Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION Guida Utente

Product GuideMcAfee® Agent 4.8.0

Introducing McAfee Agent10McAfee® Agent 4.8.0 Product Guide

1About the McAfee AgentThe McAfee Agent is the client‑side component providing secure communication between ePolicyOrchestrator and managed products.

SuperAgentA SuperAgent is an agent that acts as an intermediary between the McAfee ePO server and otheragents in the same network broadcast segment. Y

Installing, upgrading, andremoving the agentInstalling the agent on client systems is required for managing your securityenvironment through ePolicy O

Installing, upgrading, and removing the agent14McAfee® Agent 4.8.0 Product Guide

2Installing the agentThere are various ways to install agent software on your client systems. The method you choosedepends on the operating system, fi

Operating systems ProcessorHP‑UX 11i v2 (build 11.23)ItaniumHP‑UX 11i v3IBM AIX 5.3 (TL6 or later) Power 5, 6, 7IBM AIX 6.1 Power 5, 6, 7IBM AIX 7.1 P

Operating systems ProcessorWindows Vista Home Basic; 32‑bit or 64‑bit; GA, SP 1or 2Windows Vista Business; 32‑bit or 64‑bit; GA, SP 1 or2Windows Vista

• Brazilian (Portuguese) • Italian• Chinese (Simplified) • Japanese• Chinese (Traditional) • Korean• Czech • Norwegian• Danish • Polish• Dutch • Portu

Method Action NotesePolicyOrchestratorThe McAfee ePO administratorspecifies the systems and selectsone of the Push Agents optionswhen adding a new sys

COPYRIGHTCopyright © 2013 McAfee, Inc. Do not copy without permission.TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee

Method Action NotesUnmanagedMcAfeeproducts onWindowssystemsUsing the System Tree, the McAfee ePOadministrator selects the systems to beconverted from

• Enable SSH on the Linux and Macintosh client systems before installing agent from McAfee ePO.Comment out the following line in the /etc/sudoers file

If the installer is unable to connect to the ePolicy Orchestrator server directly, it uses the proxy serversetting configured on the client system to

OperatingsystemLocation Contents/etc/cma.d/Configuration and management information(including GUID and agent version) needed tomanage point‑products./

Install the agent extension and packages into ePolicyOrchestratorBefore the agent can be installed on the managed systems, both the extension and the

Install the help extensionYou can install the help extension separately on the McAfee ePO server using the Software tab. The helpextension is a .ZIP f

• You specifically create one within ePolicy Orchestrator• Agent packages are checked in to any branch of the repository (Previous, Current, or Evalua

Create customized McAfee Smart installerUse the New Systems page to create the McAfee Smart installer. The McAfee Smart installer can thenbe distribut

TaskFor option definitions, click ? in the interface.1Click Menu | Systems | System Tree | Agent Deployment. The Agent Deployment pages appears.2Click

Command Description/FORCEINSTALL Specifies that the existing agent is uninstalled, then the new agent isinstalled. Use this option only to change the

ContentsPreface 7About this guide ... 7Audience ... 7Conventions ...

Install agent using customized McAfee Smart installerManaged node users can install the agent with the customized McAfee Smart installer created using

Command-line options for installing URL-based agent manuallyBy manually installing the URL‑based agent on Windows and other supported operating system

Parameter Description‑fForces agent installationThis command‑line parameter is supported only on Windows operatingsystem.‑sInstalls the agent in silen

Install on Windows systemsYou can install the agent on Windows systems directly from the ePolicy Orchestrator console.Alternatively, you can• Copy the

3Select the appropriate Agent version drop‑down list given the target operating system, and select anagent version from that list.You can only install

eClick OK.fSelect FramePkg.exe and save it to the desktop.2To embed credentials on systems not belonging to a domain, modify the local security policy

Install on Windows with login scriptsUsing Windows login scripts to install the agent can be an efficient way to make sure all systems inyour network

TaskFor option definitions, click ? in the interface.1Download Framepkg.exe from the ePolicy Orchestrator server to a shared folder on a networkserver

Contents Install on UNIX-based and Macintosh operating systems from ePolicy Orchestrator Install on UNIX-based and Macintosh operating systems m

7If you want the deployment to use a specific Agent Handler, select it from the drop‑down list. Ifnot, select All Agent Handlers.8Click OK.Install on

Include the agent on an image ...41Identify duplicate agent GUIDs ...41Correct duplicate agent GUIDs

Install agent in managed mode on Ubuntu systemsThe agent can be installed manually or pushed from an ePolicy Orchestrator server on managedsystems run

Include the agent on an image The agent can be installed on an image that is subsequently deployed to multiple systems. You musttake precautions to ma

2On the Description page, select Enabled.• To run the task with the default configuration, click Save.• To configure the Actions and Schedule tabs, cl

3Upgrading and restoring agents If you have been using an older version of ePolicy Orchestrator and have previous agent versions inyour environment, y

Upgrade agents using a product deployment taskThe Product Deployment client task in ePolicy Orchestrator can be used to upgrade the agents on a groupo

<epo server install location>\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700LYNX\Install\0409This process supports upgrading an un

Restore a previous version of the agent on UNIX-based andMacintosh systemsRestoring a previous version of the agent on non‑Windows systems involves un

4Changing agent management modesMcAfee Agent operates in two modes, managed and unmanaged. If you have previously not managedMcAfee products in your n

• You must export the SiteList.xml, reqseckey.bin, and srpubkey.bin (repository list file) fromthe McAfee ePO server and copy to the target systems. T

3Click Actions, select Directory Management, then click Delete.4Confirm the deletion. The selected system is no longer managed by ePolicy Orchestrator

Enable relay capability ... 73Collect McAfee Agent statistics ... 74Disable relay capability ...

Change from managed to unmanaged mode on UNIX-basedplatformsChanging the agent mode on non‑Windows systems must be done manually.Task1On the target sy

5Removing the McAfee AgentAfter deleting an agent, the system is deleted from the System Tree and the agent is removed duringthe next agent‑server com

Remove agents from systems in query resultsYou can remove agents from systems listed in the results of a query (for example, the Agent VersionsSummary

TaskFor option definitions, click ? in the interface.1Open a terminal window on the client system.2Run the command appropriate for your operating syst

5Removing the McAfee AgentRemove agents from non-Windows operating systems54McAfee® Agent 4.8.0 Product Guide

Using the agentThe agent can be updated and centrally managed from ePolicy Orchestratorthrough application and enforcement of policies and scheduled t

Using the agent56McAfee® Agent 4.8.0 Product Guide

6Configuring agent policiesAgent policy settings determine the performance and behavior of an agent in your environment.Contents Agent policy setti

Tab SettingsGeneral• Policy enforcement interval• Use of system tray icon in Windows environments• Agent and SuperAgent wake‑up call support• Whether

Product Improvement ProgramSettings available for Product Improvement Program policies are contained within a single tab.Tab SettingsProduct Improveme

Contents6McAfee® Agent 4.8.0 Product Guide

8Click the name of an existing task, or click Actions | New Task and choose a McAfee Agent Wake‑up task.9In Options, select Send all properties define

Tasks• Configure proxy settings for the agent on page 61You might need to configure proxy settings if an agent is having trouble accessing theInternet

5Select Manually configure the proxy settings if you need a proxy other than Internet Explorer, and configurethe following settings:aSelect a form for

Change the agent user interface and event log languageWhen managed systems run in a different language than your administration staff can read, it can

• Updating selected systems when troubleshooting• Distributing new DATs or signatures to a large number of systems, or all systems, immediately• Updat

7Working with the agent from the McAfeeePO serverThe McAfee ePO interface includes pages where agent tasks and policies can be configured, and wheresy

Agent-server communication IntervalThe agent‑server communication interval (ASCI) determines how often the McAfee Agent calls in tothe McAfee ePO serv

• No package to receive (status code from McAfee ePO server)• Agent needs to regenerate GUID (status code from McAfee ePO server)Other results such as

6To send incremental product properties as a result of this wake‑up call, deselect Get full productproperties... The default is to send full product

A SuperAgent also broadcasts wake‑up calls to other agents located on the same network subnet. TheSuperAgent receives a wake‑up call from the ePolicy

PrefaceThis guide provides the information you need for all phases of product use, from installation toconfiguration to troubleshooting.Contents Ab

5From the Assigned policy drop‑down list, select the desired General policy.From this location, you can edit the selected policy, or create a new poli

• If the Checking new repository content interval has expired since the last time updates were requested, theSuperAgent downloads updates from the Mas

To ensure that the parent SuperAgent is up‑to‑date with the latest content update, SuperAgentwake‑up calls broadcast must be enabled. See Enable Super

Agent relay capabilityIf your network configuration blocks communication between the McAfee Agent and the McAfee ePOserver, the agent can't recei

TaskFor option definitions, click ? in the interface.1Click Menu | Systems | System Tree | Systems, then select a group under System Tree. All the sys

5Click Create New task. The new client task page appears.6Select the required option, then click Save.Options DefinitionRelayServer StatisticsCollects

6From the Available Properties, select Event Description.7Click ... in the Event Description row and choose one of the following options from the list

Locate inactive agentsAn inactive agent is one that has not communicated with the McAfee ePO server within auser‑specified time period.Some agents mig

Agent GUIDCPU Serial NumberCPU Speed (MHz)CPU TypeCustom Props 1‑4Communication TypeDefault LanguageDescriptionDNS NameDomain NameExcluded TagsFree Di

View agent and product propertiesA common troubleshooting task is to verify that the policy changes you made match the propertiesretrieved from a syst

Important/Caution: Valuable advice to protect your computer system,software installation, network, business, or data.Warning: Critical advice to preve

7Working with the agent from the McAfee ePO serverQueries provided by McAfee Agent80McAfee® Agent 4.8.0 Product Guide

8Running agent tasks from the managedsystemIf you can access the managed system where the agent is installed, you can view and manage somefeatures of

Option FunctionView Security StatusDisplays the current system status of managed McAfee products, including currentevents.McAfee Agent StatusMonitorTr

Run a manual updateUpdates can be run manually from a client system.Product updates can include:• Patch releases• Legacy product plug‑in (.DLL) files•

Send properties to the McAfee ePO serverThe agent can manually send properties to the McAfee ePO server from the managed system ifrequired before the

• Anti‑virus engines• Managed‑product signaturesView version numbers and settingsInformation about agent settings can be found on the managed system.T

Command‑line optionsParameter Description/C Checks for new policies. The agent contacts the McAfee ePO server for new or updatedpolicies, then enforce

9Agent activity logsThe agent activity log files are useful for determining agent status or for troubleshooting. Two log filesrecord agent activity an

Task1On the managed system, right‑click the McAfee Agent icon in the system tray, then select McAfeeAgent Status Monitor.2If you want to save the cont

IndexAabout this guide 7agentcommand-line options 85introduction to 11maintenance 65modes, converting 48properties, viewing 79relay capability 73remov

Introducing McAfee AgentGet familiar with McAfee Agent and what it does after being installed on theclient system.Chapter 1 About the McAfee AgentMcAf

Gglobal unique identifier (GUID)duplicate 41scheduling corrective action for duplicates 41global updatingevent forwarding and agent settings 59groupsd

system tray icon (continued)visibility 82System Treedeleting systems from 51groups and manual wake-up calls 68removing agents 51removing agents from s

00