the agent policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 Complete and incremental properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 Full or minimal properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 Viewing properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 Client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Default client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Task inheritance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 Creating client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Scheduling client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 Scheduling recurring client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 Scheduling client tasks to start in the future . . . . . . . . . . . . . . . . . . . . . . . . . . 267 Changing client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267 Deleting client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268 7 Agent Deployment and Management . . . . . . . . . . . . . . . . . . . . . 269 Agent installation directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270 Agent language deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 Agent AutoUpgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Enabling or disabling agent AutoUpgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274 Enabling the agent on unmanaged products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 Upgrading the agent 3.0 or later to the most current version . . . . . . . . . . . . . . . . . . 275 How is the agent installation package created? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 Permissions associated with installing the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 Agent deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 Creating a custom agent installation package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 Deploying the agent from the console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 Setting up remote administration on Windows 95, Windows 98, or Windows Me computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283 Enabling network access on Windows XP Home computers . . . . . . . . . . . . . 283 Deploying the agent while creating the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . 284 Distributing the agent manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 Distributing the agent using third-party deployment tools . . . . . . . . . . . . . . . . . . . . 284 Installing the agent for use with computer images . . . . . . . . . . . . . . . . . . . . . . . . . . 285 Product Guide ix Contents Scheduling the deployment of the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286 Updating logon scripts to install the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287 Agent installation command-line options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 /DATADIR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 /DOMAIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 /INSTALL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 /INSTDIR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 /PASSWORD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291 /REMOVE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291 /SILENT or S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291 /SITEINFO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291 /USELANGUAGE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291 /USERNAME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 Agent management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293 Switching servers that manage client computers . . . . . . . . . . . . . . . . . . . . . . . . . . 293 Finding inactive agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 Scheduling Inactive Agent Maintenance server tasks . . . . . . . . . . . . . . . . . . . 295 Sending agent wakeup calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296 Sending SuperAgent wakeup calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 Scheduling agent-to-server communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298 Viewing or saving the agent activity log file locally . . . . . . . . . . . . . . . . . . . . . . . . . 299 Viewing the agent activity log files remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 Agent system tray icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301 ePolicy Orchestrator Agent Monitor dialog box . . . . . . . . . . . . . . . . . . . . . . . . 301 ePolicy Orchestrator Agent Options dialog box . . . . . . . . . . . . . . . . . . . . . . . . 302 Update Now command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 ePolicy Orchestrator Agent dialog box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Command Agent command-line options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304 Uninstalling the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 Uninstalling the agent when you remove computers . . . . . . . . . . . . . . . . . . . . 305 8 Product Deployment and Updating . . . . . . . . . . . . . . . . . . . . . . 307 Product deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 Enforcement of product deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 Deploying products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 Viewing product activity log files remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310 Uninstalling products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311 Product update deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313 x ePolicy Orchestrator™ software version 3.0 Contents How the Update task works and when to use it . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313 How AutoUpdate and AutoUpgrade tasks work and when to use them . . . . . . . . . . 313 Specifying the branch to retrieve updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 Rolling back updates to the previous version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 Deploying new updates to selected computers for testing . . . . . . . . . . . . . . . . . . . . 316 Deploying product updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 Deploying product updates using AutoUpdate and AutoUpgrade tasks . . . . . . . . . 318 Global updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 Setting up global updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323 Initiating and reporting on a global update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323 Deploying SuperAgents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324 Enabling or disabling global updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325 9 Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327 How security affects reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328 Database authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328 How authentication method affects working with events . . . . . . . . . . . . . . . . . . . . . 328 How user account affects working with events and reports . . . . . . . . . . . . . . . . . . . 329 How user account affects data that appears in reports . . . . . . . . . . . . . . . . . . . . . . 329 ePolicy Orchestrator database servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330 Logging on to or adding ePolicy Orchestrator database servers . . . . . . . . . . . . . . . 330 Logging on to ePolicy Orchestrator database servers . . . . . . . . . . . . . . . . . . . 331 Adding ePolicy Orchestrator database servers . . . . . . . . . . . . . . . . . . . . . . . . 333 Logging off ePolicy Orchestrator database servers . . . . . . . . . . . . . . . . . . . . . . . . . 334 Removing ePolicy Orchestrator database servers . . . . . . . . . . . . . . . . . . . . . . . . . . 334 Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335 Limiting events stored in the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335 Importing events into the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337 Repairing events and computer names in the database . . . . . . . . . . . . . . . . . . . . . 338 Repairing events in the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 Repairing computer names associated with events in the database . . . . . . . . 340 Deleting events from the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 Global reporting settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342 Specifying global reporting options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343 Limiting report and query results by client computer . . . . . . . . . . . . . . . . . . . . . . . . 345 Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346 Running reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 Defining compliance rules for reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 Product Guide xi Contents Specifying viewing and printing options for reports . . . . . . . . . . . . . . . . . . . . . 352 Defining how to group data on reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354 Limiting report results within a time period or data group . . . . . . . . . . . . . . . . 355 Limiting report results by selected criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356 Saving and reusing report input settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 Saving report input settings for reuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360 Applying report input settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 Changing existing report input settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362 Saving existing report input settings to a new name . . . . . . . . . . . . . . . . . . . . 363 Deleting report input settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 Saving customized reports selections as report templates . . . . . . . . . . . . . . . . . . . 365 Working with reports in the report window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366 The report toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 Viewing the details of report data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Refreshing data in reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 Printing reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 Exporting report data to other formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 Finding text in reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 Zooming in or out of reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372 Paging through reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372 Hiding or showing the report group tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372 Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373 Running queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373 Refreshing data in queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373 Going to specific rows in a query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374 Reorganizing the Report Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 Adding report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Changing report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377 Deleting report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 Creating report groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Deleting report groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Reorganizing the Query Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380 Adding custom query templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380 Changing query templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382 Deleting query templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 Creating query groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 Deleting query groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 10 Maintaining ePolicy Orchestrator Databases . . . . . . . . . . . . . . 385 xii ePolicy Orchestrator™ software version 3.0 Contents Securing ePolicy Orchestrator databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386 Securing ePolicy Orchestrator MSDE databases . . . . . . . . . . . . . . . . . . . . . . . . . . 386 Changing SQL Server user account information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389 Maintaining ePolicy Orchestrator databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391 Maintaining MSDE databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391 Maintaining SQL Server databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392 Backing up and restoring ePolicy Orchestrator databases . . . . . . . . . . . . . . . . . . . . . . . 394 Backing up ePolicy Orchestrator MSDE databases . . . . . . . . . . . . . . . . . . . . . . . . . 394 Restoring ePolicy Orchestrator MSDE databases . . . . . . . . . . . . . . . . . . . . . . . . . . 396 Merging ePolicy Orchestrator databases together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398 Creating merged databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 Saving database merge settings for reuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404 Merging databases using predefined settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 Merging databases using predefined settings (drag-and-drop operation) . . . . 410 Merging databases from the command line using predefined settings . . . . . . 411 Merging databases in the background using predefined settings . . . . . . . . . . 411 Changing the default server connection protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 11 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 Creating a User DSN in Data Sources (ODBC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416 Enabling logging for the agent for NetWare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417 Disabling logging for the agent for NetWare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417 A Using ePolicy Orchestrator Over the Internet . . . . . . . . . . . . . . 419 Internet scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420 Remote access via VPN and RAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420 Corporate intranet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420 Connecting through an ISP and a firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421 Configuring the firewall for ePolicy Orchestrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 Agent-to-server communications packet size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 B Report and Query Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . 423 Coverage report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424 Agent to Server Connection Info report template . . . . . . . . . . . . . . . . . . . . . . . . . . 425 Agent Versions report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427 Compliance Issues report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428 Compliance Summary report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431 DAT/Definition Deployment Summary report template . . . . . . . . . . . . . . . . . . . . . . 433 Product Guide xiii Contents DAT Engine Coverage report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 Engine Deployment Summary report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437 Product Protection Summary report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439 Products By Custom Data Groups report template . . . . . . . . . . . . . . . . . . . . . . . . . 441 Product Updates By Custom Event Groups report template . . . . . . . . . . . . . . . . . . 444 Infection | Action Summaries report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446 Action Summary By Top 10 Files Resolved report . . . . . . . . . . . . . . . . . . . . . . . . . 447 Action Summary By Top 10 Files Unresolved report . . . . . . . . . . . . . . . . . . . . . . . . 448 Action Summary By Top 10 Viruses report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449 Action Summary report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450 Infection | Detections report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451 Infection History report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452 Infections By Custom Data Groups report template . . . . . . . . . . . . . . . . . . . . . . . . 454 Number Of Infections Detected By Product For Current Quarter (3D Bars) report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457 Number Of Infections Detected Monthly Showing Viruses report template . . . . . . . 458 Number Of Infections For the Past 24 Hours report template . . . . . . . . . . . . . . . . . 460 Outbreaks - Weekly History report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461 Outbreaks - Current report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462 Product Events By Severity report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464 Number Of Infections From Removable Media report template . . . . . . . . . . . . . . . . 465 Security Summary report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466 Virus Type report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467 Viruses Detected report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469 Infection | Top Tens report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471 Top 10 Detected Viruses report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472 Top 10 Infected Files report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473 Top 10 Infected Machines report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474 Top 10 Infected Users report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475 Infection | WebShield report templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476 Content Filter Report By Rule template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477 Content Filter Report By Rule And Time template . . . . . . . . . . . . . . . . . . . . . . . . . . 478 Content Filter Report Rules Triggered template . . . . . . . . . . . . . . . . . . . . . . . . . . . 479 Content Scanning Detections By Appliance report template . . . . . . . . . . . . . . . . . . 480 Infection History report template (WebShield) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481 Spam Detections By Appliance report template . . . . . . . . . . . . . . . . . . . . . . . . . . . 483 Top Ten Spammers report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484 URLs Blocked report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485 Virus Detections By Appliance report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486 xiv ePolicy Orchestrator™ software version 3.0 Contents Virus Detections Timing report template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488 Virus Type report template (WebShield) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490 Viruses Detected report template (WebShield) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492 Coverage and Infection subreports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494 Computer Summary subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495 Compliance Summary subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496 Infection History subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497 Infection Summary subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498 Policy subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499 Task subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500 Update Errors subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501 Upgrade History subreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502 Criteria used to limit report results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503 Coverage reports criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504 Infection | Action Summaries reports criteria Infection | Detections reports criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506 Infection | Top Tens reports criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507 Infection | WebShield reports criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508 Descriptions of the criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509 Computer query templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511 All Connecting Computers query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511 Hourly ASCI Count query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511 Computers With No Protection query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511 Computers By Language query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512 Computers By OS Type query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512 Computers By Timezone query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512 Computers By ePONode query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512 Count Of All Connecting Computers query template . . . . . . . . . . . . . . . . . . . . . . . . 512 OS Summary query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512 Policy Changes (Computers) query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512 Policy Changes (Groups) query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512 Events query templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513 All Scanning Events query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513 All Scanning Events By ePONode query template . . . . . . . . . . . . . . . . . . . . . . . . . 513 All Product Update Events query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513 Count Of All Scanning Events query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514 Count Of All Product Update Events query template . . . . . . . . . . . . . . . . . . . . . . . . 514 Count of All Infections query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514 Product Guide xv Contents Scanning Event Summary query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514 First Virus Occurrence query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514 Summary of Past Outbreak Events query template . . . . . . . . . . . . . . . . . . . . . . . . . 514 Upgrade Summary query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514 Upgrade Summary by Date query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514 Server Task Log query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514 All Infections query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514 All Infections By Virus Name query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515 Installations query templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516 All AV Installations by Last Contact query template . . . . . . . . . . . . . . . . . . . . . . . . 516 All Installations query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516 All Installations By ePONode query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516 Compliance Comparison query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516 Count Of All AV Installations query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516 Count Of All Installations query template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516 C Handling Virus Outbreaks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517 Before an outbreak occurs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518 Checklist — Are you prepared for an outbreak? . . . . . . . . . . . . . . . . . . . . . . . . . . . 518 Recognizing an outbreak . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519 Network utilization key indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519 E-mail utilization key indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519 Virus detection events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520 Responding to an outbreak . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521 Checklist — You think an outbreak is occurring . . . . . . . . . . . . . . . . . . . . . . . . . . . 521 D Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523 How to read operating system data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524 Action taken numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525 Locale IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526 Product IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527 Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528 E Supported Products and Features . . . . . . . . . . . . . . . . . . . . . . . 529 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543 xvi ePolicy Orchestrator™ software version 3.0 Preface This Product Guide introduces McAfee ePolicy Orchestrator™ software version 3.0, and provides the following information: n Overview of the product. n Descriptions of product features. n Descriptions of all new features in this release of the software. n Detailed instructions for configuring and deploying the software. n Procedures for performing tasks. n Troubleshooting information. n Glossary of terms. Audience This information is designed for system and network administrators who are responsible for their company’s anti-virus and security program. Product Guide 17 Preface Conventions This guide uses the following conventions: Bold All words from the user interface, including options, menus, buttons, and dialog box names. Example Type the User name and Password of the desired account. Courier Text that represents something the user types exactly; for example, a command at the system prompt. Example To enable the agent, run this command line on the client computer: FRMINST.EXE /INSTALL=AGENT /SITEINFO=C:\TEMP\SITELIST.XML Italic Names of product manuals and topics (headings) within the manuals; emphasis; introducing a new term. Example Refer to the VirusScan Enterprise Product Guide for more information. <TERM> Angle brackets enclose a generic term. Example In the console tree under ePolicy Orchestrator, right-click <SERVER>. 18 NOTE Supplemental information; for example, an alternate method of executing the same command. WARNING Important advice to protect a user, computer system, enterprise, software installation, or data. ePolicy Orchestrator™ software version 3.0 Preface Getting more information Installation Guide System requirements and instructions for installing and starting the software. Available as a printed booklet that accompanies the product CD. Also available in an Adobe Acrobat .PDF file from either the product CD or the McAfee Security download site. Help Product information in the Help system that is accessed from within the application. For instructions, see Using online Help on page 24. n Configuration Guide The Help system provides high-level and detailed information. Access from either a Help menu option or Help button in the application. For use with ePolicy Orchestrator. Procedures for installing, configuring, deploying, and managing your McAfee and third-party products through ePolicy Orchestrator management software. Available in an Adobe Acrobat .PDF file from either the product CD or the McAfee Security download site. Getting Started Guide Detailed instructions for installing the Small Business Edition of the software, detailed instructions for configuring and deploying the agent and anti-virus products using an automated wizard, and a list of weekly anti-virus management tasks. Available in an Adobe Acrobat .PDF file from either the product CD or the McAfee Security download site. Product Guide 19 Preface Release Notes README file. Product information, resolved issues, any known issues, and last-minute additions or changes to the product or its documentation. Available as a .TXT file from either the product CD or the McAfee Security download site. Contact 20 A list of phone numbers, street addresses, web addresses, and fax numbers for Network Associates offices in the United States and around the world. Also provides contact information for services and resources, including: n Technical Support n Customer Service n Download Support n AVERT Anti-Virus Research Site n McAfee Beta Site n On-Site Training n Network Associates Offices Worldwide ePolicy Orchestrator™ software version 3.0 Preface Contacting McAfee Security & Network Associates Technical Support Home Page http://www.nai.com/naicommon/services/technical-support/intro.asp KnowledgeBase Search https://knowledgemap.nai.com/phpclient/Homepage.aspx PrimeSupport Service Portal * http://mysupport.nai.com McAfee Beta Program http://www.mcafeeb2b.com/beta/ AVERT Anti-Virus Emergency Response Team Home Page http://www.mcafeeb2b.com/naicommon/avert/default.asp Virus Information Library http://vil.nai.com Submit a Sample https://www.webimmune.net/default.asp Download Site Home Page http://www.mcafeeb2b.com/naicommon/download/ DAT File and Engine Updates http://www.mcafeeb2b.com/naicommon/download/dats/find.asp ftp://ftp.nai.com/pub/antivirus/datfiles/4.x Product Upgrades * http://www.mcafeeb2b.com/naicommon/download/upgrade/login.asp Training On-Site Training http://www.mcafeeb2b.com/services/mcafee-training/default.asp McAfee Security University http://www.mcafeeb2b.com/services/mcafeesecurityu.asp Network Associates Customer Service E-mail services_corporate_division@nai.com Web http://www.nai.com http://www.mcafeeb2b.com US, Canada, and Latin America toll-free: Phone +1-888-VIRUS NO or +1-888-847-8766 Monday – Friday, 8 a.m. – 8 p.m., Central Time For additional information on contacting Network Associates and McAfee Security— including toll-free numbers for other geographic areas — see the Contact file that accompanies this product release. * Login credentials required. Product Guide 21 Preface Resources The ePolicy Orchestrator Start Page includes links to some useful resources. This page appears when you log on to any ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. n Minimum Escalation Resource Tool. n Virus Information Library. n AVERT WebImmune. n McAfee Security Home Page. n Network Associates Home Page. Minimum Escalation Resource Tool Use the Minimum Escalation Resource Tool link to access the Network Associates web site for more information about this tool, the tool itself, and instructions for installation. Minimum Escalation Resource Tool (MERTool) is designed to be used when Network Associates products fail on a computer. When launched, MERTool collects a variety of information from the computer on which it is running, including event logs, registry information, running process lists and Active Directory entries. Virus Information Library Use the Virus Information Library link to access the McAfee Anti-Virus Emergency Response Team (AVERT) Virus Information Library web site that includes detailed information on where viruses come from, how they infect your system, and how to remove them. AVERT WebImmune Use the AVERT WebImmune link to access to the Anti-Virus Emergency Response Team (AVERT) WebImmune web site. AVERT WebImmune is the world's first Internet virus security scanner that resides on the web, and is available 24 hours a day, 365 days a year. You can submit potentially infected files to WebImmune for analysis. You will receive information about your files, including solutions and real-time fixes, if required. 22 ePolicy Orchestrator™ software version 3.0 Preface McAfee Security Home Page Use the McAfee Security Home Page link to access the McAfee Security web site. Network Associates Home Page Use the Network Associates Home Page link to access the Network Associates web site. Product Guide 23 Preface Using online Help You can access all of the product information found in the product guide in online Help. n Copying Help topics. n Finding information in Help. n Hiding or showing the Help navigation pane. n Highlighting search words in Help topics. n Moving through Help topics you've seen. n Printing Help topics. n Viewing definitions of options in the interface. Copying Help topics 1 Right-click inside the desired topic, then select Select All. 2 Right-click inside the topic again, then select Copy to copy the topic to the Clipboard. 3 Open the document to which you want to copy the topic. 4 Click the place in your document where you want the information to appear. 5 On the Edit menu, select Paste. NOTE To copy only part of a topic, select the part you want to copy, right-click the selection, then select Copy. Words that are links to other topics and step numbers are not copied to the Clipboard. Finding information in Help 24 n Click the Contents tab to browse through topics by category. n Click the Index tab to see a list of index entries. You can either enter the word you’re looking for or scroll through the list. n Click the Search tab to find every occurrence of a word or phrase within the Help file. ePolicy Orchestrator™ software version 3.0 Preface Hiding or showing the Help navigation pane n To hide the navigation pane, which includes the Contents, Index, and Search tabs, click Hide on the Help toolbar. n To display the navigation pane, which includes the Contents, Index, and Search tabs, click Show on the Help toolbar. Highlighting search words in Help topics n n To highlight search words in topics, click Options on the Help toolbar, then select Search Highlight On. To turn off highlighting, click Options on the Help toolbar, then select Search Highlight Off. Moving through Help topics you've seen n To display the previously viewed Help topic, click Back on the Help toolbar. n To display the next Help topic in a previously displayed sequence of topics, click Forward on the Help toolbar. Printing Help topics n To print a Help topic, right-click inside the desired topic, then select Print. n To print a pop-up topic, right-click inside the pop-up window, then select Print. n To print all topics within a book on the Contents tab, right-click the desired book, select Print, then select Print the selected heading and all subtopics. Viewing definitions of options in the interface n Click Help. Product Guide 25 Preface 26 ePolicy Orchestrator™ software version 3.0 1 Introducing ePolicy Orchestrator The ePolicy Orchestrator software provides a scalable tool for centralized anti-virus and security policy management and enforcement. It also provides comprehensive graphical reporting and product deployment capabilities. Using ePolicy Orchestrator, you can manage policies for McAfee and Symantec products and deploy McAfee products and product updates through a single point of control. The ePolicy Orchestrator software is comprised of the following components: n The ePolicy Orchestrator server — A repository for all data collected from distributed ePolicy Orchestrator agents. n The ePolicy Orchestrator console — A clear, understandable view of all virus activity and status, with the ability to manage and deploy agents and products. n The ePolicy Orchestrator agent — An intelligent link between the ePolicy Orchestrator server and the anti-virus and security products that enforces policies and tasks on client computers. The following topics are included: n The ePolicy Orchestrator server. n The ePolicy Orchestrator console. n The ePolicy Orchestrator agent. n What’s new in this release? Product Guide 27 Introducing ePolicy Orchestrator The ePolicy Orchestrator server The ePolicy Orchestrator server acts as a repository for all data collected from distributed agents. It includes the following features: n A robust database that accrues data about product operation on the client computers in your network. n A report-generating engine that lets you monitor the virus protection performance in your company. n A software repository that stores the products and product updates (for example, Service Pack releases) that you deploy to your network. The ePolicy Orchestrator server can segment the user population into discrete groups for customized policy management. Each server can manage up to 250,000 computers. The ePolicy Orchestrator agent The ePolicy Orchestrator agent is installed on target client computers and servers where it gathers and reports data, installs products, enforces policies and tasks, and sends events back to the ePolicy Orchestrator server. The agent runs in the background on client computers. It retrieves incremental changes to policies and tasks from the ePolicy Orchestrator server, then executes the policies, installs any downloaded products on the client computer, and performs all scheduled tasks. When activity relating to products occurs on the client computer, the agent notifies the server. For example, if a virus appeared on the client computer, the information is sent back to the ePolicy Orchestrator console. This activity is invisible to the user of the client computer. The ePolicy Orchestrator console provides great flexibility in deploying the agent. While it is designed for pushing the agent to your client computers, you can also copy the agent installation package onto a floppy disk, into a network share, or onto some other medium for manual installation on your client computers. The ePolicy Orchestrator console The ePolicy Orchestrator console allows you to manage your entire company's anti-virus and security protection and view client computer properties easily. Housed within the Microsoft Management console (MMC) user interface, the ePolicy Orchestrator console provides the ability to set and enforce anti-virus and security policies to all agents on client computers, or to selected computers. It also provides a task scheduling feature that lets you target specific computers or groups with scheduled tasks and policies. Finally, the console allows you to view and customize reports to monitor your deployment, virus outbreaks, and current protection levels. 28 ePolicy Orchestrator™ software version 3.0 Introducing ePolicy Orchestrator When you start the ePolicy Orchestrator software, the ePolicy Orchestrator console appears. The console uses standard components of the Microsoft Management Console (MMC). The main components of the ePolicy Orchestrator console are described below. For more information on using the ePolicy Orchestrator console, see the MMC Help file. 1 2 4 3 5 Figure 1-1. Components of the console 1 Console tree — Appears in the left pane of the console, and contains all of the console tree items. 2 Console tree items — Include the Directory, Repository, and Reporting. 3 Details pane — Appears in the right pane of the console, and shows details of the currently selected console tree item. Depending on the console tree item you select, the details pane can be divided into upper and lower panes. 4 Upper details pane — Contains the Policies, Properties, and Tasks tabs. 5 Lower details pane — Contains the configuration settings for the products listed on the Policies tab in the upper details pane. Product Guide 29 Introducing ePolicy Orchestrator What’s new in this release? This release of the ePolicy Orchestrator software introduces the following new features: 30 n Feature comparison. n Enterprise-scalable product deployment. n Global updating. n Deployment of all product updates. n Reporting on all product updates. n Support for and controlled upgrade of agents 2.0, 2.5, and 2.5.1. n Enhanced updating for mobile computers. n Continuous updating from Network Associates to desktops. n Multiple server management. n Custom compliance reporting. n Daily executive summary security reports. n Windows 2003 support for the agent and server. n 64-bit support for the agent. n Automatic inactive agent maintenance. n Automatic domain synchronization. n Getting Started wizard for small businesses. n More control over agent-to-server communication. n Reporting performance improvements. n Integration with Symantec Norton AntiVirus 8.0 and 8.01. n Integration with McAfee VirusScan Enterprise 7.0. ePolicy Orchestrator™ software version 3.0 Introducing ePolicy Orchestrator Feature comparison Here’s a comparison of the major features of the software, and how they have changed since version 2.0: Feature Description ePolicy Orchestrator servers w Added ability to log on to multiple ePolicy Orchestrator servers at once. Server tasks w Added server tasks, including Inactive Agent Maintenance and Synchronize Domains. w Added log file that reports on the status of server tasks. w Grouped general tasks, user account management, server settings, and server tasks together. w Added links to additional resources, including the Virus Information Library and AVERT WebImmune web sites. Directory Integrity Check w Replaced the Directory Integrity Check command with the Duplicate Computer names query in the Directory Search dialog box. Domain synchronization w Added ability to schedule domain synchronization. Repository w Added distributed software repository architecture. w Moved check in of product Setup (binary) files to the master repository. w Moved check in of product plug-in (.DLL) files to the master repository. w Included support for updating of legacy products. w Added ability to check report templates into the Repository. w Added ability to copy and paste policy settings within the same ePolicy Orchestrator server or between different servers. w Added ability to save policy settings to policy files or templates. w Added ability to disable the agent-to-server communication interval (ASCI), and schedule this communication using an Agent Wakeup client task. w Added ability to skip the initial ten-minute, randomized ASCI if the last agent-to-server communication occurred within the time period you specify. Console Policies Agent-to-server communication Product Guide 31 Introducing ePolicy Orchestrator Feature Description Properties w Added ability to collect full or minimal properties in the agent policy. w Added ability to collect the complete set of properties, instead of incremental properties, during agent wakeup calls. Client tasks w Added client tasks for the agent that apply to all products. Tasks include Agent Wakeup and Product Deployment. Agent AutoUpgrade w Removed Agent AutoUpgrade on agents 3.0 or later; you now initiate the upgrade. w Added ability to disable agent AutoUpgrade on agents 2.0, 2.5, or 2.5.1 in the agent policy. w Added ability to enable or disable the agent to support migration of unmanaged products. w Separated language-specific files from agent installation package. Languages are distributed as product update packages. w Changed the name of the agent installation package to FRAMEPKG.EXE. w Added ability to schedule the deployment of the agent. w Added ability to resume interrupted downloads of products or product updates. w Added ability to retrieve incremental updates. Inactive agents w Added ability to schedule maintenance of inactive agents. Agent activity log files w Added ability to enable or disable logging of agent activity and remote access to the agent activity log files. SuperAgent w Added ability to enable an agent as a SuperAgent. The SuperAgent is a major component of global updating and can be used as a distributed repository. Agent wakeup call w Added ability to collect the complete set of properties instead of incremental properties during agent wakeup calls. w Included ability to send wakeup calls to SuperAgents. In turn, SuperAgents send wakeup calls to all agents in the same subnet. w Moved to Product Deployment client task, which can be enforced periodically or during the policy enforcement interval. w Added ability to view product activity log files remotely. Agent Product deployment 32 ePolicy Orchestrator™ software version 3.0 Introducing ePolicy Orchestrator Feature Description Product update deployment w Added ability to deploy updates to products including service pack and HotFix releases. w Included support for rolling back product updates to previous versions. w Included support for deploying evaluation versions of product updates to selected computers for testing purposes. w Added ability to allow users to postpone product updates. Global updating w Added ability to deploy product updates as soon you check in the corresponding packages to the master repository, then report on the status of the global update immediately. Reporting w Expanded capabilities to include compliance rules, viewing and printing options, and how to group data on reports. w Added ability to save these settings to later reuse. w Added subreports to selected reports used to view infection history, upgrade summaries, tasks, and policy settings at the computer-level. w Incorporated the ability to specify time basis for infection reports into the user interface. Product Guide 33 Introducing ePolicy Orchestrator Enterprise-scalable product deployment Previous release Each ePolicy Orchestrator server had one Repository from which client computers (computers with the agent installed on them) retrieved supported Network Associates products. Current release Although each server still has one Repository (the master repository), you can now replicate its contents to distributed repositories. You can check product and product update packages into the master repository or use source repositories to define a location from which the master repository retrieves packages. By default, the Network Associates HTTP Download web site is a source repository. Client computers retrieve their updates from the nearest repository. If none of these repositories is available, client computers retrieve packages from the fallback repository. By default, the Network Associates FTP Download web site is the fallback repository. You can schedule pull and replication tasks or initiate them on-demand to ensure that the master repository is kept current with the contents of source or fallback repositories, and that distributed repositories are kept current with the contents of the master repository. Benefits Because client computers retrieve their updates from multiple locations, bandwidth usage is more efficient. This distributed software repository architecture, coupled with incremental updates, results in faster update times. Since you can schedule the update of distributed repositories and the master repository, repositories are easily kept up-to-date. Where to find To create global distributed repositories: n In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. In the details pane under AutoUpdate Tasks, click Add distributed repository. To define local distributed repositories: n On the Repositories tab in the ePolicy Orchestrator Agent | Configuration policy page, click Add. To create SuperAgent distributed repositories: n On the General tab in the ePolicy Orchestrator Agent | Configuration policy page, select Enable SuperAgent functionality and Enable SuperAgent repository. To define source repositories: n In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. In the details pane under AutoUpdate Tasks, click Add source repository. 34 ePolicy Orchestrator™ software version 3.0 Introducing ePolicy Orchestrator To redefine the default source or fallback repositories: n For more information In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. In the details pane under AutoUpdate Components, click Source Repository. See Software Repositories on page 147. Product Guide 35 Introducing ePolicy Orchestrator Global updating Previous release You could deploy supported McAfee products stored in the Repository during the agent-to-server communication interval (ASCI) or by sending an agent wakeup call. In addition, product-specific installation policies were enforced on client computers during the policy enforcement interval. Current release When global updating is enabled, product updates are deployed as soon as you check the corresponding packages into the master repository. The packages are immediately replicated to all SuperAgent and global distributed repositories. The ePolicy Orchestrator server sends a wakeup call to all SuperAgents. SuperAgents send a broadcast wakeup call to all agents in the same subnet. All agents (regular agents and SuperAgents) retrieve the update from the nearest repository. If immediate event forwarding is also enabled, agents send update events to the server without waiting for the next agent-to-server communication. You can then report on the status of the global update immediately. Benefits n Administrator-controlled — You control when and whether to enable global updating. n Instant updating — Product updates can be instantly updated during outbreak scenarios without intervention. n Where to find Bandwidth-friendly updating — Only incremental changes to product updates are replicated to distributed repositories. To deploy the SuperAgent: n On the ePolicy Orchestrator Agent | Configuration policy page, select Enable agent wakeup call support and Enable Super Agent functionality. To enable immediate event forwarding: n On the Events tab in the ePolicy Orchestrator Agent | Configuration policy page, select Enable uploading of events. To enable global updating: n In the console tree under ePolicy Orchestrator, select <SERVER>. In the details pane, click the Settings tab, then select Enable global updating. To review the status of a global update: n For more information 36 In the console tree under Reporting | ePO Databases | <DATABASE SERVER> | Reports | Anti-Virus | Coverage, right-click <REPORT>, then select Run. See Global updating on page 319. ePolicy Orchestrator™ software version 3.0 Introducing ePolicy Orchestrator Deployment of all product updates Previous release Updates to supported products needed to be deployed manually. Current release You can now deploy these types of product updates: n Agent language packages. n HotFix releases. n Product binary (Setup) files. n Product plug-in (.DLL) files. n Service pack releases. n SuperDAT (SDAT*.EXE) files. n Supplemental virus definition (EXTRA.DAT) files. n Virus definition (DAT) files. n Virus scanning engine. Once the desired product update packages are checked into the master repository, you can schedule their deployment using client tasks, or deploy them automatically using global updating. Benefits You can now deploy product updates for all supported products. Where to find To check in product update packages: n In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. In the details pane, click Check in package. To schedule the deployment of product updates: For more information 1 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER>, then select Schedule Task. 2 In the Tasks tab in the details pane, right-click the Task Name, then select Edit Task. See Product and product update packages on page 203 and Product update deployment on page 313. Product Guide 37 Introducing ePolicy Orchestrator Reporting on all product updates Previous release You could report on the compliance of products, virus definition (DAT) files, and the virus scanning engine. Current release You can report on which HotFix and service pack releases have been installed on client computers, and determine which are needed to bring the product up-to-date. Benefits You can now report on all supported McAfee products and product updates. Where to find For more information n In the console tree under Reporting | ePO Databases | <DATABASE SERVER> | Reports | Anti-Virus | Coverage, right-click <REPORT>, then select Run. See Running reports on page 347 and Coverage report templates on page 424. Support for and controlled upgrade of agents 2.0, 2.5, and 2.5.1 Current release You can disable the automatic upgrade of agents version 2.0, 2.5, or 2.5.1 to version 3.1 or later. The version 2.0, 2.5, and 2.5.1 agents will continue to send events and properties to the ePolicy Orchestrator server. Benefits You are ensured full visibility during the transition from a 2.0, 2.5, or 2.5.1 environment to the 3.0 environment. Where to find To disable agent AutoUpgrade: n For more information 38 On the General tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Enable Agent Upgrade from 2.x Agent to 3.0 Agent. See Enabling or disabling agent AutoUpgrade on page 274. ePolicy Orchestrator™ software version 3.0 Introducing ePolicy Orchestrator Enhanced updating for mobile computers Previous release You could schedule tasks to run on dial-up. Current release The management of mobile users is made easier with the addition of several new updating enhancements: n Pick nearest repository — Ensures that mobile computers retrieve their updates from the most bandwidth-efficient repository available. This allows you to set a single policy that controls updates for all users, regardless of location. n Postponable updating — Gives control of installing updates to mobile users. You can give users the ability to postpone updates until a later time when bandwidth is more accessible. Benefits n Resumable updating — When mobile computers experience a broken connection during an update, the update process continues where it left off once the connection is re-established. n Secured Internet-compatible HTTP updating — Ensures that users of mobile computers working outside the company firewall can securely update from company web servers or the Network Associates download site. These new bandwidth-efficient update methods help ensure that mobile computers can be kept compliant with the same ease as desktop computers. Product Guide 39 Introducing ePolicy Orchestrator Continuous updating from Network Associates to desktops Current release You can now configure the ePolicy Orchestrator server to replicate products and product updates in the master repository to distributed repositories. To keep your entire organization up-to-date, the master repository can be configured to check the Network Associates download site for updates on a periodic basis (weekly, daily, or every 15 minutes). Since the contents of the download site is compared to the contents of the master repository before any files are downloaded, checking continuously for updates uses a minimal amount of bandwidth. Benefits Customers wanting a more automated, hands-free approach to updating their organization can automatically check the Network Associates download site for new anti-virus or security updates, and when available, immediately deploy them into the environment. The deployment can be set up in stages, ensuring a bandwidth-efficient approach in enterprise environments spread across the globe. 40 ePolicy Orchestrator™ software version 3.0 Introducing ePolicy Orchestrator Multiple server management Previous release You could manage only one ePolicy Orchestrator server at a time. Current release You can easily manage multiple ePolicy Orchestrator servers from a single console using these procedures: n Logging on to multiple servers at once — You can be logged on to multiple servers at the same time. n Creating consolidated reports — You can combine the data from multiple servers and use the resulting merged database to create consolidated reports. n Sharing policy settings — You can share policy settings between console tree items under the Directory on the same server, or between items on different servers. Benefits Computer-specific policies, group-level policies, or server-level policies can be exported and imported for a variety of purposes, including backing up to a disk or sharing between servers. Where to find To log on to multiple servers: n In the console tree, select ePolicy Orchestrator. In the details pane, click Add Server. To create consolidated reports: 1 Use the DB Merge Tool (AVIDB_MERGE_TOOL.EXE) to merge databases. 2 In the console tree under Reporting, right-click ePO Databases, then select Add new server. 3 In the console tree under Reporting | ePO Databases | <DATABASE SERVER> | Reports | <REPORT GROUP>, select <REPORT>. To copy policies: 1 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER>, then select Policy | Copy. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER>, then select Policy | Paste. Product Guide 41 Introducing ePolicy Orchestrator To import and export policies: For more information 42 1 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER>, then select Policy | Export. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER>, then select Policy | Import. See these topics: n Logging on to or adding ePolicy Orchestrator servers on page 53. n Merging ePolicy Orchestrator databases together on page 398. n Logging on to or adding ePolicy Orchestrator database servers on page 330. n Running reports on page 347. n Copying policies on page 233. n Importing and exporting policies on page 235. ePolicy Orchestrator™ software version 3.0 Introducing ePolicy Orchestrator Custom compliance reporting Previous release You could select the versions of virus definition (DAT) files and the virus scanning engine that met your definition of compliance. Current release You now have the ability to further define what compliance means in your environment. For example, you can define compliance rules for the version of the agent or the date of virus infection events. Benefits You can more easily ensure compliance within your environment. Where to find For more information n In the console tree under Reporting | ePO Databases | <DATABASE SERVER> | Reports | Anti-Virus | Coverage, right-click <REPORT> (for example, Compliance Issues), then select Run. See Defining compliance rules for reports on page 350. Daily executive summary security reports Current release A new executive-level summary report is available. This report provides summarized anti-virus and security product data that is used to identify compliance and threat levels. Benefits Consolidates important compliance and threat-level information that highlights infections that cannot be cleaned, or general conditions that demand on-site administrative attention. Where to find For more information n In the console tree under Reporting | ePO Databases | <DATABASE SERVER> | Reports | Anti-Virus | Infection | Detections, right-click Security Summary, then select Run. See Running reports on page 347. Product Guide 43 Introducing ePolicy Orchestrator Windows 2003 support for the agent and server Previous release The agent for Windows supported a variety of Microsoft operating systems from Windows 95 to Windows XP. The ePolicy Orchestrator server was supported on a number of Microsoft operating systems, including Windows NT and Windows 2000. Current release The agent now supports the Windows 2003 operating system for managing McAfee VirusScan Enterprise 7.0 and future McAfee solutions compatible with this operating system. The server now includes support for Windows 2003 operating systems. Benefits The agent now functions properly on the Windows 2003 platform for managing McAfee VirusScan Enterprise 7.0 and future Network Associates products. For more information See the ePolicy Orchestrator 3.0 Installation Guide. 64-bit support for the agent Previous release The agent for Windows supported a variety of 32-bit Microsoft operating systems from Windows 95 to Windows XP. Current release The agent now supports 64-bit versions of supported Windows operating systems. For more information See the ePolicy Orchestrator 3.0 Installation Guide. 44 ePolicy Orchestrator™ software version 3.0 Introducing ePolicy Orchestrator Automatic inactive agent maintenance Previous release You could manually find computers with inactive agents using the Agent to Server Connection Info report or the Inactive ePolicy Orchestrator agents search query in the Directory Search dialog box. Current release You can now schedule an Inactive Agent Maintenance server task to specify the time period that defines inactive agents, and the action that you want performed on computers with inactive agents. This task does not uninstall the agent. Benefits You can schedule a server task that automatically performs inactive agent maintenance for you in the manner you specify. The computers with inactive agents can be deleted from the Directory, or moved into a group you specify for troubleshooting. Where to find For more information 1 In the console tree under ePolicy Orchestrator, select <SERVER>. In the details pane, click the Scheduled Tasks tab, then click Create. 2 In the Configure New Task page, select Inactive Agent Maintenance under Task type. See Scheduling Inactive Agent Maintenance server tasks on page 295. Automatic domain synchronization Previous release You could manually synchronize Windows NT domains that you imported into the Directory with their counterparts on the network and uninstall agents from computers that no longer belong to the specified domain in the Update Domain dialog box. Current release You can now schedule a Synchronize Domains server task to synchronize selected domains that you imported into the Directory with their counterparts on the network. Benefits Keep the Directory current with the network automatically. This server task automatically adds computers to and removes them from the Directory as they join and leave domains, and deploys the agent and applies policies and tasks to computers as they join domains. Where to find For more information 1 In the console tree under ePolicy Orchestrator, select <SERVER>. In the details pane, click the Scheduled Tasks tab, then click Create. 2 In the Configure New Task page, select Synchronize Domains under Task type. See Synchronizing domains automatically on page 135. Product Guide 45 Introducing ePolicy Orchestrator Getting Started wizard for small businesses Current release Designed for small businesses managing up to 250 client computers, the Small Business Getting Started Wizard automates the process of installing and setting policies for the agent and VirusScan products. Benefits Small businesses can get up-and-running quickly. Where to find For more information 46 n If you installed the Small Business Edition of the software, the wizard appears automatically when you log on to the ePolicy Orchestrator server. n In the console tree under ePolicy Orchestrator, select <SERVER>. In the details pane under Task List, click Small Business Getting Started Wizard. See the ePolicy Orchestrator 3.0 Small Business Edition Getting Started Guide. ePolicy Orchestrator™ software version 3.0 Introducing ePolicy Orchestrator More control over agent-to-server communication Previous release Agent-to-server communication took place during the agent-to-server communication interval (ASCI) or during agent wakeup calls. You could not disable the ASCI. When the agent communicates with the server for the first-time either immediately after the agent is installed or when the agent service restarts (for example, when the client computer is turned off and on), the initial ASCI is randomized over a ten-minute interval. Current release You can now disable the ASCI, then schedule agent-to-server communication using the Agent Wakeup client task. You can now skip the initial ten-minute, randomized ASCI if the last agent-to-server communication occurred within the time period (default is 24 hours) you specify. For example, if users turn off their computers at night, agents will initially communicate to the server randomly over the ASCI length instead of 10 minutes. Benefits You have complete control over agent-to-server communication and can schedule it to take place during off-peak times. Where to find To disable the ASCI: n On the General tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Enable Agent to server communication. To schedule an Agent Wakeup client task: 1 In the console tree under ePolicy Orchestrator, select <SERVER>. In the details pane, click the Scheduled Tasks tab, then click Create. 2 In the Configure New Task page, select Agent Wakeup under Task type. To skip the initial ten-minute, randomized ASCI: n For more information On the General tab in the ePolicy Orchestrator Agent | Configuration policy page, specify the time period since the last agent-to-server communication that prompts the agent to skip the initial ten-minute, randomized ASCI in Policy agent to trigger 10 minute communication interval. See Setting agent communication intervals on page 254 and Creating client tasks on page 263. Product Guide 47 Introducing ePolicy Orchestrator Reporting performance improvements Current release The new Products By Custom Data Groups, Product Updates By Custom Event Groups, Infections By Custom Data Groups, and Product Events By Severity reports, and many of the existing infection reports now retrieve group summary data instead of individual detailed data from the ePolicy Orchestrator database when the report is run. Detailed data is retrieved only when you view the details of report data. Each time you view details, the amount of data being retrieved is reduced. By first retrieving only group summary data, then retrieving only the requested detailed data for reports, reports can run 5 to 10 times faster depending on database size. When you run selected reports, you have the ability to specify how data is retrieved. The Fast Drilldown option that appears on the Layout tab in the Enter Reports Inputs dialog box provides the best report performance when running reports from remote consoles. When you run selected reports, you have the ability to limit the results to data recorded within a time period you specify (for example, within the last 3 days), or by custom data groups (for example, for anti-virus products only). You use the Within tab in the Enter Reports Inputs dialog box to specify the time period or data group that you want to limit report results. Benefits Where to find For more information 48 These new features significantly improve the performance of reports. n In the console tree under Reporting | ePO Databases | <DATABASE SERVER> | Reports | <REPORT GROUP>, select <REPORT>. In the Enter Report Inputs dialog box, click the Layout or Within tab. See these topics: n Specifying viewing and printing options for reports on page 352. n Limiting report results within a time period or data group on page 355. ePolicy Orchestrator™ software version 3.0 Introducing ePolicy Orchestrator Integration with Symantec Norton AntiVirus 8.0 and 8.01 Previous release You could manage policies for, schedule tasks for, and report on Symantec Norton AntiVirus Corporate Edition 7.50, 7.51, and 7.6. Current release You can now also manage and report on Norton AntiVirus 8.0 and 8.01. Benefits ePO has been updated to support the policy management, enforcement and detailed reporting on Symantec’s NAV 8.0 desktop and fileserver AV solution. Where to find For more information 1 In the console tree under ePolicy Orchestrator | <SERVER>, select Directory, <SITE>, <GROUP>, or <COMPUTER>. 2 In the details pane, click the Policies tab, then select Norton AntiVirus Corporate Edition 7.5x/7.6/8.0. See the Symantec Norton AntiVirus Configuration Guide for use with ePolicy Orchestrator 3.0. Integration with McAfee VirusScan Enterprise 7.0 Benefits Where to find For more information Award-winning VirusScan technology from McAfee has been updated to McAfee VirusScan Enterprise 7.0. The VirusScan Enterprise software runs on all Windows-based workstation and server platforms simplifying the management and administration of desktop and fileserver anti-virus protection. 1 In the console tree under ePolicy Orchestrator | <SERVER>, select Directory, <SITE>, <GROUP>, or <COMPUTER>. 2 In the details pane, click the Policies tab, then select VirusScan Enterprise 7.0. See the VirusScan Enterprise 7.0 Configuration Guide for use with ePolicy Orchestrator 3.0. Product Guide 49 Introducing ePolicy Orchestrator 50 ePolicy Orchestrator™ software version 3.0 2 ePolicy Orchestrator Servers Once you start the software, you need to log on to the corresponding ePolicy Orchestrator server before you can work with the Directory and Repository. You can be logged on to multiple servers at once. You can also log off or remove servers from the console tree as needed. n Managing multiple ePolicy Orchestrator servers. n Logging on to or adding ePolicy Orchestrator servers. n Logging off ePolicy Orchestrator servers. n Removing ePolicy Orchestrator servers. Once you log on to the ePolicy Orchestrator server, you can work with the following: n Version of the server, console, or policy pages. n User accounts. n Server settings. n Server tasks. n Server events. n The Small Business Getting Started wizard. Product Guide 51 ePolicy Orchestrator Servers Managing multiple ePolicy Orchestrator servers You can easily manage multiple ePolicy Orchestrator servers from a single console using these procedures: n Logging on to multiple servers at once — You can be logged on to multiple servers at the same time. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. n Creating consolidated reports — You can combine the data from multiple servers and use the resulting merged database to create consolidated reports. For instructions, see Merging ePolicy Orchestrator databases together on page 398. n Sharing policy settings — You can share policy settings between console tree items under the Directory on the same server or between items on different servers. For instructions, see Copying policies on page 233 or Importing and exporting policies on page 235. 52 ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers Logging on to or adding ePolicy Orchestrator servers Depending on whether the desired ePolicy Orchestrator server already appears in the console tree, you need to complete different steps to log on to it. n If the server appears in the console tree, use Logging on to ePolicy Orchestrator servers on page 53. n If the server doesn’t appear in the console tree, use Adding ePolicy Orchestrator servers on page 54. NOTE You need to log on to ePolicy Orchestrator database servers separately from the ePolicy Orchestrator server itself. For instructions, see ePolicy Orchestrator database servers on page 330. Logging on to ePolicy Orchestrator servers Use this procedure to log on to an ePolicy Orchestrator server that already appears in the console tree under ePolicy Orchestrator. If the server doesn’t appear in the console tree, use Adding ePolicy Orchestrator servers on page 54. For option definitions, click Help in the interface. 1 In the console tree under ePolicy Orchestrator, select <SERVER>. 2 In the details pane under Global Task List, click Login. The ePolicy Orchestrator Login dialog box appears. Figure 2-1. ePolicy Orchestrator Login dialog box 3 Accept the default Server name or type the name of another server. 4 Type the User name and Password of the desired user account. Product Guide 53 ePolicy Orchestrator Servers 5 Type HTTP Port number that corresponds to the Server name you specified. 6 Click OK to connect to the specified server. Adding ePolicy Orchestrator servers Use this procedure to add an ePolicy Orchestrator server to the console tree under ePolicy Orchestrator and log on to it. You can add multiple servers to the console tree. If the server appears in the console tree, use Logging on to ePolicy Orchestrator servers on page 53. For option definitions, click Help in the interface. 1 In the console tree, select ePolicy Orchestrator. 2 In the details pane under Global Task List, click Add Server. The ePolicy Orchestrator Login dialog box appears. Figure 2-2. ePolicy Orchestrator Login dialog box 54 3 Accept the default Server name or type the name of another server. 4 Type the User name and Password of the desired account. 5 Type the HTTP Port number that corresponds to the Server name you specified. 6 Click OK to connect to the specified server. ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers Logging off ePolicy Orchestrator servers Use this procedure to break the connection between the selected ePolicy Orchestrator server and console. For option definitions, click Help in the interface. 1 In the console tree under ePolicy Orchestrator, select <SERVER>. 2 In the details pane, click the General tab. 3 Under Task List, click Log Off. Removing ePolicy Orchestrator servers Use this procedure to break the connection between the selected ePolicy Orchestrator server and console if you no longer want the server icon to appear in the console tree. For option definitions, click Help in the interface. n In the console tree under ePolicy Orchestrator, right-click <SERVER>, then select Remove Server. Product Guide 55 ePolicy Orchestrator Servers Version of the server, console, or policy pages You can determine the version number of the ePolicy Orchestrator server or console, and policy (.NAP) pages. 56 n Determining the version number of the software. n Determining the version number of policy pages. ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers Determining the version number of the software Use this procedure to determine the version and build numbers, edition, and license of the software. For option definitions, click Help in the interface. 1 In the console tree, right-click ePolicy Orchestrator, then select About ePolicy Orchestrator. The About ePolicy Orchestrator dialog box appears. The version number appears at the top of this dialog box. Figure 2-3. About ePolicy Orchestrator dialog box 2 To view the version and build numbers, edition, and license, log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. This information appears below the title (for example, Server Version: 3.0.0.494, Enterprise Edition, Licensed) in the details pane. Figure 2-4. Version number of the software Product Guide 57 ePolicy Orchestrator Servers Determining the version number of policy pages Use this procedure to determine the version number of policy (.NAP) pages that are in the Repository. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Directory. The Policies, Properties, and Tasks tabs appear in the upper details pane. 3 Click the Policies tab. 4 Select the desired product (for example, VirusScan Enterprise 7.0). The corresponding policy page appears in the lower details pane. 5 The version number (for example, VSE.7.0.0.216) appears below the product name. Figure 2-5. Version number of policy pages 58 ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers User accounts You can grant different levels of rights to users by assigning them a particular type of ePolicy Orchestrator user account. You can add or delete accounts, or change passwords on accounts. n Types of user accounts. n Adding user accounts. n Deleting user accounts. n Changing passwords on user accounts. Types of user accounts The ePolicy Orchestrator user accounts include global administrator, global reviewer, site administrator, and site reviewer. Administrator-level user accounts have read, write, and delete permissions. Reviewer-level user accounts have read-only permissions. Account rights are further restricted based on whether a global or site account is selected. In general, global accounts have rights to all operations on all client computers; site accounts are restricted to operations on client computers within the specified site under the Directory. In addition, global operations (for example, adding user accounts) are reserved for use only by global administrator user accounts. n Global administrator user accounts. n Global reviewer user accounts. n Site administrator user accounts. n Site reviewer user accounts. Global administrator user accounts A global administrator user account (admin) is set up automatically when you install the software. You cannot delete this user account. Global administrator user accounts have read, write, and delete permissions, and rights to all operations. In addition, operations that affect the entire installation are reserved for use only by global administrator user accounts. For these reasons, we recommend that you reserve access to this type of account to a limited set of people. You must log on to ePolicy Orchestrator servers using a global administrator account to: n Create, change, or delete global distributed repositories. Product Guide 59 ePolicy Orchestrator Servers n Define or remove source repositories. n Define or remove the fallback repository. n Export or import the repository list. n Check packages into the master repository. n Move packages between branches. n Delete packages from the master repository. n Schedule pull or replication tasks. n Change server settings. n Work with server events. n Schedule Synchronize Domains server tasks. n Change site-level IP subnet masks. n Verify the integrity of IP management settings. n Run enterprise-wide reports. n Add user accounts. n Delete user accounts. n Create, rename, or delete sites. n Move computers from the global Lost&Found. n Use the Getting Started wizard. n If you use ePolicy Orchestrator authentication, global administrators can view and change all options on all tabs in the Events dialog box. Other users can only view this information. n Limit events that are stored in the ePolicy Orchestrator database. n Import events into ePolicy Orchestrator databases. Global reviewer user accounts With read-only permissions, global reviewer user accounts can view all settings in the software, but cannot change any of these settings. Site administrator user accounts Site administrator user accounts have read, write, and delete permissions and rights to all operations (except those restricted to global administrator user accounts) on the specified site, as well as all groups and computers underneath it. 60 ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers Site reviewer user accounts With read-only permissions, site reviewer user accounts can view the same settings as site administrator accounts, but cannot change any of these settings. One exception being that although site reviewer accounts can view the task summary, these account cannot view task details. Adding user accounts Use this procedure to set up new user accounts. For option definitions, click Help in the interface. NOTE You must be a global administrator to set up user accounts. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator, select <SERVER>. 3 In the details pane, click the Users tab. Figure 2-6. Users tab Product Guide 61 ePolicy Orchestrator Servers 4 Click Create user. The Add New User page appears. Figure 2-7. Add New User page 5 Type a Name for the user account. 6 In Role, select the level of access rights that you want to assign to this user account: w Administrator — Has read, write, and delete permissions and rights to all operations on all client computers w Reviewer — Has read-only permissions to all settings in the software, but does not have rights to change any of these settings. 62 w Site Administrator — Has read, write, and delete permissions and rights to all operations (except those restricted to global administrator user accounts) on the specified site, as well as all groups and computers underneath it. w Site Reviewer — Has read-only permissions on the specified site and all groups and computers underneath it, but does not have rights to change any settings. 7 If you select Site Administrator or Site Reviewer in Role, select the Site to which you want to grant permission. 8 Type a Password, then Confirm password. 9 Click Save to save the current entries and return to the Users tab. ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers Deleting user accounts Use this procedure to delete user accounts. For option definitions, click Help in the interface. NOTE You must be a global administrator to delete user accounts. You cannot delete the default global administrator user account (admin). 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator, select <SERVER>. 3 In the details pane, click the Users tab. 4 Select the desired User Name, then click Delete users. Figure 2-8. Users tab Product Guide 63 ePolicy Orchestrator Servers Changing passwords on user accounts Use this procedure to change passwords on existing user accounts. For option definitions, click Help in the interface. NOTE Global administrators can change passwords on all user accounts; other users can only change passwords on their own accounts. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator, select <SERVER>. 3 In the details pane, click the Users tab. 4 Select the desired User Name, then click Modify user. Figure 2-9. Users tab 64 ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers 5 In the Modify User page, select change password, then type the new Password, and Confirm password. Figure 2-10. Modify User page 6 Click Save to save the current entries and return to the Users tab. Product Guide 65 ePolicy Orchestrator Servers Server settings You can change various settings that control how the ePolicy Orchestrator server behaves. You can change most settings dynamically; however, you must reinstall the software to change the name of the server or the port number the server uses for HTTP communication. n Changing ePolicy Orchestrator server settings. n Setting the IP address of ePolicy Orchestrator servers. Changing ePolicy Orchestrator server settings Use this procedure to change settings on the selected ePolicy Orchestrator server. NOTE If you need to change the port number that the server uses for HTTP communication or the name of the server, back up all ePolicy Orchestrator databases, uninstall the software, then assign the new port number or name when you re-install the software. If you change the IP address of the server via the operating system, the new IP address is automatically updated in the SITEINFO.INI file. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator, select <SERVER>. 3 In the details pane, click the Settings tab. Figure 2-11. Settings tab 66 ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers 4 5 Accept the default (1,000) or change the number of Maximum connections. Accept the default (25) or change the Concurrent legacy Agent auto-upgrade download limit. NOTE This option effects only agents 2.5.1 or earlier. 6 Accept the default (2,048KB) or change the Event log size. 7 Accept the default (81) or type a different Console-to-server port. Although you can change this port number, we do not recommend doing so. Changes take effect within one minute. NOTE If you change the port number used for console-to-server communication, be sure make the change on all consoles and use the new port number when logging on to the server. 8 Accept the default (8081) or type a different Agent wakeup port. 9 Accept the default (8082) or type a different SuperAgent wakeup port. NOTE If you change the port number from which the server sends agent or SuperAgent wakeup calls, agent wakeup calls are disabled until the next agent-to-server communication. 10 Specify whether you want to Enable global updating and the Global updating randomization interval to use. For instructions, see Global updating on page 319. 11 Click Apply settings to save the current entries. Setting the IP address of ePolicy Orchestrator servers If an ePolicy Orchestrator server has more than one network card, use this procedure to specify which IP address that you want ePolicy Orchestrator agents and consoles to use to connect to the server. Otherwise, the first binding IP address is used. 1 In a text editor, open SERVER.INI. This file is located in the DB folder in the installation directory. The default location is: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3 If you upgraded the software from version 2.0, 2.5, or 2.5.1, the default location is: C:\PROGRAM FILES\MCAFEE\EPO\3 Product Guide 67 ePolicy Orchestrator Servers 2 Type the following line in SERVER.INI: SERVERIPADDRESS=<IP ADDRESS> Where <IP ADDRESS> is the IP address of the server. If <IP ADDRESS> is blank, the first binding IP address to used. 68 3 Save the SERVER.INI file. 4 Stop and restart the McAfee ePolicy Orchestrator 3.0 Server service. Depending on the operating system that you are using, this procedure varies. For instructions, see the Microsoft product documentation. 5 Deploy the agent or SITEINFO.INI to effected client computers. For instructions, see Agent deployment on page 277. ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers Server tasks You can schedule tasks that run on the selected ePolicy Orchestrator server to perform maintenance on the ePolicy Orchestrator database and Repository. You can also review the status of each task. n Default server tasks. n Creating server tasks. n Changing server tasks. n Deleting server tasks. n Reviewing the status of server tasks. Default server tasks The default set of server tasks are described below. These tasks are always available. Other tasks might also be available depending on the products that you are managing. For a list of tasks that apply to each product, see the Configuration Guide for that product. n Inactive Agent Maintenance — Moves computers with inactive agents to a specified group or deletes them from the Directory. This task does not uninstall the agent. n Repository Pull — Retrieves packages from the source repository you specify, then integrates the packages into the master repository. n Repository Replication — Updates distributed repositories to maintain identical copies of packages in the master repository. n Synchronize Domains — Synchronizes selected Windows NT domains that you have imported into the Directory with their counterparts on the network. Creating server tasks Use this procedure to create new server tasks. For a list of these tasks, see Server tasks on page 69. You can also perform the Inactive Agent Maintenance and Synchronize Domains tasks manually. For instructions, see Finding computers in the Directory on page 139 and Synchronizing domains manually on page 137, respectively. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator, select <SERVER>. Product Guide 69 ePolicy Orchestrator Servers 3 In the details pane, click the Scheduled Tasks tab. Figure 2-12. Scheduled Tasks tab 4 Click Create task to open the Configure New Task page. Figure 2-13. Configure New Task page 70 5 Type a descriptive Name for the task. 6 Specify the Task type. ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers 7 Select Yes under Enable task; otherwise, the task won't start, regardless of settings on this page. 8 Select the frequency for the task in Schedule type, then specify the options for the frequency you specified. For example, if you select Daily in Schedule type, Daily options appear. 9 Click Advanced schedule options to display more options. a Schedule the task to be recurring. For instructions, see Scheduling recurring server tasks on page 72. b Schedule the task to start in the future. For instructions, see Scheduling server tasks to start in the future on page 73. 10 To start this task randomly, select Yes under Randomize execution time, then type the Maximum delay within which you want to start the task. 11 To ensure that this task is started if the server was not available during the scheduled time, select Yes under Run missed task. To delay the task after the server becomes available, type the amount of delay in Delay missed task by. 12 To limit the amount of time for which the task can run before it is automatically cancelled, select Stop task if execution time exceeds limit, then specify the time limit. 13 Click Next. 14 Specify task-specific settings. For instructions, see the appropriate procedure: w Scheduling Inactive Agent Maintenance server tasks on page 295. w Synchronizing domains automatically on page 135. w Scheduling Repository Pull server tasks on page 215. w Scheduling Repository Replication server tasks on page 220. Product Guide 71 ePolicy Orchestrator Servers Scheduling recurring server tasks Use this procedure to schedule recurring server tasks. For option definitions, click Help in the interface. 1 Create or change the desired server task. For instructions, see Creating server tasks on page 69 or Changing server tasks on page 74, respectively. 2 Click Advanced schedule options. Figure 2-14. Advanced schedule options for server tasks 3 Select a Start Time. 4 In Start Date, specify a beginning date for the date range in which you want the task to run. 5 Select End Date, then specify an ending date for the date range in which you want the task to run. Otherwise, the task repeats indefinitely. 6 To specify the duration and frequency of a recurring task, select Repeat task, then make the following selections: 7 72 a In Every, specify the time interval that you want the task repeated. b In Until, specify the time limits for the recurring task. Click Next. ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers 8 Specify task-specific settings. For instructions, see the appropriate procedure: w Scheduling Inactive Agent Maintenance server tasks on page 295. w Synchronizing domains automatically on page 135. w Scheduling Repository Pull server tasks on page 215. w Scheduling Repository Replication server tasks on page 220. Scheduling server tasks to start in the future Use this procedure to schedule server tasks that you want to start in the future. For option definitions, click Help in the interface. 1 Create or change the desired server task. For instructions, see Creating server tasks on page 69 or Changing server tasks on page 74, respectively. 2 Click Advanced schedule options. Figure 2-15. Advanced schedule options for server tasks 3 Select a Start Time. 4 In Start Date, specify a beginning date for the date range in which you want the task to run. Product Guide 73 ePolicy Orchestrator Servers 5 Select End Date, then specify an ending date for the date range in which you want the task to run. Otherwise, the task repeats indefinitely. 6 Click Next. 7 Specify task-specific settings. For instructions, see the appropriate procedure: w Scheduling Inactive Agent Maintenance server tasks on page 295. w Synchronizing domains automatically on page 135. w Scheduling Repository Pull server tasks on page 215. w Scheduling Repository Replication server tasks on page 220. Changing server tasks Use this procedure to change existing server tasks. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator, select <SERVER>. 3 In the details pane, click the Scheduled Tasks tab. 4 Select the desired task, then click Modify task. Figure 2-16. Scheduled Tasks tab 74 ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers 5 In the Modify Task page, change the settings of this task as needed. Figure 2-17. Modify Task page 6 Click Next. 7 Specify task-specific settings. For instructions, see the appropriate procedure: w Scheduling Inactive Agent Maintenance server tasks on page 295. w Synchronizing domains automatically on page 135. w Scheduling Repository Pull server tasks on page 215. w Scheduling Repository Replication server tasks on page 220. Deleting server tasks Use this procedure to delete server tasks you no longer want to run. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator, select <SERVER>. Product Guide 75 ePolicy Orchestrator Servers 3 In the details pane, click the Scheduled Tasks tab. 4 Select the desired tasks, then click Delete tasks. Figure 2-18. Scheduled Tasks tab 5 Click OK when asked whether you want to delete all selected tasks. Reviewing the status of server tasks Use this procedure to review the status of server tasks. For option definitions, click Help in the interface. 76 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator, select <SERVER>. ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers 3 In the details pane, click the Task Logs tab. Figure 2-19. Task Logs tab 4 The date and time that the server task log was last updated appears in Current as of. To refresh the server task log, click Refresh. 5 To delete the contents of the server task log, click Purge. 6 The status of each server task appears in the Status column: w Completed Successfully — Task completed successfully. w Executing — Task was started. w Scheduled — This message appears when you create or change server tasks. w Ran With Errors — Task was started, but was not completed successfully. Product Guide 77 ePolicy Orchestrator Servers Server events You can work with all information, warning, and error events for each ePolicy Orchestrator server. You can view and refresh server events, save them to a file, or print them. For more information on Microsoft Event Viewer, see the Event Viewer Help file. n Viewing server events. n Refreshing server events. n Saving server events to a file. n Printing server events. Viewing server events Use this procedure to view server events. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator, select <SERVER>. 3 In the details pane, click the General tab. Figure 2-20. General tab 78 ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers 4 Under Task List, click Server Events to open the Server Event Viewer dialog box. Figure 2-21. Server Event Viewer dialog box 5 To view a detailed description of a server event, select the desired Date checkbox. The Server Event Detail dialog box appears. Figure 2-22. Server Event Detail dialog box Product Guide 79 ePolicy Orchestrator Servers Refreshing server events Use this procedure to update the Server Event Viewer dialog box with events that have been received since you initially opened it. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator, select <SERVER>. 3 In the details pane, click the General tab. Figure 2-23. General tab 80 ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers 4 Under Task List, click Server Events to open the Server Event Viewer dialog box. Figure 2-24. Server Event Viewer dialog box 5 On the View menu, click Refresh. Saving server events to a file Use this procedure to save server events to a file. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator, select <SERVER>. Product Guide 81 ePolicy Orchestrator Servers 3 In the details pane, click the General tab. Figure 2-25. General tab 4 Under Task List, click Server Events to open the Server Event Viewer dialog box. Figure 2-26. Server Event Viewer dialog box 5 82 To save all server events to a Server Log (.LOG) file, click Save As on the File menu. ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers To save only selected server events to a Server Log file, select the desired events, then click Save As on the File menu. In the Save As dialog box, select Selected Items only. 6 In File name, accept the default file name (SRVEVENT.LOG) or type a different name for the Server Log file. 7 In Save in, specify the path (for example, C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3) where you want to save the file. 8 Click Save. Printing server events Use this procedure to print all or selected server events to the default printer. For more information on how to specify the default printer, see the Windows Help file. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator, select <SERVER>. 3 In the details pane, click the General tab. Figure 2-27. General tab Product Guide 83 ePolicy Orchestrator Servers 4 Under Task List, click Server Events to open the Server Event Viewer dialog box. Figure 2-28. Server Event Viewer dialog box 5 To print all server events to the default printer, click Print on the File menu. To print only selected server events to the default printer, select the desired events, then click Print on the File menu. 84 ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers The Small Business Getting Started wizard The Small Business Getting Started wizard allows you to configure several important settings quickly. The wizard allows you to choose to: n Deploy the ePolicy Orchestrator agent to specified Windows NT domains. n Download the agent installation package (FRAMEPKG.EXE) for manual deployment to computers. n Enable VirusScan deployment upon installation of the agent. n Apply small business policies. Using the Small Business Getting Started wizard 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. If the wizard does not appear automatically, do the following: a In the console tree under ePolicy Orchestrator, select <SERVER>. b In the details pane, click the General tab. c Under Task List, click Small Business Getting Started Wizard. The Small Business Getting Started wizard appears. Figure 2-29. Small Business Getting Started wizard Product Guide 85 ePolicy Orchestrator Servers NOTE Select Don’t show this wizard at logon if you don’t want the wizard to start automatically when you log on. 2 Click Next to open the Agent Deployment — Configure Automated Deployment dialog box. Figure 2-30. Agent Deployment — Configure Automated Deployment dialog box 3 Choose whether to deploy the ePolicy Orchestrator agent to all computers. If you don’t have domains (for example, if you use NetWare), or you don’t want to change the current settings with the wizard, select I want to skip this step, then Next. 86 ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers If you use Windows NT domains, and want to add computers belonging to a domain: a Select I want to automatically deploy the agent to the Windows NT domains I specify, then click Next. b On the Configure Automated Deployment — Select Domains dialog box, select the desired domains to which to deploy the agent, then click Next. Figure 2-31. Configure Automated Deployment — Select Domains dialog box c Enter the account credentials, then click OK. NOTE The account you enter must have domain administrator rights. d Verify the domain information, then click Next. Product Guide 87 ePolicy Orchestrator Servers 4 From the Agent Deployment — Manual Deployment dialog box you can download the agent installation package (FRAMEPKG.EXE) to deploy manually to computers running Windows 95, Windows 98, or Windows Me (that do not have remote administrator enabled). This is also useful to deploy the agent to computers that do not belong to a Windows NT domain. Figure 2-32. Agent Deployment — Manual Deployment dialog box If you do not want to deploy the agent installation program manually, click Next. 88 ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers If you want to deploy the agent installation package manually: a Click Download and select the location to which you want to save the agent installation package. b Create an e-mail message with installation instructions, attach the agent installation package, then send the e-mail message when desired. NOTE You can also deploy the agent manually. For information, see Agent deployment on page 277. c Click Next. Figure 2-33. Agent Policies and Tasks — Enable VirusScan Deployment Task dialog box 5 On the Agent Policies and Tasks — Enable VirusScan Deployment Task dialog box, choose whether the agents deploy VirusScan when they are installed, then click Next. NOTE The agent deploys VirusScan Enterprise 7.0 to computers using Windows NT, Windows 2000, Windows XP, and Windows 2003 Server. The agent deploys VirusScan 4.5.1 to computers using Windows 95 and Windows 98. The agent deploys VirusScan only to computers that do not already have it installed. Product Guide 89 ePolicy Orchestrator Servers NOTE If VirusScan software has not been loaded into the repository, a message appears stating that the software is not in the repository. You need to browse to and select the package files into the repository. 6 On the Part 2: Agent Policies and Tasks — Enable Small Business Policies dialog box, choose whether to enable the small business policies, then click Next. The small business settings are predefined policies and tasks designed to help you get started with the software, including: w Send report data to the ePolicy Orchestrator server every hour. w Request updated policies and tasks from the server every hour. w Send high-priority data to the server immediately, so you can view the most current data in reports. w Check the McAfee web site for new virus definition (DAT) files every fifteen minutes. w Scan computers for virus infections every day at 12:00 PM local time. w Enforce policies every five minutes. w Imports the domain into the console and checks for new machines in the domain, adds them to the console, and enforces policies (domain synchronization). 90 ePolicy Orchestrator™ software version 3.0 ePolicy Orchestrator Servers 7 On the Ready to Start dialog box, review the tasks that the wizard will perform, then click Next. Figure 2-34. Ready to Start dialog box NOTE You can return to previous dialog boxes if necessary to edit information. 8 Click Finish. NOTE When you click Finish, the agent and Small Business Edition policies are deployed. Ensure you want these deployed before you click Finish. Product Guide 91 ePolicy Orchestrator Servers 92 ePolicy Orchestrator™ software version 3.0 The Directory 3 The Directory contains all of the computers that you want to manage via ePolicy Orchestrator and is the link to the primary interfaces for managing these computers. You can organize computers under the Directory into logical groupings (for example, functional department or geographic location) or sort them by IP address using console tree items called sites and groups. You can set policies (product configuration settings) and schedule tasks (for example, to update virus definition files) for computers at any level (site, group, or computer) under the Directory and at the Directory level itself. The Directory also contains a Lost&Found group. For information, see Lost&Found groups on page 123. n Automatic IP address sorting. n Sites. n Groups. n Computers. n Adding WebShield appliances. n Lost&Found groups. n Verifying the integrity of the Directory. n IP management settings. n Manual IP address sorting. n Managing the Directory. Product Guide 93 The Directory Automatic IP address sorting The ePolicy Orchestrator software provides the ability to sort items in the Directory by both IP address ranges and IP subnet masks. You can organize the Directory in discrete blocks that correspond to company or geographic assignments of IP addresses and subnet masks at the site or group level. Large companies can manage different geographical sites from a single installation. Managed service providers (MSP) have the ability to provide uniform anti-virus protection to all of their clients from a single console, while maintaining sites separately through assignment of IP address ranges or IP subnet masks to specific sites or groups. This feature enhances security by ensuring that site-level accounts can only see the site for which they have rights. Agents responding during their initial agent-to-server communications interval are assigned to the site-level Lost&Found group based on their IP address, restricting access to only the global administrator and the appropriate site administrator. n Guidelines for IP management settings. n Search order. Guidelines for IP management settings If you decide to organize the Directory using IP management settings, be sure to observe the following guidelines when assigning these settings to sites and groups. NOTE These guidelines only apply the first time that the agent communicates with the ePolicy Orchestrator server. n Site — If you haven’t assigned an IP address range or IP subnet mask to a site, groups underneath it cannot have an IP address range or IP subnet mask assigned to them. n Superset — The IP address range or IP subnet mask of a site must be a superset of those assigned to groups underneath it. n Subset — The IP address range or IP subnet mask of each group underneath a site must be a subset of those assigned to the site that contains these groups. n Overlap — The IP address range or IP subnet mask of groups underneath a site cannot overlap each other. After the initial contact, the agent updates whatever location to which it has been assigned. If the IP address in the unique agent ID does not match any of the assigned IP address ranges or IP subnet masks, the agent is placed in the global Lost&Found so that a global administrator can assign it to the appropriate location. If the IP address range or IP subnet mask does match one of the sites, the agent data is placed in the site-level Lost&Found. The site administrator then assigns the agent to whatever group is appropriate. 94 ePolicy Orchestrator™ software version 3.0 The Directory Search order When an agent contacts the server for the first time, the server searches for the appropriate site whose IP mask or range matches the agent’s IP address, using the following order: NOTE To enable the search order feature on first communication, you must install the agent using a non-push method, such as login scripts. You cannot use this feature if the agent is pushed. We recommend using a login script. For instructions, see Updating logon scripts to install the agent on page 287. 1 Site IP mask/range — If the site IP mask or range matches the agent’s IP address, the server continues the search within that site. If the site IP mask or range does not match the agent’s IP address, the search continues in all other sites that do not have IP mask settings. If the site IP mask or range matches the agent’s IP address, but the server cannot match the IP mask or range at the computer or domain level, the server creates a domain group under the site Lost&Found group, then adds a computer node under the domain group. 2 Computer name — If the computer node whose node name matches the agent’s computer name is located, the agent is linked to that node. 3 Domain name — If the group node whose node name matches the agent’s domain name is located, the server continues the search within that domain’s deepest group, for the matching IP mask or range. If an IP mask or range that matches the agent’s IP address is located, the server creates a computer node with the agent’s name and links the agent to that computer node. If an IP mask or range that matches the agent’s IP address is not located, the server creates a computer node under the domain group. 4 Deepest group under this site that matches IP mask — If the group node does not match an agent’s domain name, the server continues to search for the deepest group, under that site, that has a matching IP mask. After a matching group is located, the server creates a computer node with the agent’s computer name and links the agent to that computer node. 5 No match is found — If the server cannot find an IP match to any site in the Directory, the server creates a domain group under global Lost&Found, then creates a computer node under the domain group. You must have global administrator rights to move a group from global Lost&Found. Product Guide 95 The Directory The domain name search rule takes precedence over the IP group rule. If you want the computer to go to the appropriate IP group, you should either create the IP group under the domain group or do not create the domain group under the site. Following are three scenarios to demonstrate how this works: Scenario A Directory SiteA (161.69.0.0/16) North_America (Domain group) IPGroupA (161.69.82.0/24) Scenario B Directory SiteA (161.69.0.0/16) IPGroupA (161.69.82.0/24) Scenario C Directory SiteA (161.69.0.0/16) North_America (Domain group) IPGroupA (161.69.82.0/24) When a client computer with an IP address of 161.69.82.100 in the North_America domain connects to the server in scenarios A and B, the computer correctly falls into IPGroupA. However, in scenario C, the computer goes to the North_America domain group instead of IPGroupA because the domain name takes precedence over the IP group. 96 ePolicy Orchestrator™ software version 3.0 The Directory Sites Sites allow you to organize computers together under the Directory. You must create sites before you can create groups or add computers under the Directory. Sites can contain groups or computers. Each site also contains a Lost&Found group. For information, see Lost&Found groups on page 123. You can assign IP address ranges or IP subnet masks to sites so you can sort computers by IP address. NOTE You must be a global administrator to create, rename, or delete sites. If you create a site by importing a Windows NT domain, you can automatically send the agent installation package to all imported computers in the domain. n Importing sites based on network domains. n Adding sites manually. Product Guide 97 The Directory Importing sites based on network domains Use this procedure to create a site under the Directory with the same name as the selected Windows NT domain and import all computers belonging to that domain under the site. You can assign IP address ranges or IP subnet masks to the site at the same time. You can also automatically send the agent installation package to all imported computers. NOTE You must be a global administrator to create sites. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, then select New | Site. The Add Sites dialog box appears. Figure 3-1. Add Sites dialog box 98 ePolicy Orchestrator™ software version 3.0 The Directory 3 Click Browse to open the Directory Browser dialog box and select the desired domain. 4 Click OK to return to the Add Sites dialog box. 5 Assign an IP address range or IP subnet mask to this site as needed. For instructions, see Assigning IP management settings to a newly added site on page 102. 6 Send the agent to all computers in the sites that appear in Sites to be added as needed. For instructions, see Sending the agent to all computers in a newly added site on page 103. 7 Click OK. Product Guide 99 The Directory Adding sites manually Use this procedure to create a site under the Directory. For example, you might find this procedure useful to group computers belonging to different Windows NT domains together if you want to enforce the same policy on them. You can also assign IP address ranges or IP subnet masks to the site at the same time. NOTE You must be a global administrator to create sites. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, then select New | Site. The Add Sites dialog box appears. Figure 3-2. Add Sites dialog box 100 ePolicy Orchestrator™ software version 3.0 The Directory 3 Click Add to open the New Site dialog box and define the sites that you want to add to the Directory. Figure 3-3. New Site dialog box 4 Type a Name for the new site. 5 Assign an IP address range or IP subnet mask to this site as needed. For instructions, see Assigning IP management settings to a newly added site on page 102. 6 Click OK to return to the Add Sites dialog box. 7 Send the agent to all computers in the sites that appear in Sites to be added as needed. For instructions, see Sending the agent to all computers in a newly added site on page 103. 8 Click OK. Product Guide 101 The Directory Assigning IP management settings to a newly added site Use this procedure to assign IP address ranges or IP subnet masks to a site at the same time that you are adding it to the Directory. For option definitions, click Help in the interface. 1 Add a site to the Directory. For instructions, see Importing sites based on network domains on page 98 or Adding sites manually on page 100. 2 In the Add Sites dialog box, select the site from Sites to be added, then click Edit. The New Site dialog box appears. Figure 3-4. New Site dialog box 3 Click Add. The IP Management dialog box appears. Figure 3-5. IP Management dialog box 102 ePolicy Orchestrator™ software version 3.0 The Directory 4 Select IP subnet mask or IP range and type the appropriate values. 5 Click OK twice to return the Add Sites dialog box. Sending the agent to all computers in a newly added site Use this procedure to send the agent installation package to all computers being imported along with a site at the same time that you are adding it to the Directory. This method uses Windows NT push technology. NOTE If you want to deploy the agent from the console to computers using Windows 95, Windows 98, or Windows Me, you must set up remote administration on these computers before you deploy the agent. For instructions, see Setting up remote administration on Windows 95, Windows 98, or Windows Me computers on page 283. If you deploy the agent to these computers using any other method, you do not need to set up remote administration on them. The agent installation begins the next time users log on to these computers. If you want to deploy the agent from the console to computers using Windows XP Home, you must enable network access on these computers before you deploy the agent. For instructions, see Enabling network access on Windows XP Home computers on page 283. For option definitions, click Help in the interface. 1 Add a site to the Directory. For instructions, see Importing sites based on network domains on page 98. Product Guide 103 The Directory 2 In the Add Sites dialog box, select Send agent package. Figure 3-6. Add Sites dialog box 3 To hide the installation of the agent from the user, select Suppress agent installation GUI. 4 Accept the default Installation path (<SYSTEM_DRIVE>\EPOAGENT) or type a different path on the client computer where you want to install the agent. You can also click to insert variables into the Installation path. For a list, see Variables on page 528. 5 To use the credentials you provided in the Server Service Account dialog box when you installed the software, select Use ePO server credentials. NOTE If you selected Use Local System Account in the Server Service Account dialog box when you installed the software, you cannot use the ePolicy Orchestrator server credentials to deploy the agent. To embed user credentials in the agent installation package, deselect Use ePO server credentials, then type the User account and Password. 104 ePolicy Orchestrator™ software version 3.0 The Directory Groups Like sites, groups allow you to organize computers together under the Directory. After you create a site, you can create groups under them. Groups can contain other groups or computers. You can assign IP address ranges or IP subnet masks to groups to sort computers by IP address. If you create a group by importing a Windows NT domain, you can automatically send the agent installation package to all imported computers in the domain. n Importing groups based on network domains. n Adding groups manually. Product Guide 105 The Directory Importing groups based on network domains Use this procedure to create a group under a site or another group in the Directory with the same name as the selected Windows NT domain and import all computers belonging to that domain under the group. You can assign IP address ranges or IP subnet masks to the group at the same time. You can also automatically send the agent installation package to all imported computers. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER> | Directory, right-click <SITE> or <GROUP>, then select New | Group. The Add Groups dialog box appears. Figure 3-7. Add Groups dialog box 3 106 Click Browse to open the Directory Browser dialog box and select the desired domain. ePolicy Orchestrator™ software version 3.0 The Directory 4 Assign an IP address range or IP subnet mask to this group as needed. For instructions, see Assigning IP management settings to a newly added group on page 110. 5 Click OK to return to the Add Groups dialog box. 6 Send the agent to all computers in the groups that appear in Groups to be added as needed. For instructions, see Sending the agent to all computers in a newly added group on page 111. 7 Click OK. Product Guide 107 The Directory Adding groups manually Use this procedure to create a group under a site or another group in the Directory. For example, you might find this procedure useful to enforce the same policy on computers belonging to different Windows NT domains. You can also assign IP address ranges or IP subnet masks to the group at the same time. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER> | Directory, right-click <SITE> or <GROUP>, then select New | Group. The Add Groups dialog box appears. Figure 3-8. Add Groups dialog box 108 ePolicy Orchestrator™ software version 3.0 The Directory 3 Click Add to open the New Group dialog box and define the groups that you want to add to the Directory. Figure 3-9. New Group dialog box 4 Type a Name for the new group. 5 Assign an IP address range or IP subnet mask to this group. For instructions, see Assigning IP management settings to a newly added group on page 110. 6 Click OK twice. Product Guide 109 The Directory Assigning IP management settings to a newly added group Use this procedure to assign IP address ranges or IP subnet masks to a group at the same time that you are adding it to the Directory. For option definitions, click Help in the interface. 1 Add a group to the Directory. For instructions, see Importing groups based on network domains on page 106 or Adding groups manually on page 108. 2 In the Add Groups dialog box, select the group from Groups to be added, then click Edit. The New Group dialog box appears. Figure 3-10. New Group dialog box 3 Click Add. The IP Management dialog box appears. Figure 3-11. IP Management dialog box 110 ePolicy Orchestrator™ software version 3.0 The Directory 4 Select IP subnet mask or IP range and type the appropriate values. 5 Click OK twice to return the Add Groups dialog box. Sending the agent to all computers in a newly added group Use this procedure to send the agent installation package to all computers being imported along with a group at the same time that you are adding it to the Directory. This method uses Windows NT push technology. NOTE If you want to deploy the agent from the console to computers using Windows 95, Windows 98, or Windows Me, you must set up remote administration on these computers before you deploy the agent. For instructions, see Setting up remote administration on Windows 95, Windows 98, or Windows Me computers on page 283. If you deploy the agent to these computers using any other method, you do not need to set up remote administration on them. The agent installation begins the next time users log on to these computers. If you want to deploy the agent from the console to computers using Windows XP Home, you must enable network access on these computers before you deploy the agent. For instructions, see Enabling network access on Windows XP Home computers on page 283. For option definitions, click Help in the interface. 1 Add a group to the Directory. For instructions, see Importing groups based on network domains on page 106. Product Guide 111 The Directory 2 In the Add Groups dialog box, select Send agent package. Figure 3-12. Add Groups dialog box 3 To hide the installation of the agent from the user, select Suppress agent installation GUI. 4 Accept the default Installation path (<SYSTEM_DRIVE>\EPOAGENT) or type a different path on the client computer where you want to install the agent. You can also click to insert variables into the Installation path. For a list, see Variables on page 528. 5 To use the credentials you provided in the Server Service Account dialog box when you installed the software, select Use ePO server credentials. NOTE If you selected Use Local System Account in the Server Service Account dialog box when you installed the software, you cannot use the ePolicy Orchestrator server credentials to deploy the agent. To embed user credentials in the agent installation package, deselect Use ePO server credentials, then type the User account and Password. 112 ePolicy Orchestrator™ software version 3.0 The Directory Computers In the console tree, computers represent the physical computers on the network that you want to manage. You must deploy (install) the agent on all computers that you want to manage. You can add computers under existing sites or group in the Directory. You can automatically send the agent installation package to computers at the same time, except when you import them from a text file. n Importing computers based on network domains. n Adding computers manually. n Importing computers from text files. Product Guide 113 The Directory Importing computers based on network domains Use this procedure to import all computers belonging to the selected Windows NT domain under an existing site or group in the Directory. You can also automatically send the agent installation package to all imported computers at the same time. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER> | Directory, right-click <SITE> or <GROUP>, then select New | Computer. The Add Computers dialog box appears. Figure 3-13. Add Computers dialog box 114 3 Click Browse to open the Computer Browser dialog box and select the desired computers. 4 Click OK to return to the Add Computers dialog box. ePolicy Orchestrator™ software version 3.0 The Directory 5 Send the agent to all computers that appear in Computers to be added as needed. For instructions, see Sending the agent to all newly added computers on page 117. 6 Click OK. Product Guide 115 The Directory Adding computers manually Use this procedure to add computers under an existing site or group in the Directory. For example, you might find this procedure useful to enforce the same policy on computers belonging to different Windows NT domains. You can also automatically send the agent installation package to these computers at the same time. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER> | Directory, right-click <SITE> or <GROUP>, then select New | Computer. The Add Computers dialog box appears. Figure 3-14. Add Computers dialog box 116 ePolicy Orchestrator™ software version 3.0 The Directory 3 Click Add to open the New Computer dialog box. Figure 3-15. New Computer dialog box 4 Type a Name for the new computer. 5 Click OK to return to the Add Computers dialog box. 6 Send the agent to all computers that appear in Computers to be added as needed. For instructions, see Sending the agent to all newly added computers on page 117. 7 Click OK. Sending the agent to all newly added computers Use this procedure to send the agent installation package to computers at the same time that you are adding them to the Directory. This method uses Windows NT push technology. NOTE If you want to deploy the agent from the console to computers using Windows 95, Windows 98, or Windows Me, you must set up remote administration on these computers before you deploy the agent. For instructions, see Setting up remote administration on Windows 95, Windows 98, or Windows Me computers on page 283. If you deploy the agent to these computers using any other method, you do not need to set up remote administration on them. The agent installation begins the next time users log on to these computers. If you want to deploy the agent from the console to computers using Windows XP Home, you must enable network access on these computers before you deploy the agent. For instructions, see Enabling network access on Windows XP Home computers on page 283. For option definitions, click Help in the interface. 1 Add computers to the Directory. For instructions, see Importing computers based on network domains on page 114 or Adding computers manually on page 116. Product Guide 117 The Directory 2 In the Add Computers dialog box, select Send agent package. Figure 3-16. Add Computers dialog box 3 To hide the installation of the agent from the user, select Suppress agent installation GUI. 4 Accept the default Installation path (<SYSTEM_DRIVE>\EPOAGENT) or type a different path on the client computer where you want to install the agent. You can also click to insert variables into the Installation path. For a list, see Variables on page 528. 5 To use the credentials you provided in the Server Service Account dialog box when you installed the software, select Use ePO server credentials. NOTE If you selected Use Local System Account in the Server Service Account dialog box when you installed the software, you cannot use the ePolicy Orchestrator server credentials to deploy the agent. To embed user credentials in the agent installation package, deselect Use ePO server credentials, then type the User account and Password. 118 ePolicy Orchestrator™ software version 3.0 The Directory Importing computers from text files Use this procedure to import computers, organize them into groups, and add them under existing sites or groups in the Directory, using a text file that defines these computers and groups and their organization. NOTE Be sure to manually verify the syntax of entries and computer and group names in the desired text file before you use it to import computers. For option definitions, click Help in the interface. 1 Create the site or group into which you want to import computers. For instructions, see Adding sites manually on page 100 or Adding groups manually on page 108, respectively. 2 Create a text file that defines the console tree items you want to add to the Directory. For information, see Format of text files used to import computers on page 120. 3 In the console tree under ePolicy Orchestrator | <SERVER> | Directory, right-click <SITE> or <GROUP>, then select All Tasks | Import Computer. The Importing Computers from a Text File dialog box appears. 4 Click Continue to open the Import From File dialog box. 5 Select the desired text file. 6 Click Open to import computers into the selected site or group. Product Guide 119 The Directory Format of text files used to import computers You can use text files to import computers, organize them into groups, and add them under existing sites or groups in the Directory. Use the following entries within text files to define the computers and group that you want to add to the Directory and their organization: n Computer name only — Type each computer name on a separate line. Each computer is added under the selected site or group. Use this syntax: <COMPUTER>; for example, Computer One. n Group and single computer — Type the group name followed by the computer name. The computer is added under the specified group in the selected site or group. Use this syntax: <GROUP>\<COMPUTER>; for example, ITDomain\1Computer. n Group and multiple computers — Type the group name and each individual computer name on separate lines. Each computer is added under the specified group in the selected site or group. Use this syntax: <GROUP>\ <COMPUTER> <COMPUTER> For example, DevDomain\ AComputer BComputer CComputer 120 ePolicy Orchestrator™ software version 3.0 The Directory Sample text file used to import computers The table below shows how the group and computer entries will appear in the Directory after the text file is used to import these groups and computers. If the contents of the text file is... DevDomain\ Then, the selected site or group under the Directory looks like this... <SITE> or <GROUP> AComputer BComputer DevDomain CComputer HRDomain\2Computer HRDomain\3Computer AComputer BComputer ITDomain\1Computer Computer One CComputer ComputerOne HRDomain 2Computer 3Computer ITDomain 1Computer Computer One ComputerOne Product Guide 121 The Directory Adding WebShield appliances Use this procedure to add WebShield appliances under an existing site or group in the Directory, in order to access the WebShield user interface. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER> | Directory, right-click <SITE> or <GROUP>, then select New | WebShield Appliance. The New WebShield Appliance Configuration dialog box appears. Figure 3-17. New WebShield Appliance Configuration dialog box 122 3 Type a Name. You must use a different name than the site or group, and a different name than the host name of the appliance. 4 In URL, type the same URL that you use to access the WebShield user interface from a web browser. 5 Click OK. ePolicy Orchestrator™ software version 3.0 The Directory Lost&Found groups Lost&Found groups store computers for which the ePolicy Orchestrator server cannot determine their appropriate location in the Directory. The server uses the IP management settings, computer names, domain names, and site or group names to determine where to place computers. NOTE We recommend not managing computers from Lost&Found groups. First, move unidentified computers to the appropriate locations in the Directory, then manage them. If you delete computers from the Directory, you also need to uninstall the agent from these computers. Otherwise, these computers will continue to appear in the Directory as the agent will continue to communicate to the server. Lost&Found groups appear under the Directory and under every site in the console tree. 2 1 Figure 3-18. Lost&Found groups 1 Global Lost&Found group — This group contains computers that do not match any site in the Directory. Only global administrators have full access to the global Lost&Found. 2 Site-level Lost&Found groups — Lost&Found groups at the site level contain computers that match the IP management settings or name assigned to that site. Site administrators can access Lost&Found groups in sites for which they have rights. Product Guide 123 The Directory Verifying the integrity of the Directory You need to verify that all computers in the Directory have unique names and — if you are sorting computers by IP address — that the IP address ranges and IP subnet masks assigned to sites and groups under the Directory follow the IP management guidelines. n Finding duplicate computer names in the Directory. n Verifying the integrity of IP management settings. Finding duplicate computer names in the Directory Use the Duplicate Computer names query in the Directory Search dialog box to find duplicate computer names. For instructions, see Finding computers in the Directory on page 139. 124 ePolicy Orchestrator™ software version 3.0 The Directory Verifying the integrity of IP management settings Use this procedure to verify that the IP address ranges and IP subnet masks within the Directory follow the guidelines for IP management settings. For more information, see Guidelines for IP management settings on page 94. NOTE You must be a global administrator to verify the integrity of IP management settings. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, then select All Tasks | IP Integrity Check. The Check IP Integrity dialog box appears. Figure 3-19. Check IP Integrity dialog box 3 Click Start to search for conflicting IP addresses and IP subnet masks. The type of conflict found and the site, group, or computer causing the conflict appears in List of conflicts. For information on these conflicts, see List of IP management conflicts on page 126. 4 Select the conflict you want to review in List of conflicts. A description of the conflict displays in Details. Product Guide 125 The Directory 5 To jump to the site or group listed in the First node or Second node column, click the First node or Second node button, respectively. The IP Management page appears in the details pane. Figure 3-20. IP Management page 6 To resolve conflicts, add, change, and delete IP address ranges or IP subnet masks as needed. For instructions, see IP management settings on page 127. 7 Repeat Step 3 through Step 6 until no conflicts are found. List of IP management conflicts The different types of IP management conflicts reported in the Check IP Integrity dialog box are listed below. 126 If the Type column displays... Then the First node column displays... And the Second node column displays... Site The site without an IP address range or IP subnet mask. The group under this site with an IP address range or IP subnet mask. Subset The site with an IP address range or IP subnet mask. The group under this site whose IP address range or IP subnet mask falls outside the range defined by the site. Overlap The group whose IP address range or IP subnet mask overlaps with the group in the Second node column. The group whose IP address range or IP subnet mask overlaps with the group in the First node column. ePolicy Orchestrator™ software version 3.0 The Directory IP management settings If you are sorting computers by IP address, you can assign new or change existing IP management settings to sites or groups after you add them to the Directory. n Assigning IP management settings to existing sites or groups. n Changing IP management settings of existing sites or groups. n Deleting IP management settings from existing sites or groups. Assigning IP management settings to existing sites or groups Use this procedure to assign IP address ranges or IP subnet masks to existing sites or groups. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER> | Directory, select <SITE> or <GROUP>. The Policies, Properties, and Tasks tabs appear in the details pane. 3 Click the Properties tab. The IP Management page appears. Figure 3-21. IP Management page Product Guide 127 The Directory 4 Click Add. The IP Management dialog box appears. Figure 3-22. IP Management dialog box 5 Select IP Subnet Mask or IP Range and type the appropriate values. 6 Click OK, then click Apply to save the current entries. 7 Sort computers by IP address to apply these settings to the selected site or group. For instructions, see Sorting computers by IP address manually on page 133. Changing IP management settings of existing sites or groups Use this procedure to change the IP address ranges or IP subnet masks assigned to existing sites or groups. For option definitions, click Help in the interface. 128 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER> | Directory, select <SITE> or <GROUP>. The Policies, Properties, and Tasks tabs appear in the details pane. ePolicy Orchestrator™ software version 3.0 The Directory 3 Click the Properties tab. The IP Management page appears. Figure 3-23. IP Management page 4 Select the desired value, then click Edit. The IP Management dialog box appears. Figure 3-24. IP Management dialog box 5 Change the IP Subnet Mask and number of significant bits, or change the IP Range. 6 Click OK, then click Apply to save the current entries. 7 Sort computers by IP address to apply these settings to the selected site or group. For instructions, see Sorting computers by IP address manually on page 133. Product Guide 129 The Directory Deleting IP management settings from existing sites or groups Use this procedure to delete IP address ranges or IP subnet masks assigned to existing sites or groups. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER> | Directory, select <SITE> or <GROUP>. The Policies, Properties, and Tasks tabs appear in the details pane. 3 Click the Properties tab. The IP Management page appears. Figure 3-25. IP Management page 130 4 Select the desired value, then click Delete. 5 Click Apply to save the current entries. 6 Sort computers by IP address to apply these settings to the selected site or group. For instructions, see Sorting computers by IP address manually on page 133. ePolicy Orchestrator™ software version 3.0 The Directory Manual IP address sorting You can manually sort computers by IP address in the Directory using the IP Sorting wizard. The IP integrity of the Directory must be valid before the wizard can sort the computers. If you define IP management settings after the initial agent-to-server communication, you need to manually sort computers by IP address. The wizard uses two sorting methods: n The non-explicit sorting method is the default and sorts as follows: w Follow the rules set by the explicit sorting method, unless one of the rules set in the non-explicit sorting methods takes precedence. w If the computer is in a group that does not have an IP range, but that group is under a group that matches the computer’s IP range, then leave it where it was found. w If a computer resides under a group that is less appropriate than another group that has the correct IP range, the computer will be moved to the more appropriate group. n The explicit sorting method is an alternative method you can enable by inserting a new key in the CONSOLE.INI file. The explicit sorting method sorts as follows: w Computer IP must match the IP range of its parent site. If no suitable site is found, the computer will be moved to the site specified by the user (global Lost& Found by default). w (Optional) — If the computer belongs to a site, and no other groups are valid under that site, a new group must be created under the site Lost&Found before the computer can be moved to this site. The new group must be named after domain that the computer belongs to. This can only be enabled via the option in the CONSOLE.INI file. The UseExplicitLostFound option determines how we treat systems that need to be moved to the Lost&Found or a site. If this option is enabled, computers are moved directly to the root of the Lost&Found or site. If the UseExplicitLostFound option is not enabled (default), and a computer needs to be moved to a site, the computer is moved to the site level Lost&Found. In addition, if a computer needs to be moved to any Lost&Found (including the explicit move from site level), we create the computer’s domain as a group under the Lost&Found and move the computer under the new Lost&Found/domain group. n Specifying how to sort computers by IP address. n Sorting computers by IP address manually. Product Guide 131 The Directory Specifying how to sort computers by IP address Use this procedure to specify the sorting method and rules for moving computers used by the IP Sorting wizard. This wizard sorts computers by IP address. 1 In a text editor, open the CONSOLE.INI file located in the installation directory. The default location is: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3 If you upgraded the software from version 2.0, 2.5, or 2.5.1, the default location is: C:\PROGRAM FILES\MCAFEE\EPO\3 The non-explicit sorting method and rules for moving computers are the default settings as indicated below: [Sorting] UseExplicitLostFound=0 UseExplicit=0 2 To enable the explicit sorting method or rules for moving computers, make this change: [Sorting] UseExplicitLostFound=1 UseExplicit=1 3 132 Save the file. ePolicy Orchestrator™ software version 3.0 The Directory Sorting computers by IP address manually Use this procedure to sort computers in the Directory by IP address, based on the following: n The IP management settings you specify in sites and groups. n The sorting method and rules for moving computers used by the IP Sorting wizard. If you define IP management settings after the initial agent-to-server communication, you need to manually sort computers by IP address. For option definitions, click Help in the interface. 1 Verify the integrity of IP management settings. For instructions, see Verifying the integrity of IP management settings on page 125. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, then select All Tasks | Sort Computers by IP. The IP Sorting wizard appears. 3 Click Next to open the IP Sorting Options dialog box. Figure 3-26. IP Sorting wizard — IP Sorting Options dialog box 4 Under Options, select where you want to locate computers with IP addresses that fall outside the IP address ranges and IP subnet masks specified for the site or groups in which each computer resides. 5 To exclude computers without IP management settings from being sorted, select Ignore machines with no IP address. Product Guide 133 The Directory 134 6 Click Next to sort the computers in the Directory using their IP management settings. 7 Click Next, then Finish. ePolicy Orchestrator™ software version 3.0 The Directory Managing the Directory You can easily keep sites, groups, and computers that you imported from Windows NT domains aligned with their counterparts on the network; find computers in the Directory using a variety of criteria to pinpoint them, then perform selected commands on them; and move console tree items around in the Directory. n Synchronizing domains automatically. n Synchronizing domains manually. n Finding computers in the Directory. n Moving items in the Directory. Synchronizing domains automatically Use this procedure to synchronize selected Windows NT domains that you have imported into the Directory with their counterparts on the network. You can also perform this task manually. For instructions, see Synchronizing domains manually on page 137. NOTE If the domains you select do not already exist in the Directory, they are automatically added as sites. If there is an existing site or group with the same name as a domain you select, the computers in the domain are added to that site or group. When computers join a specified domain, this task does the following: n Adds the computers to the corresponding site or group in the Directory. n Deploys the agent using the user account you provided. NOTE Because the agent cannot be deployed to all operating systems in this manner, you might need to manually deploy the agent to some computers. For instructions, see Agent deployment on page 277. n Applies policies and tasks for the site or group to the computers. When computer leave a specified domain, this task remove the computers from the Directory. For option definitions, click Help in the interface. Product Guide 135 The Directory 1 Create a Synchronize Domains server task. For instructions, see Creating server tasks on page 69. The Synchronize Domains Task page appears. Figure 3-27. Synchronize Domains Task page 2 To add another domain, click Add. The Add/Edit Domain dialog box appears. To provide a different set of credentials for a domain, select the domain, then click Modify. The Add/Edit Domain dialog box appears. Figure 3-28. Add/Edit Domain dialog box 136 3 In the Add/Edit Domain dialog box, type domain administrator user account information as needed, then click OK. 4 To remove a domain from the task, select the domain, then click Delete. 5 Click Finish when done. ePolicy Orchestrator™ software version 3.0 The Directory Synchronizing domains manually Use this procedure to synchronize Windows NT domains that you have imported into the Directory with their counterparts on the network. At the same time, you can also uninstall agents from all computers that no longer belong to the specified domain. You can also perform this task automatically. For instructions, see Synchronizing domains automatically on page 135. NOTE If you use the Getting Started wizard to import computers belonging to selected domains, you need to synchronize domains differently. For information, see the ePolicy Orchestrator Getting Started Guide. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER> | Directory, right-click <SITE> or <GROUP>, then select All Tasks | Update Domain. The Update Domain dialog box appears. Figure 3-29. Update Domain dialog box 3 To move all or selected computers from the network domain to the selected site or group, click Add All or Add, respectively. Product Guide 137 The Directory To delete all or selected computers from the selected site or group, click Remove All or Remove, respectively. To uninstall the agent from computers at the same time that you are deleting them from the selected site or group, select Uninstall agent from computers when they are removed from the group. 4 138 Click OK when done. ePolicy Orchestrator™ software version 3.0 The Directory Finding computers in the Directory Use this procedure to quickly find computers using predefined search queries. For example, you can use the Computers with a specific DAT version query to find computer without the minimum level of protection. You can then perform selected commands on the computers in the search results. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, then select Search. The Directory Search dialog box appears. Figure 3-30. Directory Search dialog box 3 To display the path of computers, select Get the location of each computer in the search results. Product Guide 139 The Directory 4 Select the desired query in Search for. 5 For each Field Name listed, specify the Operator and Value to apply to the selected query. 6 Click Search Now. Computers that match the search criteria display under Search Results. 7 You can perform the following commands on the computers in Search Results: w To install the agent, select the desired computers, right-click them, then select Send Agent Install. The Send Agent Install dialog box appears. For instructions, see Deploying the agent from the console on page 281. w To send an agent wakeup call, select the desired computers, right-click them, then select Agent Wakeup Call. The Agent Wakeup Call dialog box appears. For instructions, see Sending agent wakeup calls on page 296 or Sending SuperAgent wakeup calls on page 297. w To move computers to another site or group, select the desired computers, right-click them, then select Move To. w To remove computers from the Directory, select the desired computers, right-click them, then select Delete. To also remove the agent from these computers, select Uninstall agent from all connected computers. w To save or print the search results, right-click any computer, then select Save As or Print. 140 ePolicy Orchestrator™ software version 3.0 The Directory Pattern matching Using the Directory Search dialog box, you can use the following wildcard characters in conjunction with the Operator like to find computers in the Directory. Table 3-1. List of wildcard characters Use this character... To find... For example... % Any string of zero or more characters. like computer% finds computer1, computerNT, and computers. like %computer% finds computer1, computerNT, computers, and my computer. _ Any single character. like computer_ finds computer1 and computers. like computer__ finds computerNT. [] [^] Any single character within a specified range; such as [a-f]; or set; such as [abcd]. like PDX[abc] finds PDXA, PDXB, PDXC. Any single character that is not within a specified range; such as [^a-f]; or set; such as [^abcd]. like PDX[^abc] finds PDXD, PDXF, and PDXG. like IT[a-b]-Test finds ITA-Test, and ITB-Test. like IT[^a-b]-Test finds ITD-Test and ITF-Test. Moving items in the Directory Use this procedure to organize the Directory by moving groups, computers, or appliances to other sites and groups. You can also move these console tree items using a drag-and-drop operation. In addition, you can move desired items after finding them using predefined search queries. For instructions, see Finding computers in the Directory on page 139. NOTE You must be a global administrator to move items from global Lost&Found. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER> | Directory, right-click <GROUP>, <COMPUTER>, or <APPLIANCE>, then select Cut. Product Guide 141 The Directory 142 3 Right-click the site or group to which you want to move the item, then select Paste. 4 Verify the integrity of IP management settings. For instructions, see Verifying the integrity of IP management settings on page 125. ePolicy Orchestrator™ software version 3.0 4 Managed Products In addition to the products and product updates that you can check into the master repository and replicate to distributed software repositories (for more information, see Software Repositories on page 147), you can add policy pages and report templates to the Repository. Policy pages allow you to set policies and create scheduled tasks for products. For more information, see Policies, Properties, and Client Tasks on page 225. Report templates are used to create reports and using data on any database server. For more information, see Reporting on page 327. NOTE Policy pages and report templates are not added to the master repository; they are stored on the corresponding ePolicy Orchestrator server. n Adding policy pages to the Repository. n Adding report templates to the Report Repository. n Removing policy pages from the Repository. Product Guide 143 Managed Products Adding policy pages to the Repository Use this procedure to add policy pages to the Repository. Policy pages allow you to set policies and create scheduled tasks for products. NOTE Policy pages are not added to the master repository; they are stored on the corresponding ePolicy Orchestrator server. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Repository, then select Configure Repository. The Software Repository Configuration Wizard appears. Figure 4-1. Software Repository Configuration Wizard 144 3 Select Add new software to be managed, then click Next. The Select a Software Package dialog box appears. 4 Select the Software Package (.NAP) file for the desired language version of the product, then click Open. The Software Package file is uncompressed, then the individual files are added to the Repository. ePolicy Orchestrator™ software version 3.0 Managed Products Adding report templates to the Report Repository Use this procedure to add report templates to the Report Repository. After you add report templates, they are available for reporting purposes. NOTE Report templates are not added to the master repository; they are stored in the Report Repository on the corresponding ePolicy Orchestrator server. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Repository, then select Configure Repository. The Software Repository Configuration Wizard appears. Figure 4-2. Software Repository Configuration Wizard 3 Select Add new reports, then click Next. The Select a Software Package dialog box appears. 4 Select the Software Package (.NAP) file for the desired language version of the report templates, then click Open. The Software Package file is uncompressed, then the individual files are added to the Report Repository. Product Guide 145 Managed Products Removing policy pages from the Repository Use this procedure to remove policy pages that you no longer want to manage via ePolicy Orchestrator. Policy pages allow you to set policies and create scheduled tasks for products. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER> | Repository | Managed Products | <PLATFORM>, right-click <PRODUCT NAME> or <PRODUCT VERSION>. 3 146 Click Yes when asked whether you want to remove the selected software. The policy pages and tasks for all language versions of the selected product are removed from the Repository. ePolicy Orchestrator™ software version 3.0 5 Software Repositories The distributed software repository architecture of ePolicy Orchestrator makes it easy to deploy products and product updates throughout your enterprise. This can be done rapidly and securely while conserving valuable bandwidth resources. n Importing McAfee AutoUpdate Architect repositories. n Enabling or disabling the management of distributed repositories. n Setting up distributed software repositories. n Common implementations. n Repository types. n Creating repositories. n Specifying how the nearest repository is selected. n Proxy server settings. n Managing repositories. n Repository list. n Product and product update packages. n Checking in and managing packages. n Pull and replication tasks. Product Guide 147 Software Repositories Importing McAfee AutoUpdate Architect repositories Use this procedure to import the configuration settings of repositories defined in the McAfee AutoUpdate Architect software into the ePolicy Orchestrator software. The master repository is converted into a global distributed repository and proxy server settings are not preserved. We recommend that you import repositories from McAfee AutoUpdate Architect before you start setting up repositories in ePolicy Orchestrator. If you are choose to migrate the configuration settings from the AutoUpdate 7.0 policy page for use with ePolicy Orchestrator 2.5 when you installed ePolicy Orchestrator, this procedure might create duplicate global distributed and local repositories. WARNING Before you uninstall McAfee AutoUpdate Architect, make a backup copy of the SITEMGR.XML file located in the installation directory and store it in a safe location. The default location of the McAfee AutoUpdate Architect installation directory is: C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE AUTOUPDATE ARCHITECT You cannot import a repository list (SITELIST.XML) was that exported from McAfee AutoUpdate Architect or ePolicy Orchestrator for this purpose. You must be a global administrator to import the repository list from McAfee AutoUpdate Architect. For option definitions, click Help in the interface. 148 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. ePolicy Orchestrator™ software version 3.0 Software Repositories 3 In the details pane under AutoUpdate Components, click Source Repository. The Source and Fallback Repositories page appears. Figure 5-1. Source and Fallback Repositories page 4 Click Import repository list to open the Open dialog box, and select the McAfee AutoUpdate Architect repository list (SITEMGR.XML). 5 Review the source and fallback repositories that appear, and make changes as needed. For instructions, see Redefining the default source repository on page 182, Redefining the fallback repository on page 186, and Removing source or fallback repositories on page 199. 6 Review the global distributed repositories that were imported, and make changes as needed. For instructions, see Changing global distributed repositories on page 190, and Deleting global distributed repositories on page 195. 7 If you migrated the configuration settings from the AutoUpdate 7.0 policy page when you installed ePolicy Orchestrator, review the local distributed repositories that were imported, and make changes as needed. For instructions, see Changing local distributed repositories on page 192 and Removing local distributed repositories on page 197. Product Guide 149 Software Repositories Enabling or disabling the management of distributed repositories If you want to manually manage distributed software repositories, use this procedure to disable the management of distributed repositories via ePolicy Orchestrator for selected client computers. You might find this setting useful when during the initial roll-out of distributed software repositories or when making significant changes to its organization. This setting is enabled by default. Changes take effect during the next agent-to-server communication. 1 On the Repositories tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. For instructions on where to find this page, see Setting agent policies on page 250. Figure 5-2. Repositories tab in the ePolicy Orchestrator Agent | Configuration policy page 2 To enable management, select Use ePO configured repositories. To disable management, select Use client configured repositories. 3 150 Click Apply All to save the current entries. ePolicy Orchestrator™ software version 3.0 Software Repositories Setting up distributed software repositories Use these tasks to set up and manage distributed software repositories: 1 Plan your repository organization. For more information, see Common implementations on page 152. 2 Create distributed repositories as needed. For more information and instructions, see these topics: w Global distributed repositories on page 155. w Creating global distributed repositories on page 158. w Local distributed repositories on page 155. w Defining local distributed repositories on page 163. w SuperAgent distributed repositories on page 156. w Creating SuperAgent distributed repositories on page 166. 3 Create source repositories as needed. For more information and instructions, see Source repositories on page 156 and Defining source repositories on page 167. 4 Check in product and product update packages. For more information and instructions, see Product and product update packages on page 203 and Checking in packages on page 206. 5 Schedule a Repository Pull server task or run the task immediately. For instructions, see Scheduling Repository Pull server tasks on page 215 or Running a pull task immediately on page 217, respectively. 6 Schedule a Repository Replication task or run the task immediately. For instructions, see Scheduling Repository Replication server tasks on page 220 or Running a replication task immediately on page 221, respectively. Product Guide 151 Software Repositories Common implementations This section describes some common distributed software repository implementations: n Small business scenario. n Mid-sized business scenario. n Pre-deployment testing scenario. Small business scenario An organization with 100 users wants to obtain the latest McAfee anti-virus product updates automatically from McAfee Security for all computers on the network running McAfee anti-virus products. They would like to have all computers pull updates from an internal location to conserve corporate bandwidth. A suggested implementation follows: n Create a scheduled pull task to deliver the latest updates automatically from the default source repository on the Network Associates HTTP Download web site to the master repository, so that the updates are available to the destination computers on the network. For more information and instructions, see Source repositories on page 156 and Scheduling Repository Pull server tasks on page 215, respectively. Mid-sized business scenario An organization with 350 users wants to deliver the latest McAfee anti-virus products and product updates automatically to all computers on its network. All computers should pull updates from three internal locations to conserve corporate bandwidth, and reduce update transfer delays. A suggested implementation follows: 152 1 Create two distributed repositories. For instructions, see Creating repositories on page 158. 2 Create a scheduled pull task to deliver the latest updates automatically to the master repository from the default fallback repository. For more information and instructions, see Fallback repository on page 157 and Scheduling Repository Pull server tasks on page 215, respectively. ePolicy Orchestrator™ software version 3.0 Software Repositories 3 Create a scheduled replication task to replicate the latest updates automatically from the master repository to the distributed repositories. For instructions, see Scheduling Repository Replication server tasks on page 220. 4 Export the repository list (SITELIST.XML) to the specific computers requiring updates from the repositories, so that the destination computers know where to look for the updates. See the documentation for the products which will be retrieving updates from the repositories. To support a larger organization, this implementation can be scaled by adding distributed repositories as needed. Pre-deployment testing scenario An organization wants to exercise strict control over the testing and deployment of new products and product updates. An administrator controls the delivery of anti-virus updates to its test network, and the release of approved updates from the test network to the production network. A suggested implementation follows: 1 Install two ePolicy Orchestrator servers, one on the test network, and one on the production network. For instructions, see the ePolicy Orchestrator 3.0 Installation Guide. 2 On the production network, define the master repository of the test network as a source repository for the production network. For instructions, see Defining source repositories on page 167. 3 On the test network, check in packages to the master repository, or create a pull task using the default source repository. These packages are deployed to the test network and validated. For more information and instructions, see Source repositories on page 156, and Checking in and managing packages on page 206 or Scheduling Repository Pull server tasks on page 215, respectively. 4 Once the updates are approved for release to the production network, initiate a pull task from the master repository on the test network to the master repository on the production network. For instructions, see Scheduling Repository Pull server tasks on page 215. Product Guide 153 Software Repositories Repository types To enable an enterprise-scalable architecture there are several types of distributed software repositories each with its own function: n Master repository. n Global distributed repositories. n Local distributed repositories. n Mirror distributed repositories. n SuperAgent distributed repositories. n Source repositories. n Fallback repository. Master repository The master repository maintains an original copy of the packages in the source repository. The ePolicy Orchestrator server is the master repository. A single master repository can replicate packages to hundreds of distributed repositories. At the master repository level, you can: n Check in product and product update packages. n Schedule tasks to replicate those packages to global or SuperAgent distributed repositories. n Schedule tasks to pull packages from source or fallback repositories and integrate them into the master repository. Supported protocols n 154 SPIPE. ePolicy Orchestrator™ software version 3.0 Software Repositories Global distributed repositories Each global distributed repository maintains an identical copy of the packages in the master repository. The master repository replicates packages to global and SuperAgent distributed repositories. For instructions, see Creating global distributed repositories on page 158. Supported protocols n HTTP servers. n FTP servers. n UNC shares. NOTE Replication cannot be performed to distributed repositories on FTP server through a proxy server. For more information, see the proxy server product documentation. Local distributed repositories Local distributed repositories are locations accessible only from the client computer; for example, a mapped drive or FTP server whose address can only be resolved from a local DNS server. Local distributed repositories are defined in the agent policy for selected client computers. For instructions, see Defining local distributed repositories on page 163. NOTE Since local distributed repositories can only be accessed from client computers, replication tasks do not copy packages from the master repository to local distributed repositories; you must manually update local distributed repositories with the desired packages. Supported protocols n HTTP servers. n FTP servers. n UNC shares. n Local directories. n Mapped drives. Product Guide 155 Software Repositories Mirror distributed repositories Mirror distributed repositories are local directories on client computers whose replication is done using a Mirror client task. Mirror tasks copy the contents of the first repository in the repository list to the local directory you specify on the client computer. If you share this location, then define it as a local distributed repository in the repository list, other client computers can retrieve updates from it. These repositories are useful to handle replication in decentralized networks. For instructions, see Defining mirror distributed repositories on page 165. Supported protocols n Local directories. SuperAgent distributed repositories You can create SuperAgent distributed repositories in place of using dedicated servers for global distributed repositories. The master repository can replicate packages to global and SuperAgent distributed repositories. For instructions, see Creating SuperAgent distributed repositories on page 166. Supported protocols n Local directories. NOTE Replication cannot be performed to distributed repositories on FTP server through a proxy server. For more information, see the proxy server product documentation. Source repositories Source repositories define a location from which a master repository retrieves packages. By default, the following Network Associates HTTP Download web site (NAIHttp) is defined as a source repository. This site hosts virus definition and virus scanning engine packages only. http://update.nai.com/Products/CommonUpdater NOTE McAfee Security recommends creating another source repository so that the fallback repository can be used in case an issue develops with a primary source repository. 156 ePolicy Orchestrator™ software version 3.0 Software Repositories You can redefine the default source repository or define other master repositories as source repositories. By creating source repositories that retrieve packages from other master repositories, you can create an enterprise-scalable organization of update servers. For instructions, see Redefining the default source repository on page 182 or Defining source repositories on page 167, respectively. Supported protocols n HTTP servers. n FTP servers. n UNC shares. Fallback repository Client computers retrieve their updates from the nearest repository in their repository list (SITELIST.XML). If none of these repositories are available, client computers retrieve packages from the fallback repository. You can only define one fallback repository. By default, the following Network Associates FTP Download web site (NAIFtp) is defined as the fallback repository. This site hosts virus definition and virus scanning engine packages only. ftp://ftp.nai.com/CommonUpdater You can redefine the default fallback repository to use a location on your intranet, so that client computers always retrieve their updates from an internal repository. For instructions, see Redefining the default source repository on page 182. Supported protocols n HTTP servers. n FTP servers. n UNC shares. Product Guide 157 Software Repositories Creating repositories Because the master repository is the ePolicy Orchestrator server, it’s created for you. You need to create each distributed repository. You can redefine the default source and fallback repositories and define additional source repositories. You can also switch source and fallback repositories. n Creating global distributed repositories. n Defining local distributed repositories. n Defining mirror distributed repositories. n Creating SuperAgent distributed repositories. n Defining source repositories. Creating global distributed repositories Use this procedure to create global distributed repositories. For more information, see Global distributed repositories on page 155. NOTE You must be a global administrator to create global distributed repositories. For option definitions, click Help in the interface. 158 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. 3 In the details pane under AutoUpdate Tasks, click Add distributed repository. The Add repository wizard appears. ePolicy Orchestrator™ software version 3.0 Software Repositories 4 Click Next to open the repository configuration dialog box. Figure 5-3. Add repository wizard — repository configuration dialog box 5 In Name, type a descriptive name for this repository. Repository names must be unique. 6 In Type, select Distributed Repository. 7 Specify the type of server or path (FTP, HTTP, or UNC) where you want to store the repository, then click Next. Product Guide 159 Software Repositories 8 In the protocol configuration dialog box, provide the address and port information of the repository, then click Next. Figure 5-4. Add repository wizard — FTP protocol configuration dialog box w If you selected FTP in Step 7, type the web address in URL and the FTP port number in Port. w If you selected HTTP in Step 7, type the web address in URL and the HTTP port number in Port. w If you selected UNC in Step 7, type the network directory where you want to store the repository in Path. Use this format: \\<COMPUTER>\<FOLDER>. You can use variables to define this location. For a list, see Variables on page 528. 160 ePolicy Orchestrator™ software version 3.0 Software Repositories 9 In the download credentials dialog box, provide the download credentials used by client computers to connect to this repository, then click Next. Use credentials with read-only permissions to the HTTP server, FTP server, or UNC share that hosts the repository. Figure 5-5. Add repository wizard — FTP download credentials dialog box a If you selected FTP in Step 7, select Use anonymous login or type the user account information in User name, Password, and Re-Enter Password. If you selected HTTP in Step 7 and the HTTP server requires authentication, select Use Authentication, then type the user account information in User name, Password, and Re-Enter Password. If you selected UNC in Step 7, select Use Logged On Account or type the user account information in Domain, User name, Password, and Confirm password. b To authenticate the user account you specified, click Verify. Product Guide 161 Software Repositories 10 In the replication credentials dialog box, provide the replication credentials used by the master repository to replicate packages to this repository, then click Next. Use credentials with read and write permissions to the HTTP server, FTP server, or UNC share that hosts the repository. Figure 5-6. Add repository wizard — FTP replication credentials dialog box a If you selected FTP in Step 7, type the user account information in User name, Password, and Re-Enter Password. If you selected HTTP in Step 7, type the UNC share name of the physical directory that represents the virtual directory where you want to store the repository on the HTTP server in Replication UNC. Use this format: \\<COMPUTER>\<FOLDER>. You can use variables to define this location. For a list, see Variables on page 528. Type the user account information for the network directory in Domain, User name, Password, and Re-Enter Password. If you selected UNC in Step 7, type the user account information in Domain, User name, Password, and Re-Enter Password. b To authenticate the user account you specified, click Verify. 11 Click Finish to add the repository to the repository list. 12 Click Close after the repository has been added. 162 ePolicy Orchestrator™ software version 3.0 Software Repositories Defining local distributed repositories Use this procedure to define local distributed repositories for selected client computers. For more information, see Local distributed repositories on page 155. Changes take effect during the next agent-to-server communication. 1 On the Repositories tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. For instructions on where to find this page, see Setting agent policies on page 250. Figure 5-7. Repositories tab in the ePolicy Orchestrator Agent | Configuration policy page Product Guide 163 Software Repositories 2 Click Add to open the Repository options dialog box. Figure 5-8. Repository options dialog box 3 In Repository, type a descriptive name for this repository. Repository names must be unique. 4 Under Retrieve files from, specify the type of server or path (HTTP Repository, FTP Repository, UNC Path, or Local Path) where the repository resides. 5 Provide the address and port information of the repository: w If you selected HTTP Repository in Retrieve files from, type the web address in URL and the HTTP port number in Port. w If you selected FTP Repository in Retrieve files from, type the web address in URL and the FTP port number in Port. w If you selected UNC Path in Retrieve files from, type the network directory where you want to store the repository in Path. Use this format: \\<COMPUTER>\<FOLDER>. You can use variables to define this location. For a list, see Variables on page 528. w If you selected Local Path in Retrieve files from, type the path (for example, C:\REPOSITORY) in Path. You can use variables to define this location. For a list, see Variables on page 528. 164 ePolicy Orchestrator™ software version 3.0 Software Repositories 6 Provide the download credentials used by client computers to connect to this repository. Use credentials with read-only permissions to the HTTP server, FTP server, UNC share, or local directory that hosts the repository. a If you selected HTTP Repository in Retrieve files from and the HTTP server requires authentication, select User authentication, then type the user account information in User name, Password, and Confirm password. If you selected FTP Repository in Retrieve files from, select Use anonymous login or type the user account information in User name, Password, and Confirm password. If you selected UNC Path or Local Path in Retrieve files from, select Use logged on account or type the user account information in Domain, User name, Password, and Confirm password. b To authenticate the user account you specified, click Verify. 7 Click OK to add the repository to the repository list. 8 Click Apply All to save the current entries. Defining mirror distributed repositories Use this procedure to create mirror distributed repositories. For more information, see Mirror distributed repositories on page 156. 1 Create and schedule a Mirror client task. For instructions, see Creating client tasks on page 263 and Scheduling client tasks on page 264. 2 On the Task tab in the ePolicy Orchestrator Scheduler dialog box, click Settings. The Task Settings dialog box appears. Figure 5-9. Task Settings dialog box — Mirror tasks 3 Deselect Inherit. 4 In Local destination path, type the path (for example, C:\MIRROR REPOSITORY) where you want to store the distributed repository. If this location doesn’t exist, it is created for you. Product Guide 165 Software Repositories 5 Click OK twice to save the current entries. 6 To define the location you specified in Step 4 as a local distributed repository, you must share it. Depending on the operating system that you are using, this procedure varies. For instructions, see the Microsoft product documentation. 7 Define the location you specified in Step 4 as a local distributed repository. For instructions, see Defining local distributed repositories on page 163. Creating SuperAgent distributed repositories Use this procedure to create SuperAgent distributed repositories. For more information, see SuperAgent distributed repositories on page 156. Changes take effect during the next agent-to-server communication. NOTE You can only set this policy at the computer level. 1 On the General tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. For instructions on where to find this page, see Setting agent policies on page 250. Figure 5-10. General tab in the ePolicy Orchestrator Agent | Configuration policy page 2 166 Select Enable SuperAgent functionality and Enable SuperAgent repository. ePolicy Orchestrator™ software version 3.0 Software Repositories 3 In Path to use for repository, type the local directory (for example, C:\REPOSITORY) where you want to store the repository. You can use variables to define this location. For a list, see Variables on page 528. w If the location you specified doesn’t exist, it is created. w If you change the location, the files are moved to the new location. w If the location cannot be created for any reason or if you leave this box blank, the default location is used: <DOCUMENTS AND SETTINGS>\ ALL USERS\APPLICATION DATA\NETWORK ASSOCIATES\FRAMEWORK\DB\SOFTWARE Where <DOCUMENTS AND SETTINGS> is the location of the DOCUMENTS AND SETTINGS folder, which varies depending on the operating system. If the operating system does not use a DOCUMENTS AND SETTINGS folder, the default location is: <AGENT INSTALLATION PATH>\DATA\DB\SOFTWARE 4 Click Apply All to save the current entries. Defining source repositories Use this procedure to define source repositories. For more information, see Source repositories on page 156. NOTE You must be a global administrator to define source repositories. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. 3 In the details pane under AutoUpdate Tasks, click Add source repository. The Add repository wizard appears. Product Guide 167 Software Repositories 4 Click Next to open the repository configuration dialog box. Figure 5-11. Add repository wizard — repository configuration dialog box 168 5 In Name, type a descriptive name for this repository. Repository names must be unique. 6 In Type, select Source Repository. 7 Specify the type of server or path (FTP, HTTP, or UNC) where the repository resides, then click Next. ePolicy Orchestrator™ software version 3.0 Software Repositories 8 In the protocol configuration dialog box, provide the address and port information of the repository, then click Next. Figure 5-12. Add repository wizard — FTP protocol configuration dialog box w If you selected FTP in Step 7, type the web address in URL and the FTP port number in Port. w If you selected HTTP in Step 7, type the web address in URL and the HTTP port number in Port. w If you selected UNC in Step 7, type the network directory where the repository resides in Path. Use this format: \\<COMPUTER>\<FOLDER>. You can use variables to define this location. For a list, see Variables on page 528. 9 Provide the download credentials used by client computers to connect to this repository, then click Next. Use credentials with read-only permissions to the HTTP server, FTP server, or UNC share that hosts the repository. a If you selected FTP in Step 7, select Use anonymous login or type the user account information in User name, Password, and Re-Enter Password. If you selected HTTP in Step 7 and the HTTP server requires authentication, select Use Authentication, then type the user account information in User name, Password, and Re-Enter Password. Product Guide 169 Software Repositories If you selected UNC in Step 7, select Use Logged On Account or type the user account information in Domain, User name, Password, and Confirm password. b To authenticate the user account you specified, click Verify. 10 Click Finish to add the repository to the repository list. 11 Click Close after the repository has been added. 170 ePolicy Orchestrator™ software version 3.0 Software Repositories Specifying how the nearest repository is selected Use this procedure to specify the order that client computers select repositories from which to retrieve packages. The agent performs repository selection each time the agent (McAfee Framework Service) service starts (for example, when the client computer is turned off and on) and when the repository list changes. For more information, see Repository list on page 200. Changes take effect during the next agent-to-server communication. 1 On the Repositories tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. For instructions on where to find this page, see Setting agent policies on page 250. Figure 5-13. Repositories tab in the ePolicy Orchestrator Agent | Configuration policy page 2 Select Use ePO configured repositories. 3 Under Repository selection, specify the method to use to sort repositories: w Ping time — Sends an ICMP ping to all repositories and sorts them by response time. w Subnet value — Compares the IP addresses of client computers and all repositories and sorts repositories based on how closely the bits match. The more closely the IP addresses resemble each other, the higher in the list the repository is placed. Product Guide 171 Software Repositories w User defined list — Selects repositories based on their order in the list. 4 All repositories appear in the Repository list. You can disable repositories by deselecting the box next to their name. 5 If you select User defined list in Repository selection, click Move up or Move down to specify the order in which you want client computers to select distributed repositories. 6 172 Click Apply All to save the current entries. ePolicy Orchestrator™ software version 3.0 Software Repositories Proxy server settings You need to provide separate proxy server settings for the master repository and for client computers. The master repository settings enable it to retrieve packages through a proxy server. The master repository uses these settings to retrieve packages from source repositories through a proxy server. The client computer settings enable client computers to retrieve packages through a proxy server. The agent uses these settings to retrieve packages from repositories using HTTP or FTP protocols. NOTE Agent-to-server communication does not use these settings. However, agent-to-server communication can be made through a firewall. For instructions, see Connecting through an ISP and a firewall on page 421. You can use the proxy server settings in Internet Explorer or specify custom proxy server settings. n Using Internet Explorer proxy server settings (master repository). n Defining custom proxy server settings (master repository). n Using Internet Explorer proxy server settings (client computers). n Setting custom proxy server policies (client computers). Using Internet Explorer proxy server settings (master repository) Use this procedure to specify that the master repository uses the proxy server settings defined in Internet Explorer to retrieve packages from source repositories through a proxy server. NOTE You need to define the actual proxy server settings in Internet Explorer. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. Product Guide 173 Software Repositories 3 In the details pane under AutoUpdate Tasks, click Configure proxy settings. The Edit proxy dialog box appears. Figure 5-14. Edit proxy dialog box 4 174 On the Options tab, select Use Internet Explorer proxy settings. ePolicy Orchestrator™ software version 3.0 Software Repositories 5 Click the Authentication tab. Figure 5-15. Authentication tab in the Edit proxy dialog box 6 7 Provide a user account with permissions to the proxy server specified in Internet Explorer. a Select Use HTTP Proxy Authentication or Use FTP Proxy Authentication. b In the User name, Password, and Re-Enter Password boxes that correspond to the desired protocol, type the user name and password associated with the user account. Click OK to save the current entries. Defining custom proxy server settings (master repository) Use this procedure to define the settings that the master repository uses to retrieve packages from source repositories through a proxy server. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. Product Guide 175 Software Repositories 3 In the details pane under AutoUpdate Tasks, click Configure proxy settings. The Edit proxy dialog box appears. Figure 5-16. Edit proxy dialog box 4 176 On the Options tab, select Manually configure the proxy settings. ePolicy Orchestrator™ software version 3.0 Software Repositories 5 Click the Servers tab. Figure 5-17. Servers tab in the Edit proxy dialog box 6 7 Provide the address and port number of the proxy server you want to use to gain access to distributed repositories using HTTP or FTP protocols. a In Address, type the IP address or fully-qualified domain name of the proxy server. b In Port, type the port number of the proxy server. To specify distributed repositories to which the server can connect directly, select Bypass Local Addresses, then type the IP addresses or fully-qualified domain name of those computers separated by a semi-colon (;). Product Guide 177 Software Repositories 8 Click the Authentication tab. Figure 5-18. Authentication tab in the Edit proxy dialog box 9 Provide a user account with permissions to the proxy server you specified in HTTP or FTP in Step 6. a Select Use HTTP Proxy Authentication or Use FTP Proxy Authentication. b In the User name, Password, and Re-Enter Password boxes that correspond to the desired protocol, type the user name and password associated with the user account. 10 Click OK to save the current entries. 178 ePolicy Orchestrator™ software version 3.0 Software Repositories Using Internet Explorer proxy server settings (client computers) Use this procedure to specify that client computers use the proxy server settings defined in Internet Explorer to retrieve packages from repositories through a proxy server. By default, no proxy server settings are made. For more information, see Proxy server settings on page 173. Changes take effect during the next agent-to-server communication. NOTE You need to define the actual proxy server settings in Internet Explorer. 1 On the Proxy tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. For instructions on where to find this page, see Setting agent policies on page 250. Figure 5-19. Proxy tab in the ePolicy Orchestrator Agent | Configuration policy page 2 Select Use Internet Explorer Proxy Settings. 3 Click Apply All to save the current entries. Product Guide 179 Software Repositories Setting custom proxy server policies (client computers) Use this procedure to define settings for client computers to retrieve packages from repositories through a proxy server. By default, no proxy server settings are made. For more information, see Proxy server settings on page 173. Changes take effect during the next agent-to-server communication. 1 On the Proxy tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. For instructions on where to find this page, see Setting agent policies on page 250. Figure 5-20. Proxy tab in the ePolicy Orchestrator Agent | Configuration policy page 180 2 Select Manually configure the proxy settings. 3 Provide the address and port number of the proxy server you want to use to gain access to distributed repositories using HTTP or FTP protocols. a In Address, type the IP address or fully-qualified domain name of the proxy server. b In Port, type the port number of the proxy server. c To use same the Address and Port for both HTTP or FTP protocols, select Use these settings for all proxy types. ePolicy Orchestrator™ software version 3.0 Software Repositories 4 Provide a user account with permissions to the proxy server you specified in HTTP or FTP in Step 3. a Select Use authentication for HTTP or Use authentication for FTP. b In the user name, password, and confirm password boxes that correspond to the desired protocol, type the user name and password associated with the user account. 5 To specify client computers that connect directly to repositories bypassing the proxy server, select Specify exceptions, then type the IP addresses or fully-qualified domain name of those computers separated by a semi-colon (;). 6 Click Apply All to save the current entries. Product Guide 181 Software Repositories Managing repositories You can redefine the default source and fallback repositories or switch source repositories for the fallback repository and visa versa. You can change the settings for distributed repositories and view the settings for the master repository. You can delete all repositories except the master repository. n Redefining the default source repository. n Redefining the fallback repository. n Switching source and fallback repositories. n Changing global distributed repositories. n Changing local distributed repositories. n Changing SuperAgent distributed repositories. n Viewing the master repository settings. n Deleting global distributed repositories. n Removing local distributed repositories. n Deleting SuperAgent distributed repositories. n Removing source or fallback repositories. Redefining the default source repository Use this procedure to redefine the default source repository. For more information, see Source repositories on page 156. NOTE You must be a global administrator to define source repositories. For option definitions, click Help in the interface. 182 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. ePolicy Orchestrator™ software version 3.0 Software Repositories 3 In the details pane under AutoUpdate Components, click Source Repository. The Source and Fallback Repositories page appears. Figure 5-21. Source and Fallback Repositories page 4 Select NAIHttp, then click Edit. The Edit repository dialog box appears. Product Guide 183 Software Repositories 5 On the Configuration tab, type a descriptive name for this repository in Name. Repository names must be unique. Figure 5-22. Configuration tab in the Edit repository dialog box 6 184 Under Protocol, specify the type of server or path (FTP, HTTP, or UNC) where the repository resides. ePolicy Orchestrator™ software version 3.0 Software Repositories 7 Click the Options tab. Figure 5-23. Options tab in the Edit repository dialog box 8 Provide the address and port information of the repository: w If you selected FTP in Protocol, type the web address in URL and the FTP port number in Port. w If you selected HTTP in Protocol, type the web address in URL and the HTTP port number in Port. w If you selected UNC in Protocol, type the network directory where the repository resides in Path. Use this format: \\<COMPUTER>\<FOLDER>. You can use variables to define this location. For a list, see Variables on page 528. 9 Provide the download credentials used by client computers to connect to this repository. Use credentials with read-only permissions to the HTTP server, FTP server, or UNC share that hosts the repository. a If you selected FTP in Protocol, select Use anonymous login or type the user account information in User name, Password, and Re-Enter Password. If you selected HTTP in Protocol and the HTTP server requires authentication, select Use Authentication, then type the user account information in User name, Password, and Re-Enter Password. Product Guide 185 Software Repositories If you selected UNC in Protocol, select Use Logged On Account or type the user account information in Domain, User name, Password, and Re-Enter Password. b To authenticate the user account you specified, click Verify. 10 Click OK to save the current entries. Redefining the fallback repository Use this procedure to redefine the fallback repository. For more information, see Fallback repository on page 157. NOTE You must be a global administrator to define the fallback repository. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. 3 In the details pane under AutoUpdate Components, click Source Repository. The Source and Fallback Repositories page appears. Figure 5-24. Source and Fallback Repositories page 4 186 Select NAIFtp, then click Edit. The Edit repository dialog box appears. ePolicy Orchestrator™ software version 3.0 Software Repositories 5 On the Configuration tab, type a descriptive name for this repository in Name. Repository names must be unique. Figure 5-25. Configuration tab in the Edit repository dialog box 6 Under Protocol, specify the type of server or path (FTP, HTTP, or UNC) where the repository resides. Product Guide 187 Software Repositories 7 Click the Options tab. Figure 5-26. Options tab in the Edit repository dialog box 8 Provide the address and port information of the repository: w If you selected FTP in Protocol, type the web address in URL and the FTP port number in Port. w If you selected HTTP in Protocol, type the web address in URL and the HTTP port number in Port. w If you selected UNC in Protocol, type the network directory where the repository resides in Path. Use this format: \\<COMPUTER>\<FOLDER>. You can use variables to define this location. For a list, see Variables on page 528. 9 Provide the download credentials used by client computers to connect to this repository. Use credentials with read-only permissions to the HTTP server, FTP server, or UNC share that hosts the repository. a If you selected FTP in Protocol, select Use anonymous login or type the user account information in User name, Password, and Re-Enter Password. If you selected HTTP in Protocol and the HTTP server requires authentication, select Use Authentication, then type the user account information in User name, Password, and Re-Enter Password. 188 ePolicy Orchestrator™ software version 3.0 Software Repositories If you selected UNC in Protocol, select Use Logged On Account or type the user account information in Domain, User name, Password, and Re-Enter Password. b To authenticate the user account you specified, click Verify. 10 Click OK to save the current entries. Switching source and fallback repositories Use this procedure to make the fallback repository a source repository, or to make a source repository the fallback repository. For more information, see Source repositories on page 156 and Fallback repository on page 157. NOTE You must be a global administrator to define source or fallback repositories. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. 3 In the details pane under AutoUpdate Components, click Source Repository. The Source and Fallback Repositories page appears. Figure 5-27. Source and Fallback Repositories page Product Guide 189 Software Repositories 4 To make the fallback repository a source repository, select the fallback repository from the list, then click Make Source. To make a source repository the fallback repository, select the desired source repository from the list, then click Make Fallback. Changing global distributed repositories Use this procedure to change the settings of global distributed repositories. NOTE You must be a global administrator to change global distributed repositories. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. 3 In the details pane under AutoUpdate Components, click Distributed Repository. The Distributed Repositories page appears. Figure 5-28. Distributed Repositories page 190 ePolicy Orchestrator™ software version 3.0 Software Repositories 4 Select the desired repository, then click Edit. The Edit repository dialog box appears. Figure 5-29. Edit repository dialog box 5 Change settings as needed. 6 Click OK to save the current entries. Product Guide 191 Software Repositories Changing local distributed repositories Use this procedure to change the settings of local distributed repositories. Changes take effect during the next agent-to-server communication. 1 On the Repositories tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. For instructions on where to find this page, see Setting agent policies on page 250. Figure 5-30. Repositories tab in the ePolicy Orchestrator Agent | Configuration policy page 192 ePolicy Orchestrator™ software version 3.0 Software Repositories 2 Under Repository list, select the desired repository, then click Edit. the Repository options dialog box appears. Figure 5-31. Repository options dialog box 3 Change settings as needed. 4 Click OK to save the current entries. Product Guide 193 Software Repositories Changing SuperAgent distributed repositories Use this procedure to change the settings of SuperAgent distributed repositories. Changes take effect during the next agent-to-server communication. NOTE You can only set this policy at the computer level. 1 On the General tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. For instructions on where to find this page, see Setting agent policies on page 250. Figure 5-32. General tab in the ePolicy Orchestrator Agent | Configuration policy page 2 Select Enable SuperAgent functionality and Enable SuperAgent repository. 3 In Path to use for repository, type the local directory (for example, C:\REPOSITORY) where you want to store the repository. You can use variables to define this location. For a list, see Variables on page 528. w If the location you specified doesn’t exist, it is created. w If you change the location, the files are moved to the new location. w If the location cannot be created for any reason or if you leave this box blank, the default location is used: 194 ePolicy Orchestrator™ software version 3.0 Software Repositories <DOCUMENTS AND SETTINGS>\ ALL USERS\APPLICATION DATA\NETWORK ASSOCIATES\FRAMEWORK\DB\SOFTWARE Where <DOCUMENTS AND SETTINGS> is the location of the DOCUMENTS AND SETTINGS folder, which varies depending on the operating system. If the operating system does not use a DOCUMENTS AND SETTINGS folder, the default location is: <AGENT INSTALLATION PATH>\DATA\DB\SOFTWARE 4 Click Apply All to save the current entries. Viewing the master repository settings Use this procedure to view the settings for the master repository. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. 3 In the details pane under AutoUpdate Components, click Master Repository. The Master Repository page appears. Figure 5-33. Master Repository page Deleting global distributed repositories Use this procedure to remove global distributed repositories from the repository list and delete their contents. NOTE You must be a global administrator to delete distributed repositories. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. Product Guide 195 Software Repositories 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. 3 In the details pane under AutoUpdate Components, click Distributed Repository. The Distributed Repositories page appears. Figure 5-34. Distributed Repositories page 4 196 Select the desired repository, then click Delete. ePolicy Orchestrator™ software version 3.0 Software Repositories Removing local distributed repositories Use this procedure to remove local distributed repositories from the repository list; you must manually remove their contents. Changes take effect during the next agent-to-server communication. 1 On the Repositories tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. For instructions on where to find this page, see Setting agent policies on page 250. Figure 5-35. Repositories tab in the ePolicy Orchestrator Agent | Configuration policy page 2 Under Repository list, select the desired local distributed repository, then click Delete. You can also disable repositories by deselecting them. 3 Click Apply All when done. Product Guide 197 Software Repositories Deleting SuperAgent distributed repositories Use the procedure to remove SuperAgent distributed repositories from the repository list and delete their contents. Changes take effect during the next agent-to-server communication. 1 On the General tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. For instructions on where to find this page, see Setting agent policies on page 250. Figure 5-36. General tab in the ePolicy Orchestrator Agent | Configuration policy page 198 2 Deselect Enable SuperAgent repository. 3 Click Apply All to save the current entries. ePolicy Orchestrator™ software version 3.0 Software Repositories Removing source or fallback repositories Use this procedure to remove source or fallback repositories from the repository list. NOTE You must be a global administrator to remove source or fallback repositories. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. 3 In the details pane under AutoUpdate Components, click Source Repository. The Source and Fallback Repositories page appears. Figure 5-37. Source and Fallback Repositories page 4 Select desired repository, then click Delete. Product Guide 199 Software Repositories Repository list The repository list (SITELIST.XML) contains the information client computers need to select the nearest repository from the list and retrieve updates from them. The repository list is sent to the agent during agent-to-server communication. You can also export it to a file and manually deploy, then apply it to client computers using command-line options. n When does the repository list change? n Exporting the repository list to a file. n Distributing the repository list manually. When does the repository list change? These tasks effect the repository list (SITELIST.XML): n Enabling or disabling the management of distributed repositories. n Creating, changing, or deleting repositories. n Specifying how the nearest repository is selected. n Adding, changing, or deleting proxy server settings. Exporting the repository list to a file Use this procedure to export the repository list (SITELIST.XML) to a file for manual deployment to client computers or for import during the installation of supported products. For more information, see Repository list on page 200. NOTE You must be a global administrator to export the repository list. For option definitions, click Help in the interface. 200 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. ePolicy Orchestrator™ software version 3.0 Software Repositories 3 In the details pane under AutoUpdate Components, click Source Repository. The Source and Fallback Repositories page appears. Figure 5-38. Source and Fallback Repositories page 4 Click Export repository list. The Export repository list wizard appears. 5 Click Next to open the export location dialog box. Figure 5-39. Export repository list wizard — export location dialog box Product Guide 201 Software Repositories 6 Type the path where you want to save the repository list, or click Browse to select a location, then click Next. 7 Click Finish to export the repository list (SITELIST.XML) to the location you specified. Distributing the repository list manually Once you have exported the repository list (SITELIST.XML) to a file, you can import it during the installation of supported products. For instructions, see the Installation Guide for that product. You can also distribute the repository list to client computers, then apply the repository list to the agent (for example, using third-party deployment tools and logon scripts). For more information, see Agent installation command-line options on page 289. 202 ePolicy Orchestrator™ software version 3.0 Software Repositories Product and product update packages The distributed software repository feature of ePolicy Orchestrator allows you to create a central library of supported products and product updates in the master repository. These products and product updates are then available for deployment to client computers and for replication to other distributed repositories. By checking packages into the master repository, you define exactly which supported products and product updates to deploy and maintain on client computers. All packages are considered product updates with the exception of the product binary (Setup) files. You can check these package types into the master repository. n Agent language packages. n HotFix releases. n Product binary (Setup) files. n Product plug-in (DLL) files. n Service pack releases. n SuperDAT (SDAT*.EXE) files. NOTE To save bandwidth, we recommend that you check in DAT and engine packages separately instead of checking in a SuperDAT package that combines these updates. n Supplemental virus definition (EXTRA.DAT) files. n Virus definition (DAT) files. n Virus scanning engine. Each package contains the binary files, detection and installation scripts, and a package catalog (PKGCATALOG.Z) file. Legacy product support Existing (or legacy) products use a flat directory structure in conjunction with the AutoUpdate and AutoUpgrade client tasks to install product updates. New products that take advantage of AutoUpdate 7.0 use a hierarchal directory structure and the Update client task to install product updates. Product Guide 203 Software Repositories If the update location you specify in the AutoUpdate or AutoUpgrade task settings is a distributed software repository being managed by ePolicy Orchestrator, you need to enable legacy product support when you check the corresponding package into the master repository. Doing so, copies the packages into both directory structures. This flexibility enables you to continue to support legacy products; for example, NetShield 4.5; using AutoUpdate and AutoUpgrade tasks. For instructions, see Checking in packages on page 206 and Product update deployment on page 313. You can enable legacy product support for these package types: n SuperDAT (SDAT*.EXE) packages. NOTE We recommend using SuperDAT packages to distribute custom packages only. n Virus definition (DAT) files. Package catalog files Package catalog (PKGCATALOG.Z) files are created and distributed by Network Associates. The package catalog file contains details about each package including the name of the product for which the update is intended, language version, and any installation dependencies. Package signing and security All packages created and distributed by Network Associates are signed with a key pair using the DSA (Digital Signature Algorithm) signature verification system, and are encrypted using 168-bit 3DES encryption. A key is used to encrypt or decrypt sensitive data. You are notified when you check in packages that are not signed by Network Associates. If you are confident of the content and validity of the package, continue with the check-in. These packages are secured in the same manner described above, but are signed by ePolicy Orchestrator when they are checked in. Using digital signatures guarantees that packages originated from Network Associates or were checked in by you, and that they have not been tampered with or corrupted. The agent only trusts package catalog files signed by ePolicy Orchestrator or Network Associates. This protects your network from receiving updates from unsigned or untrusted sources. 204 ePolicy Orchestrator™ software version 3.0 Software Repositories Package versioning and branches Depending on the package type, you can choose to keep up to three versions (evaluation, current, or previous) of a package. Otherwise, packages are always checked into the current branch, so only one version is stored in the master repository. Because HotFix releases are not always cumulative and can require other HotFix releases, you can check in multiple versions of these packages; however, each version is still checked into the current branch. Typically, the evaluation branch is used for testing purposes, and the previous branch allows you to easily roll back to a previous version of an update. You specify the branch from which client computers retrieve these updates. For instructions, see Specifying the branch to retrieve updates on page 314. These are the package types you can check into the evaluation, current, or previous branch. All other package types are automatically checked into the current branch. n SuperDAT (SDAT*.EXE) files. n Supplemental virus definition (EXTRA.DAT) files. n Virus definition (DAT) files. n Virus scanning engine. Package ordering and dependencies If one product update is dependent on another, you must check their packages into the master repository in the required order. For example, if HotFix 2 requires HotFix 1, you must check in HotFix 1 before HotFix 2. Packages cannot be reordered once they are checked in. You must remove them and check them back in, in the proper order. For instructions, see Deleting packages on page 214. If you check in a package that supersedes an existing package, the existing package is removed automatically. Product Guide 205 Software Repositories Checking in and managing packages You can check in, view, or delete packages from the master repository. For more information, see Product and product update packages on page 203. n Checking in packages. n Manually moving packages between branches. n Viewing information about packages in repositories. n Deleting packages. Checking in packages Use this procedure to check packages into the master repository. For more information, see Product and product update packages on page 203. NOTE You cannot check in packages while pull or replication tasks are executing. Service pack, HotFix, and supplemental virus definition (EXTRA.DAT) files must be checked in manually if using a pull task from the ftp://ftp.nai.com/CommonUpdater web site as the source repository. You must be a global administrator to check in packages. For option definitions, click Help in the interface. 206 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. 3 In the details pane under AutoUpdate Tasks, click Check in package. The Check-in package wizard appears. ePolicy Orchestrator™ software version 3.0 Software Repositories 4 Click Next to open the package type dialog box. Figure 5-40. Check-in package wizard — package type dialog box Product Guide 207 Software Repositories 5 Select the desired package type (Products or updates, Extra.dat, or SuperDAT), then click Next. The catalog file dialog box appears. Figure 5-41. Check-in package wizard — catalog file dialog box 208 ePolicy Orchestrator™ software version 3.0 Software Repositories 6 Type the path of the corresponding package catalog (PKGCATALOG.Z) file, or click Browse to select this file, then click Next. The summary dialog box appears. Figure 5-42. Check-in package wizard — summary dialog box If the package is unsigned, a message appears notifying you that the validity of the package cannot be verified. If you are confident of the content and validity of the package, continue with the check-in. For more information, see Package signing and security on page 204. Product Guide 209 Software Repositories 7 Click Next to open the branch dialog box. Figure 5-43. Check-in package wizard — branch dialog box 8 Depending on the package type, you can choose the branch (Evaluation, Current, or Previous) to check the package into, and whether to move the package in the current branch to the previous branch. For more information, see Package versioning and branches on page 205. 9 Select Support legacy product update to copy packages into both the flat directory structure that existing (or legacy) products use in conjunction with the AutoUpdate and AutoUpgrade client tasks and the hierarchical directory structure that new products use in conjunction with the Update client task. For more information, see Legacy product support on page 203. 10 To move packages in the master repository from the current branch to the previous branch, select Move the existing package in ‘current’ branch to ‘previous’ branch. To replace packages in the current branch on the master repository, deselect Move the existing package in ‘current’ branch to ‘previous’ branch. 11 Click Finish to check in the package. 12 Click Close after the package has been checked in. 210 ePolicy Orchestrator™ software version 3.0 Software Repositories Manually moving packages between branches Use this procedure to move packages between the evaluation, current, and previous branches after they have been checked into the master repository. For more information, see Package versioning and branches on page 205. NOTE You must be a global administrator to move packages between branches. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. 3 In the details pane under AutoUpdate Tasks, click Manage packages. The Packages page appears. Figure 5-44. Packages page 4 Select the desired package, then click Copy to current, Copy to Previous, or Copy to evaluation as needed. The Copy package wizard appears. Product Guide 211 Software Repositories 5 Click Next to open the copy options dialog box. Figure 5-45. Copy package wizard — copy options dialog box 212 6 If you are moving packages into the current branch, select Support legacy product update to copy packages into both the flat directory structure that existing (or legacy) products use in conjunction with the AutoUpdate and AutoUpgrade client tasks and the hierarchical directory structure that new products use in conjunction with the Update client task. For more information, see Legacy product support on page 203. 7 To delete the selected package after it has been moved to the new branch, select Delete original after copy. 8 Click Finish to move the package. 9 Click Close after package has been moved. ePolicy Orchestrator™ software version 3.0 Software Repositories Viewing information about packages in repositories Use this procedure to view information about packages in the master repository, global distributed repositories, or SuperAgent distributed repositories. You can view the branch packages are checked into, the product name and version number, whether legacy product support was enabled when the package was checked in, the package type, and the language version. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 To view packages in the master repository: a In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. b In the details pane under AutoUpdate Tasks, click Manage packages. The Packages page appears. Figure 5-46. Packages page 3 To view packages in global or SuperAgent distributed repositories: w In the console tree under ePolicy Orchestrator | <SERVER> | Repository | Software Repositories | Distributed, select <DISTRIBUTED REPOSITORY>. Product Guide 213 Software Repositories Deleting packages Use this procedure to delete packages from the master repository. NOTE Do not manually delete packages from repositories. You cannot delete packages while pull or replication tasks are executing. You must be a global administrator to delete packages. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. 3 In the details pane under AutoUpdate Tasks, click Manage packages. The Packages page appears. Figure 5-47. Packages page 4 214 Select the desired packages, then click Delete. ePolicy Orchestrator™ software version 3.0 Software Repositories Pull and replication tasks You can schedule pull and replication tasks or run them on demand. These tasks allow you to keep the master repository current with source or fallback repositories, and global and SuperAgent distributed repositories up-to-date with the contents of the master repository. n Scheduling Repository Pull server tasks. n Running a pull task immediately. n Scheduling Repository Replication server tasks. n Running a replication task immediately. Scheduling Repository Pull server tasks Use this procedure to schedule a Repository Pull server task. Pull tasks allow you to specify the source or fallback repository from which you want to retrieve packages, then integrate the packages into the specified branches in the master repository. For more information, see Legacy product support on page 203 and Package versioning and branches on page 205. NOTE You must be a global administrator to schedule pull tasks. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. Product Guide 215 Software Repositories 3 In the details pane under AutoUpdate Tasks, click Schedule pull tasks. The Scheduled Tasks tab appears. Figure 5-48. Scheduled Tasks tab 4 Create a Repository Pull server task. For instructions, see Creating server tasks on page 69. 5 On the Repository Pull Task page, specify the Source repository. Figure 5-49. Repository Pull Task page 216 6 Select the branch (Current, Previous, or Evaluation) into which you want packages copied. 7 If you select the Current branch, you can also make these selections: ePolicy Orchestrator™ software version 3.0 Software Repositories a Select Support legacy product update to copy packages into both the flat directory structure that existing (or legacy) products use in conjunction with the AutoUpdate and AutoUpgrade client tasks, and the hierarchical directory structure that new products use in conjunction with the Update client task. For more information, see Legacy product support on page 203. b To move packages in the master repository from the current branch to the previous branch, select Move existing packages to the ‘previous’ branch. To replace packages in the current branch with the packages you are checking in, deselect Move existing packages to the ‘previous’ branch. 8 Click Finish when done. Running a pull task immediately Use this procedure to run a pull task immediately. Pull tasks allow you to specify the source or fallback repository from which you want to retrieve packages, then integrates the packages into the specified branches in the master repository. For more information, see Legacy product support on page 203 and Package versioning and branches on page 205. NOTE You must be a global administrator to schedule pull tasks. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. 3 In the details pane under AutoUpdate Tasks, click Pull now. The Pull Now wizard appears. Product Guide 217 Software Repositories 4 Click Next to open the select repositories dialog box. Figure 5-50. Pull Now wizard — select repositories dialog box 218 ePolicy Orchestrator™ software version 3.0 Software Repositories 5 Select the desired repository, then click Next. The branches dialog box appears. Figure 5-51. Pull Now wizard — branches dialog box 6 Select the branch (Current, Previous, or Evaluation) into which you want packages copied. For more information, see Package versioning and branches on page 205. 7 Select Support legacy product update to copy packages into both the flat directory structure that existing (or legacy) products use in conjunction with the AutoUpdate and AutoUpgrade client tasks and the hierarchical directory structure that new products use in conjunction with the Update client task. For more information, see Legacy product support on page 203. 8 To move packages in the master repository from the current branch to the previous branch, select Move the existing package in ‘current’ branch to ‘previous’ branch. To replace packages in the current branch on the master repository, deselect Move the existing package in ‘current’ branch to ‘previous’ branch. 9 Click Finish to run the task. 10 Click Close after the task has completed. Product Guide 219 Software Repositories Scheduling Repository Replication server tasks Use this procedure to schedule a Repository Replication server task. Replication tasks update global and SuperAgent distributed repositories to maintain identical copies of all packages in all branches that are in the master repository. You can also update only selected distributed repositories. For instructions, see Running a replication task immediately on page 221. We recommend scheduling a full replication task on a weekly basic and an incremental replication task on a daily basis. NOTE You must be a global administrator to schedule replication tasks. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. 3 In the details pane under AutoUpdate Tasks, click Schedule replication tasks. The Scheduled Tasks tab appears. Figure 5-52. Scheduled Tasks tab 4 220 Create a Repository Replication server task. For instructions, see Creating server tasks on page 69. ePolicy Orchestrator™ software version 3.0 Software Repositories 5 On the Repository Replication Task page, specify the type of replication task (Full replication or Incremental replication). Figure 5-53. Repository Replication Task page 6 Click Finish when done. Running a replication task immediately Use this procedure to run a replication task immediately. Replication tasks update global and SuperAgent distributed repositories to maintain identical copies of all packages in all branches that are in the master repository. You can update all or only selected distributed repositories. NOTE You must be a global administrator to schedule replication tasks. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server using a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select Repository. 3 In the details pane under AutoUpdate Tasks, click Replicate now. The Replicate Now wizard appears. Product Guide 221 Software Repositories 4 Click Next to open the distributed repositories dialog box. Figure 5-54. Replicate Now wizard — distributed repositories dialog box 222 ePolicy Orchestrator™ software version 3.0 Software Repositories 5 Select the desired repositories, then click Next. The replication type dialog box appears. Figure 5-55. Replicate Now wizard — replication type dialog box 6 Specify the type of replication task (Full replication or Incremental replication), then click Finish to run the task. 7 Click Close after the task has completed. Product Guide 223 Software Repositories 224 ePolicy Orchestrator™ software version 3.0 6 Policies, Properties, and Client Tasks You can deploy the agent and products using the default policies (configuration settings) or change these settings beforehand. n Policies. n Agent policies. n Setting agent policies. n Properties. n Client tasks. Product Guide 225 Policies, Properties, and Client Tasks Policies You can set agent and product policies (configuration settings) before you deploy them or use the default policies, and change them as needed after deployment. Information provided here on setting policies does not describe the product-specific settings, but rather defines policies and related concepts and their use. However, agent policy settings are described. For more information on setting product policies, see the Configuration Guide for each product. For more information on setting agent policies, see Agent policies on page 243. n What is a policy? n Policy inheritance. n Policy enforcement. n Setting policies. n Copying policies. n Importing and exporting policies. n Restoring the default policy settings. What is a policy? Policies are the configuration settings for each product that can be managed via ePolicy Orchestrator. These settings determine how the product behaves on client computers. For example, you can specify which types of files that you want VirusScan Enterprise 7.0 to scan by choosing those settings on the corresponding policy (.NAP) page. For instructions, see Setting policies on page 232. Multi-lingual policy pages for all supported products available at release time are automatically installed with the software. You can change the language version in which the ePolicy Orchestrator console and policy pages appear at any time. If a supported product is not available at release time, the corresponding policy pages are made available with the product. You must add these to the Repository manually before you can configure and deploy the corresponding product via ePolicy Orchestrator. For instructions, see Adding policy pages to the Repository on page 144. 226 ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks All policy pages come with a set of default policy settings. You can customize these settings at the Directory level, or at any console tree item under the Directory. To simplify changing policy settings, you can copy or export policy settings for selected products. For instructions, seeCopying policies on page 233 or Importing and exporting policies on page 235. To effectively change policy settings, you need to understand how policy inheritance works. For more information, see Policy inheritance on page 227. Figure 6-1. VirusScan Enterprise 7.0 policy page Policy inheritance Policy inheritance determines whether the policy settings for any one console tree item under the Directory are taken from the item directly above it. All policy pages come with a set of default policy settings. By default, all items under the Directory inherit these settings. You can change the default settings as needed for each site or group or even for each computer, then apply the new settings to all groups and computers underneath. To do this, you need to turn off inheritance. The policy page then no longer takes its settings from the items above it, and applies the new settings to all items below it (assuming that they are still using inheritance). Product Guide 227 Policies, Properties, and Client Tasks For example, you want to use the default policy settings on the General tab in the ePolicy Orchestrator Agent | Configuration policy page with one exception. You want the agent icon to appear on the taskbar of the Information Technology (IT) staff’s client computers. Since you’ve organized the Directory by department, all of the IT computers are in one site. To change the default settings for this collection of computers, do the following: select the site, select the agent policy page, deselect Inherit on the General tab, change the desired settings, then click Apply All. The new settings are applied to these computers during the next agent-to-server communication interval (ASCI). You can restore policy settings to the default settings at any time. For more information, see Restoring the default policy settings on page 242. Policy enforcement How new policy settings are enforced on client computers varies slightly depending on whether you are managing McAfee or Norton AntiVirus products. 228 n How policies are enforced for McAfee products. n How policies are enforced for Norton AntiVirus products. ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks How policies are enforced for McAfee products Policies for McAfee products are enforced immediately on the policy enforcement interval and the agent-to-server communication interval (ASCI). On the ASCI On the policy enforcement interval The ePolicy Orchestrator server sends incremental policy updates to the agent during the ASCI. Server Incremental Policies Agent Agent Policies Policies McAfee Products McAfee Products During both the ASCI and the policy enforcement interval, the agent for Windows enforces policies on client computers. Figure 6-2. How policies are enforced for McAfee products Product Guide 229 Policies, Properties, and Client Tasks How policies are enforced for Norton AntiVirus products There is a delay of up to three minutes after the policy enforcement interval and the agent-to-server communication interval (ASCI), before policies for Norton AntiVirus products are enforced. 230 ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks On the ASCI On the policy enforcement interval Server The ePolicy Orchestrator server sends incremental policy updates to the agent during the ASCI. Incremental Policies Agent Agent Policies Policies GRC.DAT File GRC.DAT File Norton AntiVirus Products Norton AntiVirus Products During both the ASCI and the policy enforcement interval, the agent updates the GRC.DAT file with the current policy information. The GRC.DAT file stores all changes made to client computers. The version of the grc.dat file that is updated is located in \DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS CORPORATE EDITION\7.5 (for Windows 2000) or in \PROGRAM FILES\NAV. Norton AntiVirus products read the policy information from the GRC.DAT and enforce the policies approximately every three minutes. Figure 6-3. How policies are enforced for Norton AntiVirus products Product Guide 231 Policies, Properties, and Client Tasks Setting policies Use this procedure to define the product policy settings (for example, when to scan files for viruses) that you want to enforce on client computers. Changes take effect during the next agent-to-server communication. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select the Directory, <SITE>, <GROUP>, or <COMPUTER>. The Policies, Properties, and Tasks tabs appear in the upper details pane. 3 Click the Policies tab. Products that you can manage via ePolicy Orchestrator are listed on this tab. 4 Select the product (for example, VirusScan Enterprise 7.0) for which you want to set policies. The corresponding product policy page appears in the lower details pane. 5 Deselect Inherit. 6 Select Enforce Policies for <PRODUCT> (for example, Enforce Policies for VirusScan Enterprise 7.0). 7 Select the option (for example, General Policies) under the product for which you want to set policies. The corresponding policy page appears in the lower details pane. 8 Deselect Inherit. 9 Make changes to policy settings as needed. For instructions on configuring products for use with ePolicy Orchestrator, see the Configuration Guide for each product. For instructions on configuring the agent for Windows, see Setting agent policies on page 250. 10 Click Apply to save the current entries. 232 ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks Copying policies Use this procedure to copy policy settings between console tree items under the Directory on the same ePolicy Orchestrator server or to items on different servers. Only the policy settings from the console tree item you select are copied. When you paste policy settings to a console tree item, inheritance for that item is turned off, but remains unchanged for items underneath it. Changes take effect during the next agent-to-server communication. NOTE You must be a global or site administrator to copy or paste policies. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER> from which you want to copy policy settings, then select Policy | Copy. Product Guide 233 Policies, Properties, and Client Tasks 3 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER> to which you want to paste these policy settings, then select Policy | Paste. The Policy Copy Options dialog box appears. Figure 6-4. Policy Copy Options dialog box 4 Verify that the Server and Item for the Source and Destination are correct before you continue. 5 To copy policy settings for all products currently installed in the Repository, click Add All. To copy only policy settings for selected products, select them under Products, then click Add. 234 6 To copy only those policy settings that differ from the inherited settings, select Only custom policies. Otherwise, all policy settings are copied. 7 Click OK when done. ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks Importing and exporting policies You can export your custom policy settings for products to policy files or policy templates. This allows you to define enterprise-wide policy settings that can be easily applied to any ePolicy Orchestrator server. Whether other ePolicy Orchestrator administrators need access to these settings affects the format that you choose. n Policy files and policy templates. n Exporting policies to policy files. n Importing policies from policy files. n Exporting policies to policy templates. n Importing policies from policy templates. Policy files and policy templates Policy files are saved to the local drive of the ePolicy Orchestrator server, but cannot be accessed via a remote console. However, you can still share policy files with other administrators, which they can then import into the Directory on any server. Policy files are also useful for backup purposes. Policy templates are stored in the ePolicy Orchestrator database and are available to administrators from the console. Other administrators can change, import, or delete policy templates at will. Whereas you can import policy files to any server, policy templates are confined to the same server. For example, let’s say you want to use more restrictive and secure policy settings on your network during the weekend. You could define different policies for the weekdays and weekends, then import the appropriate policies on Mondays and Fridays. Product Guide 235 Policies, Properties, and Client Tasks Exporting policies to policy files Use this procedure to export policy settings for selected products to a file. Only the policy settings for the console tree item you select are exported. You can then import the resulting policy file to a selected console tree item on another ePolicy Orchestrator server, or use the file for backup purposes. NOTE You must be a global or site administrator to export policies. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER> from which you want to export policy settings, then select Policy | Export. The Policy Export Options dialog box appears. Figure 6-5. Policy Export Options dialog box 3 236 Under Export to, select File. ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks 4 In File Name, type the path where you want to save the policy file or click Browse to specify a file name and location. 5 To export policy settings for all products currently installed in the Repository, click Add All. To export only policy settings for selected products, select them under Products, then click Add. 6 To export only those policy settings that differ from the inherited settings, select Only custom policies. Otherwise, all policy settings are exported. 7 Click Export when done. 8 Import the policy file as needed. For instructions, see Importing policies from policy files on page 237. Importing policies from policy files Use this procedure to import policy settings from a policy file to any console tree item on any ePolicy Orchestrator server. When you import policy settings to a console tree item, inheritance for that item is turned off, but remains unchanged for items underneath it. Changes take effect during the next agent-to-server communication. NOTE You must be a global or site administrator to import policies. For option definitions, click Help in the interface. 1 Export policies to a policy file. For instructions, see Exporting policies to policy files on page 236. 2 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. Product Guide 237 Policies, Properties, and Client Tasks 3 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER> to which you want to apply policy settings, then select Policy | Import. The Policy Import Options dialog box appears. Figure 6-6. Policy Import Options dialog box 4 238 In File Name, type the path of the policy file or click Browse to select the desired file, then click OK. ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks Exporting policies to policy templates Use this procedure to export policy settings for selected products to the Policy Templates folder in the console tree under ePolicy Orchestrator on the desired ePolicy Orchestrator server. Only the policy settings for the console tree item you select are exported. NOTE You must be a global or site administrator to export policies. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER> from which you want to export policy settings, then select Policy | Export. The Policy Export Options dialog box appears. Figure 6-7. Policy Export Options dialog box 3 Under Export to, select Policy Templates. Product Guide 239 Policies, Properties, and Client Tasks 4 In Name, type a descriptive name for the policy template. A folder with this name is created in the console tree under ePolicy Orchestrator | <SERVER> | Policy Templates. 5 To export policy settings for all products currently installed in the Repository, click Add All. To export only policy settings for selected products, select them under Products, then click Add. 6 To export only those policy settings that differ from the inherited settings, select Only custom policies. Otherwise, all policy settings are exported. 7 Click Export when done. 8 Import the policy template as needed. For instructions, see Importing policies from policy templates on page 240. Importing policies from policy templates Use this procedure to import policy settings from a policy template to any console tree item under the Directory on the same ePolicy Orchestrator server. When you import policy settings to a console tree item, inheritance for that item is turned off, but remains unchanged for items underneath it. Changes take effect during the next agent-to-server communication. NOTE You must be a global or site administrator to import policies. For option definitions, click Help in the interface. 240 1 Export policies to a policy template. For instructions, see Importing policies from policy files on page 237. 2 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks 3 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER> to which you want to apply policy settings, then select Policy | Import. The Policy Import Options dialog box appears. Figure 6-8. Policy Import Options dialog box 4 Under Import policies from, select Policy Templates. 5 In Name, select the desired template, then click OK. Product Guide 241 Policies, Properties, and Client Tasks Restoring the default policy settings Use this procedure to reset policies for selected products to their original settings. Changes take effect during the next agent-to-server communication. NOTE You can also restore the default policy settings on any policy page by selecting Inherit, then clicking Apply. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER>, then select Policy | Reset Inheritance. The Reset Policy Inheritance dialog box appears. Figure 6-9. Reset Policy Inheritance dialog box 242 3 Select the Level at which you want to restore the default policy settings. 4 Specify whether you want to reset the default settings on All products or Selected products. 5 If you choose Selected products, select the desired products from the Products list. 6 Click OK. ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks Agent policies You can make a number of settings in the agent policy that affect how the agent behaves. n Agent activity log files. n Agent wakeup calls. n Agent-to-server communication interval. n Events. n Initial agent-to-server communication interval. n Policy enforcement interval. n Repository list. n Selective updating. n SuperAgent wakeup calls. n IP address information in the agent. The agent affects a number of other areas covered elsewhere. For information on these areas, see these topics: n Local distributed repositories on page 155. n SuperAgent distributed repositories on page 156. n Specifying how the nearest repository is selected on page 171. n Proxy server settings on page 173. n Repository list on page 200. n Properties on page 259. n Enabling or disabling agent AutoUpgrade on page 274. n Global updating on page 319. Agent activity log files You can enable or disable normal or detailed logging of agent activity, as well as remote access to both the agent activity log (AGENT_<COMPUTER>.XML) and detailed agent activity log (AGENT_<COMPUTER>.LOG) files. You can limit the size of the agent activity log file, but the detailed agent activity log file has a 1MB size limitation. When this log file reaches 1MB, a backup copy (AGENT_<COMPUTER>_BACKUP.LOG) is made. For instructions, see Enabling or disabling the logging of agent activity and remote access to log files on page 257. Product Guide 243 Policies, Properties, and Client Tasks The agent activity log file stores the same messages that appear in the ePolicy Orchestrator Agent Monitor dialog box. This log file records agent activity related to policy enforcement, agent-to-server communication, event forwarding, etc. The detailed agent activity log file, intended for troubleshooting purposes only, stores these messages plus troubleshooting messages. If the operating system uses a DOCUMENTS AND SETTINGS folder, these log files are located here: <DOCUMENTS AND SETTINGS>\NETWORK ASSOCIATES\COMMON FRAMEWORK\DB Where <DOCUMENTS AND SETTINGS> is the location of the DOCUMENTS AND SETTINGS folder; for example, on computers using Windows 2000 Server, this folder is located in \WINNT\PROFILES\<USER>. If the operating system does not use a DOCUMENTS AND SETTINGS folder, these log files are located in the DB folder in the agent installation directory. The default location is: C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\DB Agent wakeup calls You can prompt agents to contact the ePolicy Orchestrator server when needed instead of waiting for the next agent-to-server communication interval (ASCI). You can send agent wakeup calls on an on-demand basis or schedule them as client tasks. Agent wakeup calls are useful during outbreak situations, or any time that you have an urgent need to send new or updated policies and tasks to client computers, or want to receive properties and events from the agent. To account for bandwidth considerations, you can specify that agents contact the server immediately, or randomly within an hour. You can also specify at which level under the selected site, group, or computer to send the agent wakeup call. For instructions, see Sending agent wakeup calls on page 296 or Creating client tasks on page 263. The agent and server exchange the same information during an agent wakeup call as during the ASCI. For more information, see Agent-to-server communication interval on page 245. You can enable or disable agent wakeup calls. This setting is enabled by default and effects both the agent and SuperAgent. For instructions, see Enabling or disabling agent wakeup calls on page 253. You can also schedule agent wakeup calls to run as client tasks. For instructions, see Creating client tasks on page 263. 244 ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks Agent-to-server communication interval The agent-to-server communication interval (ASCI) determines how often the agent and ePolicy Orchestrator server exchange information. The agent and server exchange the same information during an agent wakeup call as during the ASCI. To conserve bandwidth, only data that has changed since the last ASCI is transmitted. Here’s a breakdown of the information exchanged: n The agent sends properties and events to the server. n The server provides new or updated policies and tasks to the agent. n The agent enforces new policies and tasks on the client computer. n The server provides updated repository list to the agent. If you want more control over when agent-to-server communication occurs, you can disable the ASCI, send agent wakeup calls on an on-demand basis, or schedule agent wakeup calls to run as client tasks. For instructions, see Setting agent communication intervals on page 254, Sending agent wakeup calls on page 296, or Scheduling agent-to-server communication on page 298. Recommended agent-to-server communication intervals Recommended agent-to-server communications intervals (ASCI) based on network size are listed below. Network Size Recommended ASCI Gigabit LAN 60 minutes 100MB LAN only 60 minutes WAN 360 minutes * Dial-up or RAS 360 minutes 10MB LAN only 180 minutes Wireless LAN 150 minutes * When you connect to a corporate intranet via dial-up or RAS, the agent detects the network connection and communicates to the ePolicy Orchestrator server. Events Events are generated by supported products and identify a wide range of activity on client computers from service events (for example, starting or stopping software) to infection detection events. Each event is assigned a severity ranging from informational to critical. Events and properties comprise the data that appears on reports and queries. Product Guide 245 Policies, Properties, and Client Tasks You can use the severity to determine the specific events that you want sent from client computers to the ePolicy Orchestrator server, and stored in the ePolicy Orchestrator database. For example, service events are informational and are not stored in the database by default. For instructions, see Limiting events stored in the database on page 335. Although events are normally sent to the server during the agent-to-server communication interval (ASCI), you can also prompt the agent for Windows to send events more frequently. You specify the severity and maximum number of events that you want sent and how often. This allows you to increase the ASCI — which, in turn, reduces bandwidth — while still having the most current and pertinent infection data on which to report. For instructions, see Enabling or disabling immediate event forwarding on page 256. Initial agent-to-server communication interval When the agent communicates with the server for the first-time either immediately after the agent is installed or when the agent service restarts (for example, when the client computer is turned off and on), the actual agent-to-server communication interval (ASCI) varies: n The initial ASCI is randomized over a ten-minute interval. n The second ASCI is randomized over the full ASCI as defined in the agent policy (default is 60 minutes). n Subsequent communication use the full ASCI as defined in the agent policy without randomization. You can skip the initial ten-minute, randomized ASCI if the last agent-to-server communication occurred within the time period (default is 24 hours) you specify. For example, if users turn off their computers at night, agents will initially communicate to the server randomly over the ASCI length instead of 10 minutes. For instructions, see Setting agent communication intervals on page 254. Policy enforcement interval The policy enforcement interval determines how often the agent enforces the policies it has received from the ePolicy Orchestrator server. Because policies are enforced locally, this interval does not require any bandwidth. For instructions, see Setting agent communication intervals on page 254. Although tasks normally run based on the frequency you specify in the task settings, you can specify that Product Deployment client tasks run during the policy enforcement interval. 246 ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks Repository list McAfee anti-virus products that use AutoUpdate 7.0 use the repository list (SITELIST.XML) to access distributed repositories and retrieve packages from them. You can specify that client computers select distributed repositories using the fastest ICMP ping response time, by comparing IP addresses of the client computers and distributed repositories, or based on an order you specify. In addition to the repositories you create in the Repository, you can add local distributed repositories in the agent policy. If you want to manually manage distributed update repositories, you can disable the management of distributed repositories via ePolicy Orchestrator. Selective updating You can specify which version (Evaluation, Current, or Previous) of updates you want client computers to retrieve. You can do this for full or incremental virus definition (DAT) files, supplemental virus definition (EXTRA.DAT) files, virus scanning engine, or SuperDAT (SDAT*.EXE) packages. You can redeploy a previous version over the current version of one or more of these updates. You can also deploy new versions of updates to selected client computers for testing purposes. For instructions, see Specifying the branch to retrieve updates on page 314, Rolling back updates to the previous version on page 315, and Deploying new updates to selected computers for testing on page 316. Product Guide 247 Policies, Properties, and Client Tasks SuperAgent wakeup calls You can prompt SuperAgents and all agents in the same subnet as each SuperAgent to contact the ePolicy Orchestrator server when needed instead of waiting for the next agent-to-server communication interval (ASCI). Server 1 — Subnet — SuperAgent 2 4 Agent Agent Agent Agent 3 Figure 6-10. SuperAgent wakeup call 1 Server sends a wakeup call to all SuperAgents. 2 SuperAgents send a broadcast wakeup call to all agents in the same subnet. 3 All agents (regular agents and SuperAgents) exchange date with the server. 4 Any agents without an operating SuperAgent on its subnet will not be prompted to communicate with the server. 248 ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks The SuperAgent, agent, and server still exchange the same information during a SuperAgent wakeup call as during an agent wakeup call, but how the wakeup call is sent differs. The server sends a wakeup call to all SuperAgents, then each SuperAgent sends an agent wakeup call to all agents in the same subnet as the SuperAgent. Any agents that do not have a SuperAgent in its subnet will not be contacted. For instructions, see Sending SuperAgent wakeup calls on page 297. You can use SuperAgent wakeup calls in the same situations as agent wakeup calls. Depending on your environment, you might find SuperAgent wakeup calls to be a more efficient way to prompt agents to communicate with the server. SuperAgent wakeup calls differ during a global update. For more information, see Global updating on page 319. You can enable or disable agent wakeup calls. This setting is enabled by default and effects both the agent and SuperAgent. For instructions, see Enabling or disabling agent wakeup calls on page 253. IP address information in the agent The ePolicy Orchestrator server uses the IP address, DNS name, or NetBIOS computer name, in this order, to determine the network location of client computers during agent wakeup calls. When the agent for Windows is unable to connect to the ePolicy Orchestrator server using the IP address, it uses the DNS name to determine the network location of the server. You can take more immediate control over complex environments. Static IP addresses are unneeded; for example, you can use DHCP — when properly configured — to resolve the ePolicy Orchestrator server name using the DNS name. Product Guide 249 Policies, Properties, and Client Tasks Setting agent policies Use this procedure to define the agent policy settings (for example, length of agent communication intervals) that you want to enforce on client computers. Changes take effect during the next agent-to-server communication. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select the Directory, <SITE>, <GROUP>, or <COMPUTER>. The Policies, Properties, and Tasks tabs appear in the upper details pane. 3 Click the Policies tab. Products that you can manage via ePolicy Orchestrator are listed on this tab. 4 Select ePolicy Orchestrator Agent | Configuration. The ePolicy Orchestrator Agent | Configuration policy page appears in the lower details pane. Figure 6-11. ePolicy Orchestrator Agent | Configuration policy page 5 Deselect Inherit. 6 Make changes to policy settings as needed. For instructions on making specific policy settings, see these procedures: w Showing or hiding the agent system tray icon on page 251. 250 ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks w Enabling or disabling agent wakeup calls on page 253. w Setting agent communication intervals on page 254. w Specifying whether to send full or minimal properties on page 255. w Enabling or disabling immediate event forwarding on page 256. w Enabling or disabling the logging of agent activity and remote access to log files on page 257. w Enforcing the agent policy on page 258. 7 Click Apply All to save the current entries. Showing or hiding the agent system tray icon Use this procedure to show or hide the agent system tray icon. It is hidden by default. Changes take effect during the next agent-to-server communication. When shown, the agent icon appears in the system tray on client computers and allows users perform selected agent tasks. For more information, see Agent system tray icon on page 301. 1 On the General tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. Figure 6-12. General tab in the ePolicy Orchestrator Agent | Configuration policy page Product Guide 251 Policies, Properties, and Client Tasks 2 To show the agent system tray icon, select Show Agent Tray Icon. To hide the agent system tray icon, deselect Show Agent Tray Icon. 3 Click Apply All to save the current entries. Enabling or disabling agent wakeup calls Use this procedure to enable or disable agent wakeup calls. This setting is enabled by default. Changes take effect during the next agent-to-server communication. When enabled, allows you to prompt agents on selected client computers to contact the server immediately, or randomly within up to one hour. For more information, see Agent wakeup calls on page 244. 1 On the General tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. Figure 6-13. General tab in the ePolicy Orchestrator Agent | Configuration policy page 2 To enable the agent wakeup calls, select Enable agent wakeup call support. To disable the agent wakeup calls, deselect Enable agent wakeup call support. 3 252 Click Apply All to save the current entries. ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks Setting agent communication intervals Use this procedure to define the policy enforcement and agent-to-server communication interval. Also, use to enable or disable agent-to-server communication. For more information, see Agent-to-server communication interval on page 245, Initial agent-to-server communication interval on page 246, and Policy enforcement interval on page 246. Changes take effect during the next agent-to-server communication. 1 On the General tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. Figure 6-14. General tab in the ePolicy Orchestrator Agent | Configuration policy page 2 In Policy Enforcement Interval, accept the default interval (5 minutes) or specify a different one. 3 To enable agent-to-server communication, select Enable Agent to server communication, then accept the default interval (60 minutes) or specify a different one. To disable agent-to-server communication, deselect Enable Agent to server communication. Product Guide 253 Policies, Properties, and Client Tasks 4 In Policy agent to trigger 10 minute communication interval, specify the time period since the last agent-to-server communication that prompts the agent to skip the initial ten-minute, randomized ASCI. 5 Click Apply All to save the current entries. Specifying whether to send full or minimal properties Use this procedure to specify whether you want the agent to send the full set of properties or minimal properties. Full properties are sent by default. For more information, see Full or minimal properties on page 259. Changes take effect during the next agent-to-server communication. 1 On the General tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. Figure 6-15. General tab in the ePolicy Orchestrator Agent | Configuration policy page 2 To send full properties, select Full properties. To send minimal properties, select Minimal properties. 3 254 Click Apply All to save the current entries. ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks Enabling or disabling immediate event forwarding Use this procedure to prompt the agent for Windows to send events to the ePolicy Orchestrator server more frequently than the agent-to-server communication interval (ASCI). Immediate event forwarding is enabled and major and critical severity events are sent by default. For more information, see Events on page 245. Changes take effect during the next agent-to-server communication. We recommend enabling immediate event forwarding if you plan on using global updating to distribute critical updates. Update events are assigned critical severity. For more information, see Global updating on page 319. 1 On the Events tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. Figure 6-16. Events tab in the ePolicy Orchestrator Agent | Configuration policy page 2 To enable immediate event forwarding, select Enable uploading of events. To disable immediate event forwarding, deselect Enable uploading of events. 3 Specify the lowest severity of events to send in Upload events of priority <SEVERITY> and above. 4 Specify the event forwarding interval (how often to send specified events) in Interval between immediate uploads. Product Guide 255 Policies, Properties, and Client Tasks 5 Specify the maximum number of events to send at a time in Maximum events per immediate upload. If the number of events exceeds this limit, the remaining events are sent during the next event forwarding interval. 6 Click Apply All to save the current entries. Enabling or disabling the logging of agent activity and remote access to log files Use this procedure to enable or disable the normal or detailed logging of agent activity and remote access to the agent activity log (AGENT_<COMPUTER>.XML) and detailed agent activity log (AGENT_<COMPUTER>.LOG) files. These settings are enabled by default. For more information, see Agent activity log files on page 243. Changes take effect during the next agent-to-server communication. We recommend enabling detailed logging only when you are trying to isolate communication issues. 1 On the Logging tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. Figure 6-17. Logging tab in the ePolicy Orchestrator Agent | Configuration policy page 2 To enable normal logging of agent activity, select Enable agent log. To disable normal logging of agent activity, deselect Enable agent log. 256 3 To limit the size of the agent activity log file, select Limit log file size, then specify the maximum number of messages. Click Reset to default to limit the file to 200 messages. On average, 200 messages will result in a file about 16KB in size. 4 To enable detailed logging of agent activity, select Enable detailed logging. ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks To disable detailed logging of agent activity, deselect Enable detailed logging. 5 To enable remote access to the agent activity log files, select Enable remote access to log. To disable remote access to the agent activity log files, deselect Enable remote access to log. 6 Click Apply All to save the current entries. Enforcing the agent policy Use this procedure to ensure that agent retrieves the current agent policy settings during the next agent-to-server communication. Agent policies are enforced by default. Changes take effect during the next agent-to-server communication. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select the Directory, <SITE>, <GROUP>, or <COMPUTER>. The Policies, Properties, and Tasks tabs appear in the upper details pane. 3 Click the Policies tab. 4 Select ePolicy Orchestrator Agent. The ePolicy Orchestrator Agent policy page appears in the lower details pane. Figure 6-18. ePolicy Orchestrator Agent policy page 5 Deselect Inherit. 6 Select Enforce Policies for ePolicy Orchestrator Agent. 7 Click Apply to save the current entries. Product Guide 257 Policies, Properties, and Client Tasks Properties Properties about supported products and the client computer itself are collected by the agent and contain the following information: n System Information — System or computer properties provide information about the computer hardware, software, and corresponding settings including the processor speed, operating system, time zone, and the most recent date and time that properties were updated. n <PRODUCT> — Specific product properties (for example, VirusScan Enterprise 7.0) include the various policy settings for each product. n <PRODUCT> | General — General product properties (for example, VirusScan Enterprise 7.0 | General) include the installation path, virus definition (DAT) file version number, and product version number. Depending on the timing and settings in the agent policy page, when and what type of property information is collected and sent to the server differs. Once properties are received, you can view them. n Complete and incremental properties. n Full or minimal properties. n Viewing properties. Complete and incremental properties The agent sends the complete set of properties during the initial agent-to-server communication or if the properties version on the agent and ePolicy Orchestrator server differ by more than two. After the initial communication, the agent sends only those properties that have changed since the last agent-to-server communication. Remember, what defines the complete set of properties varies depending on whether you specified that the agent collect full or minimal properties. For more information, see Full or minimal properties on page 259. Full or minimal properties You specify whether to collect the full set of properties or only minimal properties. Minimal properties include the general product properties and computer properties and exclude the specific product properties. For instructions, see Specifying whether to send full or minimal properties on page 255. Events and properties comprise the data that appears on reports and queries. 258 ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks Viewing properties Use this procedure to view the properties for selected computers in the Directory. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, select <COMPUTER>. The Policies, Properties, and Tasks tabs appear in the upper details pane. 3 Click the Properties tab. 4 To view computer properties, select System Information. To view specific product properties, select the desired <PRODUCT>. To view general product properties, select the desired <PRODUCT> | General. Product Guide 259 Policies, Properties, and Client Tasks Client tasks You can schedule tasks that run on selected client computers. Remember, unless you specify Greenwich Mean Time (GMT) in the task settings, client tasks run on computers using the local time on that computer. n Default client tasks. n Task inheritance. n Creating client tasks. n Scheduling client tasks. n Changing client tasks. n Deleting client tasks. Default client tasks The default set of client tasks are described below. These tasks are always available. Other tasks might also be available depending on the products that you are managing. For a list of tasks that apply to each product, see the Configuration Guide for that product. ePolicy Orchestrator agent tasks n Agent Wakeup — Sends an agent wakeup call to agents on the selected client computers. We recommend that you disable the agent-to-server communication interval (ASCI) if you choose to schedule agent-to-server communication via this task. You can specify whether to exchange complete properties instead of incremental properties. The agent and server exchange the same information during an agent wakeup call as during the ASCI. For more information, see Agent-to-server communication interval on page 245 and Complete and incremental properties on page 259. n Mirror — Copies the contents of the first repository in the repository list to the local directory you specify on the client computer. If you share this location, then define it as a local distributed repository in the repository list, other client computers can retrieve updates from it. For more information, see Pull and replication tasks on page 215. n Product Deployment — Installs or uninstalls the selected language version of products. You can also specify a static or variable installation path on client computers and command-line options for each product. For more information, see Product deployment on page 308. n 260 Update — Installs HotFix releases, service pack releases, SuperDAT (SDAT.EXE) files, virus definition (DAT) files, supplemental DAT (EXTRA.DAT) files, and the virus scanning engine. For more information, see Product update deployment on page 313. ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks Product-specific tasks n AutoUpdate — Updates the corresponding product with the latest virus definition (DAT) files. For more information, see How AutoUpdate and AutoUpgrade tasks work and when to use them on page 313 and the Configuration Guide for that product. n AutoUpgrade — Upgrades the corresponding product to the latest available version. You can also use this task to update the corresponding product with the latest virus scanning engine and DAT files. For more information, see How AutoUpdate and AutoUpgrade tasks work and when to use them on page 313 and the Configuration Guide for that product. n Mirror AutoUpdate Site — Creates a mirror of the update site. For more information, see the Configuration Guide for that product. n On-Demand Scan — Performs a virus scan on the client computer, including all subdirectories. For more information, see the Configuration Guide for that product. Task inheritance Task inheritance determines whether the client tasks you schedule for any one console tree item under the Directory are taken from the item directly above it. When you turn off inheritance for an item, tasks scheduled for the item above it are ignored and the new task is scheduled for all items below it (assuming that they are still using inheritance). Product Guide 261 Policies, Properties, and Client Tasks Creating client tasks Use this procedure to create new client tasks. For a list of these tasks, see Default client tasks on page 261. NOTE If client computers don't have the product needed to run a task, it is held as pending until the product is installed. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER>, then select Schedule Task. The Schedule Task dialog box appears. Figure 6-19. Schedule Task dialog box 262 3 In New Task Name, type a descriptive name for the task. 4 Select the Software and Task Type. 5 Click OK. The task appears on the Tasks tab in the details pane. 6 Schedule the task to run on client computers. For instructions, see Scheduling client tasks on page 264. ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks Scheduling client tasks Use this procedure to schedule tasks that you want performed on client computers. For option definitions, click Help in the interface. 1 Create the desired client task. For instructions, see Creating client tasks on page 263. 2 Click the Tasks tab in the details pane. 3 Right-click the desired Task Name, then select Edit Task. The ePolicy Orchestrator Scheduler dialog box appears. Figure 6-20. ePolicy Orchestrator Scheduler dialog box 4 Change the Name for the task as needed. 5 Deselect Inherit. 6 Select Enable; otherwise, the task won’t start regardless of settings in this dialog box. 7 To limit the amount of time for which the task can run before it is automatically cancelled, select Stop the task if it runs for, then specify the time limit. Product Guide 263 Policies, Properties, and Client Tasks 8 Click Settings to specify options for the task. For instructions on product-specific tasks, see the Configuration Guide for the product. For instructions on the default client tasks, see these topics: w Scheduling agent-to-server communication on page 298. w Defining mirror distributed repositories on page 165. w Deploying products on page 309. w Deploying product updates on page 317. 9 Click the Schedule tab, then deselect Inherit. Figure 6-21. Schedule tab in the ePolicy Orchestrator Scheduler dialog box 10 Select the frequency for the task in Schedule Task, then specify the corresponding frequency options that appear. For example, if you select Daily in Schedule Task, Daily options appear. 11 Select the Start Time and whether to use the GMT Time or Local Time. 12 To start this task randomly on all selected client computers, select Enable randomization, then specify the time within which you want to start the task. 13 To ensure that this task is started if the client computer was not available during the scheduled time, select Run missed task. To delay the task after the client computer becomes available, type the amount of delay in Delay missed task by. 264 ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks 14 Schedule the task to be recurring. For instructions, see Scheduling recurring client tasks on page 266. 15 Schedule the task to start in the future. For instructions, see Scheduling client tasks to start in the future on page 267. Scheduling recurring client tasks Use this procedure to schedule recurring client tasks. 1 Create or change the desired client task. For instructions, see Creating client tasks on page 263 or Changing client tasks on page 267, respectively. 2 On the Schedule tab in the ePolicy Orchestrator Scheduler dialog box, click Advanced. The Advanced Schedule Options dialog box appears. Figure 6-22. Advanced Schedule Options dialog box 3 In Start Date, specify a beginning date for the date range in which you want the task to run. 4 Select End Date, then specify a ending date for the date range in which you want the task to run. Otherwise, the task repeats indefinitely. 5 To specify the duration and frequency of a recurring task, select Repeat tasks, then make the following selections: 6 a In Every, specify the time interval that you want the task repeated. b In Until, specify the time limits for the recurring task. Click OK to return to the ePolicy Orchestrator Scheduler dialog box. Product Guide 265 Policies, Properties, and Client Tasks Scheduling client tasks to start in the future Use this procedure to schedule client tasks that you want to start in the future. For option definitions, click Help in the interface. 1 Create or change the desired client task. For instructions, see Creating client tasks on page 263 or Changing client tasks on page 267, respectively. 2 On the Schedule tab in the ePolicy Orchestrator Scheduler dialog box, click Advanced. The Advanced Schedule Options dialog box appears. Figure 6-23. Advanced Schedule Options dialog box 3 In Start Date, specify a beginning date for the date range in which you want the task to run. 4 Select End Date, then specify a ending date for the date range in which you want the task to run. Otherwise, the task repeats indefinitely. 5 Click OK to return to the ePolicy Orchestrator Scheduler dialog box. Changing client tasks Use this procedure to change existing client tasks. For option definitions, click Help in the interface. 266 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER>. The Policies, Properties, and Tasks tabs appear in the details pane. 3 Click the Tasks tab. ePolicy Orchestrator™ software version 3.0 Policies, Properties, and Client Tasks 4 Right-click the desired Task Name, then select Edit Task. The ePolicy Orchestrator Scheduler dialog box appears. Figure 6-24. ePolicy Orchestrator Scheduler dialog box 5 Change the settings of this task as needed. 6 Click OK. Deleting client tasks Use this procedure to delete tasks you no longer want to run on client computers. NOTE You can only delete tasks at the same level at which you created them. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER>. The Policies, Properties, and Tasks tabs appear in the details pane. 3 Click the Tasks tab. 4 Right-click the desired Task Name, then select Delete. Product Guide 267 Policies, Properties, and Client Tasks 268 ePolicy Orchestrator™ software version 3.0 7 Agent Deployment and Management Deploying and managing the ePolicy Orchestrator agent is a vital part of deploying and managing products via ePolicy Orchestrator. These topics describe when previous versions of the agent are automatically upgraded, how to prevent this, how to enable the agent on unmanaged products, the numerous methods available to deploy the agent, and ways to manage the agent once it has been installed on client computers. n Agent installation directory. n Agent language deployment. n Agent AutoUpgrade. n How is the agent installation package created? n Permissions associated with installing the agent. n Agent deployment. n Agent installation command-line options. n Agent management. Product Guide 269 Agent Deployment and Management Agent installation directory Once the agent has been installed, you cannot change its installation directory without first uninstalling it. Depending on how the agent was initially installed, the default installation directory differs. The agent can be installed as part of another product installation (for example, VirusScan Enterprise 7.0) or using any of the deployment methods available in ePolicy Orchestrator. These default locations are: n As part of another product installation: C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK n Using ePolicy Orchestrator deployment methods: <SYSTEM_DRIVE>\EPOAGENT Where <SYSTEM_DRIVE> represents the drive where the operating system is installed; for example, C:. If you are upgrading the agent from version 2.0, 2.5, or 2.5.1, the existing agent is uninstalled before the new agent is installed, so the installation directory specified for the new version of the agent is used. The agent that is installed on the ePolicy Orchestrator server during the installation is located in the COMMON FRAMEWORK folder in the software installation directory. 270 ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management Agent language deployment Both the default agent installation package (FRAMEPKG.EXE), which is created by the ePolicy Orchestrator server, and custom agent installation packages that you create install only the English language version of the agent. To use other language versions of the agent on client computers, you must check the desired agent language packages into the master repository. Each agent language package includes only those files needed to display the user interface for that language. Agent language packages can then be replicated to distributed repositories in the same manner as other product update packages. For more information, see Software Repositories on page 147. After the initial agent-to-server communication, the agent retrieves language packages from repositories based on the locale being used on client computers during the Update client task or a global update. For more information, see Product update deployment on page 313 and Global updating on page 319, respectively. If the in-use locale corresponds to an available language package, the agent retrieves the new package and applies it. In this way, the agent retrieves only language packages for the locales being used on each client computer. NOTE The agent software continues to appear in the current language until the new language package has been applied. Multiple language packages can be stored on client computers at the same time. This allows end users to switch between available languages by changing the locale. If a locale is selected for which a language package is not available locally, the agent software appears in English. Agent language packages are available for these languages: n Brazilian Portuguese n Chinese (Simplified) n Chinese (Traditional) n Dutch n English n French (Standard) n German (Standard) n Italian n Japanese n Korean n Polish Product Guide 271 Agent Deployment and Management 272 n Spanish (Traditional Sort) n Swedish ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management Agent AutoUpgrade If you upgrade the software from version 2.0, 2.5, or 2.5.1, agents are not automatically upgraded to version 3.1 unless you enable agent AutoUpgrade. If you want to migrate unmanaged products that already have a disabled agent installed with them, you can enable the agent without deploying it. If you upgrade the software from version 3.0 to a later version, agents are no longer automatically upgraded; you must initiate the upgrade. For instructions, see Agent deployment on page 277. n Enabling or disabling agent AutoUpgrade. n Enabling the agent on unmanaged products. n Upgrading the agent 3.0 or later to the most current version. Product Guide 273 Agent Deployment and Management Enabling or disabling agent AutoUpgrade Use this procedure to enable or disable the automatic upgrade of agents version 2.0, 2.5, or 2.5.1 to version 3.1 or later. The version 2.0, 2.5, and 2.5.1 agents will continue to send events and properties to the ePolicy Orchestrator server. Changes take effect during the next agent-to-server communication. 1 On the General tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. For instructions on where to find this page, see Setting agent policies on page 250. Figure 7-1. General tab in the ePolicy Orchestrator Agent | Configuration policy page 2 To enable agent AutoUpgrade, select Enable Agent Upgrade from 2.x Agent to 3.0 Agent. To disable agent AutoUpgrade, deselect Enable Agent Upgrade from 2.x Agent to 3.0 Agent. 3 274 Click Apply All to save the current entries. ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management Enabling the agent on unmanaged products Use this procedure to enable the agent on products that already have a disabled agent installed with them. NOTE Because VirusScan Enterprise 7.0 was released with the agent 3.0 disabled, the agent is not automatically upgraded to version 3.1 once it is enabled. We recommend deploying the agent 3.1 to these computers after you enable the agent. For instructions, see Agent deployment on page 277. 1 Export the repository list (SITELIST.XML) from the desired ePolicy Orchestrator server. For instructions, see Exporting the repository list to a file on page 200. 2 To enable the agent, run this command line on the client computer: FRMINST.EXE /INSTALL=AGENT /SITEINFO=C:\TEMP\SITELIST.XML Where FRMINST.EXE is located in agent installation directory. The default location is: C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK NOTE Once the agent has been installed, you cannot change the installation directory without first uninstalling it. And where /SITEINFO equals the location of the repository list (SITELIST.XML) you exported. Upgrading the agent 3.0 or later to the most current version To upgrade the agent 3.0 or later to the most current version (for example, to version 3.1), you must initiate the upgrade. Agent AutoUpgrade no longer automatically upgrades these versions of the agent. For instructions, see Agent deployment on page 277. Product Guide 275 Agent Deployment and Management How is the agent installation package created? The agent installation package (FRAMEPKG.EXE) is created by the ePolicy Orchestrator server. This is true for both the standard and custom packages. The standard package is checked into the master repository as part of the software installation. The standard package is updated whenever the repository list (SITELIST.XML) is changed. For more information, see Repository list on page 200. For this reason, we recommend making any needed changes to distributed update repositories before you create a custom package. Depending on how you deploy custom packages, you can use a command-line option to apply the most current repository list when installing the agent. For instructions, see /SITEINFO on page 291. Permissions associated with installing the agent Essentially, there is only one requirement to meet in order to install the agent. The user account used to install the agent must belong to the local administrators group on each computer. In additional, if the user account belongs to a remote domain, the domain to which the ePolicy Orchestrator server belongs must trust that remote domain. Because users might not have local administrator permissions, you can provide (or embed) the appropriate set of credentials as part of the agent installation package (FRAMEPKG.EXE) itself. In this case, the user account you provide is used to install the agent. This allows you to deploy (send and install) the agent installation package to and from a variety of domains. For example, you can deploy the agent across nontrusted resource domains by embedding a local administrator user account that applies to the computers in those domains. Even if you do not utilize full Windows trust relationships in your network environment, you can easily deploy the agent from the ePolicy Orchestrator console. For instructions, see Agent deployment on page 277. 276 ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management Agent deployment There are numerous methods you can use to install the agent on computers you want to manage via ePolicy Orchestrator. You can deploy (send and install) the agent installation package (FRAMEPKG.EXE) from the ePolicy Orchestrator console or using third-party deployment tools, or you can manually install the program. Once the agent 3.0 or later is installed on client computers, you can manage the deployment of new versions using the Product Deployment task and distributed update repositories. For instructions, see Deploying products on page 309. NOTE Once the agent has been installed, you cannot change the installation directory without first uninstalling it. Depending on whether the computers belong to a domain, which operating system computers are using, and your personal preference, use the procedures listed below to deploy the agent: n Creating a custom agent installation package. n Deploying the agent from the console. n Deploying the agent while creating the Directory. n Distributing the agent manually. n Distributing the agent using third-party deployment tools. n Installing the agent for use with computer images. n Scheduling the deployment of the agent. n Updating logon scripts to install the agent. Creating a custom agent installation package Use this procedure to embed user credentials in the agent installation package (FRAMEPKG.EXE). A custom agent installation package is useful when you cannot send the agent from the console for some reason. NOTE If you want to install a custom agent installation package on computers using Windows XP Home, you must enable network access on these computers before you deploy the agent. For instructions, see Enabling network access on Windows XP Home computers on page 283. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator, select <SERVER>. Product Guide 277 Agent Deployment and Management 3 In the details pane, click the General tab. 4 Click Agent Installation Package Creation Wizard. 5 Click Next. The User Credentials dialog box appears. Figure 7-2. Agent Installation Package Creation Wizard — User Credentials dialog box 278 ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management 6 Type the User Name (<DOMAIN>\<USER>) and Password, then Confirm Password of the logon information you want to embed in the agent installation package, then click Next. The Install Directory dialog box appears. Figure 7-3. Agent Installation Package Creation Wizard — Install Directory dialog box 7 Click Browse to open the Browse for Folder dialog box and select the path where you want to save the custom agent installation package. Product Guide 279 Agent Deployment and Management 8 Click Next to open the Create Package dialog box. Figure 7-4. Agent Installation Package Creation Wizard — Create Package dialog box 9 Click Next, then Finish. 10 Manually install the agent using any one of these procedures: w Creating a custom agent installation package on page 277. w Distributing the agent manually on page 284. w Distributing the agent using third-party deployment tools on page 284. w Installing the agent for use with computer images on page 285. w Updating logon scripts to install the agent on page 287. 280 ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management Deploying the agent from the console Use this procedure to deploy (send and install) the agent installation package (FRAMEPKG.EXE) from the ePolicy Orchestrator console to selected computers in the Directory. This method uses Windows NT push technology. You can also deploy the agent after finding the desired computers using predefined search queries. For instructions, see Finding computers in the Directory on page 139. NOTE If you want to deploy the agent from the console to computers using Windows 95, Windows 98, or Windows Me, you must set up remote administration on these computers before you deploy the agent. For instructions, see Setting up remote administration on Windows 95, Windows 98, or Windows Me computers on page 283. If you deploy the agent to these computers using any other method, you do not need to set up remote administration on them. The agent installation begins the next time users log on to these computers. If you want to deploy the agent from the console to computers using Windows XP Home, you must enable network access on these computers before you deploy the agent. For instructions, see Enabling network access on Windows XP Home computers on page 283. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. Product Guide 281 Agent Deployment and Management 2 In the console tree under ePolicy Orchestrator | <SERVER> | Directory, right-click <SITE>, <GROUP>, or <COMPUTER>, then select Send Agent Install. The Send Agent Install dialog box appears. Figure 7-5. Send Agent Install dialog box 3 To send the agent installation package to all selected computers regardless of whether the agent is already installed on them, deselect Only send agent to computers that currently have no agent. Otherwise, the package is sent only to computers without an agent installed on them. 4 Under Level, specify the computers to which you want to deploy the agent. 5 To hide the installation of the agent from the user, select Suppress agent installation GUI. 6 282 Accept the default Installation path (<SYSTEM_DRIVE>\EPOAGENT) or type a different path on the client computer where you want to install the agent. You can also click to insert variables into the Installation path. For a list, see Variables on page 528. ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management 7 To use the credentials you provided in the Server Service Account dialog box when you installed the software, select Use ePO server credentials. NOTE If you selected Use Local System Account in the Server Service Account dialog box when you installed the software, you cannot use the ePolicy Orchestrator server credentials to deploy the agent. To embed user credentials in the agent installation package, deselect Use ePO server credentials, then type the User account and Password. 8 Click OK to send the agent installation package to the selected computers. Setting up remote administration on Windows 95, Windows 98, or Windows Me computers If you want to deploy the agent from the ePolicy Orchestrator console to computers using Windows 95, Windows 98, or Windows Me, you need to complete the procedures listed below to set up remote administration on these computers. If you deploy the agent to these computers using any other method, you do not need to set up remote administration on them. Depending on the operating system that you are using, these procedures vary. For instructions, see the Microsoft product documentation. Depending on the current settings on each computer, you might need to restart it to complete each procedure. 1 Enable file sharing. 2 Control access by using a list of names (user-level access control) — Specify the same network domain provided in the agent installation package (FRAMEPKG.EXE). 3 Enable others to see resources on the computer (remote administration). Enabling network access on Windows XP Home computers If you want to deploy the agent from the ePolicy Orchestrator console or install a custom agent installation package to computers using Windows XP Home, use this procedure to enable network access on these computers. 1 Click the Start button, then point to Control Panel. 2 Click Performance and Maintenance. 3 Click Administrative Tools. 4 Select Local Security Policy. The Local Security Settings application window appears. 5 In the console tree under Security Settings | Local Policies, select Security Options. The available policies appear in the details pane. Product Guide 283 Agent Deployment and Management 6 Select Network access: Sharing and security model for local accounts to open the Network access dialog box. 7 Select Classic - local user authenticate as themselves, then click OK. Local users will be able to authenticate and access resources on the computer from the network. Deploying the agent while creating the Directory You can send the agent installation package to computers at the same time that you are adding sites, groups, and computers to the Directory. For instructions, see Sending the agent to all computers in a newly added site on page 103, Sending the agent to all computers in a newly added group on page 111, and Sending the agent to all newly added computers on page 117. Distributing the agent manually You can distribute the agent installation package (FRAMEPKG.EXE) manually using the methods listed below, then ask users to install it on their computers. n Network directory — Copy the agent installation package to a network directory (for example, \\<COMPUTER>\<FOLDER>) to which users have permissions. n Removable media — Copy the agent installation package to removable media (for example, 3.5-inch disk). n E-mail — Attach the agent installation package to an e-mail message. Be sure to distribute the agent installation package from the ePolicy Orchestrator server that you want to manage the corresponding computers. The default location of the standard agent installation package is: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3\DB\SOFTWARE\CURRENT\ EPOAGENT3000\INSTALL\0409 NOTE If you cannot use the server credentials to install the agent on the desired computers, you need to embed user credentials in the agent installation package. For instructions, see Creating a custom agent installation package on page 277. Distributing the agent using third-party deployment tools You can distribute the agent installation package (FRAMEPKG.EXE) using third-party deployment tools; for example, Microsoft Systems Management Server (SMS), IBM Tivoli, or Novell ZENworks. For instructions, see the product documentation included with these tools. 284 ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management Be sure to distribute the agent installation package from the ePolicy Orchestrator server that you want to manage the corresponding computers. The default location of the standard agent installation package is: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3\DB\SOFTWARE\CURRENT\ EPOAGENT3000\INSTALL\0409 NOTE If you cannot use the server credentials to install the agent on the desired computers, you need to embed user credentials in the agent installation package. For instructions, see Creating a custom agent installation package on page 277. Installing the agent for use with computer images You can install the ePolicy Orchestrator agent on computers used to create common images of software and hardware used to build computers. The first time the user logs on to a computer built using a common image that includes the agent, the computer is assigned a unique ID called a global unique identifier. Product Guide 285 Agent Deployment and Management Scheduling the deployment of the agent Use this procedure to deploy (send and install) the agent on selected client computers. You can schedule the deployment of all supported products currently checked into the master repository at once. For option definitions, click Help in the interface. 1 Create and schedule a Product Deployment client task. For instructions, see Creating client tasks on page 263 and Scheduling client tasks on page 264. 2 On the Task tab in the ePolicy Orchestrator Scheduler dialog box, click Settings. The Task Settings dialog box appears. Figure 7-6. Task Settings dialog box — Product Deployment tasks 286 3 Deselect Inherit. 4 Next to the desired product and product version, select Install in Action, then select the language version of the product that you want to deploy in Language. 5 Next to those products that you do not want to deploy, select Ignore in Action. 6 To specify command-line options used when installing the agent, click next to the Agent. For instructions, see Agent installation command-line options on page 289. 7 If you want this task to be enforced during the policy enforcement interval, select Run this task at every policy enforcement interval; otherwise, this task runs only once. 8 Click OK to return to the ePolicy Orchestrator Scheduler dialog box. ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management Updating logon scripts to install the agent Use this procedure to update logon scripts to upgrade the ePolicy Orchestrator agent from version 2.0, 2.5, or 2.5.1 to version 3.1, or to detect whether version 3.0 or later of the agent is installed and, if not, install it. You can also enable the agent on computers that already have a disabled agent installed on them. For instructions, see Enabling the agent on unmanaged products on page 275. 1 Copy the agent installation package (FRAMEPKG.EXE) to a network directory (for example, \\<COMPUTER>\<FOLDER>) to which users have permissions. The default location of the standard agent installation package is: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3\DB\SOFTWARE\CURRENT\ EPOAGENT3000\INSTALL\0409 NOTE If you cannot use the server credentials to install the agent on the desired computers, you need to embed user credentials in the agent installation package. For instructions, see Creating a custom agent installation package on page 277. 2 Create a batch file (for example, EPO.BAT) that contains the lines you want to execute on client computers. The contents of this batch file differs depending on what you need to do: w To upgrade the agent from version 2.0, 2.5, or 2.5.1 to version 3.1, include these lines in the batch file. In this example, the agent is installed only if a previous version of the agent is found. IF EXIST “<AGENT INSTALLATION PATH>\NAIMAS32.EXE” \\<COMPUTER>\<FOLDER>\UPDATE$\FRAMEPKG.EXE /FORCEINSTALL /INSTALL=AGENT Where <AGENT INSTALLATION PATH> is the location on the client computer where the agent is installed. The default location of the agent 2.5.1 or earlier is: <SYSTEM_DRIVE>/EPOAGENT Where <SYSTEM_DRIVE> is the drive where the operating system is installed. Product Guide 287 Agent Deployment and Management w To detect whether agent 3.1 is installed and, if not, install it, include these lines in the batch file: IF EXIST “<AGENT INSTALLATION PATH>\FRAMEWORKSERVICE.EXE” GOTO END_BATCH \\<COMPUTER>\<FOLDER>\UPDATE$\FRAMEPKG.EXE /FORCEINSTALL /INSTALL=AGENT :END_BATCH Where <AGENT INSTALLATION PATH> is the location on the client computer where the agent is installed, and can include variables. For a list, see Variables on page 528. The default location of the agent 3.0 or later is: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\COMMON FRAMEWORK And where \\<COMPUTER>\<FOLDER> is the network directory where the agent installation package you want to install is located. 3 Place EPO.BAT on \\<PDC>\NETLOGON$, where <PDC> is the name of the primary domain controller. 4 Add this line to the logon script: CALL \\<PDC>\NETLOGON$\EPO.BAT 288 ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management Agent installation command-line options Depending on whether the agent is already installed, you can use these command-line options when you run the agent installation package (FRAMEPKG.EXE) or the agent framework installation (FRMINST.EXE) program. NOTE These options are not case-sensitive; their values are. n /DATADIR n /DOMAIN n /INSTALL n /INSTDIR n /PASSWORD n /REMOVE n /SILENT or S n /SITEINFO n /USELANGUAGE n /USERNAME /DATADIR Use the /DATADIR command-line option to specify a location other than the default to store the agent data files. FRAMEPKG /INSTALL=AGENT /DATADIR=<AGENT DATA PATH> n Where <AGENT DATA PATH> is the location on client computers used to store the agent data files. The default location is: <DOCUMENTS AND SETTINGS>\ ALL USERS\APPLICATION DATA\NETWORK ASSOCIATES\FRAMEWORK DATA Where <DOCUMENTS AND SETTINGS> is the location of the DOCUMENTS AND SETTINGS folder, which varies depending on the operating system. n If the operating system does not use a DOCUMENTS AND SETTINGS folder, the default location is: <AGENT INSTALLATION PATH>\DATA Product Guide 289 Agent Deployment and Management /DOMAIN Use the /DOMAIN command-line option to specify the domain name associated with the user account you want to use to install the agent. You must also provide a user name and password. FRAMEPKG /INSTALL=AGENT /DOMAIN=<DOMAIN> /USERNAME=<USER> /PASSWORD=<PASSWORD> n Where <DOMAIN> is the domain name, <USER> is the user name, and <PASSWORD> is the password of a user account that belongs to the local administrators group on the client computers. If the computer is a member of a workgroup, <DOMAIN> is the computer name. /INSTALL Use the /INSTALL command-line option to install or enable the agent or only AutoUpdate 7.0. You can only install one component at a time. When you install the agent, earlier versions of the agent are uninstalled before the new agent is installed. Data from existing agents is not migrated. FRAMEPKG /INSTALL=AGENT | UPDATER n Where AGENT is the agent 3.1. n And where UPDATER is AutoUpdate 7.0. /INSTDIR Use the /INSTDIR command-line option to specify where on client computers you want to install the program files for the agent. NOTE Once the agent has been installed, you cannot change the installation directory without first uninstalling it. FRAMEPKG /INSTALL=AGENT /INSTALLDIR=<AGENT INSTALLATION PATH> n Where <AGENT INSTALLATION PATH> is the location you want to install the agent program files on client computers. You can use variables to define this location. For a list, see Variables on page 528. The default location of the agent is: C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK 290 ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management /PASSWORD Use the /PASSWORD command-line option to specify the password associated with the user account you want to use to install the agent. You must also provide a domain name and user name. FRAMEPKG /INSTALL=AGENT /DOMAIN=<DOMAIN> /USERNAME=<USER> /PASSWORD=<PASSWORD> n Where <DOMAIN> is the domain name, <USER> is the user name, and <PASSWORD> is the password of a user account that belongs to the local administrators group on the client computers. /REMOVE Use the /REMOVE command-line option to uninstall the agent. FRMINST /REMOVE=AGENT /SILENT or S Use the /SILENT or /S command-line options to hide the installation of the agent from the user. FRAMEPKG /INSTALL=AGENT /SILENT | /S /SITEINFO Use the /SITEINFO command-line option to apply the specified repository list (SITELIST.XML) file to the agent. For instructions, see Exporting the repository list to a file on page 200. FRAMEPKG /INSTALL=AGENT /SITEINFO=<REPOSITORY LIST PATH> n Where <REPOSITORY LIST PATH> is the location of the desired repository list. /USELANGUAGE Use the /USELANGUAGE command-line option to specify the language version of the agent that you want to install. If you select a locale other than English (United States), French (Standard), German (Standard), Japanese, or Spanish (Traditional Sort), the software appears in English. Product Guide 291 Agent Deployment and Management If you install multiple language versions of the component, the locale you select in Regional Settings determines the language version in which the component appears. FRAMEPKG /INSTALL=AGENT /USELANGUAGE <LOCALE ID> n Where <LOCALE ID> is the locale ID that represents the desired language. For more information, see Locale IDs on page 526. /USERNAME Use the /USERNAME command-line option to specify the user name associated with the user account you want to use to install the agent. You must also provide a domain name and password. FRAMEPKG /INSTALL=AGENT /DOMAIN=<DOMAIN> /USERNAME=<USER> /PASSWORD=<PASSWORD> n 292 Where <DOMAIN> is the domain name, <USER> is the user name, and <PASSWORD> is the password of a user account that belongs to the local administrators group on the client computers. ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management Agent management Once the agent has been successfully installed on client computers, you can use a variety of tasks to manage the agent. n Switching servers that manage client computers. n Finding inactive agents. n Sending agent wakeup calls. n Sending SuperAgent wakeup calls. n Scheduling agent-to-server communication. n Viewing or saving the agent activity log file locally. n Viewing the agent activity log files remotely. n Agent system tray icon. n Command Agent command-line options. n Uninstalling the agent. Switching servers that manage client computers If you want to switch ePolicy Orchestrator servers that manage client computers, deploy the repository list (SITELIST.XML) from the new server you want to start managing to those computers. For instructions, see /SITEINFO on page 291. You can also switch servers that manage client computers by deploying the agent from the new server. For instructions, see Agent deployment on page 277. Product Guide 293 Agent Deployment and Management Finding inactive agents There are a number of methods you can use to determine whether agents are communicating with the ePolicy Orchestrator server in a timely manner: n Agent to Server Connection Info report — You can specify the time period that defines an inactive agent, then view report data on the corresponding computers. For more information and instructions, see Agent to Server Connection Info report template on page 425 and Running reports on page 347, respectively. n Inactive Agent Maintenance server task — You can schedule a server task that moves computers with inactive agents to a specified group or deletes them from the Directory. You specify the time period that defines an inactive agent. This task does not uninstall the agent. For instructions, see Scheduling Inactive Agent Maintenance server tasks on page 295. n Find computers with inactive agents — Finds computers with agents that have not communicated with the server within the time period you specify. You can then perform selected commands on these computers. For instructions, see Finding computers in the Directory on page 139. 294 ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management Scheduling Inactive Agent Maintenance server tasks Use this procedure to specify the time period that defines inactive agents and the action that you want performed on computers with inactive agents. An inactive agent is an agent that has not communicated with the ePolicy Orchestrator server within the time period you specify. This task does not uninstall the agent. If you need to delete computers with inactive agents on a routine basis, we recommend that you first move these computers instead and adjust the time period until the specified group contains the desired computers. Once you determine the optimal time period, you can start deleting these computers. For option definitions, click Help in the interface. 1 Create an Inactive Agent Maintenance server task. For instructions, see Creating server tasks on page 69. The Inactive Agent Maintenance Task page appears. Figure 7-7. Inactive Agent Maintenance Task page 2 In Period of inactivity, type the number of days that defines an inactive agent. 3 To move computers with inactive agents to another group, select Move under Action to perform. In Move inactive agents to this group, type the name of the group. If this group doesn’t already exist, it is added to the Directory under the corresponding site, regardless of whether inactive agents are found. 4 To delete computers with inactive agents from the Directory, select Delete under Action to perform. 5 Click Finish when done. The task appears in the Scheduled Tasks tab. Product Guide 295 Agent Deployment and Management Sending agent wakeup calls Use this procedure to prompt agents on selected client computers to contact the ePolicy Orchestrator server immediately, or randomly within up to one hour. For more information, see Agent wakeup calls on page 244. NOTE You can enable or disable agent wakeup calls. This setting is enabled by default. For instructions, see Enabling or disabling agent wakeup calls on page 253. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | Directory, right-click <SITE>, <GROUP>, or <COMPUTER>, then select Agent Wakeup Call. The Agent Wakeup Call dialog box appears. Figure 7-8. Agent Wakeup Call dialog box 296 3 Select the Level at which you want to send the agent wakeup call. 4 Under Type, select Send Agent wakeup call. 5 Accept the default (1 minute) or type a different Agent randomization interval (0 - 60 minutes). If you type 0, agents on all selected computers respond immediately. ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management 6 Typically, the agent only sends properties that have changed since the last agent-to-server communication. To send the complete properties, select Get full product properties. 7 Click OK to send the agent wakeup call. Sending SuperAgent wakeup calls Use this procedure to prompt SuperAgents on selected client computers and all agents in the same subnet as the SuperAgent to contact the ePolicy Orchestrator server immediately, or randomly within up to one hour. For more information, see SuperAgent wakeup calls on page 248. NOTE You can enable or disable agent wakeup calls. This setting is enabled by default. For instructions, see Enabling or disabling agent wakeup calls on page 253. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | Directory, right-click <SITE>, <GROUP>, or <COMPUTER>, then select Agent Wakeup Call. The Agent Wakeup Call dialog box appears. Figure 7-9. Agent Wakeup Call dialog box 3 Select the Level at which you want to send the agent wakeup call. Product Guide 297 Agent Deployment and Management 4 Under Type, select Send SuperAgent wakeup call. 5 Accept the default (1 minute) or type a different Agent randomization interval (0 - 60 minutes). If you type 0, agents on all selected computers respond immediately. 6 Typically, the agent only sends properties that have changed since the last agent-to-server communication. To send the complete properties, select Get full product properties. 7 Click OK to send the SuperAgent wakeup call. Scheduling agent-to-server communication Use this procedure to schedule agent-to-server communication instead of using the agent-to-server communication interval (ASCI). To disable the ASCI, see Setting agent communication intervals on page 254. 1 Create and schedule an Agent Wakeup client task. For instructions, see Creating client tasks on page 263 and Scheduling client tasks on page 264. 2 On the Task tab in the ePolicy Orchestrator Scheduler dialog box, click Settings. The Task Settings dialog box appears. Figure 7-10. Task Settings dialog box — Agent Wakeup tasks 298 3 Deselect Inherit. 4 Typically, the agent only sends properties that have changed since the last agent-to-server communication. To send the complete properties, select Collect full properties. 5 Click OK to save the current entries. ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management Viewing or saving the agent activity log file locally Use this procedure to view or save the agent activity log (AGENT_<COMPUTER>.XML) file using the agent system tray icon on client computers. For more information, see Agent activity log files on page 243. NOTE You can show or hide the agent system tray icon. It is hidden by default. You can enable or disable the logging of agent activity. This setting is enabled by default. For instructions, see Showing or hiding the agent system tray icon on page 251 and Enabling or disabling the logging of agent activity and remote access to log files on page 257. 1 2 At the desired client computer, right-click the agent system tray icon, then select Status Monitor. The current agent activity log file appears in the ePolicy Orchestrator Agent Monitor dialog box. Figure 7-11. ePolicy Orchestrator Agent Monitor dialog box 3 To save the agent activity log file, click Save Contents, then specify the desired location and file name. Product Guide 299 Agent Deployment and Management Viewing the agent activity log files remotely Use this procedure to view the agent activity log (AGENT_<COMPUTER>.XML) or detailed agent activity log (AGENT_<COMPUTER>.LOG or AGENT_<COMPUTER>_BACKUP.LOG) files remotely. For more information, see Agent activity log files on page 243. NOTE You can enable or disable logging of agent activity and remote access to the agent activity log files. These settings are enabled by default. For instructions, see Enabling or disabling the logging of agent activity and remote access to log files on page 257. 1 To view the agent activity log file, go to this address in a web browser: http://<COMPUTER>:<AGENT WAKEUP PORT>/AGENT_<COMPUTER>.XML Where <COMPUTER> is the name of the client computer and <AGENT WAKEUP PORT> is the number of the agent wakeup call port. Figure 7-12. Agent activity log file 2 3 To view the detailed agent activity log file, click View debugging log. To view the backup copy of the detailed agent activity log file, click View backup debugging log. 300 ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management Agent system tray icon You can use the agent system tray icon to perform selected agent tasks locally on client computers. You can perform some of these same tasks remotely. For instructions, see Command Agent command-line options on page 304. NOTE You can show or hide the agent system tray icon. It is hidden by default. For instructions, see Showing or hiding the agent system tray icon on page 251. You can access the following dialog boxes and commands from the agent system tray icon. n ePolicy Orchestrator Agent Monitor dialog box. n ePolicy Orchestrator Agent Options dialog box. n Update Now command. n ePolicy Orchestrator Agent dialog box. ePolicy Orchestrator Agent Monitor dialog box Use the ePolicy Orchestrator Agent Monitor dialog box to prompt the agent to send properties or events to the ePolicy Orchestrator server, enforce policies and tasks locally, check the ePolicy Orchestrator server for new or updated policies and tasks, then enforce them immediately upon receipt. Also, use to view selected agent settings, and view or save the agent log file. You might find this dialog box useful to monitor the activity of an individual agent. Where to find n At the desired client computer, right-click the agent system tray icon, then select Status Monitor. The ePolicy Orchestrator Agent Monitor dialog box appears. NOTE You can show or hide the agent system tray icon. It is hidden by default. For instructions, see Showing or hiding the agent system tray icon on page 251. Definitions of pertinent options in this dialog box are listed below in alphabetic order by item name. Agent Settings Opens the ePolicy Orchestrator Agent Options dialog box. Agent Status Displays the current status (started or stopped) of the McAfee Framework Service. This is the name of the agent service. Product Guide 301 Agent Deployment and Management Check New Policies Prompts the agent to contact the ePolicy Orchestrator server for new or updated policies, then enforce them immediately upon receipt. Collect and Send Props Prompts the agent to send properties to the ePolicy Orchestrator server. Enforce Policies Prompts the agent to enforce policies locally. log file w Component — Displays the name of the internal agent component performing the action. w Date and Time — Displays the date and time that the action occurred. w Type — Displays the log entry type (Normal or Detail). w Status — Displays a description of the action that occurred. Product IDs are listed here in place of names. For a list, see Product IDs on page 527. Save Contents Saves the contents of the agent log to a file you specify. Send Events Prompts the agent to send events to the ePolicy Orchestrator server. ePolicy Orchestrator Agent Options dialog box Use the ePolicy Orchestrator Agent Options dialog box to view selected agent settings including identification information and intervals. Where to find n At the desired client computer, right-click the agent system tray icon, then select Setting. The ePolicy Orchestrator Agent Options dialog box appears. NOTE You can show or hide the agent system tray icon. It is hidden by default. For instructions, see Showing or hiding the agent system tray icon on page 251. Definitions of pertinent options in this dialog box are listed below in alphabetic order by item name. 302 Agent enforces policies locally every Displays the policy enforcement interval. Agent ID Displays the unique ID (called a global unique identifier) assigned to this client computer. ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management Agent to Server communication interval every Displays the agent-to-server communication interval (ASCI). Computer Name Displays the name of this computer. User Name Displays the user name associated with currently logged on user account. Update Now command Use the Update Now command to prompt the agent to retrieve product updates from the nearest distributed repository. Product updates include HotFix releases, legacy product plug-in (.DLL) files, service pack releases, SuperDAT (SDAT*.EXE) packages, supplemental virus definition (EXTRA.DAT) files, and virus definition (DAT) files. Where to find n At the desired client computer, right-click the agent system tray icon, then select Update Now. The McAfee AutoUpdate 7.0 dialog box displays the status of the update task. NOTE You can show or hide the agent system tray icon. It is hidden by default. For instructions, see Showing or hiding the agent system tray icon on page 251. ePolicy Orchestrator Agent dialog box Use the ePolicy Orchestrator Agent dialog box to view the version number of the agent, the date and time of the most recent update, and the version number and language version of all managed products installed on the client computer. Where to find n At the desired client computer, right-click the agent system tray icon, then select About. The ePolicy Orchestrator Agent dialog box appears. NOTE You can show or hide the agent system tray icon. It is hidden by default. For instructions, see Showing or hiding the agent system tray icon on page 251. Product Guide 303 Agent Deployment and Management Command Agent command-line options You can use the Command Agent (CMDAGENT.EXE) program to perform selected agent tasks remotely. You can perform these same tasks locally on client computers using this program or the agent system tray icon. For instructions, see Agent system tray icon on page 301. The command agent program is in the location as the agent program files are installed on client computers. You can use variables to define this location. For a list, see Variables on page 528. The default location is: C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK n /C (check new policies) n /E (enforce policies) n /P (collect and send properties and events) /C (check new policies) Use the /C command-line option to prompt the agent to contact the ePolicy Orchestrator server for new or updated policies, then enforce them immediately upon receipt. CMDAGENT.EXE /C /E (enforce policies) Use the /E command-line option to prompt the agent to enforce policies locally. CMDAGENT.EXE /E /P (collect and send properties and events) Use the /P command-line option to prompt the agent to send properties and events to the ePolicy Orchestrator server. CMDAGENT.EXE /P 304 ePolicy Orchestrator™ software version 3.0 Agent Deployment and Management Uninstalling the agent You can remove the agent from client computers using several methods: n Command-line options — You can use the agent framework installation (FRMINST.EXE) program to remove the agent. For instructions, see /REMOVE on page 291. n Deployment task — You can use the Deployment task to schedule the removal of the agent. For instructions, see Uninstalling products on page 311. n Directory Search — You can remove the agent from desired computers after finding them using predefined search queries. For instructions, see Finding computers in the Directory on page 139. n From the Directory — You can uninstall the agent from computers at the same time that you remove the computer from the Directory. For instructions, see Uninstalling the agent when you remove computers on page 305. Uninstalling the agent when you remove computers Use this procedure to remove the agent from computers in the Directory. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER> | Directory, right-click the desired <SITE>, <GROUP>, or <COMPUTER>, then select Delete. 3 Click Uninstall agent from all connected computers. 4 Click Yes. Product Guide 305 Agent Deployment and Management 306 ePolicy Orchestrator™ software version 3.0 8 Product Deployment and Updating Once you have deployed the agent, set up the Repository and checked in the products and product updates that you want to deploy into the Repository, you are ready for product deployment. You can deploy products and product updates using the default policies (configuration settings) or change these settings beforehand. For instructions, see Setting policies on page 232. You schedule when products are deployed and uninstalled from client computers. In addition, you can deploy critical product updates as soon you check in the corresponding packages into the master repository, then report on the status of the global update immediately. n Product deployment. n Product update deployment. n Global updating. Product Guide 307 Product Deployment and Updating Product deployment All supported products can be deployed from the ePolicy Orchestrator console to client computers by scheduling a Product Deployment client task. You can schedule the deployment of all products currently checked into the master repository at once. The Product Deployment task enables you to schedule product installation and removal during off-peak hours or during the policy enforcement interval. We recommend using a single Product Deployment task to install and uninstall products to avoid potential product version conflicts. For a list of supported products, see Supported Products and Features on page 529. Product Deployment tasks allow you to specify which products you want to install or uninstall from selected client computers. You can also specify a static or variable installation path on client computers and command-line options for each product. To effectively schedule tasks, you need to understand how task inheritance works. For more information, see Task inheritance on page 262. n Enforcement of product deployment. n Deploying products. n Viewing product activity log files remotely. n Uninstalling products. Enforcement of product deployment The frequency you specify in the Product Deployment task defines when product installation and uninstallation is enforced on client computers. For example, if an end user uninstalls a product that you’ve scheduled for deployment, the product is installed again the next time the Product Deployment task runs. When the Product Deployment task runs, the agent first determines whether the selected products are already installed on client computers and installation requirements have been met before it retrieves the product Setup (binary) files from the nearest repository. If you are deploying a different language version of the same version of the product, the selected version of a product is replaced even though it has already been installed on client computers. If you schedule the deployment of multiple versions of a product to the same client computers, the later version is installed unless the operating system version is not supported; in which case, the most current version supported on that operating system is installed. For example, if you schedule the deployment of VirusScan 4.5.1 and VirusScan Enterprise 7.0 to the same client computers, VirusScan Enterprise 7.0 is installed on all computers except those using Windows 95 or Windows 98 on which VirusScan 4.5.1 is installed instead. 308 ePolicy Orchestrator™ software version 3.0 Product Deployment and Updating Deploying products Use this procedure to send and install product Setup (binary) files on selected client computers. You can schedule the deployment of all supported products currently checked into the master repository at once. We recommend using a single Product Deployment task to install and uninstall products to avoid potential product version conflicts. For option definitions, click Help in the interface. 1 Check the desired product into the master repository. For instructions, see Checking in packages on page 206. 2 Create a Product Deployment client task. For instructions, see Creating client tasks on page 263. 3 On the Task tab in the ePolicy Orchestrator Scheduler dialog box, click Settings. The Task Settings dialog box appears. Figure 8-1. Task Settings dialog box — Product Deployment tasks 4 Deselect Inherit. 5 Next to the desired product and product version, select Install in Action, then select the language version of the product that you want to deploy in Language. 6 Next to those products that you do not want to deploy, select Ignore in Action. 7 To specify command-line options for the Product Deployment task, click next to the desired product. For instructions, see the Configuration Guide for that product. Product Guide 309 Product Deployment and Updating 8 If you want this task to be enforced during the policy enforcement interval, select Run this task at every policy enforcement interval; otherwise, this task runs only once. 9 Click OK to return to the ePolicy Orchestrator Scheduler dialog box. Viewing product activity log files remotely Use this procedure to view the activity log files created by products remotely. NOTE You can enable or disable remote access to log files. For instructions, see Enabling or disabling the logging of agent activity and remote access to log files on page 257. 1 In the product policy, specify to save the product log file in the same location as the agent activity log files. For instructions, see Setting policies on page 232 and the Configuration Guide for that product. The default location is: <DOCUMENTS AND SETTINGS>\ALL USERS\APPLICATION DATA\NETWORK ASSOCIATES\COMMON FRAMEWORK\DB Where <DOCUMENTS AND SETTINGS> is the location of the DOCUMENTS AND SETTINGS folder. If the operating system does not use a DOCUMENTS AND SETTINGS folder, the default location is: C:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\DB 2 To view product log files, go to this address in a web browser: http://<COMPUTER>:<AGENT WAKEUP PORT>/<LOG FILE> Where <COMPUTER> is the name of the client computer, <AGENT WAKEUP is the number of the agent wakeup call port, and <LOG FILE> is the name of the product log file. PORT> 310 ePolicy Orchestrator™ software version 3.0 Product Deployment and Updating Uninstalling products Use this procedure to uninstall specified products on selected client computers. You can schedule the removal of multiple products at once. We recommend using a single Product Deployment task to install and uninstall products to avoid potential product version conflicts. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator | <SERVER>, right-click Directory, <SITE>, <GROUP>, or <COMPUTER>. The Properties, Policies, and Tasks tabs appear in the details pane. 3 Click the Tasks tab. 4 Select the existing Product Deployment client task, then right-click Edit Task. The ePolicy Orchestrator Scheduler dialog box appears. Figure 8-2. ePolicy Orchestrator Scheduler dialog box Product Guide 311 Product Deployment and Updating 5 On the Task tab, click Settings. The Task Settings dialog box appears. Figure 8-3. Task Settings dialog box -- Product Deployment tasks 6 Deselect Inherit. 7 Next to the desired product and product version, select Remove in Action, then select the language version of the product that you want to remove in Language. 8 Next to those products that you do not want to remove, select Ignore in Action. 9 If you want this task to be enforced during the policy enforcement interval, select Run this task at every policy enforcement interval; otherwise, this task runs only once. 10 Click OK to return to the ePolicy Orchestrator Scheduler dialog box. 11 Make changes as needed. 12 Click OK to save the current entries. 312 ePolicy Orchestrator™ software version 3.0 Product Deployment and Updating Product update deployment Updates to products can be deployed from the ePolicy Orchestrator console to client computers by scheduling Update, AutoUpdate, or AutoUpgrade client tasks. For more information, see Default client tasks on page 261. Depending on the product and product version you are updating, the types of updates that you can deploy from the console and the client task you use to deploy them differs. To effectively schedule tasks, you need to understand how task inheritance works. For more information, see Task inheritance on page 262. n How the Update task works and when to use it. n How AutoUpdate and AutoUpgrade tasks work and when to use them. n Specifying the branch to retrieve updates. n Rolling back updates to the previous version. n Deploying new updates to selected computers for testing. n Deploying product updates. n Deploying product updates using AutoUpdate and AutoUpgrade tasks. How the Update task works and when to use it The Update client task applies to VirusScan 4.5.1 and products that use AutoUpdate 7.0 (for example, VirusScan Enterprise 7.0). You can schedule the deployment of all product updates currently checked into the master repository at once. We recommend using a single Update task to install product updates to avoid potential product version conflicts. For a list of products that use legacy updating, see Supported Products and Features on page 529. When the Update task runs, the agent first determines whether product updates in the master repository are already installed on client computers and the installation requirements have been met. Next, the agent retrieves only the files it needs to install the update from the nearest repository. How AutoUpdate and AutoUpgrade tasks work and when to use them The AutoUpdate and AutoUpgrade client tasks apply to existing (or legacy) products that use their own internal mechanism instead of AutoUpdate 7.0 to install updates. VirusScan 4.5.1 is the only exception to this rule and uses the Update client task to install updates. For a list of products that use legacy updating, see Supported Products and Features on page 529. Product Guide 313 Product Deployment and Updating When AutoUpdate or AutoUpgrade tasks run, the agent retrieves the update from the location specified in the task settings, then the product installs the update. If the update location you specify is a distributed software repository being managed by ePolicy Orchestrator, you need to enable legacy product support when you check the corresponding package into the master repository. For more information, see Legacy product support on page 203. Specifying the branch to retrieve updates Use this procedure to specify the branch (evaluation, current, or previous) from which client computers retrieve packages. For a list of supported package types, see Package versioning and branches on page 205. If you need to move packages to different branches, see Manually moving packages between branches on page 211. 1 On the Updates tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. For instructions on where to find this page, see Setting agent policies on page 250. Figure 8-4. Updates tab (ePolicy Orchestrator Agent | Configuration policy page) 314 2 Under Selective updating, select Evaluation, Current, or Previous for each update listed. 3 Click Apply All to save the current entries. ePolicy Orchestrator™ software version 3.0 Product Deployment and Updating Rolling back updates to the previous version Use this procedure to redeploy a previous version of an update over the current version of one or more of these updates. For a list of supported package types, see Package versioning and branches on page 205. This procedure assumes that a current and previous version of the package type are checked into the master repository, the current version has been deployed to client computers, and you want to replace the current version with the previous version. If you need to move packages to different branches, see Manually moving packages between branches on page 211. 1 On the Updates tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. For instructions on where to find this page, see Setting agent policies on page 250. Figure 8-5. Updates tab (ePolicy Orchestrator Agent | Configuration policy page) 2 Under Selective updating, select Previous for each update (DAT, Engine, etc.) that you want to replace. 3 Click Apply All to save the current entries. Product Guide 315 Product Deployment and Updating Deploying new updates to selected computers for testing Use this procedure to deploy new versions of updates to selected computers for testing purposes. For a list of supported package types, see Package versioning and branches on page 205. This procedure assumes that you want to deploy a new update to a selected group of computers, and the new version of the package has been checked into the Evaluation branch in the master repository. If you need to move packages to different branches, see Manually moving packages between branches on page 211. 1 On the Updates tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. For instructions on where to find this page, see Setting agent policies on page 250. Figure 8-6. Updates tab (ePolicy Orchestrator Agent | Configuration policy page) 316 2 Under Selective updating, select Evaluation for each update (DAT, Engine, etc.) that you want to test. 3 Click Apply All to save the current entries. ePolicy Orchestrator™ software version 3.0 Product Deployment and Updating Deploying product updates Use this procedure to schedule the installation of product updates on selected client computers. You can also specify whether users — especially mobile users — can postpone updates to a more convenient time. You can schedule the deployment of all supported product updates currently checked into the master repository at once. We recommend using a single Update task to install all supported product updates to avoid potential product version conflicts. For option definitions, click Help in the interface. 1 Check the desired product update into the master repository. For instructions, see Checking in packages on page 206. 2 Create an Update client task. For instructions, see Creating client tasks on page 263. 3 On the Task tab in the ePolicy Orchestrator Scheduler dialog box, click Settings. The Task Settings dialog box appears. Figure 8-7. Task Settings dialog box — Update tasks 4 Deselect Inherit. 5 To display the progress of the update to users, select Show update process dialog. To install the update without notifying users, deselect Show update process dialog. 6 To provide users the option to postpone the update, select Allow users to postpone this update. Users will be able to specify how long to postpone the update. 7 In Maximum number of postpones allowed, type the maximum number of times users can postpone the update before it is installed automatically. 8 In Postpone timeout interval, type how long (in seconds) users have to postpone the update before the update is installed automatically. 9 Click OK to return to the ePolicy Orchestrator Scheduler dialog box Product Guide 317 Product Deployment and Updating Deploying product updates using AutoUpdate and AutoUpgrade tasks With the exception of new products that use AutoUpdate 7.0 (for example, VirusScan Enterprise 7.0) and VirusScan 4.5.1, you need to use AutoUpdate and AutoUpgrade client tasks to deploy virus definition (DAT) files and the virus scanning engine to products. For instructions, see Creating client tasks on page 263 and the Configuration Guide for that product. For a list of supported product updates, see Supported Products and Features on page 529. 318 ePolicy Orchestrator™ software version 3.0 Product Deployment and Updating Global updating When global updating is enabled, you can deploy product updates as soon you check in the corresponding packages to the master repository. You can then report on the status of the global update immediately. For more information, see Figure 8-8, Figure 8-9, and Figure 8-10. For instructions, see these procedures: n Setting up global updating. n Initiating and reporting on a global update. 1 Server 2 Master Repository 3 Global Distributed Repository SuperAgent 4 Local Distributed Repository Distributed Repository Global Distributed Repository Figure 8-8. Global updating (1 of 3) — Package check-in and replication 1 Enable global updating and immediate event forwarding. 2 Check in product update packages. You can do this manually or by scheduling a pull task from a source repository. 3 Package is immediately replicated to all SuperAgent and global distributed repositories. This is an incremental replication. 4 Remember, you must manually copy new packages to local distributed repositories. Product Guide 319 Product Deployment and Updating 3 Server Master Repository Agent 1 — Subnet — — Subnet — 3 SuperAgent SuperAgent Distributed Repository 3 2 2 3 Agent Agent Agent 3 Agent 4 Distributed Repository Distributed Repository Agent Agent 3 Distributed Repository Figure 8-9. Global updating (2 of 3) — Update notification and retrieval 320 ePolicy Orchestrator™ software version 3.0 5 Agent Product Deployment and Updating 1 Server sends a wakeup call along with the package version number to all SuperAgents. 2 SuperAgents send a broadcast wakeup call along with the package version number to all agents in the same subnet. 3 All agents (regular agents and SuperAgents) retrieve the update from the nearest repository. Agent retrieve updates randomly during the specified global update randomization interval you specified. 4 If the version number of the package does not match, the agent skips that repository and checks the next one in the repository list. 5 Any agents without an operating SuperAgent on its subnet will not receive notification of the global update. Product Guide 321 Product Deployment and Updating — Subnet — SuperAgent 1 Server 2 1 Reports Agent Agent Agent Agent 1 3 Agent Figure 8-10. Global updating (3 of 3) — Status update and reporting 1 Agents send update events to the server. 2 You can now begin to report on the status of the global update. 3 Any agents without an operating SuperAgent on its subnet will not receive notification of the global update. 322 ePolicy Orchestrator™ software version 3.0 Product Deployment and Updating Setting up global updating Use this procedure to set up global updating. For more information, see Global updating on page 319. 1 Set up distributed software repositories. For instructions, see Creating repositories on page 158. 2 Deploy at least one SuperAgent to every subnet on the network. For instructions, see Deploying SuperAgents on page 324. 3 Enable immediate event forwarding. For instructions, see Enabling or disabling immediate event forwarding on page 256. Initiating and reporting on a global update Use this procedure to initiate, then report on the status of a global update. You need to set up global updating before you can initiate a global update. For instructions, see Setting up global updating on page 323. 1 Enable global updating. For instructions, see Enabling or disabling global updating on page 325. 2 Schedule a pull task from the desired source repository. For a list of package types and instructions, see Product and product update packages on page 203 and Scheduling Repository Pull server tasks on page 215, respectively. — OR — Manually check in the desired product update packages. For a list of package types and instructions, see Product and product update packages on page 203 and Checking in packages on page 206, respectively. Packages are immediately replicated to all SuperAgent and global distributed repositories. Remember, you must manually copy new packages to local distributed repositories. 3 Run one or more coverage reports to determine the status of the global update. For more information and instructions, see Coverage report templates on page 424 and Running reports on page 347. Product Guide 323 Product Deployment and Updating Deploying SuperAgents Use this procedure to set the policy for SuperAgents, then deploy at least one to every subnet on the network. We recommend that you deploy an additional SuperAgent to each subnet as a backup, because agents without an operating SuperAgent on its subnet will not receive notification of global updates. Changes take effect during the next agent-to-server communication. NOTE You can only set this policy at the computer level. 1 On the General tab in the ePolicy Orchestrator Agent | Configuration policy page, deselect Inherit. For instructions on where to find this page, see Setting agent policies on page 250. Figure 8-11. General tab in the ePolicy Orchestrator Agent | Configuration policy page 324 2 Select Enable agent wakeup call support. 3 Select Enable Super Agent functionality. 4 Make changes to other policy settings as needed. For instructions, see Setting agent policies on page 250. 5 Click Apply All to save the current entries. ePolicy Orchestrator™ software version 3.0 Product Deployment and Updating Enabling or disabling global updating Use this procedure to enable or disable global updating. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator server. For instructions, see Logging on to or adding ePolicy Orchestrator servers on page 53. 2 In the console tree under ePolicy Orchestrator, select <SERVER>. 3 In the details pane, click the Settings tab. Figure 8-12. Settings tab 4 To enable global updating, select Enable global updating. To disable global updating, deselect Enable global updating. 5 Specify the Global updating randomization interval (default is 20 minutes) to determine the time period during which agents randomly retrieve updates from repositories. 6 Click Apply settings to save the current entries. Product Guide 325 Product Deployment and Updating 326 ePolicy Orchestrator™ software version 3.0 9 Reporting The ePolicy Orchestrator software includes enterprise-wide reporting functionality. You can produce a wide range of useful reports and queries from events and properties sent by the agent to the ePolicy Orchestrator server, then stored in the ePolicy Orchestrator database. The ePolicy Orchestrator software includes a number of predefined report and query templates. These templates are stored in the Report Repository and Query Repository under Reporting in the console tree. You can use any template found here to create reports and queries using data on any database server. For information, see Report and Query Templates on page 423. Although you can log on to multiple ePolicy Orchestrator database servers at once, reports and queries can only display data from a single database at a time. To create reports or queries that combine data from multiple databases, you can merge databases together or import selected events into the database. You can also control which events are stored in the database by limiting or deleting unwanted ones from the database. You can produce reports and queries for a group of selected client computers. You can also limit report results by product or computer criteria; for example, product name, product version number, or operating system. You can export reports into a variety of file formats, including HTML and Microsoft Excel. n How security affects reporting. n ePolicy Orchestrator database servers. n Events. n Global reporting settings. n Reports. n Queries. n Reorganizing the Report Repository. n Reorganizing the Query Repository. Product Guide 327 Reporting How security affects reporting The authentication method and user account that you use to log on to ePolicy Orchestrator database servers affect the tasks you can perform, and the data on which you can report. n Database authentication. n How authentication method affects working with events. n How user account affects working with events and reports. n How user account affects data that appears in reports. Database authentication When using SQL authentication, the DBO database role is created automatically during the installation. This database role is assigned to the default SQL user account (sa), and contains all of the permissions you need to access ePolicy Orchestrator databases. When using NT authentication, local administrators on the database server have the same level of database access as the default SQL user account. How authentication method affects working with events The authentication method that you use to log on to ePolicy Orchestrator database servers affects whether you can limit, remove, import, or repair events in the ePolicy Orchestrator database. If you use ePolicy Orchestrator authentication, global administrators can view and change all options on all tabs available from Events under Reporting | ePO Databases | <DATABASE SERVER> in the console tree. Other users can only view this information. If you use Windows NT or SQL authentication, all users can only view and change options on the Removal tab available from Events under Reporting | ePO Databases | <DATABASE SERVER> in the console tree. 328 ePolicy Orchestrator™ software version 3.0 Reporting How user account affects working with events and reports The ePolicy Orchestrator user account that you use to log on to ePolicy Orchestrator database servers affects the tasks you can perform, and the data on which you can report. You must be a global administrator to perform the following tasks: n Change reporting options. n Limit events. n Import events. n Repair events. n Delete events. How user account affects data that appears in reports When you remove computers from the Directory, the events associated with them remain in the ePolicy Orchestrator database. You must be a global administrator or global reviewer to view events associated with these computers in infection reports. In addition when you use a global administrator or global reviewer user account to run infection reports, the computer name itself is not provided regardless of whether the computer currently appears in the Directory. You must be a site administrator or site reviewer to view the names of computers currently in the Directory within infection reports. Site administrators and site reviewers can only report on those client computers in sites to which they have rights. Product Guide 329 Reporting ePolicy Orchestrator database servers Before you can run reports or queries, you need to log on to the ePolicy Orchestrator database server that contains the data on which you want to report. Database servers can reside on the same computer as the ePolicy Orchestrator server or on a separate computer. You can be logged on to multiple database servers at once. Note that you log on to database servers separately from the ePolicy Orchestrator server itself. You can also log off or remove database servers from the console tree as needed. n Logging on to or adding ePolicy Orchestrator database servers. n Logging off ePolicy Orchestrator database servers. n Removing ePolicy Orchestrator database servers. Logging on to or adding ePolicy Orchestrator database servers Depending on whether the desired ePolicy Orchestrator database server already appears in the console tree under Reporting | ePO Databases, you need to complete different steps to log on to it. If the ePolicy Orchestrator database resides on the same computer as the ePolicy Orchestrator server, the database server appears automatically in the console tree. For instructions on changing this setting, see Specifying global reporting options on page 343. 330 n If the database server appears in the console tree, use Logging on to ePolicy Orchestrator database servers on page 331. n If the database server doesn’t appear in the console tree, use Adding ePolicy Orchestrator database servers on page 333. ePolicy Orchestrator™ software version 3.0 Reporting Logging on to ePolicy Orchestrator database servers Use this procedure to log on to an ePolicy Orchestrator database server that already appears in the console tree under Reporting | ePO Databases. Typically, you must log on to database servers every time you start the software. If you are using Windows NT or SQL authentication to log on to database servers, you can save the logon information for individual database servers, so that you do not need to manually log on to them. For instructions on cancelling this setting, see Clearing saved logon information on page 332. You can also save logon information for all database servers. For instructions, see Specifying global reporting options on page 343. WARNING If you select Save connection information and do not prompt again, be sure to password-protect the corresponding database server. Otherwise, other users might be able to gain direct access to it via the ePolicy Orchestrator console. For option definitions, click Help in the interface. 1 In the console tree under Reporting | ePO Databases, right-click <DATABASE SERVER>, then select Connect. The ePO Database Login dialog box appears. Figure 9-1. ePO Database Login dialog box 2 If Connection Information items do not appear in this dialog box, click Options to display them. These items allow you to select the authentication method. 3 Under Connection Information, select the Authentication Type that you want to use to verify the authenticity of the logon information. 4 Make selections based on the Authentication Type you choose in Step 3: Product Guide 331 Reporting If you select Currently logged on user, the logon information you entered to log on to this computer is used. If you select ePO authentication, make these selections: a Type the User name and Password of an ePolicy Orchestrator user account. b Type the HTTP port number that corresponds to the ePolicy Orchestrator server as entered during the installation. If you select SQL authentication, make these selections: a Type the User name and Password of a SQL Server user account. b To save the logon information for the selected database server, select Save connection information and do not prompt again. If you select Windows NT authentication, make these selections: 5 a Type the User name and Password of a Windows NT user account. b Type the Domain name to which this account belongs. c To save the logon information for the selected database server, select Save connection information and do not prompt again. Click OK to connect to the specified database server using the logon information provided. Clearing saved logon information Use this procedure to clear logon information for ePolicy Orchestrator database servers that has been previously saved. Once you clear the logon information, you will need to log on to the database server every time you start the software. For option definitions, click Help in the interface. 1 Remove the desired database server. For instructions, see Removing ePolicy Orchestrator database servers on page 334. 2 Exit the software. 3 Log on to the desired database server. Be sure to deselect Save connection information and do not prompt again. For instructions, see Logging on to or adding ePolicy Orchestrator database servers on page 330. 332 ePolicy Orchestrator™ software version 3.0 Reporting Adding ePolicy Orchestrator database servers Use this procedure to add an ePolicy Orchestrator database server to the console tree under Reporting | ePO Databases and log on to it. You can add multiple database servers to the console tree. This enables you to work with more than one database server in the same session. For option definitions, click Help in the interface. 1 In the console tree under Reporting, right-click ePO Databases, then select Add new server. The New ePO Database Server dialog box appears. Figure 9-2. New ePO Database Server dialog box 2 Select the Authentication Type that you want to use to verify the authenticity of the logon information. 3 In Server name, type or select the name of the database server to which you want to connect. To select the local server, type or select (local). 4 Make selections based on the Authentication Type you choose in Step 2: If you select Currently logged on user, accept the default Database name (EPO_<SERVER>) or type the name of another one. If you select ePO authentication, make these selections: a Type the HTTP port number that corresponds to the database server to which you want to connect. b Type the User name and Password of an ePolicy Orchestrator user account. Product Guide 333 Reporting If you select SQL authentication, make these selections: a Accept the default Database name (EPO_<SERVER>) or type the name of another one. b Type the User name and Password of a SQL Server user account. If you select Windows NT authentication, make these selections: 5 a Accept the default Database name (EPO_<SERVER>) or type the name of another one. b Type the User name and Password of a Windows NT user account. c Type the Domain name to which the user account belongs. Click OK to connect to the specified database server using the logon information provided. Logging off ePolicy Orchestrator database servers Use this procedure to log off the selected ePolicy Orchestrator database server, but leave its icon in the console tree. For option definitions, click Help in the interface. n In the console tree under Reporting | ePO Databases, right-click <DATABASE SERVER>, then select Disconnect. Removing ePolicy Orchestrator database servers Use this procedure to log off the selected ePolicy Orchestrator database server (if a connection currently exists) and remove its icon from the console tree. For option definitions, click Help in the interface. n 334 In the console tree under Reporting | ePO Databases, right-click <DATABASE SERVER>, then select Remove. ePolicy Orchestrator™ software version 3.0 Reporting Events You can define the events that you want stored in the ePolicy Orchestrator database, import events from another database into the current one, repair events and computer names to ensure that infection reports are accurate, and permanently delete events from the database. n Limiting events stored in the database. n Importing events into the database. n Repairing events and computer names in the database. n Deleting events from the database. Limiting events stored in the database Use this procedure to define the specific events that you want sent from client computers to the ePolicy Orchestrator server, and then stored in the ePolicy Orchestrator database for reporting purposes. Events that are already in the database are not affected. Because service events (for example, starting or stopping software) are numerous, they are not collected by default. We recommend that you accept these default selections to reduce the size of the database. NOTE You must be a global administrator to limit events. Other users can only view these settings. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator database server using ePolicy Orchestrator authentication and a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator database servers on page 330. 2 In the console tree under Reporting | ePO Databases | <DATABASE SERVER>, select Events. The Filtering, Import, Repair, and Removal tabs appear in the details pane. Product Guide 335 Reporting 3 On the Filtering tab, select Send only the selected events to ePO, then select checkboxes that correspond to events that you want to collect. Figure 9-3. Filtering tab The severity icons of events are listed in order of severity (from least to most severe) below: Informational Warning Minor Major Critical 336 4 To collect all events, select Do not filter events (send all events). 5 Click Apply to save the current entries. The new set of events is sent to the server and stored in the database at the next agent-to-server communication interval (ASCI). ePolicy Orchestrator™ software version 3.0 Reporting Importing events into the database Use this procedure to import events from another ePolicy Orchestrator database into the current one, so that the selected events are available for reporting purposes. You can also merge multiple databases together into one for reporting purposes. For instructions, see Creating merged databases on page 399. NOTE You must be a global administrator to import events. For option definitions, click Help in the interface. 1 Back up both databases. For instructions, see Backing up and restoring ePolicy Orchestrator databases on page 394. 2 Log on to the desired ePolicy Orchestrator database server using ePolicy Orchestrator authentication and a global administrator user account. For instructions, see Logging on to or adding ePolicy Orchestrator database servers on page 330. 3 In the console tree under Reporting | ePO Databases | <DATABASE SERVER>, select Events. The Filtering, Import, Repair, and Removal tabs appear in the details pane. 4 Click the Import tab. Figure 9-4. Import tab 5 In Select the SQL Server from which events will be imported, select or type the name of the SQL server that contains the database from which you want to import events. Product Guide 337 Reporting 6 7 8 In Name of database to import events from, accept the default database server name, or type the name of a different database server from which you want to import events. If using version... Then, the default database name is... 1.0 NAIEVENTS 1.1 AVINFORMANTDB 2.0 EPO_<SERVER> 2.5 EPO_<SERVER> 2.5.1 EPO_<SERVER> 3.0 EPO_<SERVER> Type the SQL Login ID and Password of an administrator account on the selected database. Select either Only import events that have not already been imported or Import all events. NOTE Be aware that the Import all events option might add duplicate events into the database. 9 Click Start to import events from the selected database into the current one. 10 Repair events. For instructions, see Repairing events and computer names in the database on page 338. Repairing events and computer names in the database Every computer is assigned a unique ID called a global unique identifier. These IDs are stored with events in the ePolicy Orchestrator database and identify which client computers generated each event. In addition, it’s important to track when computers are renamed. These associations are necessary to ensure that infection reports are accurate. Certain conditions cause computers to be assigned a new ID. In these cases, the ID stored in the database no longer matches the ID assigned to the computer. You need to update the events in the database that correspond to these mismatched IDs, to ensure that infection data is reported accurately. Here are some common examples of situations that cause computers to be assigned a new ID: 338 n Changing the MAC address on computers. n Changing the network interface card (NIC) in computers. ePolicy Orchestrator™ software version 3.0 Reporting n Renaming computers. n Uninstalling, then reinstalling the agent. Note that agent AutoUpgrade does not generate a new ID. n Using a common image of the software and hardware to build computers. n Using a docking station with laptop computers. Repairing events in the database Use this procedure to synchronize the ID in events in the selected ePolicy Orchestrator database with the IDs of computers on the network. For option definitions, click Help in the interface. 1 Back up the database. For instructions, see Backing up and restoring ePolicy Orchestrator databases on page 394. 2 Log on to the desired ePolicy Orchestrator database server using ePolicy Orchestrator authentication. For instructions, see Logging on to or adding ePolicy Orchestrator database servers on page 330. 3 In the console tree under Reporting | ePO Databases | <DATABASE SERVER>, select Events. The Filtering, Import, Repair, and Removal tabs appear in the details pane. 4 Click the Repair tab. Figure 9-5. Repair tab Product Guide 339 Reporting 5 Click Start to synchronize the IDs in events with IDs of computers on the network. 6 If Events not matched to computers is greater than zero after the repair process has completed, you need to also repair computer names. For instructions, see Repairing computer names associated with events in the database on page 340. Repairing computer names associated with events in the database Use this procedure whenever computer names have changed to update events with the new computer names. 1 Repair events in the database. For instructions, see Repairing events in the database on page 339. 2 In your database maintenance tool (for example, SQL Server Enterprise Manager), run the following SQL statement on the database for each renamed computer or create a SQL script that contains a SQL statement for each renamed computer: UPDATE EVENTS SET HOSTNAME=’<NEW COMPUTER>’ WHERE HOSTNAME=’<OLD COMPUTER>’ Where <NEW COMPUTER> and <OLD COMPUTER> are the current and previous computer names, respectively. 3 Repair events in the database again. For instructions, see Repairing events in the database on page 339. Deleting events from the database Use this procedure to delete events permanently from the ePolicy Orchestrator database. For option definitions, click Help in the interface. 340 1 Back up the database. For instructions, see Backing up and restoring ePolicy Orchestrator databases on page 394. 2 Log on to the desired ePolicy Orchestrator database server. For instructions, see Logging on to or adding ePolicy Orchestrator database servers on page 330. 3 In the console tree under Reporting | ePO Databases | <DATABASE SERVER>, select Events. The Filtering, Import, Repair, and Removal tabs appear in the details pane. ePolicy Orchestrator™ software version 3.0 Reporting 4 Click the Removal tab. Figure 9-6. Removal tab 5 Select the range of events that you want to delete from the database. 6 Click Start to delete the specified events from the database. Product Guide 341 Reporting Global reporting settings Some reporting settings affect all ePolicy Orchestrator database servers, reports, and queries. You might find it helpful to review these settings before you run reports and queries to ensure that the desired data is displayed in them. 342 n Specifying global reporting options. n Limiting report and query results by client computer. ePolicy Orchestrator™ software version 3.0 Reporting Specifying global reporting options Use this procedure to specify settings that affect all ePolicy Orchestrator database servers, reports, and queries. Typically, you must log on to database servers every time you start the software. If using Windows NT or SQL authentication to log on to database servers, you can save the logon information for all database servers, so that you do not need to manually log on to them. You can also save logon information for individual database servers. For instructions, see Logging on to ePolicy Orchestrator database servers on page 331. WARNING If you select Encrypt and save passwords between sessions, be sure to password-protect all database servers. Otherwise, other users might be able to gain direct access to them via the ePolicy Orchestrator console. For option definitions, click Help in the interface. 1 In the console tree, right-click Reporting, then select Options. The Reporting dialog box appears. Figure 9-7. Reporting dialog box 2 To add a local database server under ePO Databases every time you start the software, select Add local machine to server list if ePO server is detected. Product Guide 343 Reporting 344 3 To save logon information for all database servers using Windows NT or SQL authentication, select Encrypt and save passwords between sessions. 4 Accept the default Query time-out (600 seconds) to specify when to interrupt attempts to return report or query results. If you are experiencing network delays or time-out messages (for example, SQL time-out messages), try increasing this value. 5 Accept the default Login time-out (10 seconds) to specify when to interrupt attempts to log on to the database. If you are experiencing network delays or time-out messages (for example, SQL time-out messages), try increasing this value. 6 Under Select Reporting Time, specify whether to display event information in infection reports in local time as reported on the client computer (Local), or in Greenwich mean time (GMT). 7 Click OK when done. ePolicy Orchestrator™ software version 3.0 Reporting Limiting report and query results by client computer Use this procedure to limit the results of reports and queries to client computers under a selected site or group, and all groups and computers underneath it. For example, if the Directory is organized by functional group, you might want to produce separate reports and queries for each department. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator database server. For instructions, see Logging on to or adding ePolicy Orchestrator database servers on page 330. 2 In the console tree under Reporting | ePO Databases, right-click <DATABASE SERVER>, then select Set Directory Filter. The Directory Filtering dialog box appears. Figure 9-8. Directory Filtering dialog box 3 Select the site or group for which you want to generate reports and queries. 4 Verify that the desired site or group appears in Current Branch. 5 Click OK. Product Guide 345 Reporting Reports In addition to your user account, there are several ways in which you can control what data appears on reports. For example, you can define the version number of virus definition files, virus scanning engines, and supported products that need to be installed on client computers for them to be considered compliant based on your company’s anti-virus and security program. You can also limit the results of reports by selected product criteria; for example, computer name, operating system, virus name, or action taken on infected files. Once the results of a report appear, you can perform a number of tasks on the data. You can view details on desired report data; for example, to determine which client computers do not have a compliant version of VirusScan installed on them. Some reports even provide links to other reports, called subreports, that provide data related to the current report. You can also print reports or export report data into a variety of file formats, including HTML and Microsoft Excel. 346 n Running reports. n Saving and reusing report input settings. n Saving customized reports selections as report templates. n Working with reports in the report window. n Viewing the details of report data. n Refreshing data in reports. n Printing reports. n Exporting report data to other formats. n Finding text in reports. n Zooming in or out of reports. n Paging through reports. n Hiding or showing the report group tree. ePolicy Orchestrator™ software version 3.0 Reporting Running reports Use this procedure to create reports using data in the selected ePolicy Orchestrator database. You can save the selections you make in the Enter Report Inputs and Report Data Filter dialog boxes for future use. For instructions, see Saving and reusing report input settings on page 359 and Saving customized reports selections as report templates on page 365, respectively. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator database server. For instructions, see Logging on to or adding ePolicy Orchestrator database servers on page 330. 2 In the console tree under Reporting | ePO Databases | <DATABASE SERVER> | Reports | <REPORT GROUP>, select <REPORT>. 3 If the Current Protection Standards dialog box appears, specify the version numbers of virus definition files or the virus scanning engine on which you want to report. Figure 9-9. Current Protection Standards dialog box Product Guide 347 Reporting 4 If the Enter Report Inputs dialog box appears, make the following selections: Figure 9-10. Enter Report Inputs dialog box 348 a If there are tabs labeled Rules (for example, Product Version Rules), define compliance rules for the report. For instructions, see Defining compliance rules for reports on page 350. b If there is a Layout tab, specify viewing and printing options for the report. For instructions, see Specifying viewing and printing options for reports on page 352. c If there is a Data Grouping tab, define how data is grouped on the report. For instructions, see Defining how to group data on reports on page 354. d If there is a Within tab, limit the results of the report to a time period or data group. For instructions, see Limiting report results within a time period or data group on page 355. ePolicy Orchestrator™ software version 3.0 Reporting e 5 If there is a Saved Settings tab, save the selections you make in the Enter Report Inputs dialog box for future use. For instructions, see Saving and reusing report input settings on page 359. To limit the results of the report by product criteria, click Yes when asked whether you want to customize the report. The Report Data Filter dialog box appears. For instructions, see Limiting report results by selected criteria on page 356. Figure 9-11. Report Data Filter dialog box After you provide all of the requested data, the main section of the desired report appears in the report window. 6 View report details. For instructions, see Viewing the details of report data on page 368. Product Guide 349 Reporting Defining compliance rules for reports Use this procedure to create rules that define what compliance means in your company. These rules define the cutoff criteria for data that appears on selected reports. In other words, the data that does not meet the rules you specify is the data that appears on the report. For example, if you define the 2.5 version of the agent as being compliant, data for client computers with the 2.0, 1.1, or 1.0 version of the agent appear on the report. For option definitions, click Help in the interface. 1 Run the desired report. For instructions, see Running reports on page 347. 2 In the Enter Report Inputs dialog box, click the <DATA> Rules tab; for example, Product Version Rules. Figure 9-12. Product Version Rules tab in the Enter Report Inputs dialog box 3 350 In Select Parameter Field, select the desired item. A definition of the selected item appears under Select Parameter Field. ePolicy Orchestrator™ software version 3.0 Reporting 4 In Enter Value, select or type the cutoff value. The current settings appear under Current Parameter Settings. 5 Repeat Step 3 and Step 4 to define rules for each item listed in Select Parameter Field. 6 To change a setting, select the desired item in Select Parameter Field, then select or type a different value in Enter Value. 7 To delete a settings, select the desired item in Select Parameter Field, then clear the value in Enter Value. Product Guide 351 Reporting Specifying viewing and printing options for reports Use this procedure to specify options that affect the appearance and behavior of selected reports. You can select the type of chart that appears in the main section of the report. In addition, you can specify how data is retrieved. This affects the speed that report results are returned and whether you can view report details or related report data. It also allows you to select a printable version of the report. For option definitions, click Help in the interface. 1 Run the desired report. For instructions, see Running reports on page 347. 2 In the Enter Report Inputs dialog box, click the Layout tab. Figure 9-13. Layout tab in the Enter Report Inputs dialog box 352 3 Select Chart Type in Select Parameter Field, then select the desired chart type in Enter Value. The current settings appear under Current Parameter Settings. 4 To specify how data is retrieved, select Layout in Select Parameter Field, then select the desired option in Enter Value. The current settings appear under Current Parameter Settings. ePolicy Orchestrator™ software version 3.0 Reporting w Drilldown (subreports) — Allows you to view report details and related report data by clicking on data in reports. w Fast Drilldown (no subreports) — Allows you to view report details only by clicking on data in reports. We recommend using this option for the best performance running reports from remote consoles. w No Drilldowns (Printable) — Returns all report details, but without links. This allows you to print all pages of the report. 5 To change a setting, select the desired item in Select Parameter Field, then select or type a different value in Enter Value. 6 To delete a settings, select the desired item in Select Parameter Field, then clear the value in Enter Value. Product Guide 353 Reporting Defining how to group data on reports Use this procedure to specify how data is grouped on selected reports. You can group data in up to four different levels. For option definitions, click Help in the interface. 1 Run the desired report. For instructions, see Running reports on page 347. 2 In the Enter Report Inputs dialog box, click the Data Groupings tab. Figure 9-14. Data Groupings tab in the Enter Report Inputs dialog box 354 3 In Select Parameter Field, select the desired item (First Group, Second Group, Third Group, or Fourth Group). A definition of the selected item appears under Select Parameter Field. 4 In Enter Value, select the desired data value. The current settings appear under Current Parameter Settings. 5 Repeat Step 3 and Step 4 for each level of report details that you want to appear on the report. ePolicy Orchestrator™ software version 3.0 Reporting 6 To change a setting, select the desired item in Select Parameter Field, then select or type a different value in Enter Value. 7 To delete a settings, select the desired item in Select Parameter Field, then clear the value in Enter Value. Limiting report results within a time period or data group Use this procedure to limit the results of selected reports to data recorded within the time period you specify; for example, within the last three days. Also, use this procedure to limit the results of selected reports by custom data groups; for example, within anti-virus products only. For option definitions, click Help in the interface. 1 Run the desired report. For instructions, see Running reports on page 347. 2 In the Enter Report Inputs dialog box, click the Within tab. Figure 9-15. Within tab in the Enter Report Inputs dialog box Product Guide 355 Reporting 3 To specify a static time period, select the item labeled Date in Select Parameter Field; for example, Agent Connection Date. A definition of the selected item appears under Select Parameter Field. To specify a relative time period, select the item labeled Rule in Select Parameter Field; for example, Agent Connection Rule. A definition of the selected item appears under Select Parameter Field. 4 In Enter Value, select the desired time period. The current settings appear under Current Parameter Settings. 5 To change a setting, select the desired item in Select Parameter Field, then select or type a different value in Enter Value. 6 To delete a settings, select the desired item in Select Parameter Field, then clear the value in Enter Value. Limiting report results by selected criteria Use this procedure to limit the data that appears on selected reports by the computer, infection, or product criteria you specify. For example, you might want to view only coverage information about VirusScan Enterprise 7.0. For information on the criteria available for each report, see Report and Query Templates on page 423. You can also save the selections you make in the Report Data Filter dialog box for future use. For instructions, see Saving customized reports selections as report templates on page 365. For option definitions, click Help in the interface. 356 1 Run the desired report. For instructions, see Running reports on page 347. 2 Click Yes when asked whether you want to customize the report. The Report Data Filter dialog box appears. 3 Select the tab (for example, Product Version) that corresponds to the criteria for which you want to limit the report results. ePolicy Orchestrator™ software version 3.0 Reporting 4 Select an operator (for example, any value, equal to, one of, and others) in the condition drop-down list. Figure 9-16. Condition drop-down list 5 Further refine the condition in the following ways: w If you select greater than or less than, select or equal to as needed. w If you select any operator other than any value, select Not to exclude the specified values. Product Guide 357 Reporting w If you select between, select or type the beginning and ending range of values. Figure 9-17. Beginning and ending range w If you select equal to, less than, or greater than, select or type the desired data field. w If you select one of, starting with, or like, select or type the desired data field, then click Add to include that value in the data list. Figure 9-18. Value in data list 358 ePolicy Orchestrator™ software version 3.0 Reporting 6 Repeat Step 3 through Step 5 for each desired criteria. 7 Click OK when done. The Data Filter Criteria dialog box appears. Figure 9-19. Data Filter Criteria dialog box 8 To display the SQL statement that represents the product criteria you defined in the Report Data Filter dialog box on the report, select Show On Report. This statement is useful to highlight that the report is based on a subset of the data in the database. 9 Click Yes. Saving and reusing report input settings You can save the selections you made in the Enter Report Inputs dialog box for future use. The next time that you run that report, you can apply the report input settings that you saved, then change or delete them as needed. n Saving report input settings for reuse. n Applying report input settings. n Changing existing report input settings. n Saving existing report input settings to a new name. n Deleting report input settings. Product Guide 359 Reporting Saving report input settings for reuse Use this procedure to save the selections you made in the Enter Report Inputs dialog box for future use. You can save multiple sets of report input settings. For option definitions, click Help in the interface. 1 Run the desired report. For instructions, see Running reports on page 347. 2 In the Enter Report Inputs dialog box, click the Saved Settings tab. Figure 9-20. Saved Settings tab in the Enter Report Inputs dialog box 360 3 In Select Parameter Field, select Save. 4 In Enter Value, type a descriptive name for the report input settings. The current settings appear under Current Parameter Settings. ePolicy Orchestrator™ software version 3.0 Reporting Applying report input settings Use this procedure to apply report input settings that you saved in the Enter Report Inputs dialog box to the current report. For option definitions, click Help in the interface. 1 Run the desired report. For instructions, see Running reports on page 347. 2 In the Enter Report Inputs dialog box, click the Saved Settings tab. Figure 9-21. Saved Settings tab in the Enter Report Inputs dialog box 3 In Select Parameter Field, select Open. 4 In Enter Value, select the desired report settings. The current report settings appear under Current Parameter Settings. 5 Make changes as needed. Product Guide 361 Reporting Changing existing report input settings Use this procedure to change the settings in the selected report input settings. For option definitions, click Help in the interface. 1 Run the desired report. For instructions, see Running reports on page 347. 2 In the Enter Report Inputs dialog box, click the Saved Settings tab. Figure 9-22. Saved Settings tab in the Enter Report Inputs dialog box 362 3 In Select Parameter Field, select Open. 4 In Enter Value, select the desired report settings. 5 Make changes as needed. 6 Click the Saved Settings tab. ePolicy Orchestrator™ software version 3.0 Reporting 7 In Select Parameter Field, select Save As. 8 In Enter Value, select the same report settings you selected in Step 4. The current report settings appear under Current Parameter Settings. Saving existing report input settings to a new name Use this procedure to save the selected report input settings to a different name. For option definitions, click Help in the interface. 1 Run the desired report. For instructions, see Running reports on page 347. 2 In the Enter Report Inputs dialog box, click the Saved Settings tab. Figure 9-23. Saved Settings tab in the Enter Report Inputs dialog box 3 In Select Parameter Field, select Open. 4 In Enter Value, select the desired report settings. 5 Make changes as needed. Product Guide 363 Reporting 6 Click the Saved Settings tab. 7 In Select Parameter Field, select Save. 8 In Enter Value, type a descriptive name for the report input settings, then click Save. The current settings appear under Current Parameter Settings. Deleting report input settings Use this procedure to permanently remove report input settings that you saved in the Enter Report Inputs dialog box. For option definitions, click Help in the interface. 1 Run the desired report. For instructions, see Running reports on page 347. 2 In the Enter Report Inputs dialog box, select the Saved Settings tab. Figure 9-24. Saved Settings tab in the Enter Report Inputs dialog box 364 ePolicy Orchestrator™ software version 3.0 Reporting 3 In Select Parameter Field, select Delete. 4 In Enter Value, select the desired report input settings. Saving customized reports selections as report templates Use this procedure to save the selections you made in the Current Protection Standards, Enter Report Inputs, and Report Data Filter dialog boxes as a report template. This is the only way you can save the selections you made in the Current Protection Standards and Report Data Filter dialog boxes for future use. You can save the selections you made in the Enter Report Inputs dialog box at the same time that you are making them. For instructions, see Saving and reusing report input settings on page 359. For option definitions, click Help in the interface. 1 Run the desired report. For instructions, see Running reports on page 347. 2 Export the report as a Report Template (.RPT) file. For instructions, see Exporting report data to other formats on page 371. 3 Add the Report Template file to the Report Repository. For instructions, see Adding report templates on page 376. Product Guide 365 Reporting Working with reports in the report window The results of reports appear in the report window. You use the report window exclusively to work with generated reports, including viewing details of report data, printing reports, and exporting report data. For this reason, it is important to understand the components in the report window before you begin working with reports. 2 1 3 4 5 7 6 Figure 9-25. Report window components 1 Report group tree — Lists data on which you can view details. Appears on the Preview, groups, and details tabs. You can hide the report group tree. For instructions, see Hiding or showing the report group tree on page 372. 2 Preview tab — When selected, displays the main section of the report. 3 Group tab — When selected, displays the corresponding group section of the report. 4 Details tabs — When selected, displays the corresponding details section of the 4report. 5 Subreport tabs — When selected, displays the corresponding subreport. 5 6 Report sections — Displays summary-level data (main section), group-level data (group section), detailed data (details section), or related data (subreport). 7 Report toolbar — Provides access to common reporting tasks. For more information, see The report toolbar on page 367. 366 ePolicy Orchestrator™ software version 3.0 Reporting The report toolbar The report toolbar is one of the main components found in the report window. Each button on this toolbar is described below. Close current report view — Closes the active details section of the report. Go to first page — Goes to the first page in the selected section of the report. Go to previous page — Goes to the previous page in the selected section of the report. Current page number — Displays the current page number and the total number of page in the selected section of the report. Go to next page — Goes to the next page in the selected section of the report. Go to last page — Goes to the last page in the selected section of the report. Cancel reading records — Stops updating the report with data. Print — Prints the selected section of the report. Printer Setup — Sets printing preferences. Refresh Data — Updates the current report with data that has been saved into the ePolicy Orchestrator database since you initially ran the report. Available only when you select the Preview tab. Export — Exports the selected section of the report in a variety of file formats. Toggle group tree — Hides or shows the report group tree. Magnification Factor — Reduces or enlarges the display of the selected section of the report. Search text— Specifies that words or phrases that you want to find in the selected section of the report. Search — Locates the words or phrases you specify in the selected section of the report. Total records — Displays the total number of records in the database. Percent read — Displays the percentage of records that were relevant to the report. Product Guide 367 Reporting Records read — Displays the number of relevant records in relation to the total number of records in the database. Launch Crystal Analysis — Starts Crystal Analysis. Available only when this application is installed. Viewing the details of report data Use this procedure to view details of report data. For a list of detailed data available in each report, see Report and Query Templates on page 423. 1 Run the report. For instructions, see Running reports on page 347. The main section of the desired report appears in the report window. Figure 9-26. Main section of a report 2 368 To highlight data on which you can view details, select the desired data from the Preview or groups tab in the report group tree. The data appears with a group selection box around it. Note that the pointer changes to a magnifying glass when you point to data that you can select. ePolicy Orchestrator™ software version 3.0 Reporting In the example below, when you select VirusScan Enterprise in the report group tree, VirusScan Enterprise is highlighted in the main report section. Figure 9-27. Highlighting report data 3 To view the group-level report data, double-click the desired data. The group-level data appears in the report window. A group tab for the selected data also appears and allows you to move between sections of the report. In the example below, when you double-click VirusScan Enterprise in the main section of the report, the corresponding group section appears in the report window and the VirusScan Enterprise group tab also appears. Figure 9-28. Viewing group-level report data Product Guide 369 Reporting 4 If additional data is listed in the report group tree, repeat Step 2 and Step 3 to view more group-level report data. If no additional data is not listed, you’ve reached the details section of the report for the selected data. In the example below, since the report group tree under the 7.00.3001 tab doesn’t list any other data, this is a details tab. Figure 9-29. Viewing details on report data 5 To continue viewing details on report data, click the Preview tab or a groups tab, then repeat Step 2 and Step 3 to view details on other data. 6 To view related report data, click the subreport icons or links that appear in selected report. Refreshing data in reports Use this procedure to update the current report with data that has been saved into the ePolicy Orchestrator database since you initially ran it. 370 1 Run the report. For instructions, see Running reports on page 347. 2 Click the Refresh Data button on the report toolbar. 3 To stop updating the report with new data, click the Cancel reading records button on the report toolbar. ePolicy Orchestrator™ software version 3.0 Reporting Printing reports Use this procedure to print the selected section of the report. 1 Add a printer. For instructions, see printing-related topics in the Microsoft Windows Help file. 2 Run the report. For instructions, see Running reports on page 347. 3 To set printing preferences, click the Printer Setup button on the report toolbar. The Print Setup dialog box appears. For instructions on setting printing preferences, see printing-related topics in the Microsoft Windows Help file. 4 To print the selected section of the report, click the Print button on the report toolbar. Exporting report data to other formats Use this procedure to export the selected section of the report in a variety of file formats. 1 Run the report. For instructions, see Running reports on page 347. 2 View report details. For instructions, see Viewing the details of report data on page 368. 3 To export the selected section of the report, click the Export button on the report toolbar. The Export dialog box appears. 4 Select the desired Format. 5 Click OK. The Choose Export File dialog box appears. 6 Specify the name and location of the file, then click Save. Finding text in reports Use this procedure to locate words or phrases in the selected section of the report. 1 Run the report. For instructions, see Running reports on page 347. 2 Type the desired words in the Search Text box, then click the Search button on the report toolbar. Product Guide 371 Reporting Zooming in or out of reports Use this procedure to reduce or enlarge the display of the selected section of the report. 1 Run the report. For instructions, see Running reports on page 347. 2 In the Magnification Factor box on the report toolbar, select a magnification between 25 and 400 percent. Paging through reports Use this procedure to page through each report section. 1 Run the report. For instructions, see Running reports on page 347. 2 Click the Go to next page, Go to last page, Go to previous page, or Go to first page buttons on the report toolbar. The current page number and total number of pages in this section of the report also appear in the toolbar. Hiding or showing the report group tree Use this procedure to hide or show the report group tree. The Preview tab and details tabs appear in the report window regardless of whether the report group tree also appears. 372 1 Run the report. For instructions, see Running reports on page 347. 2 Click the Toggle group tree button in the report toolbar. ePolicy Orchestrator™ software version 3.0 Reporting Queries In addition to the predefined queries that are available, if you have experience writing SQL SELECT statements and working with SQL databases, you can also create your own custom queries. In addition, you can refresh query data or go to specific rows in a query. n Running queries. n Refreshing data in queries. n Going to specific rows in a query. Running queries Use this procedure to create queries using data in the selected ePolicy Orchestrator database. For option definitions, click Help in the interface. 1 Log on to the desired ePolicy Orchestrator database server. For instructions, see Logging on to or adding ePolicy Orchestrator database servers on page 330. 2 To limit the results to the client computers in a selected site or group, set a query filter. For instructions, see Limiting report and query results by client computer on page 345. 3 In the console tree under Reporting | ePO Databases | <DATABASE SERVER> | Queries | <QUERY GROUP>, right-click <QUERY>, then select Run. 4 The resulting query appears in the details pane. NOTE You can copy and paste query results into other applications; for example, Microsoft Excel. Refreshing data in queries Use this procedure to update queries with data that has been saved into the ePolicy Orchestrator database since you initially ran the query. 1 Run the query. For instructions, see Running queries on page 373. 2 Right-click anywhere in the query, then select Run. Product Guide 373 Reporting Going to specific rows in a query 374 1 Run the query. For instructions, see Running queries on page 373. 2 To go to the first or last row in the query, right-click anywhere in the query, then select First or Last, respectively. 3 To go to a specific row, do the following: a Right-click anywhere in the query, then select Row. The Go to Row dialog box appears. b Type or select the Row number, then click OK. ePolicy Orchestrator™ software version 3.0 Reporting Reorganizing the Report Repository You can organize the Report Repository to add reports that you exported as report templates (for example to save custom selections you made when you ran the report) or to add custom report templates. For example, you could group reports that you run daily, weekly, and monthly under report groups with the same name. n Adding report templates. n Changing report templates. n Deleting report templates. n Creating report groups. n Deleting report groups. Product Guide 375 Reporting Adding report templates Use this procedure to add report templates to the desired report group in the Report Repository. For option definitions, click Help in the interface. 1 2 In the console tree under Reporting | Report Repository, select <REPORT GROUP>; for example, Anti-Virus; or create a new one. For instructions, see Creating report groups on page 379. Right-click <REPORT GROUP>, then select Add report template. The New Report Definition dialog box appears. Figure 9-30. New Report Definition dialog box 3 Type the Name of the Report as you want it to appear in the console tree. 4 Type the path of the Report Template (.RPT) file in Report file or click the browse button (>>) to select one. 5 Type a literal Description of the report. 6 If you are adding a custom report template that requires external files, click Add to include them under Report Components. NOTE The predefined report templates do not use external files. 376 ePolicy Orchestrator™ software version 3.0 Reporting 7 Click OK when done. The report template appears in the Report Repository. The report appears under Reporting | ePO Databases | <DATABASE SERVER> the next time you log on to a database server. 8 Run the report. For instructions, see Running reports on page 347. Changing report templates Use this procedure to change existing report templates. For option definitions, click Help in the interface. 1 In the console tree under Reporting | Report Repository | <REPORT GROUP>, click <REPORT TEMPLATE>. The Report Definition dialog box appears. Figure 9-31. Report Definition dialog box Product Guide 377 Reporting 2 Click Organize to open the Organize Report dialog box. Figure 9-32. Organize Report dialog box 3 Change the Name of the Report as needed. 4 Specify a different Report file as needed. 5 Change the Description as needed. 6 Click OK when done. 7 Run the report. For instructions, see Running reports on page 347. Deleting report templates Use this procedure to permanently delete report templates from the Report Repository that you no longer want to use to create reports. For option definitions, click Help in the interface. n 378 In the console tree under Reporting | Report Repository | <REPORT GROUP>, right-click <REPORT TEMPLATE>, then select Remove. ePolicy Orchestrator™ software version 3.0 Reporting Creating report groups Use this procedure to create report groups in the Report Repository; for example, if you want to reorganize the Report Repository. For option definitions, click Help in the interface. 1 In the console tree under Reporting, right-click Report Repository or <REPORT GROUP>, then select New report group. The New Report Group dialog box appears. Figure 9-33. New Report Group dialog box 2 Enter the name for the new group, then click OK. The new group appears in the console tree. Deleting report groups Use this procedure to permanently delete report groups and all of the report templates stored in them from the Report Repository. For option definitions, click Help in the interface. n In the console tree under Reporting | Report Repository, right-click <REPORT GROUP>, then select Remove. Product Guide 379 Reporting Reorganizing the Query Repository You can organize the Query Repository to suit your needs, or add your own custom query templates. n Adding custom query templates. n Changing query templates. n Deleting query templates. n Creating query groups. n Deleting query groups. Adding custom query templates Use this procedure to add custom query templates to the desired query group in the Query Repository. For option definitions, click Help in the interface. 1 In the console tree under Reporting | Query Repository, select <QUERY GROUP> or create a new one. For instructions, see Creating query groups on page 383. 2 Right-click <QUERY GROUP>, then select Add query template. The New Query Definition dialog box appears. Figure 9-34. New Query Definition dialog box 380 ePolicy Orchestrator™ software version 3.0 Reporting 3 Type the Name of the Query as you want it to appear in the console tree. 4 Type a literal Description of the query. 5 In SQL Script, type the SQL statement of the query that you want to add. NOTE You can only specify one SELECT statement. This statement cannot execute stored procedures or use an UNION clause. 6 To verify the syntax of the SQL Script, do the following: a Click Check Syntax. If you are currently logged on to more than one database server, the Choose Server dialog box appears. b Select the desired database server, then click OK. 7 Click OK when done. The query template appears in the Query Repository. 8 Run the query. For instructions, see Running queries on page 373. Product Guide 381 Reporting Changing query templates Use this procedure to change existing query templates. For option definitions, click Help in the interface. 1 In the console tree under Reporting | Query Repository, click <QUERY TEMPLATE>. The Query Definition dialog box appears in the details pane. 2 Click Edit to open the Edit Query Definition dialog box. Figure 9-35. Edit Query Definition dialog box 3 Change the Name of the Query as needed. 4 Change the Description of the query as needed. 5 In SQL Script, change the SQL statement of the query as needed. NOTE You can only specify one SELECT statement. This statement cannot execute stored procedures or use an UNION clause. 6 382 To verify the syntax of the SQL Script, do the following: a Click Check Syntax. If you are currently logged on to more than one database server, the Choose Server dialog box appears. b Select the desired database server, then click OK. ePolicy Orchestrator™ software version 3.0 Reporting 7 Click OK when done. 8 Run the query. For instructions, see Running queries on page 373. Deleting query templates Use this procedure to permanently delete query templates from the Query Repository that you no longer want to use to create queries. For option definitions, click Help in the interface. n In the console tree under Reporting | Query Repository | <QUERY GROUP>, right-click <QUERY TEMPLATE>, then select Remove. Creating query groups Use this procedure to add query groups to the Query Repository; for example, if you want to group custom query templates together or to reorganize the Query Repository. For option definitions, click Help in the interface. 1 In the console tree under Reporting, right-click Query Repository or <QUERY GROUP>, then select New query group. The New Query Group dialog box appears. Figure 9-36. New Query Group dialog box 2 Enter the name for the new group, then click OK. The new group appears in the console tree. Deleting query groups Use this procedure to permanently delete query groups and all of the query templates stored in them from the Query Repository. For option definitions, click Help in the interface. n In the console tree under Reporting | Query Repository, right-click <QUERY GROUP>, then select Remove. Product Guide 383 Reporting 384 ePolicy Orchestrator™ software version 3.0 10 Maintaining ePolicy Orchestrator Databases You can use a combination of tools to maintain ePolicy Orchestrator databases. You will use a slightly different set of tools depending on whether you are using a Microsoft Data Engine (MSDE) or SQL Server database as the ePolicy Orchestrator database. Note that you can use Microsoft SQL Server Enterprise Manager to maintain both MSDE and SQL Server databases. n Securing ePolicy Orchestrator databases. n Changing SQL Server user account information. n Maintaining ePolicy Orchestrator databases. n Backing up and restoring ePolicy Orchestrator databases. n Merging ePolicy Orchestrator databases together. n Changing the default server connection protocol. Product Guide 385 Maintaining ePolicy Orchestrator Databases Securing ePolicy Orchestrator databases When SQL Server, Microsoft Data Engine (MSDE), or Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) is installed, their Setup program does not assign a password to the System Administrator (sa) user account. If you are using SQL authentication, we recommend that you assign a password to the sa user account after you install any of these database applications or before you upgrade to a new version of the ePolicy Orchestrator software. n If you are using SQL Server as the ePolicy Orchestrator database, see the SQL Server product documentation for instructions on assigning an sa password. n If you are using MSDE 2000 as the ePolicy Orchestrator database, see Securing ePolicy Orchestrator MSDE databases on page 386. Securing ePolicy Orchestrator MSDE databases Use this procedure to change the password on the System Administrator (sa) user account for Microsoft Data Engine (MSDE) or Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) databases. When MSDE or MSDE 2000 is installed, the Setup program does not assign a password to the sa user account. If you are using SQL authentication, we recommend that you assign a password to the sa user account after you install any of these database applications or before you upgrade to a new version of the ePolicy Orchestrator software. For option definitions, click Help in the interface. 1 At the command prompt, type the following, then press ENTER: OSQL -U <USER> -Q “SP_PASSWORD ‘<CURRENT PASSWORD>’, ‘<NEW PASSWORD>’, ‘<USER>’” For example: OSQL -U SA -Q “SP_PASSWORD NULL, ‘<NEW PASSWORD>’, ‘SA’” If the password is blank, type NULL as the password without single quotes. 2 386 At the Password prompt, type the current password, then press ENTER. ePolicy Orchestrator™ software version 3.0 Maintaining ePolicy Orchestrator Databases 3 Start the Server Configuration program (CFGNAIMS.EXE). The default location is: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3 If you upgraded the ePolicy Orchestrator software from version 2.0, 2.5, or 2.5.1, the default location is: C:\PROGRAM FILES\MCAFEE\EPO\3 Figure 10-1. Server Configuration program Product Guide 387 Maintaining ePolicy Orchestrator Databases 4 In the Server Configuration dialog box, click the Administrator tab. Figure 10-2. Administrator tab in the Server Configuration dialog box 388 5 Select Use SQL authentication. 6 Type the new Password. 7 Click OK to save the current entries. ePolicy Orchestrator™ software version 3.0 Maintaining ePolicy Orchestrator Databases Changing SQL Server user account information Use this procedure to change the SQL Server user account information in ePolicy Orchestrator when you make changes to the SQL Server user account in another program; for example, SQL Server Enterprise Manager. For option definitions, click Help in the interface. 1 Start the Server Configuration program (CFGNAIMS.EXE). The default location is: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3 If you upgraded the software from version 2.0, 2.5, or 2.5.1, the default location is: C:\PROGRAM FILES\MCAFEE\EPO\3 Figure 10-3. Server Configuration program 2 In the Server Configuration dialog box on the SQL Server tab, select the desired SQL server name and Database name. Product Guide 389 Maintaining ePolicy Orchestrator Databases 3 To change the credentials on the ePolicy Orchestrator global administrator user account, click the Administrator tab. a Select the authentication method. b Type a User Name and Password of a local or domain administrator user account. c If you select Use Windows NT authentication, type the Domain name. Figure 10-4. Administrator tab in the Server Configuration dialog box 4 390 To change the credentials on the ePolicy Orchestrator reviewer user account, click the Reviewer tab. a Select the authentication method. b Type a User Name and Password of a local or domain administrator user account. c If you select Use Windows NT authentication, type the Domain name. 5 Click OK when done. 6 Restart the computer to apply the changes. ePolicy Orchestrator™ software version 3.0 Maintaining ePolicy Orchestrator Databases Maintaining ePolicy Orchestrator databases We recommend that you make maintenance settings on ePolicy Orchestrator databases. These settings differ depending on which database software you are using. n Maintaining MSDE databases. n Maintaining SQL Server databases. Maintaining MSDE databases Use this procedure to make the recommended maintenance settings on MSDE databases being used as ePolicy Orchestrator databases. We recommend running this command on a weekly basis. n Type the following at the command prompt: NOTE These options are case-sensitive; use the capitalization as shown. <MSDE INSTALLATION PATH>MSSQL\BINN\SQLMAINT -S <SERVER> -U “<USER>” -P “<PASSWORD>” -D <DATABASE> -ReBldIdx 5 -RmUnusedSpace 50 10 -UpdOptiStats 15 Where <MSDE INSTALLATION PATH> is the location of the MSDE database. If you installed the database software using the ePolicy Orchestrator Setup program, this is the location where the ePolicy Orchestrator software was installed. And where <SERVER> is the name of the ePolicy Orchestrator server. And where <USER> and <PASSWORD> are the user name and password of the user account. And where <DATABASE> is the name of the ePolicy Orchestrator database. The default name of ePolicy Orchestrator databases is EPO_<SERVER>, where <SERVER> is the name of the ePolicy Orchestrator server. Product Guide 391 Maintaining ePolicy Orchestrator Databases Maintaining SQL Server databases Use this procedure to make the recommended maintenance settings on SQL Server databases being used as ePolicy Orchestrator databases. For option definitions, click Help in the interface. 1 In SQL Server Enterprise Manager under Microsoft SQL Servers | SQL Server Group | <DATABASE SERVER> | Databases in the console tree, right-click <DATABASE>, then select Properties. The Properties dialog box for the selected ePolicy Orchestrator database appears. 2 Click the Options tab. 3 Under Recovery, select Simple in Model, then click OK. 4 In the console tree under Microsoft SQL Servers | SQL Server Group | <DATABASE SERVER> | Management, right-click Database Maintenance, then select New Maintenance Plan. The Database Maintenance Plan Wizard appears. 5 Click Next. The Select Databases dialog box appears. 6 Select These databases, then select the user database and deselect the system databases: master, model, and msdb. The name of the user database is the name of the ePolicy Orchestrator database. The default name of ePolicy Orchestrator databases is EPO_<SERVER>, where <SERVER> is the name of the ePolicy Orchestrator server. 7 Click Next. The Update Data Optimization Information dialog box appears. 8 Select Reorganize data and index pages. 9 Select Change free space per page percentage to, and type 10 as the percentage. 10 Select Remove unused space from database files. 11 Schedule the data optimization tasks to execute during off-peak times. Click Change to change the default schedule. 12 Click Next. The Database Integrity Check dialog box appears. 13 Select Check database integrity and Perform these checks before doing backups. 14 Click Next. The Specify the Database Backup Plan dialog box appears. 15 Schedule the database backup tasks to execute during off-peak times. Click Change to change the default schedule. 16 Click Next. The Specify Backup Disk Directory dialog box appears. 392 ePolicy Orchestrator™ software version 3.0 Maintaining ePolicy Orchestrator Databases 17 Select Use the default backup directory. 18 Click Next. The Specify the Transaction Log Backup Plan dialog box appears. 19 Select Back up the transaction log as part of the maintenance plan and Verify the integrity of the backup when complete. 20 Schedule the transaction log backup tasks to execute during off-peak times. Click Change to change the default schedule. 21 Click Next. The Specify the Transaction Log Backup Disk Directory dialog box appears. 22 Select Use the default backup directory. 23 Click Next three times. The Completing the Database Maintenance Plan Wizard dialog box appears. 24 Click Finish. Product Guide 393 Maintaining ePolicy Orchestrator Databases Backing up and restoring ePolicy Orchestrator databases We recommend that you back up ePolicy Orchestrator databases regularly to guard against hardware failure. You can then restore the database should you ever need to reinstall the software. n If you are using Microsoft SQL Server as the ePolicy Orchestrator database, see the SQL Server product documentation. n If you are using Microsoft Data Engine (MSDE) as the ePolicy Orchestrator database, you can use the Database Backup Utility (DBBAK.EXE) to back up and restore ePolicy Orchestrator MSDE databases on the database server. For instructions, see Backing up ePolicy Orchestrator MSDE databases on page 394 and Restoring ePolicy Orchestrator MSDE databases on page 396. Backing up ePolicy Orchestrator MSDE databases Use this procedure to back up ePolicy Orchestrator Microsoft Data Engine (MSDE) databases using the McAfee Database Backup Utility (DBBAK.EXE). You can back up and restore MSDE databases to the same path on the same database server using this utility. You cannot use it to change the location of the database. 394 1 Stop the McAfee ePolicy Orchestrator 3.0 Server service and ensure that the SQL Server (MSSQLSERVER) service is running. For instructions, see the operating system product documentation. 2 Close all ePolicy Orchestrator consoles and remote consoles. ePolicy Orchestrator™ software version 3.0 Maintaining ePolicy Orchestrator Databases 3 Start the Database Backup Utility (DBBAK.EXE). The default location is: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3 If you upgraded the software from version 2.0, 2.5, or 2.5.1, the default location is: C:\PROGRAM FILES\MCAFEE\EPO\3 Figure 10-5. Database Backup Utility 4 Type the Database Server Name. 5 Select NT Authentication or SQL Account. If you selected SQL Account, type a user Name and Password for this database. 6 Type the Backup File path. 7 Click Backup. 8 Click OK when the backup process is done. 9 Start the McAfee ePolicy Orchestrator 3.0 Server service and ensure that the MSSQLSERVER service is running. For instructions, see the operating system product documentation. Product Guide 395 Maintaining ePolicy Orchestrator Databases Restoring ePolicy Orchestrator MSDE databases Use this procedure to restore ePolicy Orchestrator Microsoft Data Engine (MSDE) databases that you backed up using the Database Backup Utility (DBBAK.EXE). You can back up and restore MSDE databases to the same path on the same database server using this utility. You cannot use it to change the location of the database. 1 Stop the McAfee ePolicy Orchestrator 3.0 Server service and ensure that the MSSQLSERVER service is running. For instructions, see the operating system product documentation. 2 Close all ePolicy Orchestrator consoles and remote consoles. 3 Start the Database Backup Utility (DBBAK.EXE). The default location is: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3 If you upgraded the software from version 2.0, 2.5, or 2.5.1, the default location is: C:\PROGRAM FILES\MCAFEE\EPO\3 Figure 10-6. Database Backup Utility 4 Type the Database Server Name. 5 Select NT Authentication or SQL Account. If you selected SQL Account, type a user Name and Password for this database. 396 6 Type the Backup File path. 7 Click Restore. ePolicy Orchestrator™ software version 3.0 Maintaining ePolicy Orchestrator Databases 8 Click Yes when asked whether you want to overwrite the entire ePolicy Orchestrator database. 9 Click OK when the restore process is done. 10 Start the McAfee ePolicy Orchestrator 3.0 Server service and ensure that the MSSQLSERVER service is running. For instructions, see the operating system product documentation. Product Guide 397 Maintaining ePolicy Orchestrator Databases Merging ePolicy Orchestrator databases together Although you can log on to multiple ePolicy Orchestrator database servers at once, reports and queries can only display data from a single ePolicy Orchestrator database at a time. To create reports or queries that combine data from multiple databases, you can merge them into a new or existing database. This allows you to create reports and queries that contain data for all of the databases that you merged together. 398 n Creating merged databases. n Saving database merge settings for reuse. n Merging databases using predefined settings. ePolicy Orchestrator™ software version 3.0 Maintaining ePolicy Orchestrator Databases Creating merged databases Use this procedure to merge multiple ePolicy Orchestrator databases into a new or existing database. You can only combine databases created using the current version of the software. You can import events from databases created using previous versions of the software. For instructions, see Importing events into the database on page 337. You can save the settings you make in the DB Merge Tool to a Merge Settings (.TXT) file for reuse. For instructions, see Saving database merge settings for reuse on page 404. 1 Start the DB Merge Tool (AVIDB_MERGE_TOOL.EXE). The default location is: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3\AVI If you upgraded the software from version 2.0, 2.5, or 2.5.1, the default location is: C:\PROGRAM FILES\MCAFEE\EPO\3\AVI Figure 10-7. Choose Destination Database dialog box Product Guide 399 Maintaining ePolicy Orchestrator Databases 2 Specify the new or existing database into which you want to merge databases: a In the Choose Destination Database dialog box, select or type the name of the SQL Server (database server) and Database. b Type the User name and Password of an administrator user account on the database server you specify. c Click Next. The Choose Source Databases dialog box appears. Figure 10-8. Choose Source Databases dialog box 400 ePolicy Orchestrator™ software version 3.0 Maintaining ePolicy Orchestrator Databases 3 Specify the databases that you want to merge together: a Click New to open the Source Database dialog box. Figure 10-9. Source Database dialog box b Select or type the name of the SQL Server (database server) and Database. c Type the User name and Password of an administrator user account on the database server you specify. d Click OK to save the current entries and return to the Choose Source Databases dialog box. e Repeat Step a through Step d for each desired database. Product Guide 401 Maintaining ePolicy Orchestrator Databases 4 Specify merge settings for all of the databases that are being merged together. If you are merging databases into an existing database, these settings do not affect that database. a Click Options to open the Merge Tool - Options dialog box. Figure 10-10. Merge Tool - Options dialog box b Accept the default Query time-out (600 seconds) to specify when to interrupt attempts to return report or query results. c Accept the default Login time-out (10 seconds) to specify when to interrupt attempts to log on to the database. d To save entries about the merge process to a log file, select Log progress to a file, then specify the path of the Merge Log (AVIMERGE.LOG) file. If you select an existing file, entries are appended to the end of it. The default location is: C:\PROGRAM FILES\MCAFEE\EPO\3\AVI e Under Event Import, specify whether to include events in the destination database. NOTE We recommend deleting events from the destination database before using the Import all events option to avoid creating duplicate events in the destination database. 402 ePolicy Orchestrator™ software version 3.0 Maintaining ePolicy Orchestrator Databases f Under Coverage Data Purge, specify whether to include computer and product properties in the destination database. g Click OK to save the current entries and return to the Choose Source Databases dialog box. h Click Next to open the Import Data dialog box. Figure 10-11. Import Data dialog box 5 Click Start to begin the merge process. If you chose Import new events only, you can stop the merge process any time by clicking Cancel. 6 Click Close when done. If the merge process could not connect to a server, the merge database is not created; see Changing the default server connection protocol on page 412. n Logging on to or adding ePolicy Orchestrator database servers n Running reports Product Guide 403 Maintaining ePolicy Orchestrator Databases Saving database merge settings for reuse Use this procedure to save the settings you make in the DB Merge Tool to a Merge Settings (.TXT) file. This allows you to run the program later using these predefined database merge settings. You might find this helpful if you merge the same ePolicy Orchestrator databases together on a routine basis. 1 Start the DB Merge Tool (AVIDB_MERGE_TOOL.EXE). The default location is: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3\AVI If you upgraded the software from version 2.0, 2.5, or 2.5.1, the default location is: C:\PROGRAM FILES\MCAFEE\EPO\3\AVI Figure 10-12. Choose Destination Database dialog box 404 ePolicy Orchestrator™ software version 3.0 Maintaining ePolicy Orchestrator Databases 2 Specify the new or existing database into which you want to merge databases: a In the Choose Destination Database dialog box, select or type the name of the SQL Server (database server) and Database. b Type the User name and Password of an administrator user account on the database server you specify. c Click Next. The Choose Source Databases dialog box appears. Figure 10-13. Choose Source Databases dialog box Product Guide 405 Maintaining ePolicy Orchestrator Databases 3 Specify the databases that you want to merge together: a Click New to open the Source Database dialog box. Figure 10-14. Source Database dialog box 406 b Select or type the name of the SQL Server (database server) and Database. c Type the User name and Password of an administrator user account on the database server you specify. d Click OK to save the current entries and return to the Choose Source Databases dialog box. e Repeat Step a through Step d for each desired database. ePolicy Orchestrator™ software version 3.0 Maintaining ePolicy Orchestrator Databases 4 Specify merge settings for all of the databases that are being merged together. If you are merging databases into an existing database, these settings do not affect that database. a Click Options to open the Merge Tool - Options dialog box. Figure 10-15. Merge Tool - Options dialog box b Accept the default Query time-out (600 seconds) to specify when to interrupt attempts to return report or query results. If you are experiencing network delays or time-out messages (for example, SQL time-out messages), try increasing this value. c Accept the default Login time-out (10 seconds) to specify when to interrupt attempts to log on to the database. If you are experiencing network delays or time-out messages (for example, SQL time-out messages), try increasing this value. d To save entries about the merge process to a log file, select Log progress to a file, then specify where you want to save the Merge Log (AVIMERGE.LOG) file. If you select an existing file, entries are appended to the end of it. The default location is: C:\PROGRAM FILES\MCAFEE\EPO\3\AVI e Under Event Import, specify whether to include events in the resulting merged database. Product Guide 407 Maintaining ePolicy Orchestrator Databases f Under Coverage Data Purge, specify whether to include computer and product properties in the resulting merged database. g Click OK to save the current entries and return to the Choose Source Databases dialog box. h Click Next to open the Import Data dialog box. Figure 10-16. Import Data dialog box 5 6 408 Save the current settings for reuse as needed: a Click Save to open the Save As dialog box. b Specify a path and name of the Merge Settings (.TXT) file (for example, C:\PROGRAM FILES\MCAFEE\EPO\3\AVI\SETTINGS.TXT). c Click Save to return to the Import Data dialog box. Click Close when done. ePolicy Orchestrator™ software version 3.0 Maintaining ePolicy Orchestrator Databases Merging databases using predefined settings You can merge ePolicy Orchestrator databases together using predefined database merge settings. After you create a Merge Settings (.TXT) file, you can drag it to the application window or run the program from the command line. For example, if you want to use a third-party scheduling tool to schedule the merge process, you can run the program in the background using predefined settings. n Merging databases using predefined settings (drag-and-drop operation). n Merging databases from the command line using predefined settings. n Merging databases in the background using predefined settings. Product Guide 409 Maintaining ePolicy Orchestrator Databases Merging databases using predefined settings (drag-and-drop operation) Use this procedure to drag the Merge Settings (.TXT) file that contains predefined database merge settings to the application window, make changes to these settings as needed, then run the merge process. 1 Create a Merge Settings (.TXT) file. For instructions, see Saving database merge settings for reuse on page 404. 2 Start the DB Merge Tool (AVIDB_MERGE_TOOL.EXE). The default location is: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3\AVI If you upgraded the software from version 2.0, 2.5, or 2.5.1, the default location is: C:\PROGRAM FILES\MCAFEE\EPO\3\AVI Figure 10-17. Choose Destination Database dialog box 410 3 In Windows Explorer, locate the desired Merge Settings (.TXT) file. 4 Drag the desired Merge Settings file to the Choose Destination Database dialog box. 5 Make changes as needed. 6 In the Import Data dialog box, click Start to begin the merge process. 7 Click Close when done. ePolicy Orchestrator™ software version 3.0 Maintaining ePolicy Orchestrator Databases Merging databases from the command line using predefined settings Use this procedure to run the DB Merge Tool from the command line using predefined database merge settings, make changes to these settings as needed, then run the merge process. 1 Create a Merge Settings (.TXT) file. For instructions, see Saving database merge settings for reuse on page 404. 2 At the command line, type the path of the DB Merge Tool (AVIDB_MERGE_TOOL.EXE) followed by the path of the Merge Settings (.TXT) file. For example, if the program and Merge Settings file are in the default location, type the following: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3\AVI\AVIDB_MERGE_TOOL.EXE C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3\AVI\SETTINGS.TXT 3 Make changes as needed. 4 In the Import Data dialog box, click Start to begin the merge process. 5 Click Close when done. Merging databases in the background using predefined settings Use this procedure to merge ePolicy Orchestrator databases together in the background while using predefined database merge settings. You might find this helpful if you want to use a third-party scheduling tool to schedule the merge process. 1 Create a Merge Settings (.TXT) file. For instructions, see Saving database merge settings for reuse on page 404. 2 At the command line, type the path of the DB Merge Tool (AVIDB_MERGE_TOOL.EXE), type the silent parameter to run the program in the background followed by the path of the Merge Settings file. For example, if the program and Merge Settings file are in the default location, type the following: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3\AVI\AVIDB_MERGE_TOOL.EXE /SILENT C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3\AVI\SETTINGS.TXT 3 A Anti-Virus Informant DB Merge Tool - Choose Destination Database taskbar button appears on the taskbar to indicate that the merge process is running. Product Guide 411 Maintaining ePolicy Orchestrator Databases Changing the default server connection protocol Use this procedure to change the protocol used to connect to the ePolicy Orchestrator database server to the recommended protocol: TCP/IP. You might experience connection issues when using the default protocol (Named Pipes). 412 1 Click the Start button, then point to Run. The Run dialog box appears. 2 In Open, type CLICONFG.EXE, then click OK. The SQL Server Client Network Utility (CLICONFG.EXE) dialog box appears. 3 On the General tab, select TCP/IP in Disabled protocols, then click Enable to move it to Enabled protocols by order. 4 Use the arrows keys under Enabled protocols by order to move TCP/IP above Named Pipes. 5 Click OK. ePolicy Orchestrator™ software version 3.0 Troubleshooting 11 Common issues and their resolutions are provided below: n I can’t connect to the ePolicy Orchestrator server from remote consoles. n How do I check the connection and communication between the ePolicy Orchestrator server and the ePolicy Orchestrator agent for NetWare? You might also find the following procedures useful for troubleshooting issues: n Creating a User DSN in Data Sources (ODBC). n Enabling logging for the agent for NetWare. n Disabling logging for the agent for NetWare. Product Guide 413 Troubleshooting I can’t connect to the ePolicy Orchestrator server from remote consoles. If you cannot connect to the ePolicy Orchestrator server from remote consoles, there are a number of possible resolutions. n Verify that the remote console meets the minimum system requirements, including Internet Explorer 6.0 and operating system. For a complete list of system requirements, see the ePolicy Orchestrator 3.0 Installation Guide. n Verify that the port used for console communications is open between the remote console and server. The default console port number is 81. n Verify that the port number specified for console communications is the same on the remote console and server. n Verify that server name you are providing during logon is correct. If the server name is still not accepted, use the IP address of the server instead. 414 n On the remote console, verify that the McAfee Framework Service is started. n On the server, verify that the McAfee ePolicy Orchestrator 3.0 Server and McAfee Framework Service are started. Depending on the operating system that you are using, this procedure varies. For instructions, see the Microsoft product documentation. n Make sure that an ODBC connection is set up between the remote machine and the SQL database. Contact Microsoft support or manuals for more information on setting up an ODBC connection. n Set up a user data source name (DSN) on the remote console to the server. For instructions, see Creating a User DSN in Data Sources (ODBC) on page 416. n If the remote console and server are in different domains, verify that there is a two-way trust relationship setup between these domains, and that the console port is not being blocked; for example, by firewall software. n Verify whether other applications, including the ePolicy Orchestrator agent are using the port specified for console communications. The agent and console cannot use the same port to communicate with the server. For instructions on viewing the agent port number on the server, see Changing ePolicy Orchestrator server settings on page 66. n If the remote console and server are not both in a domain (for example, one is in a workgroup), verify that DNS is synchronized between the two computers. You might need to change the DNS host file. For more information, see Microsoft product documentation. n Verify that the Windows NT user account you are using to log on to the computer where the remote console is installed has dbo access to the SQL Server database. ePolicy Orchestrator™ software version 3.0 Troubleshooting n Verify that the remote console and server have ePolicy Orchestrator 3.0 installed. n Be sure to log on to the server using an ePolicy Orchestrator user account. n If the message, “Out of licenses for this server” appears, you might be using Per Seat SQL Server licenses. We recommend using Per Processor licenses. For information on upgrading to Per Processor licenses, see Microsoft product documentation. At press time, this information was available on the Microsoft web site: www.microsoft.com/sql/howtobuy/production.asp How do I check the connection and communication between the ePolicy Orchestrator server and the ePolicy Orchestrator agent for NetWare? 1 Enable logging for the agent for NetWare. By default, logging is disabled. You can record agent activity to the agent log (AGENT.LOG) file, or to the agent log file and the NetWare server console. For instructions, see Enabling logging for the agent for NetWare on page 417 and Disabling logging for the agent for NetWare on page 417. NOTE We recommend that you only enable logging temporarily on a few agent connections at a time in order to troubleshoot issues. 2 Check the activity in the agent log file or NetWare server console to determine whether the agent is connecting to the ePolicy Orchestrator server. If activity indicates that the agent is sending data to and receiving data from the server, the connection has been established. If the message, “Failed to connect to server” appears, verify that the IP address, name, and HTTP ports are correct in the SITEINFO.INI file on the ePolicy Orchestrator server. 3 In ePolicy Orchestrator, verify that a site or group with the same name as the Novell tree where the NetWare server resided has been added to the Directory under ePolicy Orchestrator | <SERVER> in the console tree. This site or group appears the first time that the agent communicates with the ePolicy Orchestrator server. For more information, see Initial agent-to-server communication interval on page 246. If this site or group doesn’t appear, select Directory under ePolicy to refresh the data. Orchestrator | <SERVER> in the console tree, then click 4 Check for related known issues in the README file. For more information, see Getting more information on page 19. Product Guide 415 Troubleshooting Creating a User DSN in Data Sources (ODBC) Use this procedure to create a user data source name (DSN) in ODBC. Also, use to select the authentication method for the database. NOTE If using Windows NT authentication, you must set of the necessary access and permissions on the SQL Server database before you create a user DSN. 1 In the Control Panel, start Data Sources (ODBC). The OBDC Data Source Administrator dialog box appears. 2 On the User DSN tab, click Add to open the Create New Data Source dialog box. 3 Under Name, select SQL Server, then click Finish. The Create a New Data Source to SQL Server dialog box appears. 4 In Name, type a descriptive name for the data. We recommend using EPO_<SERVER>, where <SERVER> is the name of the ePolicy Orchestrator server. 5 In Description, type a literal description of the data source. 6 In Server, select desired database server, then click Next. 7 Select the desired authentication method (Windows NT or SQL Server). 8 Click Client Configuration to open the Add Network Library Configuration dialog box. 9 In Server alias, type the name of the database server. 10 Under Network libraries, select TCP/IP, then click OK to return to the Create a New Data Source to SQL Server dialog box. 11 Click Next twice, then click Finish. The ODBC Microsoft SQL Server Setup dialog box appears. 12 Click OK to return to the OBDC Data Source Administrator dialog box. 13 Click OK. 416 ePolicy Orchestrator™ software version 3.0 Troubleshooting Enabling logging for the agent for NetWare Use this procedure to enable logging for the ePolicy Orchestrator agent for NetWare. Logging is disabled by default. You can record the activity of the to the agent log (AGENT.LOG) file, or to the agent log file and the NetWare server console. The agent log file lists activity using this date and time format: YYYYMMDDHHMMSS (for example, 20020121154223 is January 21, 2002 at 3.42 pm). The agent log file can be found in SYS\MCAFEE\EPOAGENT. NOTE We recommend that you only enable logging temporarily on a few agent connections at a time in order to troubleshoot issues. 1 On the NetWare server console with the agent for NetWare running (i.e., NLM is loaded), type one of the following commands: a To enable logging and record agent activity to the agent log file: NAINAE 1 b To enable logging and record agent activity to the agent log file and the NetWare server console: NAINAE 11 Disabling logging for the agent for NetWare Use this procedure to disable logging for the ePolicy Orchestrator agent for NetWare. NOTE We recommend that you only enable logging temporarily on a few agent connections at a time in order to troubleshoot issues. n On the NetWare server console with the agent for NetWare running (i.e., NLM is loaded), type the following command: NAINAE 9 Product Guide 417 Troubleshooting 418 ePolicy Orchestrator™ software version 3.0 Using ePolicy Orchestrator Over the Internet A The ePolicy Orchestrator software was designed for Internet use. It allows agent-to-server communication over the Internet if the firewall is configured to allow the correct range of IP addresses. n Internet scenarios. n Remote access via VPN and RAS. n Corporate intranet. n Connecting through an ISP and a firewall. n Configuring the firewall for ePolicy Orchestrator. n Agent-to-server communications packet size. Product Guide 419 Using ePolicy Orchestrator Over the Internet Internet scenarios The following options are discussed here: Behind a firewall n Microsoft Remote Access Service (RAS), where a remote user (agent) dials into one of the ports to access the network behind the firewall. n Virtual Private Networks (VPN), where remote users (agents) dial into a port provided by a commercial carrier, but access is still behind a single firewall. Open to the Internet n Internet Service Provider (ISP), where transactions between the user (agent) and the server cannot be contained behind a firewall because the IP address remains open to the Internet. Remote access via VPN and RAS Many situations require that ePolicy Orchestrator consoles or agents are deployed outside the physical perimeter of the corporate intranet. To minimize configuration and security issues, it is highly recommended that remote agents or consoles access the server via a VPN or Microsoft RAS connection. Use of proxies is not supported. Corporate intranet There are many network topologies in which the ePolicy Orchestrator software and its components can be deployed. The simplest deployment and the highest level of security are achieved when you deploy all of the ePolicy Orchestrator components within a particular corporate intranet, behind a single firewall. In this scenario, all components of the network topology are located in fixed physical locations, all with the appropriate access to the corporate intranet. This topology is the simplest to implement for system administrators. In this scenario, administrators can leverage existing corporate infrastructure to allow seamless access to ePolicy Orchestrator services. Any firewall issues are hidden by the VPN and RAS transports. 420 ePolicy Orchestrator™ software version 3.0 Using ePolicy Orchestrator Over the Internet Connecting through an ISP and a firewall Agent The agent can access ePolicy Orchestrator servers via an ISP (Internet Service Provider) with several restrictions: n The ISP must be able to resolve the ePolicy Orchestrator server IP address. n The ISP can use DHCP to assign random IP addresses, which the corporate firewall must accept. n The ePolicy Orchestrator server cannot push the ePolicy Orchestrator agent over a firewall. In this environment, the agent must be delivered via alternate media. n The port on the firewall used for agent-to-server communication is port 80. It must be configured for incoming and outgoing agent-to-server traffic. The default value for this port is 80, but you can define a different value during server installation. n The port on the firewall used for console-to-server communications is port 81. The default value is 81, but you can define a different value during server installation. n The port on the firewall used for agent wakeup calls is port 8081. You can change this value dynamically using the server configuration feature, described in Server Settings on page 186. Console Using an ISP to connect the console to the server is strongly discouraged for the following reasons: n The ePolicy Orchestrator console cannot operate over some older firewalls, because the it uses the HTTP “Keep Alive” function for many of its transactions. Removing “Keep Alive” from the console would significantly impact performance in usage scenarios where the console is “inside” the corporate intranet. n Accessing SQL server inside the company firewall creates a significant security risk. Product Guide 421 Using ePolicy Orchestrator Over the Internet Configuring the firewall for ePolicy Orchestrator Any of the following three options allows agent-to-server communications: No firewall n If there is no firewall, agent-to-server communication is open. Firewall with open HTTP port n If the HTTP port is already open in the firewall, no action is needed. Communications are open. Firewall with no open HTTP port n Destination rule — Create a destination rule for the firewall configuration that opens only the ePolicy Orchestrator server to communicate with the agents outside the firewall. A destination rule specifies only the ePolicy Orchestrator server IP address as the destination for incoming HTTP traffic. n Source rule — Create a source rule in the firewall configuration that allows only designated client computers to talk to the ePolicy Orchestrator server. This allows a range of IP addresses access to the server via the port. Precautions must be made to prevent someone hijacking the IP address and using it improperly. Agent-to-server communications packet size Following is an example of packet sizes: Table A-1. Typical Packet Size for Agent-to-Server Communication Activity (per computer) *Full Size (KB) *Incremental Size (KB) Agent sends properties 10 2 Agent checks for new policies (no new policies) 2 — Agent checks for new policies (new policies) 5–9 — * The packet size can vary significantly, depending on events collection. 422 ePolicy Orchestrator™ software version 3.0 Report and Query Templates B The ePolicy Orchestrator software includes a number of predefined anti-virus report and query templates. These templates and any custom templates you provide are stored in the Report Repository and Query Repository under Reporting in the console tree. Any template found here can be used to create reports and queries using the data on any ePolicy Orchestrator database server. For instructions on working with database servers, reports, and queries, see Reporting on page 327. The data that each report and query template provides and samples of each report is provided here. Depending on which products you have checked into the Repository, you may see additional templates that are not described here. For information on them, see the Configuration Guide for that product. n Coverage report templates. n Infection | Action Summaries report templates. n Infection | Detections report templates. n Infection | Top Tens report templates. n Infection | WebShield report templates. n Coverage and Infection subreports. n Criteria used to limit report results. n Computer query templates. n Events query templates. n Installations query templates. Product Guide 423 Report and Query Templates Coverage report templates These are the predefined report templates available under Reporting |Anti-Virus | Coverage: 424 n Agent to Server Connection Info report template. n Agent Versions report template. n Compliance Issues report template. n Compliance Summary report template. n DAT/Definition Deployment Summary report template. n DAT Engine Coverage report template. n Engine Deployment Summary report template. n Product Protection Summary report template. n Products By Custom Data Groups report template. n Product Updates By Custom Event Groups report template. ePolicy Orchestrator™ software version 3.0 Report and Query Templates Agent to Server Connection Info report template Usage Use this report to specify the time period that defines an inactive agent, then view report data for active (current) agents, inactive (late) agents, and no agent, in a pie chart format. You can also view historical data for computers using the Tasks, Policies, Update, and Infection subreports. For more information on subreports, see Coverage and Infection subreports on page 494. A variation of this report is included in the predefined settings of the Products By Custom Data Groups report. For more information, see Products By Custom Data Groups report template on page 441. Connection status of agents is grouped into these categories: n Current — Computers that have communicated with the server after the specified cutoff date and time. n Late — Computer that haven’t communicated with the server since the specified cutoff date and time. n (No Agent) — Computers without an agent installed on them. Within You can limit the report results to data recorded within the time period you specify on the Within tab in the Enter Reports Input dialog box: n Agent Connection Date — Specifies a cutoff date and time that defines an inactive agent. Agents that have not communicated with the server since the date you specify are reported as inactive (late). n Agent Connection Rule — Specifies a relative time period (for example, Current Week) that defines an inactive agent. Limit report results You can limit the results of this report using the criteria listed in Coverage reports criteria on page 504. Product Guide 425 Report and Query Templates Sample report Figure B-1. Sample Agent to Server Connection Info report 426 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Agent Versions report template Usage Use this report to view the versions of ePolicy Orchestrator agents, SuperAgents, and SuperAgent distributed repositories that are currently in use on client computers, in a bar chart format. Use this report for an overall view of how up-to-date the agents are on client computers. A variation of this report is included in the predefined settings of the Products By Custom Data Groups report. For more information, see Products By Custom Data Groups report template on page 441. Limit report results You can limit the results of this report using the criteria listed in Coverage reports criteria on page 504. Sample report Figure B-2. Sample Agent Versions report Product Guide 427 Report and Query Templates Compliance Issues report template Usage Use this report to view all compliance issues on computers that violate the compliance rules you specify. You can also view computers with unresolved detections. In addition, you can view historical data for computers using the Tasks, Policies, Update, and Infection subreports. For more information on subreports, see Coverage and Infection subreports on page 494. Compliance violations are grouped into these categories: n Inactive agents. n No agent. n No anti-virus protection. n Out-of-date agent. n Out-of-date virus definition (DAT) files. n Out-of-date virus scanning engine. n Out-of-date anti-virus products. n Unresolved infections. Rules Use the Product Version Rules and Engine\DAT tabs in the Enter Reports Input dialog box to define compliance rules for this report. Specify the minimum version number of the following that meets your compliance requirements. The report includes data for computers with older versions installed. 428 n The ePolicy Orchestrator agent. n Supported products. n McAfee virus definition (DAT) files. n McAfee virus scanning engine. n Symantec virus definition files. n Symantec engine. ePolicy Orchestrator™ software version 3.0 Report and Query Templates Within You can limit the report results to data recorded within the time period you specify on the Within tab (Enter Reports Input dialog box): n Late Agent Connection Date — Specifies a cutoff date and time for agent communication. Data for computers with agents that have not communicated with the ePolicy Orchestrator server since this date and time appear on the report. n Late Agent Connection Rule — Specifies a relative time period (for example, Current Week) for agent communication. Data for computers with agents that have not communicated with the ePolicy Orchestrator server since the time period you specify appear on the report. n Recent Infection Date — Specifies a cutoff date and time for unresolved infection events. Events created after this date and time appear on the report. n Recent Infection Rule — Specifies a relative time period (for example, Current Week) for unresolved infection events. Events created after the time period you specify appear on the report. Limit report results You can limit the results of this report using the criteria listed in Coverage reports criteria on page 504. Product Guide 429 Report and Query Templates Sample report Figure B-3. Sample Compliance Issues report 430 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Compliance Summary report template Usage Use this report to view a one-page summary of compliance and infection resolution by product. By default, this report uses the same compliance rules you defined for the Compliance Issues report. Within You can limit the report results to data recorded within the time period you specify on the Within tab (Enter Reports Input dialog box): n Recent Infection Date — Specifies a cutoff date and time for unresolved infection events. Events created after this date and time appear on the report. Limit report results You can limit the results of this report using the criteria listed in Coverage reports criteria on page 504. Product Guide 431 Report and Query Templates Sample report Figure B-4. Sample Compliance Summary report 432 ePolicy Orchestrator™ software version 3.0 Report and Query Templates DAT/Definition Deployment Summary report template Usage Use this report to view the versions of McAfee and Symantec virus definition files that are currently in use on client computers, in a pie chart format. You can also this report for an overall view of how up-to-date your anti-virus protection is across client computers, and to determine which client computers need to be updated with the most current virus definition files. In addition, you can view historical data for computers using the Tasks, Policies, Update, and Infection subreports. For more information on subreports, see Coverage and Infection subreports on page 494. A variation of this report is included in the predefined settings of the Products By Custom Data Groups report. For more information, see Products By Custom Data Groups report template on page 441. The versions of virus definition files are grouped into these categories: n Current or newer. n One version out-of-date. n Two versions out-of-date. n Three versions out-of-date. n Four versions out-of-date. n Five or more versions out-of-date. n Unprotected (no virus definition file present). Rules Use the McAfee and Symantec tabs (Current Protection Standards dialog box) to define compliance rules for this report. Specify up to five version numbers of McAfee or Symantec virus definition files that meet your compliance requirements. Computers with older versions of virus definition files installed on them are reported as non-compliant. Product Guide 433 Report and Query Templates Within You can limit the report results to data recorded within the time period you specify on the Within tab (Current Protection Standards dialog box): n Agent Connection Date — Specifies a cutoff date and time for agent communication. Data for computers with agents that have not communicated with the ePolicy Orchestrator server since this date and time appear on the report. n Agent Connection Rule — Specifies a relative time period (for example, Current Week) for agent communication. Data for computers with agents that have not communicated with the ePolicy Orchestrator server since the time period you specify appear on the report. Limit report results You can limit the results of this report using the criteria listed in Coverage reports criteria on page 504. Sample report Figure B-5. Sample DAT/Definition Deployment Summary report 434 ePolicy Orchestrator™ software version 3.0 Report and Query Templates DAT Engine Coverage report template Usage Use this report to view the versions of McAfee and Symantec virus definition files and virus scanning engines that are currently in use on client computers, in a pie chart format. You can also use this report for an overall view of how up-to-date your anti-virus protection is across client computers, and to determine which client computers need to be updated with the most current virus definition files or engine. In addition, you can view historical data for computers using the Tasks, Policies, Update, and Infection subreports. For more information on subreports, see Coverage and Infection subreports on page 494. A variation of this report is included in the predefined settings of the Products By Custom Data Groups report. For more information, see Products By Custom Data Groups report template on page 441. The versions of virus definition files and engines are grouped into these categories: n Current or newer. n DAT out-of-date. n Engine out-of-date. n Both out-of-date. n Unprotected (no virus definition file or engine present). Rules Use the McAfee and Symantec tabs (Current Protection Standards dialog box) to define compliance rules for this report. Specify the version numbers of McAfee or Symantec virus definition files or the virus scanning engine that meet your compliance requirements. Computers with older versions of virus definition files or engines installed on them are reported as non-compliant. Within You can limit the report results to data recorded within the time period you specify on the Within tab (Current Protection Standards dialog box): n Agent Connection Date — Specifies a cutoff date and time for agent communication. Data for computers with agents that have not communicated with the ePolicy Orchestrator server since this date and time appear on the report. n Agent Connection Rule — Specifies a relative time period (for example, Current Week) for agent communication. Data for computers with agents that have not communicated with the ePolicy Orchestrator server since the time period you specify appear on the report. Product Guide 435 Report and Query Templates Limit report results You can limit the results of this report using the criteria listed in Coverage reports criteria on page 504. Sample report Figure B-6. Sample DAT Engine Coverage report 436 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Engine Deployment Summary report template Usage Use this report to view the versions of McAfee and Symantec virus scanning engines that are currently in use on client computers, in a pie chart format. You can also use this report for an overall view of how up-to-date your anti-virus protection is across client computers, and to determine which client computers need to be updated with the most current engine. In addition, you can view historical data for computers using the Tasks, Policies, Update, and Infection subreports. For more information on subreports, see Coverage and Infection subreports on page 494. A variation of this report is included in the predefined settings of the Products By Custom Data Groups report. For more information, see Products By Custom Data Groups report template on page 441. The versions of the virus scanning engine are grouped into these categories: n Current or newer. n One version out-of-date. n Two versions out-of-date. n Three or more versions out-of-date. n Unprotected (no engine present). Rules Use the McAfee and Symantec tabs (Current Protection Standards dialog box) to define compliance rules for this report. Specify up to three version numbers of the McAfee or Symantec engine that meet your compliance requirements. Computers with older versions of engines installed on them are reported as non-compliant. Within You can limit the report results to data recorded within the time period you specify on the Within tab (Current Protection Standards dialog box): n Agent Connection Date — Specifies a cutoff date and time for agent communication. Data for computers with agents that have not communicated with the ePolicy Orchestrator server since this date and time appear on the report. n Agent Connection Rule — Specifies a relative time period (for example, Current Week) for agent communication. Data for computers with agents that have not communicated with the ePolicy Orchestrator server since the time period you specify appear on the report. Product Guide 437 Report and Query Templates Limit report results You can limit the results of this report using the criteria listed in Coverage reports criteria on page 504. Sample report Figure B-7. Sample Engine Deployment Summary report 438 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Product Protection Summary report template Usage Use this report to compare product version numbers for McAfee products, Norton AntiVirus products, all versions of non-compliant anti-virus products, and computers without any anti-virus protection software and computers without an agent, in a stacked column chart format. In addition to computers without any anti-virus protection software, client computers that are using anti-virus products that the software does not currently support (for example, Trend OfficeScan) are reported in this report as if no anti-virus protection software were present. A variation of this report is included in the predefined settings of the Products By Custom Data Groups report. For more information, see Products By Custom Data Groups report template on page 441. Limit report results You can limit the results of this report using the criteria listed in Coverage reports criteria on page 504. Product Guide 439 Report and Query Templates Sample report Figure B-8. Sample Product Protection Summary report 440 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Products By Custom Data Groups report template Usage Use this report to define custom settings for coverage reports, then save them for future use. Group by You can specify how data is grouped on this report on the Data Groupings tab (Enter Reports Input dialog box). You can group data in up to four different levels. Within You can limit the report results to data recorded within the time period you specify on the Within tab (Enter Reports Input dialog box): n Agent Connection Date — Specifies a cutoff date and time for agent communication. Computers that have communicated with the server after this date are categorized as current; those that haven’t communicated since this date are categorized as late. n Agent Connection Rule — Specifies a relative time period (for example, Current Week) for agent communication. Computers that have communicated with the server after this date are categorized as current; those that haven’t communicated since this date are categorized as late. n Connection Type — Specifies whether to include data for all computers, current computers only, or late computers only. n Product Type — Specifies the type of products to include on the report. You can select the agent only, all products, anti-virus products only, or security products only. Saved Settings You can save the selections you make in the Enter Report Inputs dialog box for future use. The next time that you run that report, you can apply the report input settings that you saved, then change or delete them as needed. A number of predefined settings are provided for you: n Agent Version — Provides the same data as the Agent Version report, but also groups data by connection status. n Domain to Group — Organizes sites and groups by the domains to which they belong. Use this report to match the Directory structure to the domain layout. Product Guide 441 Report and Query Templates n Engine DAT — Provides the same data as the DAT/Definition Deployment Summary, DAT Engine Coverage, and Engine Deployment Summary reports, but groups data by version number instead of by out-of-date versions. Use this report to view summary data at the virus definition file and virus scanning engine level. n Group to Domain — Groups domains by the site or group to which they belong. Use this report to match the Directory structure to the domain layout. n Language — This report replaces the Language Summary report from previous versions of the software. Use this report to view the language versions of supported anti-virus and security products installed on client computers. n Last Contact — Provides the same data as the Agent To Server Connection Info report, but allows you to change the format of the chart that appears on the main page of the report. n OS Product — Lists supported anti-virus and security product versions installed on client computers by operating system version. n Product Protection — Provides the same data as the Product Protection Summary report. It is provided here as a base for you to customize as desired. n Connections by OS Platform — Lists the last connection of client computer by operating system platform. Use this report to identify laptop computers, or connection issues on critical computers; for example, servers. Limit report results You can limit the results of this report using the criteria listed in Coverage reports criteria on page 504. 442 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Sample report Figure B-9. Sample Products By Custom Data Groups report Product Guide 443 Report and Query Templates Product Updates By Custom Event Groups report template Usage Use this report to define custom settings for reports on product updates, then save them for future use. You can use these reports to focus on product updates, update history and distributed software repositories. Group by You can specify how data is grouped on this report on the Data Groupings tab (Enter Reports Input dialog box). You can group data in up to four different levels. Within You can limit the report results to data recorded within the time period you specify on the Within tab (Enter Reports Input dialog box): n Product Upgrade Date — Specifies a cutoff date and time for product update events. Events created after this date and time appear on the report. n Product Upgrade Rule — Specifies a relative time period (for example, Current Week) for product update events. Events created after the time period you specify appear on the report. Saved Settings You can save the selections you make in the Enter Report Inputs dialog box for future use. The next time that you run that report, you can apply the report input settings that you saved, then change or delete them as needed. A number of predefined settings are provided for you: n Initiator summary — Summarizes product updates by the updating method: global updating, the Update client task based updating, or client-based pull updating. n Server activity — Provides the distribution of update activity across distributed software repositories servers and the types of product or product update packages (for example, HotFix releases, service pack releases, virus definition (DAT) files, etc.) being replicated to repositories. n Update Errors — Lists updating messages grouped by message ID number. n Weekly updates — Provides the updates that occurred each week by product or product update type and version number. Limit report results You can limit the results of this report using the criteria listed in Coverage reports criteria on page 504. 444 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Sample report Figure B-10. Sample Product Updates By Custom Event Groups report Product Guide 445 Report and Query Templates Infection | Action Summaries report templates Here are the predefined report templates located under Reporting | Anti-Virus | Infection | Action Summaries: 446 n Action Summary By Top 10 Files Resolved report. n Action Summary By Top 10 Files Unresolved report. n Action Summary By Top 10 Viruses report. n Action Summary report template. ePolicy Orchestrator™ software version 3.0 Report and Query Templates Action Summary By Top 10 Files Resolved report Usage Use this report to view the ten most frequently infected files that have been successfully resolved by the scanning engine. Data is grouped by file name, action taken, and infection name. Limit report results You can limit the results of this report using the criteria listed in Infection | Action Summaries reports criteria on page 505. Sample report Figure B-11. Sample Action Summary By Top 10 Files Resolved report Product Guide 447 Report and Query Templates Action Summary By Top 10 Files Unresolved report Usage Use this report to view the ten most frequently infected files that have been unsuccessfully resolved by the scanning engine. Data is grouped by file name, action taken, and infection name. Limit report results You can limit the results of this report using the criteria listed in Infection | Action Summaries reports criteria on page 505. Sample report Figure B-12. Sample Action Summary By Top 10 Files Unresolved report 448 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Action Summary By Top 10 Viruses report Usage Use this report to view the actions performed on the ten most detected viruses, in a stacked bar chart format. It provides a good indication of the most common viruses that are being detected by your organization, and the actions that were performed to prevent them from infecting your organization. Data is grouped by infection name, action taken, and product version number. A variation of this report is included in the predefined settings of the Infections By Custom Data Groups report. For more information, see Infections By Custom Data Groups report template on page 454. Limit report results You can limit the results of this report using the criteria listed in Infection | Action Summaries reports criteria on page 505. Sample report Figure B-13. Sample Action Summary By Top 10 Viruses report Product Guide 449 Report and Query Templates Action Summary report template Usage Use this report to view the actions performed when viruses were detected by supported anti-virus protection products, in a bar chart format. It provides a good overall view of the detection activity across your organization, and can indicate the effectiveness of your current anti-virus setup. Data is grouped by infection name, action taken, and product version number. A variation of this report is included in the predefined settings of the Infections By Custom Data Groups report. For more information, see Infections By Custom Data Groups report template on page 454. Limit report results You can limit the results of this report using the criteria listed in Infection | Action Summaries reports criteria on page 505. Sample report Figure B-14. Sample Action Summary report 450 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Infection | Detections report templates Here are the predefined report templates located under Reporting | Anti-Virus | Infection | Detections: n Infection History report template. n Infections By Custom Data Groups report template. n Number Of Infections Detected By Product For Current Quarter (3D Bars) report template. n Number Of Infections Detected Monthly Showing Viruses report template. n Number Of Infections For the Past 24 Hours report template. n Outbreaks - Weekly History report template. n Outbreaks - Current report template. n Product Events By Severity report template. n Number Of Infections From Removable Media report template. n Security Summary report template n Virus Type report template. n Viruses Detected report template. Product Guide 451 Report and Query Templates Infection History report template Usage Use this report to view the following information: n Number of virus infections by year (bar chart at the top of page 1). n Top ten virus infections and the corresponding action taken (stacked bar chart at bottom of page 1 on the left side). n Top ten users and the viruses that infected them (stacked bar chart at the bottom of page 1 on the right side). n Number of times each type of action taken was made (bar chart on the left side of page 2). n Top ten files and the action taken on them (stacked bar chart on the right side of page 2). Use this report for a complete view of virus infection activity over time, and to see the relationship between virus infections, action taken, users, and files. You can view report details on year, month, week, and day. The details sections for year, month, and week shows the same information as the main report section. The details section for day shows the date and time that the virus infection was detected, user name, engine version number, virus definition file version number, virus name, action taken, and the name and location of the infected file. You can click the virus name to go to the AVERT web site for a description of that virus. A variation of this report is included in the predefined settings of the Infections By Custom Data Groups report. For more information, see Infections By Custom Data Groups report template on page 454. Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. 452 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Sample report Figure B-15. Sample Infection History report Product Guide 453 Report and Query Templates Infections By Custom Data Groups report template Usage Use this report to define custom settings for infection reports and save them for future use. Use these reports to focus on infection events and service events (for example, starting or stopping software) events. Group by You can specify how data is grouped on this report on the Data Groupings tab (Enter Reports Input dialog box). You can group data in up to four different levels. Within You can limit the report results to data recorded within the time period you specify on the Within tab (Enter Reports Input dialog box): n Event Date — Shows only events occurring after the listed date. n Event Rule — Shows only events occurring after the listed date. n Event Type — Allows you to specify the type of event to retrieve: w All w Infections w Infection-cleaned w Infection-deleted w Infection-moved w Infection-Unresolved (for example, clean error, move error, etc.) w Non Infection Saved Settings You can save the selections you make in the Enter Report Inputs dialog box for future use. The next time that you run that report, you can apply the report input settings that you saved, then change or delete them as needed. A number of predefined settings are provided for you: n Action summary for last 4 weeks — Provides the same data as the Action Summary report, but provides data over the past four weeks. n n Events by severity – all events — Lists event descriptions by severity. Events by severity – noninfection events — Lists non-infection events descriptions by severity. 454 ePolicy Orchestrator™ software version 3.0 Report and Query Templates n Infection History — Provides the same data as the Infection History report. It is provided here as a base for you to customize as desired. n Infections by Task Type — Provides an infection summary by scan task type. n Infections over last 24 hours — Provides the same data as the Number Of Infections For the Past 24 Hours report. It is provided here as a base for you to customize as desired. n Monthly infections by product — This report replaces the Number Of Infections Detected Monthly report from previous versions of the software, but groups data by product name. Use this report to view detected infections for each calendar month. It allows you to compare monthly infection levels. n Monthly infections by virus name — This report replaces the Number Of Infections Detected Monthly report from previous versions of the software, but groups data by virus name. Use this report to view detected infections for each calendar month. It allows you to compare monthly infection levels. n Virus actions over last 4 weeks — This report replaces the Action Summary For Current Month report from previous versions of the software, but provides data over the past four weeks. Use this report to view all actions performed over the past four weeks by anti-virus products when viruses were detected. It provides a good overall view of the detection activity across your organization. n Viruses found over last 7 days — Provides the same data as the Viruses Detected report, but provides data on all detected viruses over the last seven days. n Weekly infections by product over last 4 weeks — This report replaces the Infections Detected By Product For The Last 4 Weeks report from previous versions of the software. Use this report to view detected infections by anti-virus product over the past 28 days. It allows you to compare the anti-virus products across your organization, and identify common entry methods (for example, e-mail messages or floppy disks) for viruses. n Weekly infections by virusname — This report replaces the Infections Detected By Product For The Last 4 Weeks report from previous versions of the software, but groups data by virus name. Use this report to view detected infections by anti-virus product over the past 28 days. It allows you to compare the anti-virus products across your organization, and identify common entry methods (for example, e-mail messages or floppy disks) for viruses. Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. Product Guide 455 Report and Query Templates Sample report Figure B-16. Sample Infection By Custom Data Groups report 456 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Number Of Infections Detected By Product For Current Quarter (3D Bars) report template Usage Use this report to view a three-dimensional bar chart of the detected infections for each of the anti-virus products on your computers for the current quarter. It allows you to compare the detection levels of the anti-virus products over the three months. The current quarter is measured as the current calendar quarter, and not as a fixed number of days from the time that the report is generated. Therefore, generating this report in the first month of a quarter only shows information for that month. The quarters are January–March, April–June, July–September, October–December. Drill down within a product to view virus counts by Product Version followed by Virus Name, then the detailed list of occurrences for that product and virus. Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. Product Guide 457 Report and Query Templates Number Of Infections Detected Monthly Showing Viruses report template Usage Use this report to view the detected infections for each month, with a breakdown of the individual levels for each virus. It allows you to view the monthly infection levels, with extra details on the individual viruses. The months are measured as calendar months, and not as a fixed number of days from the time that the report is generated. Drill down within a virus name to view virus counts by Product Name, followed by Product Version, then the detailed list of occurrences for that month, product, and virus. A variation of this report is included in the predefined settings of the Infections By Custom Data Groups report. For more information, see Infections By Custom Data Groups report template on page 454. Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. 458 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Sample report Figure B-17. Sample Number Of Infections Detected Monthly Showing Viruses report Product Guide 459 Report and Query Templates Number Of Infections For the Past 24 Hours report template Usage Use this report to view the detected infections in the last 24 hours, with a breakdown of the individual levels for each product. Data is grouped by product name and product version number. A variation of this report is included in the predefined settings of the Infections By Custom Data Groups report. For more information, see Infections By Custom Data Groups report template on page 454. Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. 460 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Outbreaks - Weekly History report template Usage Use this report to view historical data on detected infections within an outbreak for each week within a quarter, in a three-dimensional bar chart format. The report allows the user to enter an outbreak definition. A historic outbreak is defined as occurring over at least a minimum number or distinct computer and/or distinct files infected within the time frame of a week. Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. Sample report Figure B-18. Sample Outbreaks - Weekly History report Product Guide 461 Report and Query Templates Outbreaks - Current report template Usage Use this report to view detected infections within an outbreak, in a three-dimensional bar chart format. This report defines outbreaks within a shorter time span than a week. Its designed to show outbreaks that have occurred recently over a narrower time span than the weekly outbreak history report. An outbreak can be defined in terms of hours. A current outbreak is defined as occurring over at least a minimum number or distinct computer (x) and/or distinct files (y) infected within a time frame specified in hours (z). In others words, an outbreak is said to have occurred if x distinct computers or y distinct files have been infected by the same virus within z hours. Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. 462 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Sample report Figure B-19. Sample Outbreaks - Current report Product Guide 463 Report and Query Templates Product Events By Severity report template Usage Use this report to view events by severity. Data is grouped by severity and event description. Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. Sample report Figure B-20. Sample Product Events By Severity report 464 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Number Of Infections From Removable Media report template Usage Use this report to view a pie chart of the number of detected viruses from a removable media source such as a floppy drive. Specify the drive letter (default is a:), the report number then shows the number coming from that drive versus those from other sources. Drill down within a rule number to view the detailed list of occurrences for that given media type. Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. Sample report Figure B-21. Sample Number Of Infections From Removable Media report Product Guide 465 Report and Query Templates Security Summary report template Usage Use this report to view a one-page summary of detections by McAfee anti-virus products, intrusions detected by McAfee Desktop Firewall, and security vulnerabilities reported by McAfee ThreatScan. Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. Sample report Figure B-22. Sample Security Summary report 466 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Virus Type report template Usage Use this report to see what types of viruses have infected the enterprise. This report shows the number of virus infections by virus type, in bar chart format. You can view report details by virus type, virus subtype, virus name, and product name. For definitions of virus types (for example, trojan horse), see the Virus Glossary on the AVERT web site: http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/vir us-glossary.asp#m Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. Product Guide 467 Report and Query Templates Sample report Figure B-23. Sample Virus Type report 468 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Viruses Detected report template Usage Use this report to view the number of virus infections for the top ten viruses by year, in a stacked bar chart format. You can view details on virus name, quarter, month, week, and day. You can click the AVERT link next to each virus name to go to the AVERT web site for a description of that virus. A variation of this report is included in the predefined settings of the Infections By Custom Data Groups report. For more information, see Infections By Custom Data Groups report template on page 454. Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. Product Guide 469 Report and Query Templates Sample report Figure B-24. Sample Viruses Detected report 470 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Infection | Top Tens report templates Here are the predefined report templates located under Reporting | Anti-Virus | Infection | Top Tens: n Top 10 Detected Viruses report template. n Top 10 Infected Files report template. n Top 10 Infected Machines report template. n Top 10 Infected Users report template. Product Guide 471 Report and Query Templates Top 10 Detected Viruses report template Usage Use this report to view a pie chart of the ten most detected viruses. The segment sizes are proportional to how often the viruses were detected. It allows you to identify the most common viruses that are being detected by your organization. Drill down within a virus name to view virus counts by Product Name, followed by Product Version, then the detailed list of occurrences for that product, and virus. Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. Sample report Figure B-25. Sample Top 10 Detected Viruses report 472 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Top 10 Infected Files report template Usage Use this report to view the ten most infected files, in bar chart format. It allows you to identify the most common infected files that are being accessed by your organization. Drill down within files to view counts by virus name, product name, and product version number, then the detailed list of occurrences for that file, product, and virus. Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. Sample report Figure B-26. Sample Top 10 Infected Files report Product Guide 473 Report and Query Templates Top 10 Infected Machines report template Usage Use this report to view the ten most infected client computers, in bar chart format. It allows you to identify the most common computers within your organization that are attempting to access infected files. You may want to investigate how the computers are being used and the external information sources that are being accessed (possible sources for the infections). Drill down within machines to view counts by virus name, product name, and product version number, then the detailed list of occurrences for that machine, product, and virus. Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. Sample report Figure B-27. Sample Top 10 Infected Machines report 474 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Top 10 Infected Users report template Usage Use this report to view the ten most infected users, in bar chart format. It allows you to identify the most common users within your organization that are attempting to access infected files. You may want to investigate how they are using their computers and the external information sources that they are accessing (possible sources for the infections). Drill down within users to view counts by virus name, product name, and product version number, then the detailed list of occurrences for that user, product, and virus. Limit report results You can limit the results of this report using the criteria listed in Infection | Detections reports criteria on page 506. Sample report Figure B-28. Sample Top 10 Infected Users report Product Guide 475 Report and Query Templates Infection | WebShield report templates Here are the predefined report templates located under Reporting | Anti-Virus | Infection | WebShield: 476 n Content Filter Report By Rule template. n Content Filter Report By Rule And Time template. n Content Filter Report Rules Triggered template. n Content Scanning Detections By Appliance report template. n Infection History report template (WebShield). n Spam Detections By Appliance report template. n Top Ten Spammers report template. n URLs Blocked report template. n Virus Detections By Appliance report template. n Virus Detections Timing report template. n Virus Type report template (WebShield). n Viruses Detected report template (WebShield) ePolicy Orchestrator™ software version 3.0 Report and Query Templates Content Filter Report By Rule template Usage Use this report to view the number of times each content rule was triggered for the quarter, in pie chart format. You can view report details by month, week, and day. The details section of this report shows the event date and time, WebShield appliance name (WebShield), WebShield appliance IP address, blocked spam addresses (User Name), action taken, and portion of the e-mail message that contained the offending content (Message Part). Limit report results You can limit the results of this report using the criteria listed in Infection | WebShield reports criteria on page 508. Sample report Figure B-29. Sample Content Filter Report By Rule Product Guide 477 Report and Query Templates Content Filter Report By Rule And Time template Usage Use this report to view the number of times each content rule was triggered over the quarter, in a line chart format. You can view report details by month, week, and day. The details section of this report shows the event date and time, WebShield appliance name (WebShield), WebShield appliance IP address, blocked spam addresses (User Name), action taken, and portion of the e-mail message that contained the offending content (Message Part). Limit report results You can limit the results of this report using the criteria listed in Infection | WebShield reports criteria on page 508. Sample report Figure B-30. Sample Content Filter Report By Rule And Time 478 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Content Filter Report Rules Triggered template Usage Use this report to view the number of times individual users triggered a content rule by month, in a stacked bar chart format. You can view report details by computer name, month, week, and content rule. The details section of this report shows the event date and time, WebShield appliance IP address, blocked spam addresses (User Name), action taken, and portion of the e-mail message that contained the offending content (Message Part). Limit report results You can limit the results of this report using the criteria listed in Infection | WebShield reports criteria on page 508. Sample report Figure B-31. Sample Content Filter Report Rules Triggered Product Guide 479 Report and Query Templates Content Scanning Detections By Appliance report template Usage Use this report to view the number of broken content rules by WebShield appliance for the current quarter, in a bar chart format. You can view report details by broken content rule. The details section of this report shows the event date and time, portion of the e-mail message that contained the offending content (Affected Area), and e-mail address of the sender (User Name). Limit report results You can limit the results of this report using the criteria listed in Infection | WebShield reports criteria on page 508. Sample report Figure B-32. Sample Content Scanning Detections By Appliance report 480 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Infection History report template (WebShield) Usage Use this report for a complete view of virus infection activity over time, and to see the relationship between virus infections, action taken, users, and files. You can view report details by year, month, week, and day. The main section of this report shows the following information: n Number of virus infections by year (bar chart at the top of page 1). n Top ten virus infections and the corresponding action taken (stacked bar chart at the bottom of page 1 on the left side). n Top ten users and the viruses that infected them (stacked bar chart at the bottom of page 1 on the right side). n Number of times each type of action taken was made (bar chart on the left side of page 2). n Top ten files and the action taken on them (stacked bar chart on the right side of page 2). The details section shows the event date and time, e-mail address or IP address of the user responsible for triggering the event (User Name), scanning engine version number, virus definition (DAT) file version number, virus name, action taken, and portion of the e-mail message that contained the offending content or name of the infected file (File Name). You can click the virus name to go to the AVERT web site for a description of that virus. Limit report results You can limit the results of this report using the criteria listed in Infection | WebShield reports criteria on page 508. Product Guide 481 Report and Query Templates Sample report Figure B-33. Sample Infection History report (WebShield) 482 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Spam Detections By Appliance report template Usage Use this report to view the number of broken spam rules by WebShield appliance for the current quarter, in a bar chart format. The details section of this report shows the event date and time, spam rule name, IP address of the spam source, and e-mail address of the sender (User Name). Limit report results You can limit the results of this report using the criteria listed in Infection | WebShield reports criteria on page 508. Sample report Figure B-34. Sample Spam Detections By Appliance report Product Guide 483 Report and Query Templates Top Ten Spammers report template Usage Use this report to view the number of broken spam rules by the top ten users for the current quarter, in a bar chart format. The details section of this report shows the event date and time, spam rule name, IP address of the spam source, and e-mail address of the sender (User Name). Limit report results You can limit the results of this report using the criteria listed in Infection | WebShield reports criteria on page 508. Sample report Figure B-35. Sample Top Ten Spammers report 484 ePolicy Orchestrator™ software version 3.0 Report and Query Templates URLs Blocked report template Usage Use this report to view the number of blocked Uniform Resource Locators (URL) by WebShield appliance for the year, in a stacked bar chart format. You can view report details by quarter, month, week, and day. The details section of this report shows the event date and time, WebShield appliance IP address (IP Address), IP address of the source that triggered the event (Offending IP), action taken, and the URL that triggered the event (Blocked URL). Limit report results You can limit the results of this report using the criteria listed in Infection | WebShield reports criteria on page 508. Sample report Figure B-36. Sample URLs Blocked report Product Guide 485 Report and Query Templates Virus Detections By Appliance report template Usage Use this report to view the number of detected virus infections by WebShield appliance, in a pie chart format. You can view report details on virus name. The details section of this report shows the event date and time, e-mail address of sender or IP address of source that triggered the event (User Name), scanning engine version number, virus definition (DAT) file version number, action taken, and name of the infected file. You can click the AVERT link next to each virus name to go to the AVERT web site for a description of that virus. Limit report results You can limit the results of this report using the criteria listed in Infection | WebShield reports criteria on page 508. 486 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Sample report Figure B-37. Sample Virus Detections By Appliance report Product Guide 487 Report and Query Templates Virus Detections Timing report template Usage Use this report to view the number of detected virus infections by the hour for the year, in a bar chart format. Use this report to determine if virus infections are concentrated during a specific time of day. The details section of this report shows the event date and time, user name, scanning engine version number, virus definition (DAT) file version number, virus name, action taken, and name of the infected file. You can click each virus name to go to the AVERT web site for a description and other information about that virus. Limit report results You can limit the results of this report using the criteria listed in Infection | WebShield reports criteria on page 508. 488 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Sample report Figure B-38. Sample Virus Detections Timing report Product Guide 489 Report and Query Templates Virus Type report template (WebShield) Usage Use this report to view the number of virus infections by virus type, in a bar chart format. You can view report details on virus type, virus subtype, virus name, and product name. Use this report to see what types of viruses have infected the enterprise. The details section of this report shows the event date and time, name of the WebShield Appliance item in the Directory and -- if a report filter has been applied -- group name in the Directory (Computer Name/Group), WebShield appliance IP address, virus definition (DAT) file version number, scanning engine version number, action taken, and name of the infected file. For definitions of virus types (for example, trojan horse), see the Virus Glossary on the AVERT web site: http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/vir us-glossary.asp#m Limit report results You can limit the results of this report using the criteria listed in Infection | WebShield reports criteria on page 508. 490 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Sample report Figure B-39. Sample Virus Type report (WebShield) Product Guide 491 Report and Query Templates Viruses Detected report template (WebShield) Usage Use this report to view the number of virus infections for the top ten viruses by year, in a stacked bar chart format. You can view report details on virus name, quarter, month, week, and day. The details section of this report shows the event date and time, WebShield appliance name (Computer Name), virus definition (DAT) file version number, scanning engine version number, action taken, and name of the infected file. You can click the AVERT link next to each virus name to go to the AVERT web site for a description of that virus. Limit report results You can limit the results of this report using the criteria listed in Infection | WebShield reports criteria on page 508. 492 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Sample report Figure B-40. Sample Viruses Detected report (WebShield) Product Guide 493 Report and Query Templates Coverage and Infection subreports Most coverage reports and several infection reports include links to subreports that provide historical data on computers, compliance, upgrades, and infections and detailed data on policies, tasks, updates, and infections. 494 n Compliance Summary subreport. n Computer Summary subreport. n Infection History subreport. n Infection Summary subreport. n Policy subreport. n Task subreport. n Update Errors subreport. n Upgrade History subreport. ePolicy Orchestrator™ software version 3.0 Report and Query Templates Computer Summary subreport Usage Use this subreport to compare compliant versus non-compliant computers over time. Sample subreport Figure B-41. Sample Computer Summary subreport Product Guide 495 Report and Query Templates Compliance Summary subreport Usage Use this subreport to view the percentage of compliant computers over time. Sample subreport Figure B-42. Sample Compliance Summary subreport 496 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Infection History subreport Usage Use this subreport to view the infection history on client computers. Sample subreport Figure B-43. Sample Infection History subreport Product Guide 497 Report and Query Templates Infection Summary subreport Usage Use this subreport to compare detected and unresolved infections and to view the number of infected computers over time. Sample subreport Figure B-44. Sample Infection Summary subreport 498 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Policy subreport Usage Use this subreport to view the policy settings on client computers. Sample subreport Figure B-45. Sample Policy subreport Product Guide 499 Report and Query Templates Task subreport Usage Use this subreport to view the tasks scheduled on client computers. Sample subreport Figure B-46. Sample Task subreport 500 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Update Errors subreport Usage Use this subreport to view client computer messages related to updating. Sample subreport Figure B-47. Sample Update Errors subreport Product Guide 501 Report and Query Templates Upgrade History subreport Usage Use this subreport to view the product upgrade history of client computers. Sample subreport Figure B-48. Sample Upgrade History subreport 502 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Criteria used to limit report results You can limit the results of reports in the Report Data Filter dialog box using these criteria. The criteria vary depending on the report. n Coverage reports criteria. n Infection | Action Summaries reports criteria. n Infection | Detections reports criteria. n Infection | Top Tens reports criteria. n Infection | WebShield reports criteria. n Descriptions of the criteria. Product Guide 503 ePolicy Orchestrator™ software version 3.0 — — — — — — X — — X — — X — — X X X — X DAT/Definition Deployment Summary DAT Engine Coverage Engine Deployment Summary Product Protection Summary Products By Custom Data Groups Product Updates By Custom Event Groups X X X X X X — X — X — — X — — X — — X — — X — — X — X X X X X X X — — — X Compliance Summary X — — X X — — — Compliance Issues Agent Type X Computer Name X DAT Agent Versions Agent Version X Day X Directory Agent to Server Connection Info This report... Date Time Can be limited by... Domain Name X X X X X X X X X X Hotfix ExtraDAT Engine X IP Address — X X X Language X X Last Contact — X X X OS Platform Month — X — X — X OS Type X X X OS Version X X X Quarter Product Version Product Name X X User Name X X — — — — Week — — — — — — — — X — — — X Year X X X X X X X X X X X X X X X — — — X X X X X X X X X X X X X — X — X — X — X — X — X X X X X X X X X X X X X X X X X — X X X X X X X X X X X X X X X X X X — X — X — X — X — X — X X X — — — — — — — — — — — — — — — — — — — — — — — — — — — X — — X — — X Service Pack 504 You can limit the results of Coverage reports in the Report Data Filter dialog box using these criteria. Coverage reports criteria Report and Query Templates X X X X Action Summary By Top 10 Files Resolved Action Summary By Top 10 Files Unresolved Action Summary By Top 10 Viruses Action Action Summary This report... DAT Computer Name X X — X X X — X Date Time X X — X X X — X Directory Can be limited by... Domain Name X X X X Engine X X X X Event ID X X X X Month IP Address File Name X X X OS Platform X — X — X — — X X X — — X OS Type X X X X Product Name X X X X Product Version X X X X Quarter X Severity X X — X — X X Task Name X X X X Virus Name User Name X X — X X X — X Virus Subtype X X X X Virus Type X X X X Week X X X — — — — X Year You can limit the results of Infection | Action Summaries reports in the Report Data Filter dialog box using these criteria. Infection | Action Summaries reports criteria Report and Query Templates Product Guide 505 ePolicy Orchestrator™ software version 3.0 X X X — — — — — — — — — — — — — X Outbreaks - Weekly History Outbreaks - Current Security Summary — X — X — X X X X X X X X — — X — — X X X X X X X X — — — — — — X X X X Product Version X X X X X X X X X X X X Severity X X X X Task Name X X X X X X X X — X X X User Name X X X — X X — — X X X X X X X Virus Name Virus Subtype X X X X X X X X X Virus Type — X — X X X X X X X X X X X X X X X X — — — — X X X — — X — — X — — X Week — — — — — — — — — — — — — X — — — — X X X X — X X — X X — X X Quarter — — — — X — X X X — — — — — — — — — X — — X — X — X X — — — X X X X X X Infection History — X X X — X X X X X — — — X X X — — X X X — X X Viruses Detected — X X X X X — — X X X X X X X X X X Virus Type X X X X X X X X — X X X X X Number Of Infections From Removable Media — X X X — X X X X X — X X X Product Events By Severity Action X Engine X Event ID Number Of Infections For the Past 24 Hours Domain Name X File Name X X X IP Address Number Of Infections Detected Monthly Showing Viruses Date Time X Month X DAT X OS Platform Infections detected weekly by product this quarter (3D bars) Computer Name X OS Type X Product Name Infections By Custom Data Groups This report... Directory Can be limited by... Year 506 You can limit the results of Infection | Detections reports in the Report Data Filter dialog box using these criteria. Descriptions of each criteria follow. Infection | Detections reports criteria Report and Query Templates X X X X Top 10 Infected Files Top 10 Infected Machines Top 10 Infected Users Action Top ten detected Viruses This report... DAT Computer Name X X X X X X — X Date Time X X X X X X — X Directory Can be limited by... Domain Name X X X X Engine X X X X Event ID X X X X Month IP Address File Name X X X X X X X OS Platform — X — X — X — — X OS Type X X X X Product Name X X X X Product Version X X X X Quarter X Severity — X — X — X X Task Name X X X X Virus Name User Name X X X X X X — X Virus Subtype X X X X Virus Type X X X X Week X — — — — — — X Year You can limit the results of Infection | Top Tens reports in the Report Data Filter dialog box using these criteria. Infection | Top Tens reports criteria Report and Query Templates Product Guide 507 Report and Query Templates Infection | WebShield reports criteria You can limit the results of Infection | WebShield reports in the Report Data Filter dialog box using these criteria. — — — — X X Content Filter Report By Rule And Time X — — — — X X X X X — — — — X X Content Filter Report Rules Triggered X — — — — X X X X X — — — — X X Content Scanning Detections By Appliance X — — — — X X X X X — — — — X X Spam Detections By Appliance X — X — — — — X X X X X — — — — Top Ten Spammers X — X — — — — X X X X X — — — — URLs Blocked X — — — — X X X X X — — — — X X Viruses Detected X X — X — X X — — X — — — — X X Virus Detections By Appliance X X — X — X X — — X — — — — X X Virus Detections Timing X X X X Virus Type X X — X — X X Infection History X X — X — X X 508 ePolicy Orchestrator™ software version 3.0 X — — — — X Year Spam Source X Week Server X Virus Type Rule Type X Virus Name Rule Name X Spammer Quarter — — X Month — X File Name X Engine DAT Content Filter Report By Rule Date Time This report... Action Can be limited by... — — X X — — — — X — — X X X X — — X — — — — X X Report and Query Templates Descriptions of the criteria You can limit the results of reports in the Report Data Filter dialog box using these criteria. The criteria vary depending on the report. Criteria for all predefined reports are described below: n Action — Limits results by the action taken by anti-virus product upon detection. n Agent Type — Limits results by agents, SuperAgents, or SuperAgent distributed repositories. n Agent Version — Limits results by agent version number. n Computer Name — Limits results by client computer name. n DAT — Limits results by the virus definition file version number. n Date Time — Limits results by the date and time of events. n Day — Limits results by day. Use this format YYYY-MM-DD (year-month-day); for example, 2003-04-23. n Directory — Limits results to the computers in the selected site or group under the Directory. Data for groups and computers under the selected site or group are not included on the report. n Domain Name — Limits results by Windows NT domain name. n Engine — Limits results by the virus scanning engine version number. n Extra DAT — Limits results by the supplemental virus definition (EXTRA.DAT) file version number. n File Name — Limits results based on the name and location of infected files. n HotFix — Limits results by HotFix release number. n IP Address — Limits results using the IP address of client computers. n Language — Limits results by language version. n Last Contact — Limits results by the date and time that the agent communicated with the ePolicy Orchestrator server. n Month — Limits results by month. Use this format YYYY-MONTH (year-month); for example, 2003-April. n OS Platform — Limits results by platform; for example, Server or Workstation. n OS Type — Limits results by operating system name. n OS Version — Limits results by operating system version number. Product Guide 509 Report and Query Templates n Product Name — Limits results by product. n Product Version — Limits results by product version number. n Quarter — Limits results by quarter. Use this format YYYY-Q (year-quarter); for example, 2003-2. n Rule Name — Limits results by content rule. n Rule Type — Limits results by content rule type; for example, content scanning. n Server — Limits results by WebShield appliance name. n Service Pack — Limits results by service pack release number. n Severity — Limits results by event severity. The severity levels in order from most to least severe are Critical, Major, Minor, Warning, and Informational. n Spam Source — Limits results by the portion of the e-mail message that contains the offending content; for example, header, subject, or body. n Spammer — Limits results by the e-mail address of the spammer. n Task Name — Limits results by the scanning task that resolved the infection; for example, on-demand scan or on-access scan. n User Name —Limits results using the user name logged on to the client computer. 510 n Virus Name — Limits results by the virus name. n Virus Subtype — Limits results by virus subtype. n Virus Type — Limits result by virus type; for example, Trojan Horse. n Week — Limits results by week. Use this format YYYY-WW (year-week); for example, 2003-17. n Year — Limits results by year. ePolicy Orchestrator™ software version 3.0 Report and Query Templates Computer query templates The computer queries provide information on the computers in your organization: n All Connecting Computers query template. n Hourly ASCI Count query template. n Computers With No Protection query template. n Computers By Language query template. n Computers By OS Type query template. n Computers By Timezone query template. n Computers By ePONode query template. n Count Of All Connecting Computers query template. n OS Summary query template. n Policy Changes (Computers) query template. n Policy Changes (Groups) query template. All Connecting Computers query template Use this query to view the computer properties of all client computers with agents that have connected to the ePolicy Orchestrator server, sorted by computer name. Hourly ASCI Count query template Use this query to view connections made during agent-to-server communication intervals (ASCI) by the hour. Use this query to identify throughput bottlenecks. Computers With No Protection query template Use this query to view properties of all computers without any supported anti-virus protection software, sorted by each computer’s location in the Directory (ePONodeName). In addition to computers without any supported anti-virus protection software, client computers that are using anti-virus products that ePolicy Orchestrator does not currently detect (for example, Trend OfficeScan) are reported in this query as if no anti-virus protection software were present. Product Guide 511 Report and Query Templates Computers By Language query template Use this query to view properties of all computers, sorted by locale ID and each computer’s location in the Directory (ePONodeName). For information, see Locale IDs on page 526. Because this query provides the locale settings of client computers, you can use it to determine which language version of products to deploy to them. Computers By OS Type query template Use this query to view properties of all computers, sorted by operating system type, version and each computer’s location in the Directory (ePONodeName). Because this query provides operating system information of client computers, you can use it to determine whether they meet the minimum requirements for products before you deploy them. Computers By Timezone query template Use this query to view properties of all computers, sorted by time zone and each computer’s location in the Directory (ePONodeName). Because this query identifies the time zone in which client computers are operating, you can use it to determine the best time to schedule tasks and other operations that affect network traffic. Computers By ePONode query template Use this query to view properties of all computers sorted by their location in the Directory (ePONodeName). Count Of All Connecting Computers query template Use this query to view the total number of computers that are connected and whose properties are stored in the ePolicy Orchestrator database. OS Summary query template Use this query to view the number of operating systems installed on client computers. Use with the Computers by OS Type query to view outdated software and upgrade requirements. Policy Changes (Computers) query template Use this query to view policy changes by computer. Policy Changes (Groups) query template Use this query to view policy changes by group. 512 ePolicy Orchestrator™ software version 3.0 Report and Query Templates Events query templates The event queries provide information on events. These queries are based on events stored in the ePolicy Orchestrator database. McAfee Security recommends that you configure the alert filter for the database before generating any queries, so that your future queries do not include any surplus information. n All Scanning Events query template. n All Scanning Events By ePONode query template. n All Product Update Events query template. n Count Of All Scanning Events query template. n Count Of All Product Update Events query template. n Count of All Infections query template. n Scanning Event Summary query template. n First Virus Occurrence query template. n Summary of Past Outbreak Events query template. n Upgrade Summary query template. n Upgrade Summary by Date query template. n Server Task Log query template. n All Infections query template. n All Infections By Virus Name query template. All Scanning Events query template Use this query to view all events generated when files are scanned on client computers, sorted by date and time. All Scanning Events By ePONode query template Use this query to view all events generated when files are scanned on client computer, sorted by its location in the Directory (ePONodeName). All Product Update Events query template Use this query to view all events generated when product updates are installed on client computer, sorted by date and time. Product Guide 513 Report and Query Templates Count Of All Scanning Events query template Use this query to view the total number of events generated when files are scanned on client computers. Count Of All Product Update Events query template Use this query to view the total number of events generated when product updates are installed on client computer. Count of All Infections query template Use this query to view the total number of events. Scanning Event Summary query template Use this query to view events generated when files are scanned on client computers and their descriptions, sorted by severity. You might find this query helpful to optimize event filtering. First Virus Occurrence query template Use this query to view when and where infections first entered the network. Summary of Past Outbreak Events query template Use this query to view a summary of outbreaks starting from the most recent. Upgrade Summary query template Use this query to view a summary of updating activity including repository name (SITE NAME) and package type (UPGRADE TYPE). Upgrade Summary by Date query template Use this query to view a summary of updating activity by date. Server Task Log query template Use this query to view the server task log. All Infections query template Use this query to view all infection events, sorted by the event date and time. 514 ePolicy Orchestrator™ software version 3.0 Report and Query Templates All Infections By Virus Name query template Use this query to view all infection events, sorted by virus name. Product Guide 515 Report and Query Templates Installations query templates The installation queries provide information on the anti-virus products installed on client computers. These queries are based on the computer and product properties stored in the ePolicy Orchestrator database. n All AV Installations by Last Contact query template. n All Installations query template. n All Installations By ePONode query template. n Compliance Comparison query template. n Count Of All AV Installations query template. n Count Of All Installations query template. All AV Installations by Last Contact query template Use this query to view all anti-virus product installations and computer properties, sorted by the date that agents last communicated with the ePolicy Orchestrator server. You might find this query useful in viewing the properties received during the most recent agent-to-server communication. All Installations query template Use this query to view all installations (anti-virus scanners and support products), sorted by product and each computer’s location in the Directory (ePONodeName). All Installations By ePONode query template Use this query to view all installations (anti-virus scanners and support products), sorted by each computer’s location in the Directory (ePONodeName) and product. Compliance Comparison query template Use this query to view computers without anti-virus protection, unresolved infections, and non-compliant products, etc. Count Of All AV Installations query template Use this query to view the total number of anti-virus product installations. Count Of All Installations query template Use this query to view the total number of product installations. 516 ePolicy Orchestrator™ software version 3.0 Handling Virus Outbreaks C The most effective response to viruses is to know your system, have current anti-virus software installed, detect outbreaks early, then respond quickly and efficiently. An effective strategy includes both prevention as well as response. The ePolicy Orchestrator software can help reduce the costs of managing an outbreak. When you use ePolicy Orchestrator, you can manage all of your sites from a central location, which makes management easier, more efficient, and ensures consistently applied policies across your enterprise The following topics are covered in this section: n Before an outbreak occurs. n Recognizing an outbreak. n Responding to an outbreak. Product Guide 517 Handling Virus Outbreaks Before an outbreak occurs You can prepare your site or company before an outbreak occurs. Use the Are you prepared for an outbreak? checklist to determine your level of preparedness. Checklist — Are you prepared for an outbreak? n The ePolicy Orchestrator software has been fully installed and implemented, and is providing 100% coverage on your computers, including web servers and mail servers. If you have less than 100% coverage on your computers, you are not fully protected. You can use the Product Production Summary report, as well as the various DAT and engine reports, to determine if your computers are 100% covered. For more information and instructions, see Coverage report templates on page 424 and Running reports on page 347. n An anti-virus software product; for example, McAfee VirusScan Enterprise 7.0; has been installed and configured on your computers. n You know your network. To determine if your network is experiencing an outbreak, you must first know how the system behaves under normal circumstances. In order to do this, you need effective monitoring tools (for example, tools from Sniffer Technologies) to monitor network performance indicators such as available bandwidth, e-mail server function, etc. n You are performing regular, scheduled updates of the virus scanning engine and virus definition (DAT) files for each of the anti-virus products that you manage through ePolicy Orchestrator. n You are performing regular, scheduled updates of products through ePolicy Orchestrator. For instructions, see Product Deployment and Updating on page 307. n You are running regular reports to identify the following. For instructions, see Running reports on page 347. w Possible infections. w Scanning engine and DAT files are up-to-date at the latest company approved versions. w Products are fully covered. 518 n You have enabled the agent wakeup call and tested the agent’s communication with the computers on your network. n You have a plan in case of an outbreak, and have tested the plan. ePolicy Orchestrator™ software version 3.0 Handling Virus Outbreaks Recognizing an outbreak There are several key indicators that you can use to determine if your network is experiencing an outbreak. The following key indicators are covered in this section: n Network utilization key indicators. n E-mail utilization key indicators. n Virus detection events. Network utilization key indicators The following are indicators that network utilization may be affected by an outbreak: n Users complain of slowness. Users are often the first to notice when a full-scale outbreak is taking place. Computers slow down, network systems stop responding, and applications start displaying messages. n Monitoring tools (for example, tools from Sniffer Technologies) detect a change in the network utilization levels. E-mail utilization key indicators The following are indicators that e-mail utilization may be affected by an outbreak: n Users complain of slowness. Users are often the first to notice when a full-scale outbreak is taking place. E-mail slows down or does not work at all. n CPU n Monitoring tools (for example, tools from Sniffer Technologies) detect a change in the e-mail utilization levels. n Microsoft Exchange Performance Monitor counters register a change in the e-mail utilization levels. n McAfee Outbreak Manager notifies you via e-mail that a potential outbreak may be indicated. McAfee Outbreak Manager analyzes incoming e-mail messages and identifies behaviors that are indicative of an outbreak. n The McAfee WebShield e500 appliance collects data that can help identify if an outbreak is occurring. For instructions, see Running reports on page 347. utilization of Microsoft Exchange servers goes up significantly. Product Guide 519 Handling Virus Outbreaks Virus detection events The following events are indicators that a virus has been detected: 520 n An ePolicy Orchestrator report identifies that a virus has been detected. n McAfee Outbreak Manager notifies you via e-mail that a potential outbreak may be indicated. n McAfee Alert Manager notifies you that a virus has been detected. ePolicy Orchestrator™ software version 3.0 Handling Virus Outbreaks Responding to an outbreak When an outbreak occurs, you can respond in many ways. Use the You think an outbreak is occurring checklist to respond to an outbreak. Checklist — You think an outbreak is occurring n Visit the AVERT home page to get the latest virus information. For more information, see Contacting McAfee Security & Network Associates on page 21. n Submit samples of potentially infected files to WebImmune for testing. For more information, see AVERT WebImmune on page 22. n Modify the firewall and network security settings to block viral activity. To help you determine what to block and how the virus behaves, visit the Virus Information Library on the AVERT web site. For more information, see Contacting McAfee Security & Network Associates on page 21. n Increase detection settings for all anti-virus products to meet the threat. Visit the Virus Information Library for an analysis of the threat. For more information, see Contacting McAfee Security & Network Associates on page 21. n Update your software. If the virus exploits security holes in the software that you are running, for example Microsoft Internet Explorer, visit the vendor’s web site to determine if a security patch is available. If it is available, download it and install it. n Regularly enforce agents with an agent wakeup call, and run coverage reports to determine that protection is in place. NOTE To ensure full coverage, you must have the ePolicy Orchestrator agent installed on each computer. n Use the global updating feature to perform the following. For instructions, see Global updating on page 319. w Download supplemental (EXTRA.DAT) and full virus definition (DAT) files. w Update the virus scanning engine. n Perform an on-demand scan of infected systems. n Run anti-virus coverage reports to ensure that anti-virus coverage on infected systems is complete. If you do not have a McAfee anti-virus product installed or do not have the ePolicy Orchestrator agent deployed to each computer, you must manually scan the system or computer using the command-line scanner, or use another anti-virus product. Product Guide 521 Handling Virus Outbreaks 522 ePolicy Orchestrator™ software version 3.0 Reference n How to read operating system data. n Action taken numbers. n Locale IDs. n Product IDs. n Variables. D Product Guide 523 Reference How to read operating system data The agent for Windows retrieves data about the operating system of client computers from the operating system itself. For this reason, the data that appears in reports, queries, and in the computer properties might not be immediately obvious. Use the table below to determine the version number that corresponds to each operating system. This table is helpful when using operating system name or version number to limit report results. For example, Windows 95 and Windows NT use the same version number. 524 Operating System Name Operating System Version Number Windows 95 4.0 Windows 98 4.10 1998 Windows 98 SE 4.10 2222A Windows NT 4.0 Windows 2000 5.0 Windows Me 4.9 Windows XP Professional 5.1 ePolicy Orchestrator™ software version 3.0 Service Pack Reference Action taken numbers When viewing queries, use this table to determine how supported anti-virus products responded to detected viruses. Action Taken Number Description (blank) Unknown 2 Continued Scan 3 4 50 Cleaned 51 Clean Error 52 Deleted 53 Delete Error 54 Excluded 55 Exclude Error 56 Access Denied 57 Moved 58 Move Error 59 Not Scanned 60 Continued Scan 61 Deleted 62 Heuristic Error 63 Moved 64 Heuristic Error 65 Cleaned 66 Heuristic Error 67 Continued Scan 68 Test Virus 69 Scan Timed Out Product Guide 525 Reference Locale IDs Occasionally, you might need to know the locale ID that corresponds to each language. The ePolicy Orchestrator software uses this ID to identify languages. 526 Locale ID Language 0000 More than one language 0404 Chinese (Taiwan); also known as Traditional Chinese 0405 Czech 0406 Danish 0407 German (Standard) 0409 English (United States) 0410 Italian 0411 Japanese 0412 Korean 0413 Dutch 0414 Norwegian 0415 Polish 0416 Portuguese (Brazil) 0419 Russian 0804 Chinese (People's Republic of China); also known as Simplified Chinese 0809 English (United Kingdom) 0810 Italian (Switzerland) 040a Spanish (Traditional Sort) 040b Finnish 040c French (Standard) 041d Swedish 0c04 Chinese (Hong Kong) ePolicy Orchestrator™ software version 3.0 Reference Product IDs The software uses a unique product ID to identify each version of every supported product. In some places within the software (for example, in log file entries or within directory structures), the product ID appears instead of the product name and version number. Use this table to identify the product name and version number that corresponds to each product ID. Product ID Product Name and Version Number ALERTMNG4500 Alert Manager 4.5 EPOAGENT2000LYNX Agent for WebShield appliances 2.0 EPOAGENT3000 Agent for Windows 3.0 GSDOMINO5000 GroupShield Domino 5.0.0 LWI____6000 Setup program for VirusScan TC 6.0 NAE____2100 Agent for NetWare 2.1.0 NAV____7500 Norton AntiVirus Corporate Edition 7.50, 7.51, 8.0 NETSHLD_4500 NetShield 4.5 for Windows NT NSNW___4600 NetShield NetWare 4.6.0 PCR____1000 Product Coverage Reports 1.0 VIRUSCAN4500 VirusScan 4.5 VIRUSCAN6500 VirusScan 4.5.1, VirusScan 4.5.1 with Service Pack 1 VIRUSCAN6000 VirusScan TC 6.0 VIRUSCAN7000 VirusScan Enterprise 7.0.0 Product Guide 527 Reference Variables You can use these predefined variables in various dialog boxes and policy pages. You can also use system environment variables. Client computers use the values from user environment variables, then system environment variables. For more information on environment variables, see the Windows product documentation. NOTE The location you specify using these variables must exist on client computers. For example, avoid using the <PROGRAM_FILES_COMMON_DIR> variable on Windows 95 and Windows 98 computers as these operating systems do not use a Windows common folder. 528 n <COMPUTER_NAME> — Represents the name of the client computer. This is the NetBIOS name on Windows computers, the DNS name on Unix computers, and NDS name on Netware computers. n <DOMAIN_NAME> — Represents the domain name or workgroup name to which the client computer belongs. n <PROGRAM_FILES_COMMON_DIR> — Represents the path of the Windows common folder; for example, C:\PROGRAM FILES\COMMON. n <PROGRAM_FILES_DIR> — Represents the path of the program files folder; for example, C:\PROGRAM FILES. n <SOFTWARE_INSTALLED_DIR> — Represents the installation directory of the corresponding McAfee product . n <SYSTEM_DIR> — Represents the Windows system directory; for example, C:\WINNT\SYSTEM32 or C:\WINDOWS\SYSTEM. n <SYSTEM_DRIVE> — Represents the drive where the operating system is installed; for example, C:. n <SYSTEM_ROOT> — Represents the path of the Windows root directory; for example, C:\WINNT or C:\WINDOWS. n <TEMP_DIR> — Represent the Windows temporary directory; for example, C:\TEMP. n <USER_NAME> — Represents the user name of the currently logged on user account. ePolicy Orchestrator™ software version 3.0 Supported Products and Features E The list of products that are supported in this version of the software along with which major features each product supports is provided in Table E-1 on page 530. The following products are no longer supported in this version of the software: n Klez/Elkern stand-alone scanner 1.0 or later. n NetShield 4.0.3 for Windows NT. n Nimda stand-alone scanner 1.0 or later. n VirusScan 4.0.3 for Windows NT. n VirusScan 4.0.3 for Windows. n VirusScan 4.5 for Windows. n WebShield 4.5 SMTP. Product Guide 529 ePolicy Orchestrator™ software version 3.0 No No Yes No No No No No McAfee AVERT Stinger McAfee Desktop Firewall 7.5.1 McAfee GroupShield 5.0 for Microsoft Exchange 5.5 McAfee GroupShield 5.2 for Lotus Domino McAfee GroupShield 5.2 for Microsoft Exchange 2000 McAfee GroupShield® 5.0a for Lotus Domino on Microsoft Windows No No Yes Definition File Updates? * No Yes No Yes — — — — Engine Updates? No No No No — — — — HotFix Updates? No No No No No — No Yes Service Pack Updates? No No No No No — No Yes Yes Yes Yes Yes — — — Yes Yes Yes Yes Yes Yes Yes Yes Yes Task Enforcement? Yes Yes Yes Yes — Yes — — Event Collection? Yes Yes Yes Yes Yes Yes Yes Yes Property Collection? Yes Yes Yes Yes Yes Yes — — Coverage Reports? Yes Yes Yes Yes Yes Yes Yes ** Yes ** Yes Yes Yes Yes No Yes No No Infection Reports? § Minimal operating system properties are reported. †† VirusScan TC is installed using LWI. † DAT files and engines are updated using NetShield 4.6 for NetWare. ** The Alert Manager product version number appears in the appropriate reports. * Definition files updates include virus definition (DAT) files for the anti-virus products, IDS signature files for Desktop Firewall products, and modules for ThreatScan products. — This feature does not apply to this product. No No McAfee Alert Manager™ 4.5 (included with NetShield 4.5 for Windows NT) Yes Yes Deployment? Yes Uninstallation? McAfee Alert Manager 4.7 Product Name and Version Legacy Updating? 530 Policy Enforcement? Table E-1. List of supported products and features Supported Products and Features Yes — Yes Yes Yes No †† No †† Yes — No No Yes No †† No †† McAfee NetShield® 4.5 with Service Pack 1 for Microsoft Windows NT McAfee Outbreak Manager™ McAfee ThreatScan 2.1 McAfee ThreatScan® 2.0 McAfee VirusScan Enterprise™ 7.0 McAfee VirusScan ThinClient 6.1 McAfee VirusScan ThinClient™ 6.0 Definition File Updates? * No No Yes No No — No No No † Engine Updates? No No Yes No No — No No No † HotFix Updates? No No Yes No No — No No No Service Pack Updates? No No Yes No No — No No No Legacy Updating? Yes Yes No No No — Yes Yes Yes Policy Enforcement? Yes Yes Yes No No Yes Yes Yes Yes Yes Yes Yes No No — Yes Yes Yes Event Collection? Yes Yes Yes No No — Yes Yes Yes Property Collection? Yes Yes Yes No No — Yes Yes Yes Coverage Reports? Yes Yes Yes No No — Yes Yes Yes Yes Yes Yes No No — Yes Yes Yes Infection Reports? Product Guide § Minimal operating system properties are reported. †† VirusScan TC is installed using LWI. † DAT files and engines are updated using NetShield 4.6 for NetWare. ** The Alert Manager product version number appears in the appropriate reports. * Definition files updates include virus definition (DAT) files for the anti-virus products, IDS signature files for Desktop Firewall products, and modules for ThreatScan products. — This feature does not apply to this product. No No No McAfee NetShield for Network Appliance NetApp Filers and EMC Celerra Deployment? No Uninstallation? McAfee NetShield 4.6 for Novell Netware Product Name and Version Task Enforcement? Table E-1. List of supported products and features (Continued) Supported Products and Features 531 ePolicy Orchestrator™ software version 3.0 No No Yes No No No No McAfee WebShield 4.5 Maintenance Release 1 SMTP McAfee WebShield® 2.6 for e500 Appliance Symantec AntiVirus Corporate Edition 8.0 and 8.01 Symantec Norton AntiVirus Corporate Edition 7.50, 7.51, and 7.6 No Definition File Updates? * No No No No Yes Engine Updates? No No No No Yes HotFix Updates? No No No No No Service Pack Updates? No No No No No Legacy Updating? Yes Yes No No No Yes Yes No No Yes Yes Yes No No Yes Event Collection? Yes Yes Yes Yes Yes Property Collection? Yes Yes Yes § No Yes Coverage Reports? Yes Yes No No Yes Yes Yes Yes Yes Yes Infection Reports? § Minimal operating system properties are reported. †† VirusScan TC is installed using LWI. † DAT files and engines are updated using NetShield 4.6 for NetWare. ** The Alert Manager product version number appears in the appropriate reports. * Definition files updates include virus definition (DAT) files for the anti-virus products, IDS signature files for Desktop Firewall products, and modules for ThreatScan products. — This feature does not apply to this product. Yes Deployment? No Uninstallation? McAfee VirusScan® 4.5.1 Product Name and Version Policy Enforcement? 532 Task Enforcement? Table E-1. List of supported products and features (Continued) Supported Products and Features Glossary agent See ePolicy Orchestrator agent. agent host See client computer. Agent Monitor A dialog box for prompting the agent to send properties or events to the ePolicy Orchestrator server; enforce policies and tasks locally; check the ePolicy Orchestrator server for new or updated policies and tasks, then enforce them immediately upon receipt. agent policies Settings that affect how the agent behaves. agent-to-server communication A communications technique where the agent contacts the server at a predefined interval to see if there are any new policies or tasks for the agent to enforce or execute. agent-to-server communications interval (ASCI) Determines how often the agent and ePolicy Orchestrator server exchange information. agent wakeup call A scheduled task or on-demand command that prompts agents to contact the ePolicy Orchestrator server when needed, rather than waiting for the next ASCI. See also SuperAgent wakeup call. alert A message or notification regarding computer activity such as virus detection. It can be sent automatically according to a predefined configuration, to system administrators and users, via e-mail, pager, or phone. anti-virus policy See policy. appliance WebShield appliance; an item in the console tree. client computer A computer on which the ePolicy Orchestrator agent is installed. Product Guide 533 Glossary client tasks Tasks that are executed on client computers. computers In the console tree, the physical computers on the network to be managed via ePolicy Orchestrator. Computers can be added under existing sites or groups in the Directory. console tree The left pane of the console, which contains all console tree items. console tree items Every item in the console tree. DAT files Virus definition files that allow the anti-virus software to recognize viruses and related potentially unwanted code embedded in files. See the documentation accompanying the anti-virus software for more information. See also incremental DAT file, EXTRA.DAT file and SuperDAT. deployment Sending and installing products and the agent to groups, computers and users. details pane The right pane of the console, which shows details of the currently selected console tree item. Depending on the console tree item selected, the details pane can be divided into upper and lower panes. See also upper details pane and lower details pane. Directory Lists all computers to be managed via ePolicy Orchestrator, and is the link to the primary interfaces for managing these computers. distributed software repository Architecture of ePolicy Orchestrator for deploying products and product updates throughout an enterprise; it creates a central library of supported products and product updates in the master repository. ePolicy Orchestrator agent An intelligent link between the ePolicy Orchestrator server and the anti-virus and security products. It enforces policies and tasks on client computers; gathers and reports data; installs products; enforces policies and tasks; and sends events back to the ePolicy Orchestrator server. 534 ePolicy Orchestrator™ software version 3.0 Glossary ePolicy Orchestrator console A view of all virus activity and status, with the ability to manage and deploy agents and products. It provides the ability to set and enforce anti-virus and security policies to all agents on client computers, or to selected computers; provides a task scheduling feature that targets specific computers or groups with scheduled tasks and policies; and allows viewing and customizing reports to monitor deployment, virus outbreaks, and current protection levels. ePolicy Orchestrator server A repository for all data collected from distributed ePolicy Orchestrator agents. It includes a database that accrues data about product operation on client computers in the network; a report-generating engine for monitoring the virus protection performance in your company; a software repository that stores products and product updates for deploying to your network. events Generated by supported products, events identify activity on client computers from service events to infection detection events. Each event is assigned a severity from informational to critical. Events and properties comprise the data that appears on reports and queries. EXTRA.DAT file Supplemental virus definition file that is created in response to an outbreak of a new virus or a new variant of an existing virus. See also DAT file, incremental DAT file, and SuperDAT. fallback repository The repository from which client computers retrieve updates when none of the repositories in their repository list (SITELIST.XML) are available. Only one fallback repository can be defined. force install, force uninstall See product deployment client task. FRAMEPKG.EXE The agent installation package. When it executes, this file installs the ePolicy Orchestrator agent on a client computer. global administrator A user account with read, write, and delete permissions, and rights to all operations. Operations that affect the entire installation are reserved for use only by global administrator user accounts. Compare to site administrator and global reviewer. global distributed repository An identical copy of the packages in the master repository. global reviewer A user account with read-only permissions; the global reviewer can view all settings in the software, but cannot change any of these settings. Compare to site reviewer and global administrator. Product Guide 535 Glossary global updating A method for deploying product updates as soon as the corresponding packages are checked into the master repository. Packages are immediately replicated to all SuperAgent and global distributed repositories; the ePolicy Orchestrator server sends a wakeup call to all SuperAgents; SuperAgents send a broadcast wakeup call to all agents in the same subnet; then all agents retrieve the update from the nearest repository. global reporting settings Reporting settings that affect all ePolicy Orchestrator database servers, reports, and queries. group In the console tree, a logical collection of entities assembled for ease of management. Groups can contain other groups or computers. You can assign IP address ranges or IP subnet masks to groups to sort computers by IP address. If you create a group by importing a Windows NT domain, you can automatically send the agent installation package to all imported computers in the domain. host, host computer See client computer. inactive agent An agent that has not communicated with the ePolicy Orchestrator server within a specified time period. incremental DAT files New virus definitions that supplement the virus definitions currently installed. Allows the update utility to download only the newest DAT files rather than the entire DAT file set. See also DAT file, EXTRA.DAT file and SuperDAT. inheritance See task inheritance and policy inheritance. item See console tree item. local distributed repository Locations accessible only from the client computer; for example, a mapped drive or FTP server whose address can only be resolved from a local DNS server. Local distributed repositories are defined in the agent policy for selected client computers. log A record of the activities of a component of McAfee anti-virus software. Log files record the actions taken during an installation or during the scanning or updating tasks. See also events. 536 ePolicy Orchestrator™ software version 3.0 Glossary Lost&Found group A location on the ePolicy Orchestrator server for computers whose appropriate location in the Directory cannot be determined. The server uses the IP management settings, computer names, domain names, and site or group names to determine where to place computers. Only global administrators have full access to the global Lost&Found; site administrators can access only Lost&Found groups in sites for which they have rights. lower details pane In the console, the lower division of the details pane, which displays the configuration settings for the products listed on the Policies tab in the upper details pane. See also details pane and upper details pane. McAfee AutoUpdate Architect McAfee Security software that works with ePolicy Orchestrator to deploy products and product updates throughout an enterprise. master repository The ePolicy Orchestrator server; it maintains an original copy of the packages in the source repository, and can replicate packages to distributed repositories. At the master repository level, you can check in product and product update packages; schedule tasks to replicate packages to global or SuperAgent distributed repositories; and schedule tasks to pull packages from source or fallback repositories, and integrate them into the master repository. mirror distributed repository A local directory on client computers whose replication is done using a Mirror client task and other client computers can retrieve updates from it. mirror task Tasks that copy the contents of the first repository in the repository list to the local directory you specify on the client computer. .NAP file Network Associates Package file. This file extension is used to designate McAfee software program files that are installed in the software repository for ePolicy Orchestrator to manage. node See console tree item. on-access scanning An examination of files in use to determine if they contain a virus or other potentially unwanted code. It can take place whenever a file is read from the disk and/or written to the disk. Compare to on-demand scanning. on-demand scanning A scheduled examination of selected files to determine if a virus or other potentially unwanted code is present. It can take place immediately, at a future scheduled time, or at regularly scheduled intervals. Product Guide 537 Glossary Compare to on-access scanning. package Contains binary files, detection and installation scripts, and a package catalog (PKGCATALOG.Z) file used to install products and product updates. package catalog file A file (PKGCATALOG.Z) that contains details about each update package, including the name of the product for which the update is intended, language version, and any installation dependencies. package signing, package security A signature verification system for securing packages created and distributed by Network Associates. Packages are signed with a key pair using the DSA (Digital Signature Algorithm) signature verification system, and are encrypted using 168-bit 3DES encryption. A key is used to encrypt or decrypt sensitive data. pane A subsection of the console. See details pane and console tree. POAGINST.EXE See FRAMEPKG.EXE. policy Configuration settings for each product that can be managed via ePolicy Orchestrator, and that determine how the product behaves on client computers. Compare to task. See also agent policies. policy enforcement interval Determines how often the agent enforces the policies it has received from the ePolicy Orchestrator server. Because policies are enforced locally, this interval does not require any bandwidth. policy inheritance Determines whether the policy settings for any one console tree item under the Directory are taken from the item directly above it. policy pages Part of the ePolicy Orchestrator console; they allow you to set policies and create scheduled tasks for products, and are stored on individual ePolicy Orchestrator servers (they are not added to the master repository). product deployment client task A scheduled task for deploying all products currently checked into the master repository at once. It enables you to schedule product installation and removal during off-peak hours or during the policy enforcement interval. 538 ePolicy Orchestrator™ software version 3.0 Glossary properties Characteristics about supported products and the client computer, which are collected by the agent and contain system information (for example, computer hardware, software, and corresponding settings; specific policy settings for each product; and general product properties). pull task See Repository Pull server task. replication task See Repository Replication server task. remote console The console running on a computer that does not have the ePolicy Orchestrator server running on it. Remote consoles allow more than one person access to the server to review actions or to manage sites and installations. See also ePolicy Orchestrator console. Report Repository, Query Repository A library of report and query templates, under Reporting in the console tree. repository The location that stores policy pages used to manage products. On the console tree, it is the Software item under ePolicy Orchestrator. repository list The SITELIST.XML file that McAfee anti-virus products using AutoUpdate 7.0 use to access distributed repositories and retrieve packages from them. Repository Pull server task A task that specifies the source or fallback repository from which to retrieve packages, then integrate the packages into the specified branches in the master repository. Repository Replication server task A task that updates global and SuperAgent distributed repositories to maintain identical copies of all packages in all branches that are in the master repository. You can also update selected distributed repositories. scanning An examination of files to determine if a virus or other potentially unwanted code is present. See on-access scanning and on-demand scanning. selective updating Specifying which version (Evaluation, Current, or Previous) of updates you want client computers to retrieve. Product Guide 539 Glossary server tasks Tasks that the server performs for maintenance on the ePolicy Orchestrator database and Repository. Default server tasks include Inactive Agent Maintenance, Repository Pull, Repository Replication, and Synchronize Domains. site In the console tree, a logical collection of entities assembled for ease of management. Sites can contain groups or computers, and can be organized by IP address range, IP subnet mask, location, department, and others. site administrator A user account with read, write, and delete permissions, and rights to all operations (except those restricted to the global administrator) on the specified site and all groups and computers underneath it on the console tree. Compare to global administrator and site reviewer. site reviewer A user account with read-only permissions; the site reviewer can view the same settings as the site administrator, but cannot change any of these settings. Compare to global reviewer and site administrator. source repository A location from which a master repository retrieves packages. SPIPE Secured PIPE, a secured communications protocol used by ePolicy Orchestrator servers. SuperAgent An agent with the ability to contact all agents in the same subnet as the SuperAgent, using the SuperAgent wakeup call. It is used in global updating and supports distributed software repositories, alleviating the need for a dedicated server. It provides a bandwidth-efficient method of sending agent wakeup calls. See also ePolicy Orchestrator agent. SuperAgent distributed repository A replication of the master repository, used in place of dedicated servers for global distributed repositories. SuperAgent wakeup call A scheduled task or on-demand command that prompts SuperAgents (and all agents in the same subnet as each SuperAgent) to contact the ePolicy Orchestrator server when needed, rather than waiting for the next ASCI. See also agent wakeup call. 540 ePolicy Orchestrator™ software version 3.0 Glossary SuperDAT A utility that installs updated virus definition (SDAT*.EXE) files and, when necessary, upgrades the scanning engine. See also DAT file, EXTRA.DAT file, and incremental DAT file. supplemental virus definition file See EXTRA.DAT file. task An activity (both one-time such as on-demand scanning, and routine such as updating) that is scheduled to occur at a particular time, or at specified intervals. Compare to policy. task inheritance Determines whether the client tasks scheduled for any one console tree item under the Directory are taken from the item directly above it. updating The process of installing updates to existing products or upgrading to new versions of products. update package Package files from Network Associates that provide updates to a product. All packages are considered product updates with the exception of the product binary (Setup) files. upper details pane In the console, the upper division of the details pane, which contains the Policies, Properties, and Tasks tabs. See also details pane and lower details pane. user accounts The ePolicy Orchestrator user accounts include global administrator, global reviewer, site administrator, and site reviewer. Administrator-level user accounts have read, write, and delete permissions; reviewer-level user accounts have read-only permissions. See also global administrator, global reviewer, site administrator, and site reviewer. Product Guide 541 Glossary 542 ePolicy Orchestrator™ software version 3.0 Index A accounts (See user accounts) Action summary by top 10 viruses report, 449 adding computer to the Directory, 116 custom report templates, 376 new group to the Directory, 108 new site to the Directory, 100 source repositories, 167 user accounts, 61 WebShield appliances to the Directory, 122 your own queries, 380 administrator accounts (See user accounts) agent collecting properties, 249 deployment, 277 deployment and management, 269 distributing, using third-party deployment tools, 284 for NetWare, disable logging, 417 for NetWare, enable logging, 417 for WebShield appliances, ASCI, 245 for Windows, ASCI, 245 installation packages, creating custom, 277 using search feature to send agent install, 139 introduction, 28 maintenance, new features, 45 policies, 243 to 258 SuperAgent wakeup call, 248 support, new features, 38 64-bit, 44 Windows 2003, 44 tasks, default, 261 wakeup call, 244 Agent Monitor, 301 Agent versions report, 427 agent wakeup call, 244 SuperAgent, 248 using search feature to send, 139 agent-to-server communication new features, 47 packet size, 422 agent-to-server communication interval about, 245 agent for WebShield appliances, 245 agent for Windows, 245 connection interval report, 425 frequency, 245 alerts (See events) appliances, adding WebShield, 122 architecture, distributed update repository, 34 ASCI (See agent-to-server communication interval) audience for this manual, 17 AutoUpdate, 261, 263 AutoUpgrade, 261, 263 AVERT contacting if outbreak occurs, 521 WebImmune, 22 AVERT Anti-Virus Emergency Research Team, contacting, 21 B bandwidth monitoring network performance, 518 product deployment improvements, 34 beta program, contacting, 21 C checking in packages, client tasks changing, 267 creating, 263 default, 261 206 Product Guide 543 Index deleting, 268 recurring, 266 scheduling, 264 database, securing ePolicy Orchestrator MSDE, default report templates, 423 definition of terms (See the Glossary) 386 starting in the future, 267 collecting properties IP address information, 249 common implementations, 152 to 153 mid-sized business scenario, 152 pre-deployment testing scenario, 153 deleting client tasks, 268 computers from the Directory using search feature, 139 events from the ePolicy Orchestrator database, 340 small business scenario, 152 compliance reports Product Protection Summary, 439 configuring ePolicy Orchestrator database filter, user accounts, 63 deployment agent, 269, 277 improvement in bandwidth usage, 34 of all product updates, 37 product, and updating, 307 devices, adding WebShield appliances, 122 Directory, 93 to 142 adding a computer, 116 adding a new group, 108 adding a site, 97 importing a computer from a domain, 114 importing a computer from a text file, 119 Lost&Found groups, 95, 123 sorting computers using IP management settings, 131 tree, sorting computers using IP management settings, 131 updating domains, 137 discarding unwanted events, 335 distributed repositories architecture for update, 34 global, 155 local, 155 mirror, 156 domain synchronization manual, 137 new features, 45 download web site, 21 duplicate computer names, 139 335 products via ePolicy Orchestrator (See product Configuration Guide) report filter, 345 console (See ePolicy Orchestrator software) console tree items computers, 113 Directory, 93 to 142 groups, 105 Lost&Found groups, 123 organizing the Directory, 141 sites, 97 WebShield appliances, 122 contacting McAfee Security, 21 continuous updating, 40 conventions used in this manual, 18 copying Help topics, 24 creating SQL queries, 373 your own SQL query tables, 380 custom compliance reporting, new features, 43 customer resources, 22 customer service, contacting, 21 cut and paste, moving items in the Directory, 141 D DAT file deployment summary report, engine coverage report, 435 DAT file updates, web site, 21 544 433 ePolicy Orchestrator™ software version 3.0 E Engine deployment summary report, ePolicy Orchestrator database backing up, 394 437 Index filter, 335 maintaining, 385 to 412 removing events, 340 your own custom query tables, 380 getting more information, 19 Getting Started wizard for small businesses restoring, 394 system requirements (See the Installation Guide) ePolicy Orchestrator software configuring the firewall for, 422 connecting through an ISP and a firewall, 421 console, introduction, 28 new features, 46 using, 85 to 91 global administrator (See user accounts) distributed repositories, 155 reviewer (See user accounts) installing (See Installation Guide) new features, 30 to 49 system requirements (See the Installation Guide) using over the Internet, 419 events definition of, 245 disabling immediate event forwarding, 256 enabling immediate event forwarding, 256 filtering, 335 forwarding immediate and enabling or disabling, 256 removing, 340 unwanted, discarding, 335 executive summary security reports, new features, 43 exporting report data to other formats, 371 repository list to a file, 200 updating, new features, glossary, 533 to 541 F fallback repository, 157 features comparison, 31 new, 30 36 H handling virus outbreaks developing a plan, 518 overview, 517 recognizing an outbreak, 519 responding to an outbreak, 521 HELP application, 19 using, 24 What’s This? Help, 25 Help topics copying, 24 finding information in, 24 hiding the Help navigation pane, 25 highlighting search words in, 25 moving through Help topics you’ve seen, 25 printing, 25 showing the Help navigation pane, 25 viewing information about items in dialog boxes, 25 hiding the Help navigation pane, 25 highlighting search words in Help topics, 25 filter report, 345 specifying the ePolicy Orchestrator database, 335 finding duplicate computer names in Directory, information in Help, 24 G generating SQL queries, 373 I 139 immediate event forwarding definition of, 245 enabling or disabling, 256 implementations, common (See common implementations) importing a computer from a domain, 114 a computer from a text file, 119 a group to the directory, 106 Product Guide 545 Index a network domain as a site, 98 information about the default report templates, McAfee AutoUpdate Architect importing repositories, 148 McAfee Security customer contacts, 423 20 to 21 filtering events, 335 installing ePolicy Orchestrator Small Business Edition (See the Getting Started Guide) software (See the Installation Guide) integration, new features McAfee Security University, contacting, 21 Microsoft Remote Access Service (RAS), 420 mid-sized business implementation scenario, 152 Minimum Escalation Resource Tool (MERTool), 22 mirror agent tasks, 261 Norton AntiVirus 8.0 and 8.01, 49 VirusScan Enterprise 7.0, 49 integrity check, IP address, 125 Internet Service Provider (ISP), 420 interval agent-to-server communication, 245 initial agent-to-server communication, policy enforcement, 246 setting agent communication, 254 IP address checking integrity, 125 information in the agent, 249 IP management rules, 94 search order, 95 sorting computers by, 133 wizard for sorting, 131 items (See console tree items) AutoUpdate site, product-specific task, 262 distributed repositories, 156 monitoring network performance, 518 moving items, 141 using search feature to move computers in the Directory, 139 with cut and paste, 141 multiple server management, new features, 41 246 K KnowledgeBase search, 21 L local distributed repositories, 155 Lost&Found groups, 95, 123 M managed products, 143 to 146 management of agent, 269 mid-sized business implementation, 152 multiple servers, new features, 41 small business implementation, 152 master repository, 154 546 ePolicy Orchestrator™ software version 3.0 N named pipes network library connection changing, 412 navigating through Help topics you’ve seen, 25 network library connection changing, 412 new features, 30 to 49 64-bit support for the agent, 44 agent support, 38 agent-to-server communication, more control over, 47 automatic domain synchronization, 45 automatic inactive agent maintenance, 45 continuous updating, 40 deployment of product updates, new features, 37 Getting Started wizard for small businesses, 46 global updating, 36 integration with Symantec Norton AntiVirus 8.0 and 8.01, 49 integration with VirusScan Enterprise 7.0, 49 multiple server management, 41 reporting, 43 on product updates, 38 performance improvements, 48 updating for mobile computers, enhanced, 39 Index Windows 2003 support for the agent, nodes (See console tree items) Norton AntiVirus software management 44 agent-to-server communication interval, 245 how policies are enforced, 230 integration with ePolicy Orchestrator, new features, 49 policy enforcement, 230 policy enforcement interval, 246 number of infections detected monthly showing viruses report, 458, 460 O old events, removing, 340 on-demand scanning, 261, 263 online Help copying topics, 24 finding information in, 24 hiding the Help navigation pane, 25 highlighting search words in, 25 moving through Help topics you’ve seen, 25 printing, 25 showing the Help navigation pane, 25 viewing information about items in dialog boxes, 25 organizing the Directory sorting computers using IP management settings, 131 outbreaks, 517 to 521 preparation checklist, 518 recognizing, 519 responding, 521 overview agent deployment and management, 269 Directory, 93 ePolicy Orchestrator servers, 51 handling virus outbreaks, 517 introducing ePolicy Orchestrator, 27 managing products, 143 policies, properties, client tasks, 225 product deployment and updating, 307 reporting, 327 software repositories, 147 P packages, 203 checking in, 206 dependencies, 205 ordering, 205 signing and security, 204 unsigned, 204 versioning and branches, 205 password, changing on user accounts, 64 performance, reporting improvements, new features, 48 policies, 226 to 258 how to set a policy, 232 policy enforcement for Norton AntiVirus products, 230 interval, 246 pre-deployment testing implementation scenario, 153 PrimeSupport, 21 printing Help topics, 25 your report, 371 product deployment and updating, 307 to 325 Product Protection Summary report, 439 product training, contacting, 21 product updates deployment, new features, 37 reporting on, new features, 38 pull now task, initiating, 217 Q queries, 373 to 374 SQL, 373 templates, 423 to 516 query results, copy and paste, 373 R README file, 20 real-time events (See immediate event forwarding) release features Product Protection Summary report, 439 removing events from the ePolicy Orchestrator database, 340 Product Guide 547 Index user accounts, 63 replication tasks initiating, 221 AutoUpgrade, 261, 263 scheduling client tasks, 264 report filter, 345 setting, 345 report templates, default, reporting, 327 to 383 about, 327 overview, 327 recurring tasks, 266 search feature, using to delete computers, 139 for computers in the Directory, 139 servers, 51 to 84 introduction, 28 423 reports Action Summary By Top 10 Files Resolved, and queries, 327 default, 423 exporting data to other formats, 371 Product Protection Summary, 439 refreshing data in, 370 regenerating, 370 specifying options, 343 templates, 446 to 516 repositories, 147 to 223 creating, 158 to 170 fallback, 157 global distributed, 155 local distributed, 155 master, 154 mirror distributed, 156 source, 156 types, 154 to 157 types of, 154 repository list exporting, 153 exporting to a file, 200 importing, 148 McAfee AutoUpdate Architect, 148 used in mirror tasks, 156 Repository Replication server tasks, 220 resources available for customers, 22 contacting McAfee Security, 21 S scheduled tasks AutoUpdate, 548 447 tasks, scheduling Repository Replication, 220 service portal, PrimeSupport, 21 setting policy, 232 report filter, 345 showing the Help navigation pane, 25 site administrator (See user accounts) site reviewer (See user accounts SITELIST.XML ( See repository list) small business Getting Started wizard, 85 implementation scenario, 152 software repositories, 147 to 223 sorting computers using IP management settings, 133 source repositories, 156 adding, 168 defining, 167 specifying ePolicy Orchestrator database filter, 335 reporting options, 343 SQL queries, generating, 373 transaction log is full, 392 submitting a sample virus, 21 SuperAgent distributed repositories, 156 wakeup call, 248 Symantec Norton AntiVirus software (See Norton AntiVirus software management) synchronizing domains, 137 T 261, 263 ePolicy Orchestrator™ software version 3.0 tasks AutoUpdate, 261, 263 Index AutoUpgrade, 261, 263 creating client, 263 default, product-specific, global reviewer, 60 removing, 63 site administrator, 60 262 deleting, 268 ePolicy Orchestrator agent, default, inheritance, 262 scheduling, 264 scheduling recurring, 266 TCP/IP network library connection 261 changing, 412 technical support, 21 templates Infection | Action Summaries reports, 446 report and query, 423 to 516 Top 10 reports detected viruses report, 472 infected files bar report, 473 infected machines bar report, 474 infected users bar report, 475 training web site, 21 troubleshooting, 413 to 417 checking connection and communication between ePolicy Orchestrator server and ePolicy Orchestrator agent for NetWare, 415 connecting to the ePolicy Orchestrator server from remote consoles, 414 creating a user data source name, 416 disabling logging for the NetWare agent, 417 enabling logging for the NetWare agent, 417 U updating continuous, 40 domains, 137 enhanced for mobile computer, new features, 39 global, new features, 36 product, and deployment, 307 upgrade web site, 21 user accounts, 59 to 65 adding, 61 changing passwords, 64 deleting, 63 global administrator, 59 site reviewer, 61 utilities Agent Monitor, 301 V version, determining for server, console, policy pages, 56 viewing information about items in dialog boxes, Virtual Private Networks (VPN), 420 virus definition files (See DAT files) Virus Information Library, 21 to 22 virus outbreaks, handling, 517 virus, submitting a sample, 21 VirusScan Enterprise 7.0 integration, new features, 49 25 W wakeup call agent, 244 SuperAgent, 248 WebImmune, 22 What’s this? Help, 25 Windows 2003 support for the agent, new features, 44 wizard add repository, 168 Check-in package, 206 Copy package, 211 Export repository list, 201 IP Sorting, 131 Pull Now, 217 Replicate Now, 221 Small Business Getting Started, 85 Software Repository Configuration, 144 Product Guide 549 Index 550 ePolicy Orchestrator™ software version 3.0
Similar documents
McAfee ePolicy Orchestrator 4.6.0 Software Guide
How the software works . . . . . . . . . . . . . . . . . . . . . . . . How to navigate the ePolicy Orchestrator interface . . . . . . . . . . . . . About the ePolicy Orchestrator navigation Menu . ...
More information