Installation Guide Revision B. McAfee Active Response 2.2.0

Size: px
Start display at page:

Download "Installation Guide Revision B. McAfee Active Response 2.2.0"

Transcription

1 Installation Guide Revision B McAfee Active Response 2.2.0

2 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Active Response Installation Guide

3 Contents 1 Pre-Installation 5 System requirements for Active Response Active Response network ports Installing Active Response 9 Install Active Response Install the Active Response extensions Install the Active Response server Install aggregators (optional) Install the Active Response clients Uninstall Active Response clients Installation error messages Viewing the Active Response Health status Upgrading Active Response 21 Upgrade Active Response Upgrade the Active Response server Upgrade the Active Response extensions Upgrade clients Upgrade content packages Upgrade Trace rules content package Getting started 25 Managing access Recommendations for configuring clients Create an Active Response policy Performance recommendations for Windows servers Configuring Active Response Service Changing the cloud storage geolocation Configuring multiple McAfee epo servers Bridged and non-bridged McAfee epo server configuration examples Troubleshooting Active Response 33 Roll back content rules Index 35 McAfee Active Response Installation Guide 3

4 Contents 4 McAfee Active Response Installation Guide

5 1 Pre-Installation 1 Contents System requirements for Active Response Active Response network ports System requirements for Active Response Make sure that your system environment meets these requirements and that you have administrator rights. For a complete list of supported platforms, environments, and operating systems for McAfee Active Response, see KB Minimum requirements for McAfee Data Exchange Layer components Use the following table to determine your minimum McAfee Data Exchange Layer (DXL) components based on your McAfee epolicy Orchestrator (McAfee epo ) server environment. Component Single McAfee epo server environment Multiple McAfee epo server environment DXL extensions DXL endpoint clients HF3 (< RS2, Linux, macos) (RS2/RS3) DXL brokers 3.1.x* (at least one DXL broker must be online) * With version 3.1.x broker, the Health Status page reports an out-of-date broker. This alert can be disregarded. Minimum requirements for the Active Response server The server can be installed on a physical server or a virtual machine. 1 CPU with 4 cores 8 GB RAM 140-GB solid-state disk McAfee Active Response Installation Guide 5

6 1 Pre-Installation System requirements for Active Response Supported web browsers for the user interface Internet Explorer 11 or later Microsoft Edge on Windows 10.0 Chrome 53.0 or later Firefox 46.0 or later Safari 8.0 or later (on Macintosh operating systems only) Supported operating systems for the Active Response endpoint client Operating system Version Architecture Processor RAM Minimum Free Hard Disk space Windows 10 (Redstone 3) Windows 10 (Redstone 2) Windows 10 Enterprise, Anniversary Update Base 32-bit and 64-bit 2 GHz or higher 3 GB 1 GB Base 32-bit and 64-bit 2 GHz or higher 3 GB 1 GB Base 32-bit and 64-bit 2 GHz or higher 3 GB 1 GB Windows 8.1 Enterprise Base, U1 32-bit and 64-bit 2 GHz or higher 3 GB 1 GB Windows 8.0 Base 32-bit and 64-bit 2 GHz or higher 3 GB 1 GB Windows 7 Enterprise Up to SP1 32-bit and 64-bit 1.4 GHz or higher 2 GB 1 GB Windows 7 Professional Up to SP1 32-bit and 64-bit 1.4 GHz or higher 2 GB 1 GB Windows Server 2016 Base 64-bit 2 GHz or higher 3 GB 1 GB Windows 2012 Server Base, R2, U1 64-bit 2 GHz or higher 3 GB 1 GB Windows 2008 R2 Enterprise Windows 2008 R2 Standard SP1 64-bit 2 GHz or higher 3 GB 1 GB SP1 64-bit 2 GHz or higher 3 GB 1 GB CentOS* bit only 2 GHz or higher 2 GB 1 GB Red Hat* bit only 2 GHz or higher 2 GB 1 GB macos* High Sierra (10.13) Sierra (10.12) El Capitan (10.11) 64-bit 2 GHz or higher 2 GB 1 GB * Does not support the Trace functionality or displaying data on the Threat Workspace. On Linux 64-bit systems, compatible 32-bit libraries must be installed on endpoints for Active Response to work properly. See KB89991 for instructions. Minimum requirements for the Active Response endpoint client Product Windows Linux macos McAfee epo McAfee Agent (< RS2) (RS2/RS3) (El Capitan and Sierra) (High Sierra) 6 McAfee Active Response Installation Guide

7 Pre-Installation Active Response network ports 1 Product Windows Linux macos Data Exchange Layer Endpoint Security Threat Prevention with Threat Intelligence module Endpoint Security with Advanced Threat Protection HF3 (< RS2) (RS2/RS3) (< RS2) (RS2) (RS3)* (< RS2) (RS2) (RS3) HF HF ** *** Microsoft Windows 10 (version 1607) - Anniversary Update (Redstone 1 [RS1]) Microsoft Windows 10 (version 1703) - Creators Update (Redstone 2 [RS2]) Microsoft Windows 10 (version 1709) - Fall Creators Update (Redstone 3 [RS3]) *If you have Redstone 3 endpoints, McAfee Endpoint Security or must be checked in to the Master Repository before installing the Active Response client bundle. **Install McAfee Endpoint Security on Linux endpoints before installing Active Response 2.2. ***Install Endpoint Security for macos before installing Active Response 2.2. If an endpoint does not currently have a version of Endpoint Security or McAfee VirusScan Enterprise, the appropriate version of the Endpoint Security modules is installed automatically with the Active Response installation. If an endpoint currently has an unsupported version of Endpoint Security, upgrade the modules on the endpoint to a supported version. See also Install Active Response 2.2 on page 9 Install the Active Response clients on page 14 Installation error messages on page 16 Viewing the Active Response Health status on page 17 Configuring multiple McAfee epo servers on page 30 Upgrade clients on page 22 Active Response network ports Active Response uses these ports for network connectivity. Make sure your network settings are not blocking access to the Active Response server and clients through these ports. Table 1-1 Server ports Port number Open to 443 Connect to extensions on the McAfee epo server Connect the DXL broker to the DXL client on the McAfee epo server Connect McAfee Agent to the McAfee epo server. Incoming connections Yes Yes Yes Outgoing connections Yes Yes Yes McAfee Active Response Installation Guide 7

8 1 Pre-Installation Active Response network ports Table 1-1 Server ports (continued) Port number Open to 22 Connect remotely through ssh to perform maintenance tasks. Incoming connections 123 UDP Network Time Protocol Yes Yes Table 1-2 Client ports Port number Open to 8081 Connect McAfee Agent to a McAfee epo server. Yes Outgoing connections Yes Incoming connections Outgoing connections 8883 Connect the DXL client to a DXL broker. Yes Yes Yes Yes 8 McAfee Active Response Installation Guide

9 2 Installing 2 Active Response Contents Install Active Response 2.2 Uninstall Active Response clients Installation error messages Viewing the Active Response Health status Install Active Response 2.2 The installation of Active Response includes several components and clients. Before you begin You have reviewed the system requirements for Active Response. Before installing Active Response, make sure you have installed Endpoint Security, Data Exchange Layer, and Threat Intelligence Exchange. See the installation guides for these products. Follow these tasks, if you are installing Active Response for the first time. 1 Install and check in the Active Response extensions bundle 2 Mount and configure the ISO file 3 Install and check in the Active Response Aggregator file (optional) 4 Deploy the endpoints Tasks Install the Active Response extensions on page 10 You must install the Active Response extensions on the McAfee epo server so it can be managed by Software Manager. Install the Active Response server on page 10 Install and configure the Active Response server. The Active Response server communicates with the Active Response clients running on endpoints to collect data and remediate actions. Install aggregators (optional) on page 14 You are not required to install an aggregator to use Active Response. But, aggregators reduce the amount of DXL bandwidth required, and increase the number of managed endpoints supported. Install the Active Response clients on page 14 Active Response clients are ready to function immediately after installation and configuration. See also System requirements for Active Response on page 5 McAfee Active Response Installation Guide 9

10 2 Installing Active Response Install Active Response 2.2 Install the Active Response extensions You must install the Active Response extensions on the McAfee epo server so it can be managed by Software Manager. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Software Software Manager. 3 Locate and select the Active Response extensions bundle. 4 Click Check in. 5 Accept the License Agreement and click OK. Install the Active Response server Install and configure the Active Response server. The Active Response server communicates with the Active Response clients running on endpoints to collect data and remediate actions. Active Response server is provided as an ISO image, packaging a McAfee Linux Operating System (MLOS) instance. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Software Software Manager and download the Active Response server ISO file. 3 Mount the ISO in a supported Virtual Infrastructure System. For supported systems, see KB Start the system where the Active Response server will be installed, making sure that it boots from the Active Response server ISO image. MLOS and all needed packages are installed automatically after the system starts. 5 When the installation finishes, restart the system. Make sure that it starts from the installed system, not from the ISO image. 6 Configure the Active Response server. a Read the License Agreement and enter Y to accept its terms. b c d e Set a root password and confirm it. Create an operational account. You can use this account to connect through ssh to the system, and use su to obtain root permissions. Select the main network interface for the system. This interface connects the Active Response server to McAfee epo and the Data Exchange Layer. Configure the network interface. Enter D for DHCP configuration. Enter M to manually set the network addresses. f g Set a host name and domain name for the system. Set the time server for the system. 10 McAfee Active Response Installation Guide

11 Installing Active Response Install Active Response h (Optional) Set proxy variables. http_proxy and https_proxy definitions are comma-separated lists of host names or IP addresses. no_proxy definition is a comma-separated list of host names, domains, or IP addresses. Proxy settings are for operating system administration only. Active Response does not use proxies to communicate with McAfee epo or network endpoints. i j Configure McAfee Agent to set up the connection to McAfee epo. Select which services must run on the system. DXL Broker Installs a Data Exchange Layer broker. If your environment already has a least one DXL broker version or later, you can choose not to install a new instance of the broker. AR Server Installs the Active Response server. k Set the DXL broker communication port. 7 Log on to McAfee epo as an administrator and verify that an Active Response server is listed in the System Tree. Tasks Configure the DXL broker extension on page 11 Broker extensions are additional features that can be enabled on a Data Exchange Layer broker to add new functionality created by other managed products. Enable the Trace broker extension used by Active Response. Create a McAfee Cloud account on page 12 Create a McAfee Cloud account and link it to McAfee epo server. Link an existing cloud account on page 13 Link an existing cloud account to McAfee epo server. Configure McAfee epo proxy server settings (optional) on page 13 If your company uses proxy addresses, enter the IP address for the Active Response server in the McAfee epo proxy settings. Best Practices for the Threat Intelligence Exchange server on page 14 Follow this recommendation if you are installing TIE and Active Response servers for the first time. See also Configuring Active Response Service on page 28 Configure the DXL broker extension Broker extensions are additional features that can be enabled on a Data Exchange Layer broker to add new functionality created by other managed products. Enable the Trace broker extension used by Active Response. Active Response 2.1 or later requires at least one DXL broker version or later. The Trace extension is not available on previous broker versions. Task 1 Select Menu Configuration Server Settings DXL Topology. 2 Click Edit. 3 Select a broker and next to Broker Extension, select Provides trace data to the cloud for MAR Workspace. 4 Click Save. McAfee Active Response Installation Guide 11

12 2 Installing Active Response Install Active Response 2.2 Create a McAfee Cloud account Create a McAfee Cloud account and link it to McAfee epo server. McAfee epo Cloud Bridge is an extension that you install on your local McAfee epo server, allowing you to link your McAfee epo server to your McAfee Cloud account where you store threat data. You can register a new cloud account or configure your cloud account through the Workspace Configuration link. From the Workspace bar, click Configuration to view the status of your McAfee Cloud account. If your McAfee Cloud account is not configured, select a cloud data location or geolocation from the drop-down list. If you are upgrading to Active Response 2.2, the previous geolocation (US west coast) from Active Response 2.1 remains the default selection. If you have a McAfee Cloud Account, click the link to log on to your account. If you do not have a McAfee Cloud Account, click the link to create one. 1 Create a cloud account from the Configuration pane or register for a cloud account at login.mcafee.com/v1/signup/en-us/epo/cloudtenantsignup. 2 Complete the company and contact information. The address you provide is the address used to create the McAfee Cloud account for your company. 3 Read and accept the license agreement to complete the registration and click Submit. 4 After submitting the form, you will receive an to activate the McAfee Cloud account and set the password. 12 McAfee Active Response Installation Guide

13 Installing Active Response Install Active Response After the McAfee Cloud account is successfully activated, you must link it to the McAfee epo server. 1 Log on to McAfee epo as administrator. 2 Select Menu Configuration Server Settings McAfee epo Cloud Bridge. 3 Click Edit 4 Type in the account credentials and click Save. Switching between different geolocations is not supported or recommended, because of a high risk of losing data. This setting is meant to be permanent. See also Link an existing cloud account on page 13 Changing the cloud storage geolocation on page 29 Link an existing cloud account Link an existing cloud account to McAfee epo server. Before you begin You need the McAfee Cloud account and password. To link an existing McAfee Cloud account to McAfee epo server, you must enable McAfee Cloud Threat Detection. Enter the address used to create your McAfee Cloud account. If you have forgotten your password, click Configuration on the Workspace and click Reset password. Enter the address used to create your Cloud account and click Submit. 1 Log on to McAfee epo as administrator. 2 Select Menu Configuration Server Settings McAfee epo Cloud Bridge. 3 Click Edit. 4 Type in the account credentials and click Save. If you unlink an existing McAfee Cloud account from the McAfee epo Cloud Bridge settings, and link to a different McAfee Cloud account, you lose access to the threat data in the previous McAfee Cloud account. See also Create a McAfee Cloud account on page 12 Configure McAfee epo proxy server settings (optional) If your company uses proxy addresses, enter the IP address for the Active Response server in the McAfee epo proxy settings. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Configuration Server Settings Proxy Settings. 3 Click Edit. McAfee Active Response Installation Guide 13

14 2 Installing Active Response Install Active Response Enter the proxy information. 5 Click Save. Best Practices for the Threat Intelligence Exchange server Follow this recommendation if you are installing TIE and Active Response servers for the first time. If you are installing the TIE and Active Response servers for the first time, install the TIE server first. Run the TIE server in your environment for a few days before enabling tracing on endpoints. Files that do not show suspicious activity and have high prevalence because they are executed on a majority of endpoints, are automatically set to Might be Trusted reputation. This means you do not need to manually change occurrences of these reputations in the Active Response Workspace later. You can fine-tune the TIE Reputations database and decide on the reputations for your corporate-owned files and certificates before Active Response starts inspecting running processes, looking for potential threats. Install aggregators (optional) You are not required to install an aggregator to use Active Response. But, aggregators reduce the amount of DXL bandwidth required, and increase the number of managed endpoints supported. Install Active Response aggregators on DXL broker systems in your fabric. We recommend that you install an aggregator on each system in your fabric that runs only a DXL broker. Aggregators can't be installed on Active Response or TIE server systems. Do not pre-install the DXL client or install a DXL client upgrade package from McAfee epo on the DXL broker. Always use the Active Response Aggregator package to install the DXL client on the DXL broker. You can install the aggregator package from the Master Repository. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Software Software Manager and check in the Active Response Aggregator package. 3 Select Menu Software Product Deployment, then click New Deployment. 4 In the Package drop-down list, select the Active Response aggregator. 5 Click Select Systems and choose the DXL broker where to install the aggregator. 6 Select Run Immediately and click Save to start deployment. Install the Active Response clients Active Response clients are ready to function immediately after installation and configuration. Before you begin Look at the Health Status page before and after installing to view any endpoint incompatibilities or deployment errors. Make sure your Windows endpoints are running McAfee Agent or later. Make sure your Linux endpoints are running McAfee Agent or later and Endpoint Security for Linux McAfee Active Response Installation Guide

15 Installing Active Response Uninstall Active Response clients 2 Make sure your macos endpoints are running McAfee Agent and Endpoint Security for Mac on High Sierra McAfee Agent and Endpoint Security for Mac on El Capitan and Sierra If you have Redstone 3 endpoints, Endpoint Security or must be checked in to the Master Repository before installing the Active Response client bundle. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Software Product Deployment, then click New Deployment. During deployment on Windows systems, Active Response disables Microsoft Protection Service momentarily to complete the installation. Endpoint users might see a warning that this service has been disabled. When the installation is complete, Microsoft Protection Service is restored and the warning can be ignored. 3 Select the Active Response client software package, McAfee Active Response for Windows, Linux, and macos. On Linux 64-bit systems, compatible 32-bit libraries must be installed on endpoints for Active Response to work properly. See KB89991 for instructions. 4 Click Select Systems to select which endpoints to manage with Active Response. 5 Select Run Immediately and click Save to start deployment. 6 Deploy the Active Response clients. All needed clients are installed. If an older version is already installed, the Active Response client is updated with the newer version. Also, if deploying on an older system that takes longer for a new deployment, create a client task and increase the timeout setting to greater than 20 minutes (the default setting). This ensures the deployment does not time-out before it completes. After deploying the Active Response clients, make sure to configure the appropriate McAfee epo policies. See also System requirements for Active Response on page 5 Installation error messages on page 16 Upgrade clients on page 22 Recommendations for configuring clients on page 26 Uninstall Active Response clients Remove Active Response clients from endpoints. This procedure does not remove Endpoint Security Threat Intelligence module, Endpoint Security Adaptive Threat Protection or Data Exchange Layer. McAfee Active Response Installation Guide 15

16 2 Installing Active Response Installation error messages Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Software Product Deployment New Deployment. 3 Complete and save the new deployment information for the uninstall. 4 In the Product Deployment page, from the Action drop-down, select Uninstall. Then start the deployment to uninstall Active Response. Installation error messages Detailed endpoint installation errors are described in the Threat Event Log to inform you of missing or invalid dependencies. If an installation fails, the error messages listed in the Server Task Log are generic and non-specific. Select Menu Reporting Threat Event Log to display detailed error messages caused by various deployment issues. A package is missing on McAfee epo McAfee Endpoint Security Endpoint Security Threat Prevention Threat Intelligence Exchange Endpoint Security Adaptive Threat Protection Data Exchange Layer 3.0 Deployed version is below minimum requirement VirusScan Enterprise < McAfee Agent < McAfee Agent < for Microsoft Windows 10 (version 1703) - Creators Update (Redstone 2) Endpoint Security < 10.2 or Threat Intelligence module < 10.2 Endpoint Security < or Endpoint Security < for Microsoft Windows 10 (version 1703) - Creators Update (Redstone 2) McAfee Host Intrusion Prevention < Client installer failed Endpoint Security Endpoint Security Adaptive Threat Protection Endpoint Security Threat Prevention Data Exchange Layer Threat Intelligence Exchange Active Response 16 McAfee Active Response Installation Guide

17 Installing Active Response Viewing the Active Response Health status 2 Table 2-1 Error messages Error code Error Message Description 0 UNKNOWN Unknown error 1 ESP_MISSING_PACKAGE_ON_EPO ESP missing package on epo 2 TP_MISSING_PACKAGE_ON_EPO TP missing package on epo 3 TIE_MISSING_PACKAGE_ON_EPO TIE missing package on epo 4 ATP_MISSING_PACKAGE_ON_EPO ATP missing package on epo 5 DXL_MISSING_PACKAGE_ON_EPO DXL missing package on epo 6 VSE_INSTALLED VSE installed 7 MA_INCOMPATIBLE_VERSION MA incompatible version installed 8 ESP_INCOMPATIBLE_VERSION ESP incompatible version installed 9 TP_INCOMPATIBLE_VERSION TP incompatible version installed 10 HIP_INCOMPATIBLE_VERSION HIP incompatible version installed 11 ESP_INSTALLATION_FAILED ESP installation failed 12 TP_INSTALLATION_FAILED TP installation failed 13 TIE_INSTALLATION_FAILED TIE installation failed 14 ATP_INSTALLATION_FAILED ATP installation failed 15 DXL_INSTALLATION_FAILED DXL installation failed 16 MAR_INSTALLATION_FAILED MAR installation failed The error codes are stored in the MarCustomEvent table on McAfee epo server. The events are sent from the McAfee Agent based on its configuration. If you are using a McAfee Agent version equal to or greater than 5.0.6, you can see the Error code number in the Running Task view output if an installation failure occurs. See also System requirements for Active Response on page 5 Install the Active Response clients on page 14 Viewing the Active Response Health status on page 17 Viewing the Active Response Health status The Active Response Health Status page displays the number of endpoints, status of endpoint deployments, incompatible and unsupported versions, and connection issues with servers and services. The Active Response Health Status page is a central location to check the status of endpoints and servers before installing upgrades or troubleshooting issues. To view the Active Response Health Status page, select Menu Systems Active Response Health Status or click the link in the Health Status Alert window if it appears when you open the Workspace. The Health Status Alert window appears if the endpoints, servers, or cloud services need attention due to critical issues. Total endpoints The total number of endpoints in the environment where Active Response is deployed, awaiting deployment, incompatible, or deployment failed. McAfee Active Response Installation Guide 17

18 2 Installing Active Response Viewing the Active Response Health status Active Response deployed The number of endpoints currently running Active Response and displays Trace status managed by McAfee epo. If the Trace plug-in is disabled, a warning message appears and the status displays the number of endpoints affected. Click the link to see the list of hosts affected. Ready for Active Response deployment An installation or deployment task is pending, but has not yet run. The number of new endpoints (macos, Windows, Linux) needing deployment and the number of endpoints needing updates are displayed. Incompatible with Active Response There is an Active Response requirement on the endpoint that is not met. The status lists: Unsupported versions of an endpoint client such as Endpoint Security or McAfee Agent and the number of endpoints affected. Unsupported clients such as VirusScan Enterprise on the endpoint and the number of endpoints affected. Endpoints with unsupported OS versions and the number of endpoints affected. The Active Response installer fails to install on endpoints with an unsupported OS version, so you know which endpoints need upgrading. Active Response deployment failed An installation or deployment task ran but failed to complete. The status displays the installations that failed and the number of endpoints affected. Active Response Server Displays the version and status of the Active Response server and a link to its configuration page. The status displays if the server is unreachable or needs to be updated. Click the link to troubleshoot the issue. DXL Brokers Displays the version and status of the DXL brokers that displays a successful or failed connection. If a broker is not available, click the link to troubleshoot the issue. Threat Intelligence Exchange Servers Displays the version and status of the TIE servers and a link to its configuration page. If a server is not available, click the link to troubleshoot the issue. Cloud Storage and Services There are connection or configuration requirements that have not been met. The cloud account is not set up. The Cloud Bridge connection is disrupted. A cloud connection time-out occurred. 18 McAfee Active Response Installation Guide

19 Installing Active Response Viewing the Active Response Health status 2 Bridged McAfee epo servers are configured with different geolocations. You can select only one geolocation for each DXL fabric. Switching between different geolocations is not supported or recommended, because of a high risk of losing data. This setting is meant to be permanent. Bridged McAfee epo servers are linked to different cloud accounts. You can configure only one cloud account to bridged McAfee epo servers. Switching between multiple cloud accounts is not supported or recommended, because of a high risk of losing data. We recommend using one cloud account for managing your cloud geolocation and bridged McAfee epo servers. See also System requirements for Active Response on page 5 Upgrade clients on page 22 Installation error messages on page 16 McAfee Active Response Installation Guide 19

20 2 Installing Active Response Viewing the Active Response Health status 20 McAfee Active Response Installation Guide

21 3 Upgrading 3 Active Response Upgrade Active Response A complete upgrade installs a new Active Response server, extensions, and client packages. To minimize downtime during the upgrade process, install components in this order: 1 Active Response server: MAR-Server-Bundle_{version}.zip 2 Active Response extensions: Active_Response_MAR_{version}.zip 3 Active Response aggregator (optional) 4 Active Response clients on managed systems Do not upgrade the DXL client with a standard DXL client package on a DXL broker with an Active Response aggregator installed. The Active Response aggregator is incompatible with the standard DXL client. For a DXL broker with Active Response aggregator installed, all DXL client updates will be included in a new Active Response aggregator package. Tasks Upgrade the Active Response server on page 21 Install Active Response server update packages from the McAfee epo Software Manager. Upgrade the Active Response extensions on page 22 Upgrade the Active Response extensions on McAfee epo server. Upgrade clients on page 22 Install a newer version of the Active Response client on managed systems to upgrade clients. Upgrade content packages on page 23 Install content packages to get new collectors and reactions, or new versions of existing built-in collectors and reactions. Upgrade Trace rules content package on page 24 The Active Response rules content package adds, updates, and removes old Trace rules. You can automatically deploy Trace rules content updates to endpoints when a new update is available in Software Manager. Upgrade the Active Response server Install Active Response server update packages from the McAfee epo Software Manager. McAfee Active Response Installation Guide 21

22 3 Upgrading Active Response Upgrade Active Response Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Software Software Manager and check in the Active Response Server package. 3 To deploy the update package: a Select Menu Software Product Deployment, then click New Deployment. b c d e f In the Package drop-down list, select the server update package. Click the + sign to add an additional package. In the Package drop-down list, select the server platform update package. Click Select Systems to select the Active Response server in your network. Select Run Immediately and click Save to start deployment. See also Configuring Active Response Service on page 28 Upgrade the Active Response extensions Upgrade the Active Response extensions on McAfee epo server. Before you begin Active Response server of the same or later version must be installed. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Software Software Manager. 3 Select Software Not Checked In Licensed. 4 Locate and select the Active Response extensions bundle. 5 Click Check in. 6 Accept the License Agreement, then click OK. After the extensions are installed, upgrade the Active Response client. Upgrade clients Install a newer version of the Active Response client on managed systems to upgrade clients. Before you begin Look at the Health Status page before and after installing to view any endpoint incompatibilities or deployment errors. Make sure your Windows endpoints are running McAfee Agent or later. Make sure your Linux endpoints are running McAfee Agent or later and Endpoint Security for Linux McAfee Active Response Installation Guide

23 Upgrading Active Response Upgrade Active Response 3 Make sure your macos endpoints are running McAfee Agent and Endpoint Security for Mac on High Sierra McAfee Agent and Endpoint Security for Mac on El Capitan and Sierra If you have Redstone 3 endpoints, Endpoint Security or must be checked in to the Master Repository before installing the Active Response client bundle. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Software Product Deployment, then click New Deployment. During deployment on Windows systems, Active Response disables Microsoft Protection Service momentarily to complete the installation. Endpoint users might see a warning that this service has been disabled. When the installation is complete, Microsoft Protection Service is restored and the warning can be ignored. 3 Select the Active Response client software package, McAfee Active Response for Windows and Linux. On Linux 64-bit systems, compatible 32-bit libraries must be installed on endpoints for Active Response to work properly. See KB89991 for instructions. 4 Click Select Systems to select which endpoints to manage with Active Response. 5 Select Run Immediately and click Save to start deployment. 6 Deploy the Active Response clients. All needed clients are installed. If an older version is already installed, the Active Response client is updated with the newer version. Also, if deploying on an older system that takes longer for a new deployment, create a client task and increase the timeout setting to greater than 20 minutes (the default setting). This ensures the deployment does not time-out before it completes. You can upgrade Active Response clients while they are online. As soon as the new version is installed, clients respond to the Active Response server. See also System requirements for Active Response on page 5 Install the Active Response clients on page 14 Viewing the Active Response Health status on page 17 Recommendations for configuring clients on page 26 Configuring multiple McAfee epo servers on page 30 Upgrade content packages Install content packages to get new collectors and reactions, or new versions of existing built-in collectors and reactions. New versions of collectors and reactions in the content package might make some of your saved searches and triggers unusable. This only happens if the update changes a built-in collector output field, or if the update changes built-in reaction arguments. Check the McAfee Active Response Content Update Release Notes for information about changes to collectors and reactions introduced by a content package. McAfee Active Response Installation Guide 23

24 3 Upgrading Active Response Upgrade Active Response Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Software Software Manager and check in the Active Response content package. Content packages have this naming convention: BaseActiveResponseContent MajorVersion.MinorVersion.PatchVersion BuildVersion.zip If you have Auto Update enabled for deployments, after the package checks in to the Master Repository it is installed automatically. If you do not have Auto Update enabled, create an update deployment task. Upgrade Trace rules content package The Active Response rules content package adds, updates, and removes old Trace rules. You can automatically deploy Trace rules content updates to endpoints when a new update is available in Software Manager. Trace rules determine a potential threat and its severity, and displays it in the Trace Timeline. The mechanism to automatically update Trace rules content is enabled by default, with update tasks scheduled every 240 minutes (4 hours). This is an unattended task that is enabled in McAfee epo. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Policy Policy Catalog, then click My Default. 3 On the General tab, select Enable Unattended Content Updates to disable or enable this feature. If you disable this feature, you can update the rules manually. 4 To change the default time for Unattended Content Updates Timeout (minutes), edit the numeric value in the field. Updates are checked every cycle, and if there is a new update, it is deployed to the endpoints to update their Trace rules. See also Roll back content rules on page McAfee Active Response Installation Guide

25 4 Getting 4 started Contents Managing access Recommendations for configuring clients Configuring Active Response Service Changing the cloud storage geolocation Configuring multiple McAfee epo servers Bridged and non-bridged McAfee epo server configuration examples Managing access After installation, Active Response creates permission sets to manage access to its resources. Group Active Response Editor Allows access to all features and resources. Most importantly, this permission set allows users to create, edit, and delete collectors, triggers, and reactions. Set this permission set for users that need to: Create custom content. Set triggers to automatically catch events on endpoints and execute reactions. Back up or share custom content with other McAfee epo instances. Group Active Response Responder Allows access to Active Response Search. It also allows users to see the content and configuration of collectors, triggers, and reactions, but not to edit or delete them. Set this permission set for users that need to: Actively monitor endpoints for indicators of compromise. Quickly execute reactions from Active Response Search results. Group Active Response Responder Workspace Monitor Allows access to the Threat Workspace and Active Response Search functions. It allows users to see threat behavior activity, and to execute searches to investigate a potential threat but not take remediation actions. Set this permission for users that need to: Actively monitor endpoints for indicators of compromise. Inform incident responders who can remediate a possible threat. Group Active Response Workspace Responder Allows full access to the Threat Workspace and Active Response Search functions. It allows users to see threat behavior activity, execute searches to investigate a potential threat and take immediate action through the Threat Workspace, or automate tasks on endpoints through triggers and reactions. Set this permission for users that need to: Actively monitor endpoints for indicators of compromise. Take immediate action on endpoints using the Threat Workspace. McAfee Active Response Installation Guide 25

26 4 Getting started Recommendations for configuring clients Quickly execute reactions from search results. Create custom content. Set triggers to automatically catch events on endpoints and execute reactions. Back up or share custom content with other McAfee epo instances. You can also customize access management by creating your own permission sets. Privacy information and Active Response Active Response collects information from managed endpoints, such as user names, system names, and IP addresses. It also includes process activity such as modified registry entries, files created, and established network connections. Access to this information is available in Active Response pages in McAfee epo. Make sure that access to these pages is authorized and appropriately managed. McAfee epo restrictions to the System Tree through access management configuration do not prevent Active Response users from receiving information from systems outside their authorized segment of the System Tree. Make sure that Active Response users are qualified and trained to appropriately handle private information from your users systems. McAfee also collects data that is not personally identifiable to further enhance threat intelligence, but cannot search the data or trace it back to a specific organization. For more information, review the License Agreement. Recommendations for configuring clients Use McAfee epo policies to configure Active Response clients. Using policies, you can: Set the maximum number of results returned by search expressions. Enable endpoints to execute triggers. Enable Network Flow and File Hashing collectors and triggers. Enable the Trace plug-in on the endpoint. This is required to see potential threat activity in the Threat Workspace. Set database limits and maximum number of results returned by the Network Flow collector. For Network Flow in Windows, traffic can be excluded for specific processes. This is done using the complete process path. Set database limits, maximum number of results returned, and files excluded by the File Hashing collector. You can also exclude entire paths and extensions by policy. File Hashing "Hash Strategy" determines how many endpoint resources are dedicated for hashing. For example, setting the default to Low reduces performance impact (resource consumption), but makes the hashing period longer. Set database and data limits for the Trace collector. Enable system logging on managed endpoints. Enable data folder protection. When selected, you cannot read the files in C:\ProgramData\McAfee\MAR \data. Deselect it to read the logs and config files. Preset McAfee epo policies After installing Active Response, the following McAfee epo policies are available in the Policy Catalog: 26 McAfee Active Response Installation Guide

27 Getting started Recommendations for configuring clients 4 McAfee Default This is the policy enforced by default after installation. When this policy is enforced, Network Flow and Trace collectors are enabled. Triggers and File Hashing are disabled. Full Visibility When this policy is enforced, NetworkFlow, File Hashing, and Trace collectors are enabled. Triggers are disabled. Full Monitoring When this policy is enforced, all collectors and triggers are enabled. See also Install the Active Response clients on page 14 Upgrade clients on page 22 Create an Active Response policy Create an Active Response policy with custom settings. Task 1 Select Menu Policy Policy catalog. 2 From the Product list, select Active Response. 3 Select New Policy, or select an existing policy and select Duplicate. 4 Enter a name and a brief description for the new policy, then click OK. 5 Complete the fields on the Policy Catalog page for the options you want to apply to the policy. After you create a policy, assign it to managed systems to configure the Active Response clients on those systems. See the McAfee epo documentation for information about assigning policies. Performance recommendations for Windows servers Use the following recommendations to configure Active Response running on Windows servers. Active Response network flow From Menu Policy Policy Control, select the Network Flow tab and deselect Collect TCP/UDP System process information (Windows only). Prevent Active Response from tracking and keeping a history of all connections to save disk and CPU usage. To do this, ignore the network traffic from the binary that attends to network requests. Configure this behavior through the Active Response endpoint policy in McAfee epo by using the full path of the binary. For example: Apache server C:\Apache24\bin\httpd.exe IIS web server C:\Windows\System32\inetsrv\w3wp.exe Active Response file hashing Set the Hash Strategy to Low. Ignore folders where: The server logs and data are saved, the server databases are located, and the servers data backup folders are located. This prevents Active Response from tracking and keeping a history of all files created, deleted, and changed, avoiding demands on disk and CPU usage. For example: Apache server C:\Apache24\logs; C:\Apache24\htdocs IIS web server C:\inetpub\wwwroot; C:\inetpub\logs McAfee Active Response Installation Guide 27

28 4 Getting started Configuring Active Response Service Active Response file hashing for SQL Server Ignore these SQL Server policy extensions: ldf, mdf, adf, bak Ignore FOLDERID_ProgramFiles\Microsoft SQL Server and the backup folder. Threat Intelligence Exchange reputations Make sure the reputation for the entire binary set that runs your server is set to Known Trusted. Configuring Active Response Service Configure how the Active Response service works. Use the Active Response option in the McAfee epo Server Settings page. Search execution time-to-live Active Response search expressions execute collectors on managed endpoints. Because endpoints might come online or offline during the execution of a collector, Active Response can't know when all endpoints that could answer have already answered. This configuration tells Active Response to stop expecting search results after a certain time has passed. Table 4-1 Active Response Server options Option Search time-to-live Search time-to-live at 50% Search time-to-live at 90% Compatibility with Active Response 1.0 clients Authentication Definition The timeout (in milliseconds) that Active Response waits since the last endpoint replied to a search expression. If another endpoint replies during this wait, the time count is restarted. Else, the search stops. Default: 15,000 ms Defines a percentage of the value in Search time-to-live that applies as the new timeout wait after 50% of available endpoints have replied. Default: 33% Defines a percentage of the value in Search time-to-live that applies as the new timeout wait after 90% of available endpoints have replied. Default: 7% When enabled, Active Response endpoint clients reply to searches, reactions, and triggers executed by an Active Response server. The Active Response service relies on McAfee epo certificates to authenticate access, so that only Active Response extensions can make service requests. This configuration is set up after the installation of the Active Response service. If you change the certificates used by McAfee epo, use this configuration option to reset the certificates in the Active Response server. Active Response Workspace configuration These Workspace configuration settings control what you see on the Threat Workspace. The Process instances setting controls the number of potential threat instances that display on the trace chart. The Events per instance setting controls the number of potential threat events that display on the trace chart. Server and aggregator tags After installation, the Active Response server and aggregator systems are automatically applied with these tags: 28 McAfee Active Response Installation Guide

29 Getting started Changing the cloud storage geolocation 4 MARSERVER Identifies the Active Response server. MARAGG Identifies an Active Response aggregator system. DXLBROKER Identifies both the Active Response server and the aggregators. You can review and edit the tags applied to your systems in the McAfee epo System Tree. See also Install the Active Response server on page 10 Upgrade the Active Response server on page 21 Changing the cloud storage geolocation Change the cloud storage location for your threat data. From the Workspace, click Configuration to select a different geolocation from the Cloud Account drop-down list. Here are guidelines for selecting different geolocations. Switching between different geolocations is not supported or recommended, because of a high risk of losing data. This setting is meant to be permanent. The selected geolocation from Active Response 2.1 remains the default selection after upgrading to Active Response 2.2. If you have bridged McAfee epo servers, you must select one geolocation and one McAfee Cloud account. You cannot point bridged McAfee epo servers to different geolocations. Check the Health Status page for alerts. If you have multiple McAfee epo servers that are not linked, you can select different geolocations, but you must use the same McAfee Cloud bridge account. You are allowed one geolocation per DXL fabric. You must use the same McAfee Cloud bridge account for all linked McAfee epo servers. Switching between multiple cloud accounts is not supported or recommended, because of a high risk of losing data. We recommend using one cloud account for managing your cloud geolocation and bridged McAfee epo servers. Endpoint roaming is not supported. Data between the cloud geolocations can't be shared. New geolocations are added to the selection menu as they become available, without reinstalling or upgrading Active Response. Only one geolocation is accessible at a time for trace information. For example, if you change from geolocation X to geolocation Y, all existing threat data that was available on geolocation X is no longer accessible. If you switch back to geolocation X, old trace information is accessible, but the new traces on geolocation Y are not accessible. You risk losing data by switching back and forth between one geolocation to another. See also Create a McAfee Cloud account on page 12 Bridged and non-bridged McAfee epo server configuration examples on page 30 McAfee Active Response Installation Guide 29

30 4 Getting started Configuring multiple McAfee epo servers Configuring multiple McAfee epo servers In a multiple McAfee epo server environment, there is more than one McAfee epo server connected to DXL brokers on bridged DXL fabrics. Bridging fabrics allows DXL brokers that are managed by different McAfee epo servers to communicate with each other. Requirements for a multiple McAfee epo server environment If you upgrade from Active Response 2.1 to 2.2 and bridge multiple McAfee epo servers, you must upgrade the DXL extensions, client, and at least one broker (which must be online) to version 4.0. See KB84473 for additional details. Install DXL 4.0 broker, extensions, and client. See KB84473 for DXL requirements for multiple McAfee epo servers. The Active Response 2.2 client must be deployed on all endpoints managed by the different McAfee epo servers. The DXL broker fabrics between McAfee epo servers must be bridged. Bridging DXL fabrics is covered in the DXL product guide. Using a multiple McAfee epo server environment To expand your remediation and upgrade capabilities Deploy Active Response client packages from one McAfee epo server to upgrade another bridged McAfee epo server's endpoints. Share saved and custom searches using collectors and reactions across bridged McAfee epo servers. Manage potential threats across bridged McAfee epo servers and store threat data in the cloud, using a single cloud storage location. Switching between multiple cloud accounts is not supported or recommended, because of a high risk of losing data. We recommend using one cloud account for managing your cloud geolocation and bridged McAfee epo servers. View and investigate potential threats on McAfee epo servers that you manage. Active Response 2.1 and earlier do not support environments where two or more McAfee epo servers have bridged DXL hubs. See also System requirements for Active Response on page 5 Upgrade clients on page 22 Bridged and non-bridged McAfee epo server configuration examples on page 30 Bridged and non-bridged McAfee epo server configuration examples Examples of bridged and non-bridged multiple McAfee epo server environments. McAfee epo servers are bridged A company bridges their USA and Germany McAfee epo servers on a single DXL fabric to use their TIE database worldwide for consistent hash reputations. In this scenario, they use a single cloud account and single cloud storage geolocation. A warning appears on the Health Status page and Health Status Alert window if they link their bridged McAfee epo servers to a different cloud account or change their cloud storage geolocation. 30 McAfee Active Response Installation Guide

31 Getting started Bridged and non-bridged McAfee epo server configuration examples 4 McAfee epo servers are not bridged A company has not yet bridged their USA and Germany McAfee epo servers on a single DXL fabric. They want parallel deployments for each geography because of a possible restriction where certain data cannot be shared between countries. The USA and Germany sites each have separate McAfee epo servers with separate TIE and Active Response servers. They each have different geolocations and use different cloud accounts. Endpoint roaming is not supported A company has two non-bridged McAfee epo servers assigned to different geolocations (USA and Germany). An employee travels to a different company site with her laptop managed by McAfee epo server A and geolocation USA. When she connects to McAfee epo server B in Germany, potential threats on her laptop will not appear in the Workspace managed by McAfee epo server B. See also Changing the cloud storage geolocation on page 29 Configuring multiple McAfee epo servers on page 30 McAfee Active Response Installation Guide 31

32 4 Getting started Bridged and non-bridged McAfee epo server configuration examples 32 McAfee Active Response Installation Guide

33 5 Troubleshooting 5 Active Response Roll back content rules The last update of Trace rules can be rolled back to a previous version by creating a client task. Two product properties are associated with the endpoint rules content rollback. Blacklisted Rules Version The version that is not applied when upgraded. Rules Version The current version of the client. View the properties, then create a task to roll back the rule. 1 Log on to McAfee epo as an administrator. 2 Select Menu Policy Client Task Catalog. 3 Under Client Task Types, locate and select Active Response Select Roll Back Dat Rules. 5 Click New Task and click OK. 6 Type in a name for the task. 7 In the Roll Back Rules text box, enter the version number of the rules you want to remove or block. When you run this task, a new blocked version is sent to the client and if one of them is already applied, the version automatically rolls back to the previously installed update. You can only roll back one rules version. 8 Click Save. 9 Select Menu Policy Client Task Assignments to assign this new task to all applicable endpoints. 10 Verify the completion of the rollback in the Threat Events logs to see the status. Reuse this client task to roll back subsequent rules updates. In the Roll Back Rules text box, comma-separate the previous version number from the new version number to blacklist. See also Upgrade Trace rules content package on page 24 McAfee Active Response Installation Guide 33

34 5 Troubleshooting Active Response Roll back content rules 34 McAfee Active Response Installation Guide

35 Index A access management, Active Response editor role 25 responder role 25 Active Response installation status 17 policy configuration 26 upgrade 21 aggregator tags, configuring 28 aggregators, installing 14 authentication, configuring 28 C client, Active Response 26 cloud bridge creating accounts 12 registering Active Response 12 common core extensions, installing 10 configuration access management 25 client 26 network ports 7 services 28 create an Active Response policy 27 D Data Exchange Layer cloud bridge 12 install the extension 10 E Endpoint Security extensions installation status 17 error messages, Active Response 16 F File Hashing, enabling 26 H health status information 17 I installation requirements, Active Response 5 installation, Active Response 10 client deployment 14 common core extensions 10 content update 23 enable automatic update 24 error messages 16 McAfee epo Cloud Bridge 12 proxy server settings 13 requirements 5 status on servers and endpoints 17 TIE server 14 trace rules update 24 uninstall clients 15 L Log files, enabling 26 M McAfee epo Cloud Bridge 12 P permission sets, Active Response, See access management policy configuration 26 policy, creating 27 ports, Active Response 7 proxy server settings 13 R roll back version, Active Response trace rules rollback 33 S server, Active Response 21, 28 T Threat Intelligence Exchange install the extension 10 install the TIE server 14 Threat Workspace configuring 28 McAfee Active Response Installation Guide 35

36 Index Trace U enabling 26 upgrade, Active Response 21 (continued) extensions 22 server 21 upgrade, Active Response 21 client deployment McAfee Active Response Installation Guide

37 0-B00

McAfee Active Response 2.0.0

McAfee Active Response 2.0.0 Product Guide McAfee Active Response 2.0.0 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel

More information

McAfee Active Response Installation Guide. (McAfee epolicy Orchestrator)

McAfee Active Response Installation Guide. (McAfee epolicy Orchestrator) McAfee Active Response 2.3.0 Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee MVISION Endpoint 1808 Installation Guide

McAfee MVISION Endpoint 1808 Installation Guide McAfee MVISION Endpoint 1808 Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee MVISION Endpoint 1811 Installation Guide

McAfee MVISION Endpoint 1811 Installation Guide McAfee MVISION Endpoint 1811 Installation Guide COPYRIGHT Copyright 2019 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide McAfee Endpoint Upgrade Assistant 2.3.x Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator) McAfee Endpoint Security 10.6.0 - Migration Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Client Proxy Installation Guide

McAfee Client Proxy Installation Guide McAfee Client Proxy 2.3.5 Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM,

More information

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide McAfee Endpoint Upgrade Assistant 1.5.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0)

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0) McAfee Endpoint Upgrade Assistant 1.6.0 Product Guide (McAfee epolicy Orchestrator 5.9.0) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator) McAfee Endpoint Upgrade Assistant 2.0.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0 Product Guide McAfee Endpoint Upgrade Assistant 1.4.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

Data Loss Prevention Discover 11.0

Data Loss Prevention Discover 11.0 Installation Guide Data Loss Prevention Discover 11.0 For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee Endpoint Security

McAfee Endpoint Security Migration Guide McAfee Endpoint Security 10.2.0 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the

More information

McAfee File and Removable Media Protection Installation Guide

McAfee File and Removable Media Protection Installation Guide McAfee File and Removable Media Protection 5.0.8 Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Threat Intelligence Exchange Installation Guide

McAfee Threat Intelligence Exchange Installation Guide McAfee Threat Intelligence Exchange 2.3.0 Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0 Reference Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

Installation Guide. McAfee Web Gateway Cloud Service

Installation Guide. McAfee Web Gateway Cloud Service Installation Guide McAfee Web Gateway Cloud Service COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee Threat Intelligence Exchange Installation Guide. (McAfee epolicy Orchestrator)

McAfee Threat Intelligence Exchange Installation Guide. (McAfee epolicy Orchestrator) McAfee Threat Intelligence Exchange 2.2.0 Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee Client Proxy Product Guide

McAfee Client Proxy Product Guide McAfee Client Proxy 2.3.5 Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone,

More information

McAfee Data Protection for Cloud 1.0.1

McAfee Data Protection for Cloud 1.0.1 Product Guide McAfee Data Protection for Cloud 1.0.1 For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,

More information

Installation Guide. McAfee Endpoint Security for Servers 5.0.0

Installation Guide. McAfee Endpoint Security for Servers 5.0.0 Installation Guide McAfee Endpoint Security for Servers 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud)

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud) McAfee Agent 5.5.0 Interface Reference Guide (McAfee epolicy Orchestrator Cloud) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Endpoint Security Threat Prevention Installation Guide - macos

McAfee Endpoint Security Threat Prevention Installation Guide - macos McAfee Endpoint Security 10.5.5 - Threat Prevention Installation Guide - macos COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Content Security Reporter 2.6.x Installation Guide

McAfee Content Security Reporter 2.6.x Installation Guide McAfee Content Security Reporter 2.6.x Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator)

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator) McAfee Content Security Reporter 2.5.0 Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator) McAfee Application Control 8.1.0 - Windows Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator)

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator) McAfee Content Security Reporter 2.5.0 Release Notes (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator) McAfee Client Proxy 2.3.4 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

Product Guide Revision A. McAfee Client Proxy 2.3.2

Product Guide Revision A. McAfee Client Proxy 2.3.2 Product Guide Revision A McAfee Client Proxy 2.3.2 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Data Exchange Layer Product Guide. (McAfee epolicy Orchestrator)

McAfee Data Exchange Layer Product Guide. (McAfee epolicy Orchestrator) McAfee Data Exchange Layer 4.1.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator) McAfee Client Proxy 2.3.3 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

McAfee Endpoint Security Threat Prevention Installation Guide - Linux McAfee Endpoint Security 10.5.1 - Threat Prevention Installation Guide - Linux COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Content Security Reporter 2.6.x Migration Guide

McAfee Content Security Reporter 2.6.x Migration Guide McAfee Content Security Reporter 2.6.x Migration Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

McAfee Firewall Enterprise epolicy Orchestrator Extension

McAfee Firewall Enterprise epolicy Orchestrator Extension Integration Guide Revision A McAfee Firewall Enterprise epolicy Orchestrator Extension COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo,

More information

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0 Migration Guide McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel

More information

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0 Installation Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

Migration Guide. McAfee Content Security Reporter 2.4.0

Migration Guide. McAfee Content Security Reporter 2.4.0 Migration Guide McAfee Content Security Reporter 2.4.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

Revision A. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

Revision A. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide Revision A McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Rogue Database Detection For use with epolicy Orchestrator Software

McAfee Rogue Database Detection For use with epolicy Orchestrator Software McAfee Rogue Database Detection 1.0.0 For use with epolicy Orchestrator 4.6.0 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo,

More information

McAfee Host Intrusion Prevention 8.0

McAfee Host Intrusion Prevention 8.0 Product Guide Self Protection addendum Revision A McAfee Host Intrusion Prevention 8.0 COPYRIGHT 2017 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel and McAfee logos, McAfee Active Protection,

More information

McAfee Policy Auditor 6.2.2

McAfee Policy Auditor 6.2.2 Release Notes McAfee Policy Auditor 6.2.2 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel

More information

McAfee Investigator Product Guide

McAfee Investigator Product Guide McAfee Investigator Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone,

More information

McAfee Active Response 2.1.0

McAfee Active Response 2.1.0 Release Notes McAfee Active Response 2.1.0 Contents About this release What's new Resolved issues Installation information Known issues Getting product information by email Where to find product documentation

More information

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0 Product Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide

McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide McAfee Endpoint Security for Linux Threat Prevention 10.5.0 Interface Reference Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee File and Removable Media Protection 6.0.0

McAfee File and Removable Media Protection 6.0.0 Product Guide McAfee File and Removable Media Protection 6.0.0 COPYRIGHT 2017 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the

More information

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator) McAfee Endpoint Security for Servers 5.1.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee MVISION Mobile Microsoft Intune Integration Guide McAfee MVISION Mobile Microsoft Intune Integration Guide Administrator's guide for providing Integration with Microsoft Intune MDM September 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS

More information

Installing Client Proxy software

Installing Client Proxy software Revision A McAfee Client Proxy 2.3.4 Installation Guide (McAfee epolicy Orchestrator) Installing Client Proxy software Client Proxy software Client Proxy consists of server and client software, whose deployment

More information

McAfee MVISION Mobile epo Extension Product Guide

McAfee MVISION Mobile epo Extension Product Guide McAfee MVISION Mobile epo Extension 1809 Product Guide September 11, 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee MOVE AntiVirus Installation Guide. (McAfee epolicy Orchestrator)

McAfee MOVE AntiVirus Installation Guide. (McAfee epolicy Orchestrator) McAfee MOVE AntiVirus 4.7.0 Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee epolicy Orchestrator 5.9.1

McAfee epolicy Orchestrator 5.9.1 Configuration Guide McAfee epolicy Orchestrator 5.9.1 Hosted in Microsoft Azure Cloud Services and Amazon Web Services (AWS) McAfee epolicy Orchestrator 5.9.1 Configuration Guide 1 COPYRIGHT Copyright

More information

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee MVISION Mobile Microsoft Intune Integration Guide McAfee MVISION Mobile Microsoft Intune Integration Guide MVISION Mobile Console 4.22 February 11, 2019 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active

More information

McAfee Cloud Workload Security Product Guide

McAfee Cloud Workload Security Product Guide Revision B McAfee Cloud Workload Security 5.1.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee Endpoint Security for Servers Product Guide

McAfee Endpoint Security for Servers Product Guide McAfee Endpoint Security for Servers 5.2.0 Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

Migration Guide. McAfee File and Removable Media Protection 5.0.0

Migration Guide. McAfee File and Removable Media Protection 5.0.0 Migration Guide McAfee File and Removable Media Protection 5.0.0 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK

More information

McAfee Boot Attestation Service 3.5.0

McAfee Boot Attestation Service 3.5.0 Product Guide McAfee Boot Attestation Service 3.5.0 For use with epolicy Orchestrator 4.6.7, 4.6.8, 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Addendum. McAfee Virtual Advanced Threat Defense

Addendum. McAfee Virtual Advanced Threat Defense Addendum McAfee Virtual Advanced Threat Defense 3.10.2 COPYRIGHT 2017 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or

More information

McAfee File and Removable Media Protection Product Guide

McAfee File and Removable Media Protection Product Guide McAfee File and Removable Media Protection 5.0.8 Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

Reference Guide. McAfee Security for Microsoft Exchange 8.6.0

Reference Guide. McAfee Security for Microsoft Exchange 8.6.0 Reference Guide McAfee Security for Microsoft Exchange 8.6.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

Boot Attestation Service 3.0.0

Boot Attestation Service 3.0.0 Product Guide Boot Attestation Service 3.0.0 For use with epolicy Orchestrator 4.6.0, 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

Product Guide. McAfee Web Gateway Cloud Service

Product Guide. McAfee Web Gateway Cloud Service Product Guide McAfee Web Gateway Cloud Service COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

Addendum. McAfee Virtual Advanced Threat Defense

Addendum. McAfee Virtual Advanced Threat Defense Addendum McAfee Virtual Advanced Threat Defense 3.10.0 COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or

More information

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator) McAfee Drive Encryption 7.2.5 Client Transfer Migration Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

Product Guide. McAfee Web Gateway Cloud Service

Product Guide. McAfee Web Gateway Cloud Service Product Guide McAfee Web Gateway Cloud Service COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee Endpoint Security Installation Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security Installation Guide. (McAfee epolicy Orchestrator) McAfee Endpoint Security 10.6.0 - Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Application Control Windows Installation Guide

McAfee Application Control Windows Installation Guide McAfee Application Control 8.2.0 - Windows Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee epolicy Orchestrator Software

McAfee epolicy Orchestrator Software User Guide McAfee epolicy Orchestrator 5.3.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

McAfee Policy Auditor Installation Guide

McAfee Policy Auditor Installation Guide McAfee Policy Auditor 6.4.0 Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

Firewall Enterprise epolicy Orchestrator

Firewall Enterprise epolicy Orchestrator Integration Guide McAfee Firewall Enterprise epolicy Orchestrator Extension version 5.2.1 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

McAfee Network Security Platform 8.3

McAfee Network Security Platform 8.3 8.3.7.28-8.3.3.9 Manager-Mxx30-series Release Notes McAfee Network Security Platform 8.3 Revision C Contents About this release New features Enhancements Resolved issues Installation instructions Known

More information

McAfee Agent 5.6.x Product Guide

McAfee Agent 5.6.x Product Guide McAfee Agent 5.6.x Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone,

More information

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee MVISION Mobile IBM MaaS360 Integration Guide McAfee MVISION Mobile IBM MaaS360 Integration Guide Administrator's guide for providing Integration with IBM MaaS360 MDM September 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee

More information

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee MVISION Mobile IBM MaaS360 Integration Guide McAfee MVISION Mobile IBM MaaS360 Integration Guide MVISION Mobile Console 4.22 February 11, 2019 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee epolicy Orchestrator Installation Guide

McAfee epolicy Orchestrator Installation Guide McAfee epolicy Orchestrator 5.10.0 Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

McAfee Network Security Platform 8.3

McAfee Network Security Platform 8.3 8.3.7.28-8.3.7.6 Manager-Virtual IPS Release Notes McAfee Network Security Platform 8.3 Revision B Contents About this release New features Enhancements Resolved issues Installation instructions Known

More information

McAfee Network Security Platform 8.3

McAfee Network Security Platform 8.3 8.3.7.44-8.3.7.14 Manager-Virtual IPS Release Notes McAfee Network Security Platform 8.3 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known

More information

Product Guide. McAfee Performance Optimizer 2.2.0

Product Guide. McAfee Performance Optimizer 2.2.0 Product Guide McAfee Performance Optimizer 2.2.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee Endpoint Upgrade Assistant 1.5.0

McAfee Endpoint Upgrade Assistant 1.5.0 Release Notes McAfee 1.5.0 For use with epolicy Ochestrator Contents About this release What s new Resolved issues Installation information Known issues Additional information Getting product information

More information

McAfee Application Control and McAfee Change Control Linux Product Guide Linux

McAfee Application Control and McAfee Change Control Linux Product Guide Linux McAfee Application Control and McAfee Change Control 6.3.0 - Linux Product Guide 6.3.0 - Linux COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee SiteAdvisor Enterprise 3.5.0

McAfee SiteAdvisor Enterprise 3.5.0 Installation Guide McAfee SiteAdvisor Enterprise 3.5.0 for use with epolicy Orchestrator 4.5 4.6 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced,

More information

Hardware Guide. McAfee MVM3200 Appliance

Hardware Guide. McAfee MVM3200 Appliance Hardware Guide McAfee MVM3200 Appliance COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARKS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis,

More information

McAfee Change Control and McAfee Application Control 8.0.0

McAfee Change Control and McAfee Application Control 8.0.0 Installation Guide McAfee Change Control and McAfee Application Control 8.0.0 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are

More information

Stonesoft Management Center. Release Notes Revision A

Stonesoft Management Center. Release Notes Revision A Stonesoft Management Center Release Notes 5.10.2 Revision A Table of contents 1 About this release...3 System requirements... 3 Build version...4 Compatibility... 5 2 New features...6 3 Enhancements...

More information

McAfee Management of Native Encryption 3.0.0

McAfee Management of Native Encryption 3.0.0 Product Guide McAfee Management of Native Encryption 3.0.0 For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,

More information

Installation Guide. McAfee Web Gateway. for Riverbed Services Platform

Installation Guide. McAfee Web Gateway. for Riverbed Services Platform Installation Guide McAfee Web Gateway for Riverbed Services Platform COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

McAfee Network Security Platform 9.1

McAfee Network Security Platform 9.1 9.1.7.15-9.1.5.9 Manager-NS-series Release Notes McAfee Network Security Platform 9.1 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known issues

More information

McAfee Threat Intelligence Exchange Product Guide. (McAfee epolicy Orchestrator)

McAfee Threat Intelligence Exchange Product Guide. (McAfee epolicy Orchestrator) McAfee Threat Intelligence Exchange 2.2.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Network Security Platform 9.1

McAfee Network Security Platform 9.1 9.1.7.49-9.1.3.6 Manager-M-series, Mxx30-series, XC Cluster Release Notes McAfee Network Security Platform 9.1 Revision C Contents About the release New features Enhancements Resolved issues Installation

More information

McAfee Network Security Platform

McAfee Network Security Platform Revision B McAfee Network Security Platform (9.2.9.3-9.2.5.34 Manager-NS3500 Release Notes) Contents About this release New Features Resolved issues Installation instructions Known issues Product documentation

More information

McAfee Data Loss Prevention Endpoint 10.0

McAfee Data Loss Prevention Endpoint 10.0 Release Notes Revision A McAfee Data Loss Prevention Endpoint 10.0 Hotfix 10.0.330 For use with McAfee epolicy Orchestrator Contents About this release What's new Installation instructions Known issues

More information

McAfee MVISION Mobile AirWatch Integration Guide

McAfee MVISION Mobile AirWatch Integration Guide McAfee MVISION Mobile AirWatch Integration Guide Administrator's guide for providing Integration with AirWatch MDM September 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and

More information

McAfee Network Security Platform 8.3

McAfee Network Security Platform 8.3 Revision J McAfee Network Security Platform 8.3 (Integration Guide) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager BoxNet Cloud Connector Guide McAfee Cloud Identity Manager version 3.1 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

McAfee MVISION Mobile MobileIron Integration Guide

McAfee MVISION Mobile MobileIron Integration Guide McAfee MVISION Mobile MobileIron Integration Guide Administrator's guide for providing Integration with MobileIron MDM September 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee

More information

McAfee Performance Optimizer 2.1.0

McAfee Performance Optimizer 2.1.0 Product Guide McAfee Performance Optimizer 2.1.0 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the

More information

McAfee Application Control Windows Installation Guide. (Unmanaged)

McAfee Application Control Windows Installation Guide. (Unmanaged) McAfee Application Control 8.1.0 - Windows Installation Guide (Unmanaged) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Endpoint Security

McAfee Endpoint Security Release Notes 10.5.3 Contents About this release What's new Resolved issues Installation information Known issues Getting product information by email Where to find product documentation About this release

More information

McAfee MVISION Mobile Citrix XenMobile Integration Guide

McAfee MVISION Mobile Citrix XenMobile Integration Guide McAfee MVISION Mobile Citrix XenMobile Integration Guide MVISION Mobile Console 4.22 February 11, 2019 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active

More information