McAfee Drive Encryption Interface Reference Guide. (McAfee epolicy Orchestrator)

Size: px
Start display at page:

Download "McAfee Drive Encryption Interface Reference Guide. (McAfee epolicy Orchestrator)"

Transcription

1 McAfee Drive Encryption Interface Reference Guide (McAfee epolicy Orchestrator)

2 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Drive Encryption Interface Reference Guide

3 Contents 1 Managing policies 5 Product Settings policy Recommended Product Settings policy User-based policy settings Recommended user-based policy settings Server policy settings Interface reference 29 Product Settings Policy General tab Product Settings Policy Encryption tab Product Settings policy Log On tab Product Settings Policy Recovery tab Product Settings Policy Boot s tab Product Settings Policy Theme tab Policy Settings Out-of-Band tab Product Settings Policy Encryption Providers tab Policy Settings Companion Devices tab Add local domain user settings Regular expressions User Based Policies Authentication tab User Based Policies Password tab User Based Policies Password Content Rules tab User Based Policies Self-recovery tab User Based Policies Companion Devices tab Challenge Code (Drive Encryption Recovery) Recovery Type (Drive Encryption Recovery) Select User (Drive Encryption Recovery) Response Code (Drive Encryption Recovery) Systems tab (Encryption Users) Group Users tab (Encryption Users) Add Drive Encryption Users (Encryption Users) Viewing Drive Encryption Users (Encryption Users) User management Permission sets Server Settings Drive Encryption Server Settings (Drive Encryption) General tab Server Settings (Drive Encryption) Manage incompatible product settings Server Settings (Drive Encryption) Import incompatible product rules Server Settings (Drive Encryption) PC Software tab Server Settings (Drive Encryption) PC OPAL tab Server Settings (Drive Encryption) Manage themes Server Settings (Drive Encryption) Add themes Server Settings (Drive Encryption) Edit themes Server Settings (Drive Encryption) Manage Simple Words Server Settings (Drive Encryption) Manage tokens Server Settings (Drive Encryption) Add tokens Properties tab (System Tree Drive Encryption) McAfee Drive Encryption Interface Reference Guide 3

4 Contents Disks tab (System Tree Drive Encryption) System Tree Export recovery information file (Drive Encryption) System Tree Allow machine key re-use (Drive Encryption) Drive Encryption Users (Queries) User management User information Decrypt offline recovery file User Directory - User management User Directory - Add/edit user User Directory Move user Index 57 4 McAfee Drive Encryption Interface Reference Guide

5 1 Managing policies Contents Product Settings policy User-based policy settings Server policy settings Product Settings policy The Product Settings policy options are organized into these tabs: General, Encryption, Log On, Recovery, Boot s, Theme, Out-of-Band, Encryption Providers, and Companion Devices. Table 1-1 General tab Enable policy Enables the set policies on the client computers. Only activate if health check (Drive Encryption: Go) passes Select this option to activate Drive Encryption on client systems only when the Drive Encryption: GO health check passes. You can enable this option only if the DEGO extension 7.x or higher is installed in McAfee epo. Logging level Allows the administrator to set a different logging level for each client computer that has the specific policy setting assigned. To overwrite the logging level defined in McAfee epo, the LoggingLevelOverride registry key needs to be set on the client system. None Does not create any log for the client system managed by McAfee epo. Error Logs only error messages. Error and Warnings Logs the error and warning messages. Error, Warnings, and Informational Logs the error and warning messages with more descriptions. Error, Warnings, Informational and Debug Logs the error, warning, and debug messages. McAfee Drive Encryption Interface Reference Guide 5

6 1 Managing policies Product Settings policy Table 1-1 General tab (continued) Harden against cold boot attacks when Expire users who do not login Allow users to create endpoint info file Enable logging for Credential provider Allows you to use the Elevated Security Crypt mode to help protect against cold-boot and other RAM-based attacks, when: The system is locked. The user is logged off. The system is in standby. Always (On systems that support Intel SGX) For more information, see the Protection of systems in Windows lock, log off, and standby states section. Allows the administrator to control and manage the users who have not logged on to the client system. This option forces the user account, which is not initialized, to expire after a number of hours as set in the policy. Allows the user to collect client system details such as the list of assigned users, policy settings, recovery, and Drive Encryption status. After enabling this option, the Save Machine info button appears in: Windows McAfee Agent Tray Quick Settings Show Drive Encryption Status. You can click this button and save the text file for later reference. Select this option to enable or disable credential provider logging. 6 McAfee Drive Encryption Interface Reference Guide

7 Managing policies Product Settings policy 1 Table 1-2 Encryption tab Encrypt Encryption type Allows you to select the required encryption type and to set the encryption priority. The type of encryption: None Does not encrypt any disk. All disks Encrypts all disks in a system. Boot disk only Encrypts only the boot disk. Selected partitions Allows you to select the required partitions of the client system and select them to be encrypted. You can select the required partitions by specifying the Windows drive letters/volume names. Partition level encryption is not applicable to client systems using OPAL encryption. Do not assign a drive letter to the Windows 7 hidden system partition on your client system. Doing so prevents activation of the Drive Encryption software on the client system. This table also lists the available encryption providers (PC Software and PC Opal) available. You can change and set the encryption priority by moving the encryption provider rows up and down, as appropriate. By default, software encryption is used on both Opal and non-opal systems in this version of Drive Encryption. To ensure that Opal technology is chosen in preference to software encryption, we recommend that you always set Opal as the default encryption provider, by moving it to the top of the list on the Encryption Providers page. This ensures that Opal locking will be used on Opal drives. Make sure that you select the required encryption type, as appropriate. Policy enforcement might fail on client systems if you select an unsupported encryption type. All disks except boot disk Encrypts all disks except the boot disk (not recommended) The Encryption type options None, All disks except boot disk, and Selected partitions are not applicable to self-encrypting drives in Opal mode. McAfee Drive Encryption Interface Reference Guide 7

8 1 Managing policies Product Settings policy Table 1-3 Log On (Drive Encryption) tab Enable automatic booting When enabled, the client system boots automatically without prompting for a Pre-Boot Authentication. The expiration date for auto-booting can also be set. If required, the user can select the UTC time standard option. If you enable this option without requiring the use of TPM for automatic booting, the Drive Encryption product does not protect the data on the drive when it is not in use. Disable and restart system after 3 (1-10) failed logons or unlocks (Windows only, Vista onwards) This feature is an enhancement of the primary Enable automatic booting feature. Select this option to disable the autoboot after a specific number (defaulted to 3 or specify from 1-10) of failed Windows logons. On the Windows authentication screen, if the user fails to authenticate the defined number of times, a message appears indicating that the maximum number of failed operating system logons was reached, and that Pre-Boot Authentication is enabled on the machine. Upon clicking OK, the client system restarts and PBA screen appears. Once the user authenticates through PBA and Windows successfully, autoboot is enabled. This feature is available for password, smart cards, and biometric tokens, and only for Windows Vista or later operating systems. Allow temporary automatic booting Use of TPM for automatic booting Allows you to turn (on or off) the PBA screen, with a client-side utility. This eliminates the need to modify the policy in McAfee epo, and fully automates patching and other client management scenarios. Select one of these options: Never The encryption key is written to a plain-text file, which is unencrypted. The system is not secure. If available If the TPM is available, the encryption key is written to a plain-text file, which is encrypted. The system is secure. If the TPM is not available, the encryption key is written to a plain-text file, which is unencrypted. The system is not secure. Required (Note: if TPM is not available on the system, automatic booting will not be enabled) If the required TPM is available, the encryption key is written to a plain-text file, which is encrypted. The system is secure. If the required TPM is not available, automatic booting will not be enabled and the user will see the PBA screen to authenticate. The system is secure. This option is applicable only for systems installed with Drive Encryption or later. If you apply a policy to the earlier versions of Drive Encryption with automatic booting enabled and use of TPM set to 'Required', it will leave the client system in an unprotected state since autoboot will be enabled with no protection of the disk encryption key. Pre-boot power management: Automatically shutdown pre-boot after a period of inactivity: 1-60 minutes Log on message Do not display previous user name at log on The client system will shut down automatically after the set time at pre-boot. Type a message that appears to the client user. Prevents the client system from automatically displaying the user name of the last logged on user on all Drive Encryption logon dialog boxes. 8 McAfee Drive Encryption Interface Reference Guide

9 Managing policies Product Settings policy 1 Table 1-3 Log On (Drive Encryption) tab (continued) Enable on screen keyboard Enables the Pre-Boot On-Screen Keyboard (OSK) and the associated Wacom serial pen driver. When this option is enabled, the pen driver finds supported pen hardware (Panasonic CF-H1 and Samsung Slate 7) and displays the OSK. If you do not select this option, the BIOS uses mouse emulation. In such a situation, the BIOS treats the digitizer as a standard mouse, which might lead to the cursor being out of sync with the stylus on USB-connected Wacom pen digitizers. Always display on screen keyboard Forces the Pre-Boot to always display a clickable on-screen keyboard, whether the pen driver finds suitable hardware or not. When the option Enable on screen keyboard is turned on, if there is a serial digitizer device for which we have support on BIOS systems, then the OSK is displayed. Otherwise, on both BIOS and UEFI systems, if there is a requirement to display the OSK, then you must also select the option Always display on screen keyboard. This forces the OSK to be displayed without looking for any serial digitizer devices under BIOS. Add local domain users (and tag with 'EE:ALDU') Disabled Selecting this option does not add any local domain users to the client system. Add all previous and current local domain users of the system Domain users who have previously and are currently logged on to the system can authenticate through the Pre-Boot, even if the administrator has not explicitly assigned the user to the client system. Only add currently logged on local domain user(s); activation is dependent on a successful user assignment Only the domain users who are logged on to the current Windows session are added to the system and hence Drive Encryption is activated, even if the administrator has not explicitly assigned the user to the client system. If you select this option, at least one user should be added to the client system for a successful Drive Encryption activation on the client. The activation doesn't happen until a user logs on to Windows. Enable accessibility Select this option to sound a beep as a signal when the user moves the focus from one field to the next using mouse or keyboard in the Pre-Boot environment. This option is helpful to visually challenged users. The USB audio functionality allows visually impaired users to hear an audio signal (spoken word) as guidance when the user moves the cursor from one field to the next in the Pre-Boot environment. The USB speakers and headphones can be used to listen to the audio signal. For more details, see Enable Accessibility (USB audio devices) in the Pre-Boot environment. Disable pre-boot authentication when not synchronized Blocks a user from logging on to PBA in the client system, if the client system is not synchronized with the McAfee epo server for the set number of days. The user is blocked from logging on to PBA, and can then request the administrator to perform Administrator Recovery to unlock the client system. This allows the client system to boot and communicate with the McAfee epo server. The client system continues to block the user from logging on to the system until synchronization with McAfee epo. McAfee Drive Encryption Interface Reference Guide 9

10 1 Managing policies Product Settings policy Table 1-3 Log On (Drive Encryption) tab (continued) Read username from smartcard Automatically retrieves the available user information on the client system from the inserted smartcard; hence the Authentication window does not prompt for a user name. The user can then authenticate by typing the correct PIN. You need to enable the matching rules that are required for matching smartcard user principle name (UPN) names with Drive Encryption user names. Disable pre-boot authentication when not synchronized Match certificate user name field up sign Matches the certificate user name up to sign of the user name. For example, if the UPN is SomeUser@SomeDomain.com and the Drive Encryption user name is SomeUser, a match is found. Hide user name during authentication The Drive Encryption user name does not appear in the Authentication window. This feature is supported on the Gemalto.Net V2+ tokens, and PIV and CAC tokens. Lock workstation when inactive: After x number of minutes The client system is locked automatically when it is inactive for the set time. Table 1-4 Log On (Windows) tab V7.2 Onwards Third-party credential providers: Allow integrated third-party credential providers to override the Drive Encryption credential provider Enable this option to make sure that the Drive Encryption credential provider does not load and allow a compatible third-party credential provider to override the existing credential provider. Single sign-on (SSO): Provide a single sign-on experience for Drive Encryption users (SSO) Enable this option to allow the user to log on to the system with a single authentication process. It allows automatic logon to the operating system once the user authenticates through the Pre-Boot Authentication page. Allow the capturing of smart card PINs for SSO replay Enable this option to allow Drive Encryption to capture the smart card PIN for SSO. 10 McAfee Drive Encryption Interface Reference Guide

11 Managing policies Product Settings policy 1 Table 1-4 Log On (Windows) tab (continued) Password synchronization: Update the Drive Encryption user password to match the Windows user password (during Windows logon, or password changes) Enable this option to synchronize the Drive Encryption password to match the Windows password when the Windows password is changed on the client system. For example, if users change their password on the client, the Drive Encryption password is also changed to the same value. Ignore Drive Encryption password rules and history when updating the Drive Encryption password Enabling this option allows you to ignore Drive Encryption password rules and history when synchronizing the Drive Encryption password. This may result in a reduction of password strength for Drive Encryption users. Periodically check domain credentials for changes and ask the user to re-capture the Drive Encryption password if required Enabling this option allows you to periodically check the domain credentials for any changes and also inform the user to re-capture the Drive Encryption password, if required. This will result in an increased load on the domain server that manages the endpoint. Polling interval (minutes) (5-480) Enter the time in minutes within the set limit to periodically check the domain credentials for any changes. Preboot user options Allow user to cancel SSO and password synchronization Enable this option to allow the user to cancel SSO and password synchronization. Windows username matching The Windows username must match the username of the Drive Encryption user before capturing SSO or synchronizing passwords Ensures the SSO details are captured only when the user s Drive Encryption and Windows user names match. This ensures that the SSO data captured is replayed for the user for which it was captured. Credential provider bitmap Do not display McAfee shield on Windows logon tiles Enabling this option allows you to hide the McAfee shield on Windows logon titles. McAfee Drive Encryption Interface Reference Guide 11

12 1 Managing policies Product Settings policy Table 1-4 Log On (Windows) tab (continued) Pre V7.2 Enable SSO Select this option to enable Single Sign On. Must match user name Ensures the SSO details are captured only when the user s Drive Encryption and Windows user names match. This ensures that the SSO data captured is replayed for the user for which it was captured. When you select the Enable SSO option, the Must match user name option is also enabled by default. Using smart card PIN Allows Drive Encryption to capture the smart card PIN for SSO. Synchronize Drive Encryption password with Windows The Drive Encryption password synchronizes to match the Windows password when the Windows password is changed on the client system. For example, if users change their password on the client, the Drive Encryption password is also changed to the same value. Allow user to cancel SSO Allows the user to cancel the SSO to Windows in Pre-Boot. When this option is enabled, the user has an additional checkbox at the bottom of the Pre-Boot logon dialog box. Make sure to note that SSO now works with Drive Encryption or later when the client system resumes from hibernation or when booting the system using Windows 8 fast boot. Require Drive Encryption logon (only supported on V6 clients) This requires you to mandatorily log on to PBA for EEPC 6.x.x systems, thereby disabling the SSO functionality. Require log on when token is removed This requires you to mandatorily log on when the token is removed. This option is available for selection only if the Require Drive Encryption logon (only supported on V6 clients) option is enabled. 12 McAfee Drive Encryption Interface Reference Guide

13 Managing policies Product Settings policy 1 Table 1-5 Recovery tab Enabled Administrator recovery The Recovery option is enabled by default. This activates the Administrator Recovery option in the client system. Key size The recovery key size options. The recovery Response Code size depends on this recovery key size. This does not affect the size of the challenge code. Low A recovery key size that creates a short Response Code for the recovery. Medium A recovery key size that creates a medium size Response Code for the recovery. High A recovery key size that creates a lengthy Response Code for the recovery. Full A recovery key size that creates a Response Code, with the maximum number of characters, for the recovery. Message Displays a text message when you select Recovery. This can include information such as your help desk contact details. Self-recovery Allow users to re-enroll self-recovery information at PBA Allows the client user's self-recovery details can be reset. The user must then re-enroll their self-recovery details with new self-recovery answers. Before resetting the self-recovery questions on the client system, make sure that you have enabled the Enable Self Recovery option under User Based Policy Self-recovery. When this option is enabled, the Pre-Boot Authentication (user name) screen includes the Reset self-recovery option. On selecting Reset self-recovery, the user is prompted for a password, then self-recovery enrollment. Only initialized users can reset their self-recovery details. Table 1-6 Boot s tab (Windows only) Enable Boot Manager Always enable pre-boot USB support Activates the built-in pre-boot partition manager. This allows you to select the primary partition on the hard disk that you want to boot. Naming of the partition is also possible with the boot manager. The timeout for the booting to start can also be set. Forces the Drive Encryption Pre-Boot code to always initialize the USB stack. USB audio functionality allows the visually impaired users to listen to an audio signal (spoken word) as a guidance when the user moves the cursor from one field to the next, in the Pre-Boot environment. The USB speakers and headphones can be used to listen to the audio signal. You will notice an improper synchronization of the mouse cursor and the stylus on USB connected Wacom pen digitizers. To avoid this, make sure to enable this option. For more details, see Enable Accessibility (USB audio devices) in the Pre-Boot environment. Enable pre-boot PCMCIA support Graphics mode If selected, the policy enables pre-boot PCMCIA support. Allows you to select the screen resolution for a system or a system group. The default option is Automatic. Table 1-7 Theme tab Select theme Preview Contains the options for selecting a theme. Displays the preview of the selected theme. The preview is not available for shared policies from another McAfee epo. McAfee Drive Encryption Interface Reference Guide 13

14 1 Managing policies Product Settings policy Table 1-8 Out-of-Band tab (Windows only) Drive Encryption: Out Of Band Management Enable at PBA Enables the Drive Encryption out-of-band management features through policies and then perform actions on Intel AMT provisioned client systems. You can select this option only if you installed the Drive Encryption: Out Of Band Management extension in McAfee epo. Table 1-9 Encryption Providers tab PC Software Use compatible MBR Causes Drive Encryption to boot a built-in fixed MBR instead of the original MBR that was on the system after pre-boot logon. It is used to avoid problems with some systems that had other software that runs from the MBR and no longer work if Drive Encryption is installed. Fix OS boot record sides Some boot records report an incorrect number of sides. Selecting this option fixes this on the client system. This is available only when you install the Drive Encryption extension. Use windows system drive as boot disk Maintains the compatibility with some systems where the disk 0 is not the boot disk. Selecting this option forces the users product to assume that the boot disk is the one that contains the Windows directory but not disk 0. Enable Pre-Boot Smart Check (BIOS based systems only) Modifies the Drive Encryption activation sequence and creates a pre-activation stage, where hardware compatibility checks are performed prior to actual activation and subsequent encryption. Force system restart once activation completes This option is selected by default when you select Enable Pre-Boot Smart Check (BIOS based systems only) to restart your system after activation. Opal Require all disks to be Opal Requires all the drives in your client system to be Opal drives for the PC Opal encryption provider to be activated. Table 1-10 Companion Devices tab Enable Companion Device Support Enable this option to allow the user to perform system recovery through smartphone. The Companion Device application is now known as McAfee Endpoint Assistant. Recommended Product Settings policy The Product Settings policy controls the behavior of the Drive Encryption client. For example, it contains the options for enabling encryption, enabling automatic booting, and controlling the theme for the pre-boot environment. You can configure the Product Settings policy by navigating through Menu Policy Policy Catalog, then selecting Drive Encryption 7.2 from the Product drop-down list. Select Product Settings from the Category drop-down list, locate the My Default policy, then click Edit Settings. For more information about individual policy settings, see the McAfee Drive Encryption Product Guide. The Product Settings policy options are organized into a series of tabs. 14 McAfee Drive Encryption Interface Reference Guide

15 Managing policies Product Settings policy 1 Table 1-11 General tab Policy s Enable Policy Recommendations Leave this option checked (enabled). This policy should be enabled to activate Drive Encryption on the client system. This option needs to be disabled to uninstall Drive Encryption from the client. The Only activate if Health Check (Drive Encryption GO) check passes option is applicable only if the DEGO extension is installed in McAfee epo. Logging Level Set the required logging level. To overwrite the logging level defined in epolicy Orchestrator, the LoggingLevelOverride registry key needs to be set on the client system. None Does not create any log for the client system managed by McAfee epo. Error Logs only error messages. Error and Warnings Logs the error and warning messages. Error, Warnings, and Informational Logs the error and warning messages with more descriptions. Error, Warnings, Informational and Debug Logs the error, warning, and debug messages. We recommend that you enable this option only when you require extended logging for troubleshooting purposes. Try not to enable this option for standard usage because it might impact the performance. Harden against cold boot attacks when Allows you to use the Elevated Security Crypt mode to help protect against cold-boot and other RAM-based attacks, when: The system is locked The encryption driver switches to the Elevated Security Crypt mode when the user locks the screen. The user is logged off The encryption driver switches to the Elevated Security Crypt mode when the user logs off. The system is in standby The encryption driver switches to the Elevated Security Crypt mode when the system in standby For more information, see Protection of systems in Windows lock, log off, and standby states in the McAfee Drive Encryption Product Guide. Expire users who do not login Allow users to create endpoint info file Leave this option checked (enabled). This option allows the administrator to control and manage the users who have not logged on to the client system. This option forces the user account, which is not initialized, to expire after a number of hours as set in the policy. This feature allows you to control access to client systems by preventing unauthorized access using uninitialized user accounts. Leave this option checked (enabled). This option allows the user to collect client system details such as the list of assigned users, policy settings, recovery, and Drive Encryption status. After enabling this option, a Save Machine info button appears in Windows, under McAfee Agent Tray Quick Settings Show Drive Encryption Status. You can click this button and save the text file for later reference. Enable logging for Credential provider Leave this option unchecked (disabled). This option allows you to enable or disable credential provider logging. McAfee Drive Encryption Interface Reference Guide 15

16 1 Managing policies Product Settings policy Table 1-12 Encryption tab Policy s Encrypt Encryption type Selected Partitions Recommendations Allows you to select the required encryption type and to set the encryption priority. All Disks is the recommended option (the None option does not initiate the encryption). The All disks except boot disk option, which encrypts all disks except the boot disk, is not a recommended option. The None, All disks except boot disk, and Selected partitions options are not applicable for self encrypting drives in Opal mode. Allows you to select the required partitions of the client system to be encrypted. You can select the required partitions by specifying the Windows drive letters or volume names. Partition level encryption is not applicable to client systems using Opal encryption. If the selected partitions include both Opal and non-opal hard drives, both will be software-encrypted. Do not assign a drive letter to the Windows 7 hidden system partition on your client system. Assigning the drive letter prevents activation of Drive Encryption software on the client system. This table also lists the available encryption providers (PC Software and PC Opal) available. You can change and set the encryption priority by moving the encryption provider rows up and down, as appropriate. By default, software encryption is used on both Opal and non-opal systems in this version of Drive Encryption. To ensure that Opal technology is chosen in preference to software encryption, we recommend that you always set Opal as the default encryption provider, by moving it to the top of the list on the Encryption Providers page. This ensures that Opal locking will be used on Opal drives. Make sure that you select the required encryption type, as appropriate. Policy enforcement might fail on client systems if you select an unsupported encryption type. Table 1-13 Log On (Drive Encryption) tab Policy s Enable automatic booting Recommendations Leave this option unchecked (disabled). If you enable this feature, the client system does not have the PBA. This is normally referred to as Autoboot mode. Nonetheless, enabling this option can be helpful when you need to manage the autobooting scenarios. There are multiple scenarios where this option can be enabled or disabled. For instance, to minimize the end user impact during rollout, or to allow patches to be installed and the reboots to take place without end user intervention during patch cycles. It is the responsibility of the administrator to decide on when to enable or disable this option. If you enable this option, the Drive Encryption software does not protect the data on the drive when it is not in use. Disable and restart system after 3 (1 10) failed logons or unlocks (Windows only, Vista onwards) We recommend that you enable this option if you enabled the Enable automatic booting option. This option disables the system autoboot after a specific number of failed Windows logons. Allow temporary automatic booting Allows you to turn (on or off) the PBA screen, with a client-side utility. This eliminates the need to modify the policy in McAfee epo, and fully automates patching and other client management scenarios. 16 McAfee Drive Encryption Interface Reference Guide

17 Managing policies Product Settings policy 1 Table 1-13 Log On (Drive Encryption) tab (continued) Policy s Use of TPM for automatic booting Recommendations Select one of these options: Never The encryption key is written to a plain-text file, which is unencrypted. The system is not secure. If available If the TPM is available, the encryption key is written to a plain-text file, which is encrypted. The system is secure. If the TPM is not available, the encryption key is written to a plain-text file, which is unencrypted. The system is not secure. Required (Note: if TPM is not available on the system, automatic booting will not be enabled) If the required TPM is available, the encryption key is written to a plain-text file, which is encrypted. The system is secure. If the required TPM is not available, automatic booting is not enabled and the PBA screen is displayed. The system is secure. This option is applicable only for systems installed with Drive Encryption If you apply a policy to earlier versions of Drive Encryption (i.e., EEPC) with automatic booting enabled and set TPM use to Required, the client system is left in an unprotected state because autoboot is enabled with no protection of the disk encryption key. Log on message Do not display previous user name at log on Enable on screen keyboard Type a message that appears to the client user. Leave this option checked (enabled). This option prevents the client system from displaying the user name of the last logged on user automatically on all Drive Encryption logon dialog boxes. Leave this option checked (enabled), especially for tablets or on-screen mouse device systems. This option enables the Pre Boot On Screen Keyboard (OSK) and the associated Wacom serial pen driver. When this option is enabled, the pen driver finds a supported pen hardware and displays the OSK. If you do not select this option, the BIOS uses mouse emulation. In such a situation, the BIOS treats the digitizer as a standard mouse, which might lead to the cursor being out of sync with the stylus on USB-connected Wacom pen digitizers. Always display on screen keyboard Forces the Pre Boot to always display a clickable on screen keyboard regardless of whether the pen driver finds suitable hardware or not. This is valid for BIOS-based hardware only. On UEFI, the digitizer is managed by the UEFI software, so the UEFI implementation needs to contain drivers for the digitizer. Add local domain users (and tag with 'EE:ALDU') Disabled Selecting this option does not add any local domain users to the client system. Add all previous and current local domain users of the system Any domain users who have previously and are currently logged on to the system, are able to authenticate through the Pre Boot, even if the administrator has not explicitly assigned the user to the client system. Only add currently logged on local domain user(s); activation is dependent on a successful user assignment Leave this option selected (enabled) so that only the domain users who are logged on to the current Windows session are added to the system. As a result, Drive Encryption is activated, even if the administrator has not explicitly assigned the user to the client system. If you select this option, at least one user should be added to the client system for successful Drive Encryption activation on the client. The activation doesn't happen until a user logs on to Windows as a domain user. This domain should have been registered in McAfee epo. McAfee Drive Encryption Interface Reference Guide 17

18 1 Managing policies Product Settings policy Table 1-13 Log On (Drive Encryption) tab (continued) Policy s Enable Accessibility (Windows BIOS systems only) Recommendations Leave this option checked (enabled). This option is helpful to visually challenged users. If selected, the system beeps as a signal when the user moves the focus from one field to the next using a mouse or keyboard in the Pre Boot environment. The USB audio functionality allows visually impaired users to hear an audio signal (spoken word) as guidance when the user moves the cursor from one field to the next in the pre-boot environment. The USB speakers and headphones can be used to listen to the audio signal. USB audio functionality requires that the Always enable pre-boot USB support option be selected on the Boot s tab. Disable pre boot authentication when not synchronized Leave this option checked (enabled). This option blocks the user from logging on to PBA in the client system, if the client system is not synchronized with the McAfee epo server for the set number of days. When the user is blocked from logging on to PBA, the user should request the administrator to perform the Administrator Recovery to unlock the client system. This allows the client system to boot and communicate with the McAfee epo server. The client system will continue to block the user from logging on to the system until the synchronization with epolicy Orchestrator happens. This is especially useful to prevent unauthorized access to laptops that have been misplaced, lost or stolen. Read username from smartcard Leave this option checked (enabled). This option automatically retrieves the available user information on the client system from the inserted smartcard; hence the Authentication window does not prompt for a username. The user can then authenticate just by typing the correct PIN. You need to enable the matching rules that are required for matching smartcard user principle name (UPN) with Drive Encryption usernames. This feature is supported on the Gemalto.Net V2+ tokens, and PIV and CAC tokens. Match certificate user name field up sign Match the certificate user name up to sign of the user name. For example, if the UPN is SomeUser@SomeDomain.com and the Drive Encryption user name is SomeUser, a match is found. Hide user name during authentication On selecting this option, the Drive Encryption user name does not appear in the Authentication window. Lock workstation when inactive Leave this option unchecked (disabled). The client system is locked when it is inactive for the set time. Table 1-14 Log On tab Enable SSO Leave this option checked (enabled). Must match user name Leave this option checked (enabled). This option ensures the SSO details are only captured when the user s Drive Encryption and Windows user names match. This ensures that the SSO data captured is replayed for the user for which it was captured. When you select the Enable SSO option, the Must match user name option is also enabled by default. Using smart card PIN Leave this option checked or unchecked based on whether the etoken or smart card is used or not. This option allows Drive Encryption to capture the smart card PIN for SSO. Synchronize Drive Encryption Password with Windows Leave this option checked (enabled). If selected, the Drive Encryption password synchronizes to match the Windows password when the Windows password is changed on the client system. For example, if users change their password on the client, the Drive Encryption password is also changed to the same value. 18 McAfee Drive Encryption Interface Reference Guide

19 Managing policies Product Settings policy 1 Table 1-14 Log On tab (continued) Allow user to cancel SSO Require Drive Encryption logon (only supported on V6 clients) Lock workstation when inactive Leave this option checked (enabled). This option allows the user to cancel the SSO to Windows in Pre Boot. When this option is enabled, the user has an additional checkbox at the bottom of the Pre Boot logon dialog box. This makes it mandatory for you to log on to PBA for EEPC 6.x.x systems, thereby disabling the SSO functionality. Leave this option unchecked (disabled). The client system is locked when it is inactive for the set time. Table 1-15 Recovery tab Policy s Enabled Administrator recovery Recommendations Leave this option checked (enabled). This is enabled by default to make sure that the recovery is possible at any stage of the Drive Encryption management. Key size After consulting with your IT security, set the to the size adequate for your organization requirements. This refers to a recovery key size that creates a short Response Code for the recovery. Low A recovery key size that creates a short Response Code for the recovery. Medium A recovery key size that creates a medium size Response Code for the recovery. High A recovery key size that creates a lengthy Response Code for the recovery. Full A recovery key size that creates a Response Code, with the maximum number of characters, for the recovery. Message Displays a text message when you select Recovery. This can include information such as your help desk contact details. Self-recovery Allow users to re-enroll self-recovery information at PBA Leave this option checked (enabled) only when required. On enabling this option, the client user's self-recovery details can be reset, then the user has to enroll the self-recovery details with new self-recovery answers. Before resetting the self-recovery questions on the client system, make sure that you have enabled the Enable Self Recovery option under User Based Policy Self-recovery. When this option is enabled, the Pre-Boot Authentication (user name) screen includes the Reset self-recovery option. On selecting Reset self-recovery, the user is prompted for a password, then self-recovery enrollment. Only initialized users can reset their self-recovery details. McAfee Drive Encryption Interface Reference Guide 19

20 1 Managing policies Product Settings policy Table 1-16 Boot s tab Policy s Enable Boot Manager Always enable pre-boot USB support Recommendations Leave this option unchecked (disabled).this option activates the built in pre boot partition manager. This allows you to select the primary partition on the hard disk that you wish to boot. Naming of the partition is also possible with the boot manager. The time out for the booting to start can also be set. Leave this option checked (enabled) only when needed. This option forces the Drive Encryption Pre Boot code to always initialize the USB stack. USB audio functionality allows the visually impaired users to listen to an audio signal (spoken word) as a guidance when the user moves the cursor from one field to the next, in the Pre Boot environment. The USB speakers and headphones can be used to listen to the audio signal. To enable the USB audio functionality, select Enable Accessibility on the Log On (Drive Encryption) tab. You might notice an improper synchronization of the mouse cursor and the stylus on USB-connected Wacom pen digitizers. To avoid this, enable this option. Enable pre-boot PCMCIA support Graphics mode Leave this option unchecked (disabled) unless you require support for PCMCIA devices in pre-boot. Leave the default setting, Automatic. This option allows you to select the screen resolution for a system or a system group. We recommend that you leave the default options on the Theme tab for easier deployment and management. Table 1-17 Out-of-Band tab Policy s Recommendations Enable at PBA Select this option to enable the Drive Encryption out of band management features through policies, and then perform actions on Intel AMT provisioned client systems. You can select this option only if you have installed the Drive Encryption : Out Of Band Management extension in McAfee epo. Table 1-18 Encryption Providers tab Policy s Use compatible MBR Recommendations Leave this option unchecked (disabled). This option causes Drive Encryption to boot a built in fixed MBR instead of the original MBR that was on the system after pre boot logon. It is used to avoid problems with some systems that had other software that runs from the MBR and no longer work if Drive Encryption is installed. Fix OS boot record sides Use Windows system drive as boot drive Leave this option unchecked (disabled). Some boot records report an incorrect number of sides. Selecting this option fixes this on the client system. This is available only when you install the Drive Encryption extension. Leave this option unchecked (disabled). This is for maintaining the compatibility with some systems where the disk 0 is not the boot disk. Selecting this option forces the client system to assume that the boot disk is the one that contains the Windows directory but not disk McAfee Drive Encryption Interface Reference Guide

21 Managing policies User-based policy settings 1 Table 1-18 Encryption Providers tab (continued) Policy s Enable Pre Boot Smart Check (BIOS-based systems only) Recommendations Leave this option checked (enabled) only when needed. When you enable this feature, it modifies the Drive Encryption activation sequence and creates a pre activation stage, where a series of hardware compatibility checks are performed prior to actual activation and subsequent encryption to successfully activate Drive Encryption on platforms where BIOS issues might exist. This feature is available only for BIOS systems using PC software encryption, and is not available for UEFI or Opal systems. The client system reboots several times before the Smart Check is completed. Force system restart once activation completes Opal Leave this option checked only when needed (enabled). This option is selected by default when you select the Enable Pre Boot Smart Check (BIOS based systems only) option to restart your system after activation. This option requires all the drives in your client system to be Opal for the PC Opal encryption provider to be activated. Table 1-19 Companion Devices tab Policy s Enable Companion Device Support Recommendations Select this option to allow the user to perform system recovery using a smartphone or mobile device. The Companion Device application is now known as McAfee Endpoint Assistant. User-based policy settings The user-based policy settings are organized into these tabs: Authentication, Password, Password Content Rules, Self-Recovery, and Companion Devices. Table 1-20 Authentication tab Token type Certificate rule The authentication token type, for example, password or smartcard. Drive Encryption enhances the use of PKI and tokens to allow users to authenticate using their certificates. You can use certificate rules to quickly make your Drive Encryption enterprise aware of all certificate-holding users, and allow them to be allocated to PCs using Drive Encryption without having to create new smart cards or other forms of token for their use. Provide LDAP user certificate This provides the latest LDAP user certificate. Enforce certificate validity period on client By default, this is enabled to enforce certificate validity period for the added certificate rule. Use latest certificate This uses the latest certificate available. Logon Hours The days and the hours when the user can log on to the client system. The restrictions are applied using the Apply Restrictions option. McAfee Drive Encryption Interface Reference Guide 21

22 1 Managing policies User-based policy settings Table 1-21 Password tab Default password Password change Incorrect passwords Allow showing of password Change default password For new installations or duplicates of the McAfee default installation, the default password is There is a minimum character length of 7 characters for the default password. If you are upgrading, the password remains unchanged. If the administrator changes the default password, the new password becomes the default password for this policy under the User Based Policy category. Do not prompt for default password Skips the default password entry and immediately asks the user to enter an encryption password. Enable password history changes (1-100) This keeps track of the specified number of previous passwords set by the user and does not allow the user to set previous passwords again. Prevent change This option prevents the user from changing the password. Require change after days (1-366) The number of days after which the system prompts the user to change the password. Warn user days before password expires (0-30) The number of days in advance that the system prompts the user with a warning message about the number of days left for the password expiry. Timeout password entry after invalid attempts (3-20) The number of invalid password entries after which the system times out the password attempts. Maximum disable time minutes (1-64) The maximum timeout duration for the timeout password entry. Invalidate password after invalid attempts (3-100) The number of wrong attempts a user can make before the password becomes invalid. Enable this option to display the password of the user while entering it. Table 1-22 Password Content Rules tab Display list of password rules Password length Enable this option to display the password requirements to users. The number of characters in a user password. Minimum (3-40) The minimum number of characters for a user password. Maximum (3-255) The maximum number of characters for a user password. 22 McAfee Drive Encryption Interface Reference Guide

23 Managing policies User-based policy settings 1 Table 1-22 Password Content Rules tab (continued) Enforce password content The number of different characters like alpha, numeric, alphanumeric, and symbols that are required to form a password. Alpha The number of letters that must be present in a user password. Numeric The number of numeric characters that must be present in a user password. Alphanumeric The number of alphanumeric characters that must be present in a user password. Symbols The number of symbols that must be present in a user password. Password content restrictions The password content restrictions for the user password. No anagrams A word or phrase spelled by rearranging the letters of a previous password can't be a password. No palindromes A word or phrase that reads the same backward as forward can't be a password. No sequences The new password can't be in sequence with the previous password. Can't be user name A user name can't be set as a password. Simple content rules Follow the standard Windows password content rules; a Windows password should contain at least three of the following: Lowercase letters Uppercase letters Numbers Table 1-23 Self-recovery tab Symbols and special characters No simple words The set of words defined as simple words that cannot be used as passwords. Enable self-recovery Invalidate self-recovery after no. of invalid attempts Questions to be answered Enables self-recovery for users assigned to the system. The number of attempts after which self-recovery is disabled. The number of questions to be answered by the user to perform the self-recovery. This lists the default questions for the selected language, also provides an option to add more questions. If a language does not have enough questions or includes an error, the language appears in red. Logons before forcing user to set answers Questions The number of logons before forcing the user to set answers. Allows you to select a language, set the question, and set the minimum answer length. This lists the default questions for the selected language, and provides an option to add more questions. If a language does not have enough questions or includes an error, the language appears in red. McAfee Drive Encryption Interface Reference Guide 23

24 1 Managing policies User-based policy settings Table 1-24 Companion Devices tab Recovery Enable this option to allow the user to perform system recovery through smartphone. The Companion Device application is now known as McAfee Endpoint Assistant. Password Enable this option to create a password according to the option selected. If the user has once set a higher password definition to the system, the user cannot change the password to a lower password definition (that is less secure) even if that policy is set in McAfee epo. Recommended user-based policy settings The user-based policy controls the parameters for Drive Encryption user accounts. For example, it contains the options for selecting a token type (including password and smartcard) and password content rules. You can configure the user-based policies by clicking Menu Policy Policy Catalog, then selecting Drive Encryption 7.2 from the Product drop-down list. Select User Based Policies from the Category drop-down list. Locate the My Default policy and click Edit Settings. For more information about individual policy settings, see the McAfee Drive Encryption Product Guide. User-based policies in Drive Encryption Drive Encryption requires that you specify which groups of users are allowed to use the Policy Assignment Rules. The allowed users get their required user-based policies. Users that are not allowed to use the Policy Assignment Rules inherit the default user-based policies assigned to the system. Enforce the desired user-based policy to a user assigned to a client system by enabling the Configure UBP enforcement option. If possible, it is always better to assign user-based policies at the system level or branch level, rather than using the Policy Assignment Rules. However, you can use the Policy Assignment Rule option, if required, to assign different policies to different users. The user-based policy options are organized into these tabs. 24 McAfee Drive Encryption Interface Reference Guide

25 Managing policies User-based policy settings 1 Table 1-25 Authentication tab Policy s Token type Certificate rule Recommendations Select Password only. There are a number of other tokens that can be effectively used for your authentication as required. However, the Password only token is as strong as any other token that you could configure. Drive Encryption enhances the use of PKI and tokens to allow users to authenticate using their certificates. You can use certificate rules to efficiently update Drive Encryption about all certificate-holding users, and allow them to be allocated to PCs using Drive Encryption without having to create new smart cards or other forms of token for their use. Provide LDAP user certificate Leave this option checked (enabled). Enforce certificate validity period on client Leave this option checked (enabled) to enforce certificate validity period for the added certificate rule. Use latest certificate Leave this option checked (enabled). The Certificate rule options are not active if Password only is selected. Logon Hours You can set the days and the hours when the user can log on to the client system. The restrictions are applied using the Apply Restrictions option. We recommend enabling this option only if you have a specific requirement. Table 1-26 Password tab Policy s Change Default Password Password Change Incorrect Passwords Allow showing of password Recommendations Do not prompt for default password Leave this option checked (enabled). When enabled, users are prompted to type in their Drive Encryption password without having to remember a common default password. If you enable this option, you don't have to enable the Change Default Password option. Disable all of these settings as you would be using SSO and don't want to cause conflict with Windows password requirements. Enable password history changes (1-100) Leave this option checked (enabled) to prevent users from reusing passwords unless your security policy exempts users from using new passwords. Prevent change Leave this option unchecked (disabled). Require change after days (1-366) Leave this option unchecked (disabled). Warn user days before password expiry (0-30) This is disabled by default when you disable the Require change after days (1-366) option. Timeout password entry after invalid attempts (3-20) Set the number of invalid attempts to trigger a timeout. Maximum disable time minutes (1-64) This is disabled by default when you disable the Timeout password option. Invalidate password after invalid attempts Leave this option checked (enabled). Enable this option if you want the password of the user to be displayed while entering it. Table 1-27 Password Content Rules tab Policy s Display list of password rules Password length Recommendations Enable this option to display the password requirements to users. Leave the default value. McAfee Drive Encryption Interface Reference Guide 25

26 1 Managing policies Server policy settings Table 1-27 Password Content Rules tab (continued) Policy s Enforce password content Password content restrictions Recommendations Leave the default value. Leave the default value or enable restrictions for increased password strength. Table 1-28 Self-Recovery tab Policy s Enable self-recovery Invalidate self-recovery after no. of invalid attempts Questions to be answered Logons before forcing user to set answers Questions Recommendations Leave this option checked (enabled). Enable and set the number of attempts to a number that does not abruptly lock out the Self Recovery. Can be set to 3. This can provide the required security without overly inconveniencing the user. It is up to the administrator to decide how many questions are required. Set this to 0. This makes sure that the users set the answers during the user initialization. Leave the default questions or configure new questions as required. Table 1-29 Companion Devices tab Policy s Enable Companion Device Support Recommendations Select this option to allow the user to perform system recovery using a smartphone or mobile device. The Companion Device application is now known as McAfee Endpoint Assistant. Password Enable this option to create a password according to the option selected. If the user has once set a higher password definition to the system, the user cannot change the password to a lower password definition (that is less secure) even if that policy is set in McAfee epo. Server policy settings The server settings are organized into these tabs: General, Incompatible Products, Theme, Simple Words, Tokens, LDAP Attributes, PC software, PC Opal. Table 1-30 General tab If user is disabled in LDAP Server Machine key re-use Allows you to disable, delete, or ignore a user if the user has been disabled on the LDAP Server. Enables activation of the system with the existing key present in the McAfee epo server. This option is useful when a boot disk gets corrupted and the user can't access the system. The corrupted system's disks, other than the boot disk, can be recovered by activating it with the same key from McAfee epo. Machine key re-use is not applicable to systems having self-encrypting (Opal) drives. Batch size for retrieving users Allows the system to send users to the client in batches rather than sending them all at the same time. Specify the number of users that are sent in each batch. Increasing the batch size increases the amount of memory required on the server and the client. But, this reduces the number of recommended messages required to be sent between the client and server. 26 McAfee Drive Encryption Interface Reference Guide

27 Managing policies Server policy settings 1 Table 1-31 Incompatible Products tab Manage incompatible products Allows you to manage the list of products that are not compatible with Drive Encryption. You can also import an incompatible product rule that can detect and add the incompatible product to the list. You cannot activate Drive Encryption on a client system where these incompatible products are present. Table 1-32 Themes tab Manage Themes Allows you to add and customize a theme that is used as a background in the Pre-Boot Authentication page. Table 1-33 Simple Words tab Add group Remove group Import words to group Regenerate missing simple word package Allows you to create a group that can have a number of simple words. This will not be available for shared policy from another McAfee epo. Deletes a group of simple words. Allows you to browse to a text file with a number of simple words that can't be used as passwords. You can also select an encoding type for the file. Compiles all the simple word groups and creates the simple words package files (.xml file). Table 1-34 Tokens tab Manage Tokens Allows you to add and manage extra token definitions. This allows the user to deploy and manage additional token modules any time after the initial installation. Table 1-35 LDAP Attributes tab Manage LDAP Attributes Allows you to manage user attributes for Active Directory and User Directory. The User Directory attributes appear only if you have installed the User Directory extension. Table 1-36 PC software tab Algorithm Pre-boot storage size 50MB (20-100) Specifies the algorithm AES-256-CBC for the software encryption. Allows you to set the size of the pre-boot file system. Increasing the size of the PBFS increases the number of users that can be successfully assigned to the client system. The size is specified in MB from 20 MB to 100 MB. If you are assigning a large set of users to the system, the PBFS size must be 100 MB. The default Pre-Boot storage size for PC software is 50 MB. Table 1-37 PC Opal tab Pre-boot storage size 50MB (20-100) Allows you to set the size of the pre-boot file system for the client systems with self-encrypting (Opal) drives. Increasing the size of the PBFS increases the number of users that can be successfully assigned to the client system. The size is specified in MB from 20 MB to 100 MB. If you are assigning a large set of users to the system, the PBFS size must be 100 MB. McAfee Drive Encryption Interface Reference Guide 27

28 1 Managing policies Server policy settings 28 McAfee Drive Encryption Interface Reference Guide

29 2 Interface 2 reference Contents Product Settings Policy General tab Product Settings Policy Encryption tab Product Settings policy Log On tab Product Settings Policy Recovery tab Product Settings Policy Boot s tab Product Settings Policy Theme tab Policy Settings Out-of-Band tab Product Settings Policy Encryption Providers tab Policy Settings Companion Devices tab Add local domain user settings Regular expressions User Based Policies Authentication tab User Based Policies Password tab User Based Policies Password Content Rules tab User Based Policies Self-recovery tab User Based Policies Companion Devices tab Challenge Code (Drive Encryption Recovery) Recovery Type (Drive Encryption Recovery) Select User (Drive Encryption Recovery) Response Code (Drive Encryption Recovery) Systems tab (Encryption Users) Group Users tab (Encryption Users) Add Drive Encryption Users (Encryption Users) Viewing Drive Encryption Users (Encryption Users) User management Permission sets Server Settings Drive Encryption Server Settings (Drive Encryption) General tab Server Settings (Drive Encryption) Manage incompatible product settings Server Settings (Drive Encryption) Import incompatible product rules Server Settings (Drive Encryption) PC Software tab Server Settings (Drive Encryption) PC OPAL tab Server Settings (Drive Encryption) Manage themes Server Settings (Drive Encryption) Add themes Server Settings (Drive Encryption) Edit themes Server Settings (Drive Encryption) Manage Simple Words Server Settings (Drive Encryption) Manage tokens Server Settings (Drive Encryption) Add tokens Properties tab (System Tree Drive Encryption) Disks tab (System Tree Drive Encryption) System Tree Export recovery information file (Drive Encryption) System Tree Allow machine key re-use (Drive Encryption) McAfee Drive Encryption Interface Reference Guide 29

30 2 Interface reference Product Settings Policy General tab Drive Encryption Users (Queries) User management User information Decrypt offline recovery file User Directory - User management User Directory - Add/edit user User Directory Move user Product Settings Policy General tab The General tab under the Product Settings Policy provides you the settings required for activating the product, to collect the log messages from the client system, and to manage the users who are not logged on. Enable policy Enables the set policies on the client computers. Only activate if health check (Drive Encryption: Go) passes Select this option to activate Drive Encryption on client systems only when the Drive Encryption: GO health check passes. You can enable this option only if the DEGO extension 7.x or higher is installed in McAfee epo. Logging level Allows the administrator to set a different logging level for each client computer that has the specific policy setting assigned. Harden against cold boot attacks when Expire users who do not login Allow users to create endpoint info file To overwrite the logging level defined in McAfee epo, the LoggingLevelOverride registry key needs to be set on the client system. None Does not create any log for the client system managed by McAfee epo. Error Logs only error messages. Error and Warnings Logs the error and warning messages. Error, Warnings, and Informational Logs the error and warning messages with more descriptions. Error, Warnings, Informational and Debug Logs the error, warning, and debug messages. Allows you to use the Elevated Security Crypt mode to help protect against cold-boot and other RAM-based attacks, when: The system is locked. The user is logged off. The system is in standby. Always (On systems that support Intel SGX) For more information, see the Protection of systems in Windows lock, log off, and standby states section. Allows the administrator to control and manage the users who have not logged on to the client system. This option forces the user account, which is not initialized, to expire after a number of hours as set in the policy. Allows the user to collect client system details such as the list of assigned users, policy settings, recovery, and Drive Encryption status. After enabling this option, the Save Machine info button appears in: Windows McAfee Agent Tray Quick Settings Show Drive Encryption Status. You can click this button and save the text file for later reference. 30 McAfee Drive Encryption Interface Reference Guide

31 Interface reference Product Settings Policy Encryption tab 2 Duplicate Save Cancel Duplicates or copies the policy settings with a different name and this can be assigned to a different user. Saves the product settings policy of Drive Encryption. Exits the current page. Product Settings Policy Encryption tab The Encryption tab under the Product Settings Policy allows you to select the required encryption type and set the encryption priority. Encrypt Encryption type Allows you to select the required encryption type and to set the encryption priority. The type of encryption: None Does not encrypt any disk. All disks Encrypts all disks in a system. Boot disk only Encrypts only the boot disk. Selected partitions Allows you to select the required partitions of the client system and select them to be encrypted. You can select the required partitions by specifying the Windows drive letters/volume names. Partition level encryption is not applicable to client systems using OPAL encryption. Do not assign a drive letter to the Windows 7 hidden system partition on your client system. Doing so prevents activation of the Drive Encryption software on the client system. This table also lists the available encryption providers (PC Software and PC Opal) available. You can change and set the encryption priority by moving the encryption provider rows up and down, as appropriate. By default, software encryption is used on both Opal and non-opal systems in this version of Drive Encryption. To ensure that Opal technology is chosen in preference to software encryption, we recommend that you always set Opal as the default encryption provider, by moving it to the top of the list on the Encryption Providers page. This ensures that Opal locking will be used on Opal drives. Make sure that you select the required encryption type, as appropriate. Policy enforcement might fail on client systems if you select an unsupported encryption type. All disks except boot disk Encrypts all disks except the boot disk (not recommended) The Encryption type options None, All disks except boot disk, and Selected partitions are not applicable to self-encrypting drives in Opal mode. Move To Top Duplicate Save Cancel Allows the topmost encryption provider to take priority. Duplicates or copies the policy with a different name and this can be assigned to a different user. Saves the product settings policy of Drive Encryption. Exits the current page. McAfee Drive Encryption Interface Reference Guide 31

32 2 Interface reference Product Settings policy Log On tab Product Settings policy Log On tab The Log On tab under the Product Settings policy allows you to define the logon settings for the Product Settings policy of Drive Encryption. Table 2-1 Log On (Drive Encryption) Enable automatic booting When enabled, the client system boots automatically without prompting for a Pre-Boot Authentication. The expiration date for auto-booting can also be set. If required, the user can select the UTC time standard option. If you enable this option without requiring the use of TPM for automatic booting, the Drive Encryption product does not protect the data on the drive when it is not in use. Disable and restart system after 3 (1-10) failed logons or unlocks (Windows only, Vista onwards) This feature is an enhancement of the primary Enable automatic booting feature. Select this option to disable the autoboot after a specific number (defaulted to 3 or specify from 1-10) of failed Windows logons. On the Windows authentication screen, if the user fails to authenticate the defined number of times, a message appears indicating that the maximum number of failed operating system logons was reached, and that Pre-Boot Authentication is enabled on the machine. Upon clicking OK, the client system restarts and PBA screen appears. Once the user authenticates through PBA and Windows successfully, autoboot is enabled. This feature is available for password, smart cards, and biometric tokens, and only for Windows Vista or later operating systems. Allow temporary automatic booting Use of TPM for automatic booting Allows you to turn (on or off) the PBA screen, with a client-side utility. This eliminates the need to modify the policy in McAfee epo, and fully automates patching and other client management scenarios. Select one of these options: Never The encryption key is written to a plain-text file, which is unencrypted. The system is not secure. If available If the TPM is available, the encryption key is written to a plain-text file, which is encrypted. The system is secure. If the TPM is not available, the encryption key is written to a plain-text file, which is unencrypted. The system is not secure. Required (Note: if TPM is not available on the system, automatic booting will not be enabled) If the required TPM is available, the encryption key is written to a plain-text file, which is encrypted. The system is secure. If the required TPM is not available, automatic booting will not be enabled and the user will see the PBA screen to authenticate. The system is secure. This option is applicable only for systems installed with Drive Encryption or later. If you apply a policy to the earlier versions of Drive Encryption with automatic booting enabled and use of TPM set to 'Required', it will leave the client system in an unprotected state since autoboot will be enabled with no protection of the disk encryption key. Log on message Do not display previous user name at log on Type a message that appears to the client user. Prevents the client system from automatically displaying the user name of the last logged on user on all Drive Encryption logon dialog boxes. 32 McAfee Drive Encryption Interface Reference Guide

33 Interface reference Product Settings policy Log On tab 2 Table 2-1 Log On (Drive Encryption) (continued) Enable on screen keyboard Enables the Pre-Boot On-Screen Keyboard (OSK) and the associated Wacom serial pen driver. When this option is enabled, the pen driver finds supported pen hardware (Panasonic CF-H1 and Samsung Slate 7) and displays the OSK. If you do not select this option, the BIOS uses mouse emulation. In such a situation, the BIOS treats the digitizer as a standard mouse, which might lead to the cursor being out of sync with the stylus on USB-connected Wacom pen digitizers. Always display on screen keyboard Forces the Pre-Boot to always display a clickable on-screen keyboard, whether the pen driver finds suitable hardware or not. When the option Enable on screen keyboard is turned on, if there is a serial digitizer device for which we have support on BIOS systems, then the OSK is displayed. Otherwise, on both BIOS and UEFI systems, if there is a requirement to display the OSK, then you must also select the option Always display on screen keyboard. This forces the OSK to be displayed without looking for any serial digitizer devices under BIOS. Add local domain users (and tag with 'EE:ALDU') Disabled Selecting this option does not add any local domain users to the client system. Add all previous and current local domain users of the system Domain users who have previously and are currently logged on to the system can authenticate through the Pre-Boot, even if the administrator has not explicitly assigned the user to the client system. Only add currently logged on local domain user(s); activation is dependent on a successful user assignment Only the domain users who are logged on to the current Windows session are added to the system and hence Drive Encryption is activated, even if the administrator has not explicitly assigned the user to the client system. If you select this option, at least one user should be added to the client system for a successful Drive Encryption activation on the client. The activation doesn't happen until a user logs on to Windows. Enable accessibility Select this option to sound a beep as a signal when the user moves the focus from one field to the next using mouse or keyboard in the Pre-Boot environment. This option is helpful to visually challenged users. The USB audio functionality allows visually impaired users to hear an audio signal (spoken word) as guidance when the user moves the cursor from one field to the next in the Pre-Boot environment. The USB speakers and headphones can be used to listen to the audio signal. For more details, see Enable Accessibility (USB audio devices) in the Pre-Boot environment. McAfee Drive Encryption Interface Reference Guide 33

34 2 Interface reference Product Settings policy Log On tab Table 2-1 Log On (Drive Encryption) (continued) Disable pre-boot authentication when not synchronized Blocks a user from logging on to PBA in the client system, if the client system is not synchronized with the McAfee epo server for the set number of days. The user is blocked from logging on to PBA, and can then request the administrator to perform Administrator Recovery to unlock the client system. This allows the client system to boot and communicate with the McAfee epo server. The client system continues to block the user from logging on to the system until synchronization with McAfee epo. Read username from smartcard Automatically retrieves the available user information on the client system from the inserted smartcard; hence the Authentication window does not prompt for a user name. The user can then authenticate by typing the correct PIN. You need to enable the matching rules that are required for matching smartcard user principle name (UPN) names with Drive Encryption user names. Disable pre-boot authentication when not synchronized Match certificate user name field up sign Matches the certificate user name up to sign of the user name. For example, if the UPN is SomeUser@SomeDomain.com and the Drive Encryption user name is SomeUser, a match is found. Hide user name during authentication The Drive Encryption user name does not appear in the Authentication window. This feature is supported on the Gemalto.Net V2+ tokens, and PIV and CAC tokens. Table 2-2 Log On (Windows) V7.2 Onwards Third-party credential providers: Allow integrated third-party credential providers to override the Drive Encryption credential provider Enable this option to make sure that the Drive Encryption credential provider does not load and allow a compatible third-party credential provider to override the existing credential provider. Single sign-on (SSO): Provide a single sign-on experience for Drive Encryption users (SSO) Enable this option to allow the user to log on to the system with a single authentication process. It allows automatic logon to the operating system once the user authenticates through the Pre-Boot Authentication page. Allow the capturing of smart card PINs for SSO replay Enable this option to allow Drive Encryption to capture the smart card PIN for SSO. 34 McAfee Drive Encryption Interface Reference Guide

35 Interface reference Product Settings policy Log On tab 2 Table 2-2 Log On (Windows) (continued) Password synchronization: Update the Drive Encryption user password to match the Windows user password (during Windows logon, or password changes) Enable this option to synchronize the Drive Encryption password to match the Windows password when the Windows password is changed on the client system. For example, if users change their password on the client, the Drive Encryption password is also changed to the same value. Ignore Drive Encryption password rules and history when updating the Drive Encryption password Enabling this option allows you to ignore Drive Encryption password rules and history when synchronizing the Drive Encryption password. This may result in a reduction of password strength for Drive Encryption users. Periodically check domain credentials for changes and ask the user to re-capture the Drive Encryption password if required Enabling this option allows you to periodically check the domain credentials for any changes and also inform the user to re-capture the Drive Encryption password, if required. This will result in an increased load on the domain server that manages the endpoint. Polling interval (minutes) (5-480) Enter the time in minutes within the set limit to periodically check the domain credentials for any changes. Preboot user options Allow user to cancel SSO and password synchronization Enable this option to allow the user to cancel SSO and password synchronization. Windows username matching The Windows username must match the username of the Drive Encryption user before capturing SSO or synchronizing passwords Ensures the SSO details are captured only when the user s Drive Encryption and Windows user names match. This ensures that the SSO data captured is replayed for the user for which it was captured. Credential provider bitmap Do not display McAfee shield on Windows logon tiles Enabling this option allows you to hide the McAfee shield on Windows logon titles. Pre V7.2 Enable SSO Select this option to enable Single Sign On. Must match user name Ensures the SSO details are captured only when the user s Drive Encryption and Windows user names match. This ensures that the SSO data captured is replayed for the user for which it was captured. When you select the Enable SSO option, the Must match user name option is also enabled by default. Using smart card PIN Allows Drive Encryption to capture the smart card PIN for SSO. Synchronize Drive Encryption password with Windows The Drive Encryption password synchronizes to match the Windows password when the Windows password is changed on the client system. For example, if users change their password on the client, the Drive Encryption password is also changed to the same value. Allow user to cancel SSO Allows the user to cancel the SSO to Windows in Pre-Boot. When this option is enabled, the user has an additional checkbox at the bottom of the Pre-Boot logon dialog box. Make sure to note that SSO now works with Drive Encryption or later when the client system resumes from hibernation or when booting the system using Windows 8 fast boot. McAfee Drive Encryption Interface Reference Guide 35

36 2 Interface reference Product Settings Policy Recovery tab Table 2-2 Log On (Windows) (continued) Require Drive Encryption logon (only supported on V6 clients) This requires you to mandatorily log on to PBA for EEPC 6.x.x systems, thereby disabling the SSO functionality. Require log on when token is removed This requires you to mandatorily log on when the token is removed. This option is available for selection only if the Require Drive Encryption logon (only supported on V6 clients) option is enabled. Lock workstation when inactive The client system is locked when it is inactive for the set time. Duplicate Save Cancel Duplicates or copies the policy with a different name and this can be assigned to a different user. Saves the Product Settings Policy of Drive Encryption. Exits the current page. Product Settings Policy Recovery tab The Recovery tab under the Product Settings Policy allows you to define the recovery settings for the Product Settings Policy of Drive Encryption. Enabled Administrator recovery The Recovery option is enabled by default. This activates the Administrator Recovery option in the client system. Key size The recovery key size options. The recovery Response Code size depends on this recovery key size. This does not affect the size of the challenge code. Low A recovery key size that creates a short Response Code for the recovery. Medium A recovery key size that creates a medium size Response Code for the recovery. High A recovery key size that creates a lengthy Response Code for the recovery. Full A recovery key size that creates a Response Code, with the maximum number of characters, for the recovery. Message Displays a text message when you select Recovery. This can include information such as your help desk contact details. Self-recovery Allow users to re-enroll self-recovery information at PBA Allows the client user's self-recovery details can be reset. The user must then re-enroll their self-recovery details with new self-recovery answers. Before resetting the self-recovery questions on the client system, make sure that you have enabled the Enable Self Recovery option under User Based Policy Self-recovery. When this option is enabled, the Pre-Boot Authentication (user name) screen includes the Reset self-recovery option. On selecting Reset self-recovery, the user is prompted for a password, then self-recovery enrollment. Only initialized users can reset their self-recovery details. Duplicate Duplicates or copies the policy with a different name and this can be assigned to a different user. 36 McAfee Drive Encryption Interface Reference Guide

37 Interface reference Product Settings Policy Boot s tab 2 Save Cancel Saves the product settings policy of Drive Encryption. Exits the current page. Product Settings Policy Boot s tab The Boot s tab under the Product Settings Policy allows you to define the boot settings for the Product Settings Policy of Drive Encryption. Enable Boot Manager Always enable pre-boot USB support Activates the built-in pre-boot partition manager. This allows you to select the primary partition on the hard disk that you want to boot. Naming of the partition is also possible with the boot manager. The timeout for the booting to start can also be set. Forces the Drive Encryption Pre-Boot code to always initialize the USB stack. USB audio functionality allows the visually impaired users to listen to an audio signal (spoken word) as a guidance when the user moves the cursor from one field to the next, in the Pre-Boot environment. The USB speakers and headphones can be used to listen to the audio signal. You will notice an improper synchronization of the mouse cursor and the stylus on USB connected Wacom pen digitizers. To avoid this, make sure to enable this option. For more details, see Enable Accessibility (USB audio devices) in the Pre-Boot environment. Enable pre-boot PCMCIA support Graphics mode Duplicate Save Cancel If selected, the policy enables pre-boot PCMCIA support. Allows you to select the screen resolution for a system or a system group. The default option is Automatic. Duplicates or copies the policy with a different name and this can be assigned to a different user. Saves the product settings policy of Drive Encryption. Exits the current page. Product Settings Policy Theme tab The Theme tab under the Product Settings Policy allows you to select and assign the theme which defines the background for the Pre-Boot Authentication page in the Product Settings Policy of Drive Encryption. Select theme Preview Duplicate Save Cancel Contains the options for selecting a theme. Displays the preview of the selected theme. The preview is not available for shared policies from another McAfee epo. Duplicates or copies the policy with a different name and this can be assigned to a different user. Saves the product settings policy of Drive Encryption. Exits the current page. McAfee Drive Encryption Interface Reference Guide 37

38 2 Interface reference Policy Settings Out-of-Band tab Policy Settings Out-of-Band tab The Out-of-Band tab under the Product Settings Policy allows you to enable the Drive Encryption out-of-band management features through policies and then perform actions on Intel AMT provisioned client systems. Enable at PBA Enables the Drive Encryption out-of-band management features through policies and then perform actions on Intel AMT provisioned client systems. You can select this option only if you installed the Drive Encryption: Out Of Band Management extension in McAfee epo. Duplicate Save Cancel Duplicates or copies the policy with a different name and this can be assigned to a different user. Saves the product settings policy of Drive Encryption. Exits the current page. Product Settings Policy Encryption Providers tab The Encryption Providers tab under the Product Settings Policy allows you to set the encryption provider settings for the Product Settings Policy of Drive Encryption. PC Software Use compatible MBR Causes Drive Encryption to boot a built-in fixed MBR instead of the original MBR that was on the system after pre-boot logon. It is used to avoid problems with some systems that had other software that runs from the MBR and no longer work if Drive Encryption is installed. Fix OS boot record sides Some boot records report an incorrect number of sides. Selecting this option fixes this on the client system. This is available only when you install the Drive Encryption extension. Use windows system drive as boot disk Maintains the compatibility with some systems where the disk 0 is not the boot disk. Selecting this option forces the users product to assume that the boot disk is the one that contains the Windows directory but not disk 0. Enable Pre-Boot Smart Check (BIOS based systems only) Modifies the Drive Encryption activation sequence and creates a pre-activation stage, where hardware compatibility checks are performed prior to actual activation and subsequent encryption. Force system restart once activation completes This option is selected by default when you select Enable Pre-Boot Smart Check (BIOS based systems only) to restart your system after activation. Opal Duplicate Save Cancel Require all disks to be Opal Requires all the drives in your client system to be Opal drives for the PC Opal encryption provider to be activated. Duplicates or copies the policy with a different name and this can be assigned to a different user. Saves the product settings policy of Drive Encryption. Exits the current page. 38 McAfee Drive Encryption Interface Reference Guide

39 Interface reference Policy Settings Companion Devices tab 2 Policy Settings Companion Devices tab The Companion Devices tab under the Product Settings Policy allows you to enable the Drive Encryption companion devices support feature through policies. Enable Companion Device Support Duplicate Save Cancel Enable this option to allow the user to perform system recovery through smartphone. The Companion Device application is now known as McAfee Endpoint Assistant. Duplicates or copies the policy with a different name and this can be assigned to a different user. Saves the product settings policy of Drive Encryption. Exits the current page. Add local domain user settings Regular expressions You can add regular expressions to blacklist the user accounts. Any users, who match the configured regular expression are excluded from the ALDU list. Regular Expression ECMA 262 standard is supported with the ALDU blacklist policy. Regular expressions Add Type the regular expressions that help to exclude the local domain users from being assigned to the client system. You can add multiple regular expressions under a single policy. All comparisons will be case insensitive. Test All Verifies multiple regular expressions. Duplicate Save Cancel Duplicates or copies the settings with a different name and this can be assigned to a different user. Saves the settings of Drive Encryption. Exits the current page. McAfee Drive Encryption Interface Reference Guide 39

40 2 Interface reference User Based Policies Authentication tab User Based Policies Authentication tab The Authentication tab under the User Based Policies allows you to define the authentication for the user in the client system and to limit the user's logon hours. Token type Certificate rule The authentication token type, for example, password or smartcard. Drive Encryption enhances the use of PKI and tokens to allow users to authenticate using their certificates. You can use certificate rules to quickly make your Drive Encryption enterprise aware of all certificate-holding users, and allow them to be allocated to PCs using Drive Encryption without having to create new smart cards or other forms of token for their use. Provide LDAP user certificate Provides the latest LDAP user certificate. Enforce certificate validity period on client By default, this is enabled to enforce certificate validity period for the added certificate rule. Use latest certificate Select this to include the latest certificate while adding certificate rule. Add certificate rule Use this option to add different certificate rules. Logon Hours Duplicate Save Cancel This defines the day and the timeline when the user can log on to the client system. The restrictions are applied using the Apply restrictions option. Duplicates or copies the policy with a different name and this can be assigned to a different user. Saves the User Based Policy of Drive Encryption. Exits the current page. User Based Policies Password tab The Password tab under the User Based Policies allows you to change and manage the user's password in the client system. Default password Password change Change default password The default password is , if the administrator changes the default password, then the newly set password will be the new default password for this policy under the User Based Policy category. Do not prompt for default password Setting this option skips the default password entry and immediately asks the user to enter an encryption password. Enable password history changes (1-100) This keeps track of the specified number of previous passwords set by the user and does not allow the user to set the same passwords again. Prevent change This option prevents the user from changing the password. Require change after days (1-366) This specifies the number of days after which the system prompts the user to change the password. Warn user days before password expires (0-30) This specifies the number of days before which the system prompts the user with a warning message about the number of days left for the password expiry. 40 McAfee Drive Encryption Interface Reference Guide

41 Interface reference User Based Policies Password Content Rules tab 2 Incorrect passwords Allow showing of password Duplicate Save Cancel Timeout password entry after invalid attempts (3-20) This option specifies the number of invalid password entries after which the system times out the password attempts. Maximum disable time minutes (1-64) This specifies the maximum timeout duration for the timeout password entry. Invalidate password after invalid attempts (3-100) This specifies the number of attempts a user can make before the password becomes invalid. Enable this option to display the password of the user during authentication. Duplicates or copies the policy with a different name and this can be assigned to a different user. Saves the user based policy of Drive Encryption. Exits the current page. User Based Policies Password Content Rules tab The Password Content Rules tab under the User Based Policies allows you to define the length and limit the content of a user's password. Display list of password rules Password length Enable this option to display the password rules to users. This specifies the number of characters in a user password. Minimum (3-40) Defines the minimum number of characters for a user password. Maximum (3-255) Defines the maximum number of characters for a user password. Enforce password content This specifies the number of different characters like alpha, numeric, alphanumeric, and symbols that a user password can have. Alpha This specifies the number of letters that must be present in a user password. Numeric Specifies the number of numeric characters that must be present in a user password. Alphanumeric Specifies the number of alphanumeric characters that must be present in a user password. Symbols Specifies the number of symbols that must be present in a user password. McAfee Drive Encryption Interface Reference Guide 41

42 2 Interface reference User Based Policies Self-recovery tab Password content restrictions This specifies the password content restrictions for the user password. No anagrams A word or phrase spelled by rearranging the letters of another word or phrase cannot be a password. No palindromes A word or phrase that reads the same backward as forward can not be a password. No sequences "password2" after "password1" is unacceptable, as are passwords such as aaaaaa and Can't be user name A user name cannot be set as a password. Windows content rules This demands to follow the standard Windows password content rule like a Windows password should contain at least three of the following: Lower case letters Upper case letters Numbers Symbols and special characters No Simple Words These are the set of words defined as simple words that cannot be used as passwords. Simple Word Group This contains the list of simple words. Duplicate Save Cancel Duplicates or copies the policy with a different name and this can be assigned to a different user. Saves the user based policy of Drive Encryption. Exits the current page. User Based Policies Self-recovery tab The Self-recovery tab under the User Based Policies allows you to enable and configure the self (local) recovery process. This allows the user to reset a forgotten password by answering a set of security questions. A list of security questions is set by the administrator using McAfee epo. If the answers from the user match what has been stored in the server, they can proceed through the recovery process. Enable self-recovery Invalidate self-recovery after no. of invalid attempts Questions to be answered Enables self-recovery for users assigned to the system. This specifies the number of attempts after which the self recovery is disabled. The number of questions to be answered by the user to perform the self-recovery. This lists the default questions for the selected language, also provides an option to add more questions. If a language does not have enough questions or includes an error, the language appears in red. Logons before forcing user to set answers The number of logons before forcing the user to set answers. 42 McAfee Drive Encryption Interface Reference Guide

43 Interface reference User Based Policies Companion Devices tab 2 Questions Allows you to select a language, set the question, and set the minimum answer length. This lists the default questions for the selected language, and provides an option to add more questions. If a language does not have enough questions or has an error on it, the language appears in red. Duplicate Save Cancel Duplicates or copies the policy with a different name and this can be assigned to a different user. Saves the user based policy of Drive Encryption. Exits the current page. User Based Policies Companion Devices tab The companion devices tab under the User Based Policies allows you to enable recovery for the companion devices and to configure the password definition. Recovery Password Enabled Enables recovery for the companion devices. PIN, minimum 6 digits PIN, minimum 8 digits Password, minimum 6 with 1 numeric, 1 alphabetic Password, minimum 6 with 1 numeric, 1 uppercase and 1 lowercase Password, minimum 8 with 1 numeric, 1 uppercase, 1 lowercase and 1 symbol Challenge Code (Drive Encryption Recovery) The Challenge Code pane under Menu Data Protection Encryption Recovery allows you to perform the system recovery by typing the challenge code generated in the client system. Table 2-3 definitions Challenge Code Back Next Close Specifies the challenge code generated in the client system. Navigates to the previous page. Navigates to the next page. Exits the current page. McAfee Drive Encryption Interface Reference Guide 43

44 2 Interface reference Recovery Type (Drive Encryption Recovery) Recovery Type (Drive Encryption Recovery) The Recovery Type pane under Menu Data Protection Encryption Recovery allows you to perform the system recovery by verifying the user details and by selecting the recovery type. Machine Name Recovery Type Displays the name of the system that you are trying to recover. Specifies the recovery type. Machine Recovery Use this recovery type when no user is assigned to a client system, but the system is still active. This can also be used when any administrator who is not assigned to a client system requires access to it. User Recovery When a user forgets the password or is disabled in the Active Directory or loses his token, the user cannot log on to the client system. In this case, use this recovery type to recover the user. Unlock Disabled User Allows the user, disabled in the Active Directory, to log on to the client PBA only once. When a disabled user is unlocked using this recovery type, he can authenticate through PBA. However, the user cannot authenticate through the Windown logon page because the user is still disabled in the Active Directory. Reset Token Use this option to reset a token to the default state. This will clear the existing SSO, Self-recovery, and password details. Reset To Password Token Resets the token to the default password token irrespective of any other token types being used. Back Next Close Navigates to the previous page. Navigates to the next page. Exits the current page. Select User (Drive Encryption Recovery) The Select User pane under Menu Data Protection Encryption Recovery allows you to select the user to be recovered. Name Actions Quick Find Apply Show selected rows Back Next Close Displays the name list of the users. Drive Encryption User Information Displays the list of questions and answers configured for the selected user to be recovered. Allows the administrator to find the desired user quickly. Finds and displays the desired user. Displays the user information of the selected users only. Navigates to the previous page. Navigates to the next page. Exits the current page. 44 McAfee Drive Encryption Interface Reference Guide

45 Interface reference Response Code (Drive Encryption Recovery) 2 Response Code (Drive Encryption Recovery) The Response Code pane under Menu Data Protection Encryption Recovery allows you to view the response code, then read it to the user. Line 1 Line 2 Displays the response code and the codes are phonetically arranged in the table. Generated Response code depends on the recovery key size set in the policy and the selected recovery type that is machine recovery or user recovery. Back Close Navigates to the previous page. Exits the current page. Systems tab (Encryption Users) The Systems tab under Encryption Users allows you to add users to the existing systems and view users for the selected system(s). Tasks Actions Import v5 users Use this option to initiate importing v5 users process. Specifies the actions that you can perform on the selected system and the options to manage users in the system. Choose Columns Opens the Select the Columns to Display page. Use this to select the columns of data to display on the Systems tab. Drive Encryption Highlights the following options to manage users in the selected system. Add User(s) Adds the selected users to the selected system. View Users Displays the users of the selected system. Export Table Opens the Export page. From the Export page you can specify the format of files to be exported, as well as how they are packaged (for example, in a zip file) and what to do with the files (for example, them as an attachment). McAfee Drive Encryption Interface Reference Guide 45

46 2 Interface reference Group Users tab (Encryption Users) Group Users tab (Encryption Users) The Group Users tab under Encryption Users allows you to add a user to a group and delete users from a group. You can also group users at different organizational levels and edit the inheritance as required. It is to assign multiple users to systems without having to work on the individual systems. Inheritance broken Edit Use this option to edit the user inheritance. Inherit from Use this option to break the user inheritance. Lost&Found (false) Specifies that the inheritance is not broken, which means that the selected users will get assigned to the all the systems present below the selected group. Break inheritance (True) Specifies that the inheritance is broken. When you have a group of systems, you could break the inheritance in McAfee epo, and then add the selected users to the group users from that level down. It means that all of the selected users will be assigned to those systems from that node and any children. Specifies the actions that you can perform on the selected system and the options to manage users in the system Choose Columns Opens the Select the Columns to Display page. Use this to select the columns of data to display on the Group Users tab. Actions Drive Encryption Highlights the following options to manage users in the selected group. Add User(s) Adds the selected users to the selected group. Delete User(s) Deletes the selected users from the selected group. Export Table Opens the Export page. From the Export page you can specify the format of files to be exported, as well as how they are packaged (for example, in a zip file) and what to do with the files (for example, them as an attachment). Add Drive Encryption Users (Encryption Users) Use this page to browse to different users of the LDAP/AD/McAfee epo User Directory and add them to the existing system(s). Users From the groups From the organizational units OK Cancel This specifies the name of the users to add. Use the + in the interface to browse to the users and add. This specifies the name of the user groups. Use the + in the interface to browse to the user groups and add. Recursive If selected, this adds the users of the sub groups in the selected group. This specifies the name of the organizational units of the of the user group. Use the + in the interface to browse to the organizational units and add. Recursive If selected, this adds the sub organizational units. Adds the selected Drive Encryption users the selected system. Exits the current page. 46 McAfee Drive Encryption Interface Reference Guide

47 Interface reference Viewing Drive Encryption Users (Encryption Users) 2 Viewing Drive Encryption Users (Encryption Users) Use this page to view the Drive Encryption users belonging to different system(s). Name Type Inherited from Recursive This specifies the name of the users. This specifies the type of the user. This specifies the node which has a number of systems. When inherited, group of users are assigned to each system from this node and all of its children. Yes This denotes that the recursive is active. No This denotes that the recursive is inactive. Actions Add User(s) Allows to browse to users of the LDAP/AD and add them to existing system(s) Delete User(s) Deletes the selected users from the system. Close Exits the current page. McAfee Drive Encryption Interface Reference Guide 47

48 2 Interface reference User management Permission sets User management Permission sets Use this page to define the permission sets for an Drive Encryption user. Drive Encryption Policy s No permissions The user has no permission to view/edit the Drive Encryption settings. View policy settings The user has permission only to view the product settings and user based settings. Change and view policy settings The user has permission to view and edit the settings and to perform recovery on the server. User Management No permission to user management The user has no permission to view/edit the user management settings. View user management The user has permission only to view the user management settings. Change and view user management The user has permission to view and edit the user management settings. Allow import of v5 users This allows the administrator to import the v5 users into epo server. To view and delete users, the user should have the permissions to view and access the System Tree. To add users, the user should have the permissions to browse through the LDAP server. Allow configuration of UBP enforcement Allows the administrators specify which groups of users are allowed to use Drive Encryption policy-assignment rules, and which need to inherit the UBP assigned to a system. Recovery s Allow clear SSO Allows the user to clear the SSO details. Allow clear and reset self-recovery Allows the user to clear the existing self-recovery details and reset them. Allow force user password change Allows the user to edit the force user password change option. Allow reset token Allows the user to reset the token. Allow viewing of user recovery information Allows the user only to view the user recovery information. Allow administrator recovery Allows the user to perform the administrator recovery. Allow export of machine recovery information Allows the user to export the system recovery information. To allow export of the machine recovery information, the user should also have the permissions to view the System Tree tab and access the System Tree. Allow machine key re-use This option supports any additional disk of the encrypted system to remain encrypted in case the system's boot partition becomes corrupted, damaged or wiped. Allow destruction of machine recovery information Allows the user to remove the complete machine recovery information from the McAfee epo server. Query s Allow deletion of migration log items Allows the selected user to delete the migration log items. Allow deletion of migration cache items Allows the selected user to delete migration cache items. 48 McAfee Drive Encryption Interface Reference Guide

49 Interface reference Server Settings Drive Encryption 2 Allow deletion of v5 audit items Allows the selected user to delete the v5 audit items. Save Cancel Saves the permission settings. Navigates to the previous page. Server Settings Drive Encryption This page specifies options to display and edit server settings for the Drive Encryption category. General Incompatible Products Themes Simple Words Tokens LDAP Attributes PC Software If user is disabled in LDAP Server This option allows you to disable, delete or ignore the user if the user has been disabled in the directory. Machine key re-use Machine key re-use option is used to activate the system with the existing key present in the epo server. This option is highly useful when a boot disk gets corrupted and the user cannot access the system. The boot disk corrupted system's disks other than boot disks can be recovered by activating it with the same key from McAfee epo. Batch size for retrieving users This option allows the administrator to send the users to the client in batches rather than sending all of them at a time. Manage incompatible product settings Displays the list of non compatible products and allows you to import non compatible product rule file. Manage Themes This option lets you to add a new theme and to edit an existing theme. Manage Simple Words This option allows you to add and manage a set of simple words that can not be used as a password. Manage Tokens This enables to add and manage extra token definitions. Manage LDAP Attributes Allows you to configure the AD attributes for users. Algorithm AES-256-CBC Displays the algorithm selected for the software encryption. Pre-boot storage size Allows you to set the size of the pre-boot file system. Increasing the size of the PBFS will increase the number of users that can be successfully assigned to the client system. PC Opal Edit Pre-boot storage size Allows you to set the size of the pre-boot file for the systems having self-encrypting Opal drives. Increasing the size of the PBFS will increase the number of users that can be successfully assigned to the client system. Use to edit the Drive Encryption settings. McAfee Drive Encryption Interface Reference Guide 49

50 2 Interface reference Server Settings (Drive Encryption) General tab Server Settings (Drive Encryption) General tab This page specifies options to disable, delete or ignore the user if that user is disabled in the directory. It also allows you to add the user information. If user is disabled in LDAP Server Batch size for retrieving users Machine key re-use User information fields This option allows you to Disable, Ignore, or Delete the user if that user has been disabled in the directory. This option allows the administrator to send the users to the client in batches rather than sending all of them at a time. Specify the number of users that are sent in each batch. Increasing the batch size increases the amount of memory required on the server and the client. But, this reduces the number of data channel messages required to be sent between the client and server. This option is used to activate the system with the existing key present in the McAfee epo server. This option is highly useful when a boot disk gets corrupted and the user cannot access the system. The boot disk corrupted system's disks other than boot disks can be recovered by activating it with the same key from McAfee epo. Add Used to add user information fields. Question Specifies the question related the user information. LDAP attribute name Specifies the LDAP attribute name. Verify Save Cancel Verifies the selected attribute in the user information fields then enables the Save button. Saves the specified settings. Exits the current page. Server Settings (Drive Encryption) Manage incompatible product settings Using the server settings available with McAfee epo, you can manage the list of products that are not compatible with Drive Encryption. You can also import an incompatible product rule that can detect and add the non compatible product to the list. Name Actions Close Lists the products that are not compatible with Drive Encryption. Import incompatible product rules Use this option to browse and import a non compatible product rule (.xml file) that can detect and add the non compatible product to the list. Navigates to the previous page. Server Settings (Drive Encryption) Import incompatible product rules Use this page to browse and select the incompatible product rule file that detects the products that are not compatible with Drive Encryption. File Name (*.xml) OK Cancel Use this option to browse and select the non compatible product rule file (.xml). Accepts the selected file and adds the non compatible product to the list. Navigates to the previous page. 50 McAfee Drive Encryption Interface Reference Guide

51 Interface reference Server Settings (Drive Encryption) PC Software tab 2 Server Settings (Drive Encryption) PC Software tab This page specifies the option to select the algorithm and to set the Pre-boot storage size for the software encryption. Algorithm Pre-boot storage size Verify Save Cancel Specifies the algorithm (AES-256-CBC) for the software encryption. Allows you to set the size of the pre-boot file system. Increasing the size of the PBFS will increase the number of users that can be successfully assigned to the client system. The size is specified in MB from 20 to 100. Verifies the selected algorithm then enables the Save button. Saves the specified settings. Exits the current page. Server Settings (Drive Encryption) PC OPAL tab Specifies the option to set the Pre-Boot storage size for the OPAL encryption. Pre-boot storage size Verify Save Cancel Allows you to set the size of the pre-boot file for the systems having self-encrypting Opal drives. Increasing the size of the PBFS will increase the number of users that can be successfully assigned to the client system. Verifies the selected algorithm then enables the Save button. Saves the specified settings. Navigates to the previous page. Server Settings (Drive Encryption) Manage themes Use this option to add and edit a theme that is used as a background in the Pre-Boot Authentication page. Actions Add Use this option to add a new theme Edit Use this option to edit an existing theme. Regenerate missing theme package This creates all the themes in the Drive Encryption Theme page as a package. Remove Use this option to remove the selected theme. Close Navigates to the previous page. Server Settings (Drive Encryption) Add themes Use this page to add a theme that is used as a background in the Pre-Boot Authentication page. Name Theme Package Specifies the name of the theme. Specifies the options either to browse to a specific location to select a theme package or to browse to a background image to create a theme based on an existing theme. McAfee Drive Encryption Interface Reference Guide 51

52 2 Interface reference Server Settings (Drive Encryption) Edit themes OK Cancel Creates the new theme. Navigates to the previous page. Server Settings (Drive Encryption) Edit themes Use this page to edit an existing theme that is used as a background in the Pre-Boot Authentication page. Name Preview OK Cancel Specifies the name of the theme. Displays the preview of the selected theme. Saves the edited theme. Navigates to the previous page. Server Settings (Drive Encryption) Manage Simple Words Use this option to define and manage a set of simple words that cannot be used as passwords. Group Actions Add group Use this option to create a group which can have a number of simple words. Remove group Use this option to delete a group. Import words to group Use this option to browse to a text file with a number of simple words that cannot be used as passwords. You can also select an encoding type for the file. Regenerate missing Simple Word package This creates the simple words package (.xml file) for the simple words group at C \Program Files\McAfee\ePolicyOrchestrator\DB\Software\Current \EESWORD\DAT\0000 folder. Actions Add Use this option to add a simple word which can not be used as a password to an existing group. Edit Use this option to edit the existing simple word in a group. Remove Use this option to remove all selected simple words from a group. Close Navigates to the previous page. Server Settings (Drive Encryption) Manage tokens Use this option to add and manage extra token definitions. This allows the user to deploy and manage the additional token modules any time after the initial installation as required by the user. Token Type Actions Close Displays the list of tokens that are currently supported by Drive Encryption. Add token Use this option to add extra token definitions. Navigates to the previous page. 52 McAfee Drive Encryption Interface Reference Guide

53 Interface reference Server Settings (Drive Encryption) Add tokens 2 Server Settings (Drive Encryption) Add tokens Use this page to browse and add the token definition XML file. Ensure that you get the definition file from McAfee Support only. The users are not allowed to create their own token definition files. There is currently no ability to remove tokens since doing so will cause user to be unable to logon. Filename (*.xml) OK Cancel Use this option to browse and select the token definition file in XML format. Accepts the selected file and adds the specified token to the list. Navigates to the previous page. Properties tab (System Tree Drive Encryption) This page displays the properties of the selected system. This page shows if the selected system is encrypted and also the active encryption provider. State Encryption Provider Algorithm FIPS Mode Pre-boot storage size (in MB) Pre-boot storage free space (in bytes) Processor supports AES-NI Automatic Booting Enabled Firmware Type Uninitialized Users TPM Version Supports Cold-boot Hardening Back Close Denotes if the selected system is encrypted. The Active state denotes that the selected system is encrypted. Specifies the type of the encryption provider, for example, PC Software or PC Opal. Specifies the active algorithm (AES-256-CBC) for the software encryption. Specifies if the FIPS mode is enabled or not. Allows you to set the size of the pre-boot file system. Increasing the size of the PBFS will increase the number of users that can be successfully assigned to the client system. The size is specified in MB from 20 MB to 200 MB. This specifies free Pre-Boot storage size that is available. Specifies if the processor supports the AES-NI algorithm. Specifies if the Automatic Booting is enabled or not. Specifies the firmware type used in the system. Specifies the number of uninitialized users. Displays the TPM version. Specifies whether Supports Cold-boot Hardening is supported. Navigates to the previous page. Exits the current page. Disks tab (System Tree Drive Encryption) This page displays the properties and status of the disks in the selected system. Model Number Serial Number Port Specifies the model number of the disk in the selected system. Specifies the serial number of the disk in the selected system. Specifies the port number of the disk in the selected system. McAfee Drive Encryption Interface Reference Guide 53

McAfee Drive Encryption Product Guide. (McAfee epolicy Orchestrator)

McAfee Drive Encryption Product Guide. (McAfee epolicy Orchestrator) McAfee Drive Encryption 7.2.5 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

Data Loss Prevention Discover 11.0

Data Loss Prevention Discover 11.0 Installation Guide Data Loss Prevention Discover 11.0 For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee File and Removable Media Protection Product Guide

McAfee File and Removable Media Protection Product Guide McAfee File and Removable Media Protection 5.0.8 Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide McAfee Endpoint Upgrade Assistant 1.5.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

Installation Guide. McAfee Endpoint Security for Servers 5.0.0

Installation Guide. McAfee Endpoint Security for Servers 5.0.0 Installation Guide McAfee Endpoint Security for Servers 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator) McAfee Application Control 8.1.0 - Windows Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

Product Guide Revision A. McAfee Client Proxy 2.3.2

Product Guide Revision A. McAfee Client Proxy 2.3.2 Product Guide Revision A McAfee Client Proxy 2.3.2 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee Drive Encryption Installation Guide. (McAfee epolicy Orchestrator)

McAfee Drive Encryption Installation Guide. (McAfee epolicy Orchestrator) McAfee Drive Encryption 7.2.5 Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator) McAfee Client Proxy 2.3.3 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator)

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator) McAfee Content Security Reporter 2.5.0 Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide McAfee Endpoint Upgrade Assistant 2.3.x Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator) McAfee Drive Encryption 7.2.5 Client Transfer Migration Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee Client Proxy Product Guide

McAfee Client Proxy Product Guide McAfee Client Proxy 2.3.5 Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone,

More information

Installation Guide. McAfee Web Gateway Cloud Service

Installation Guide. McAfee Web Gateway Cloud Service Installation Guide McAfee Web Gateway Cloud Service COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee MVISION Endpoint 1808 Installation Guide

McAfee MVISION Endpoint 1808 Installation Guide McAfee MVISION Endpoint 1808 Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee File and Removable Media Protection Installation Guide

McAfee File and Removable Media Protection Installation Guide McAfee File and Removable Media Protection 5.0.8 Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator) McAfee Client Proxy 2.3.4 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Firewall Enterprise epolicy Orchestrator Extension

McAfee Firewall Enterprise epolicy Orchestrator Extension Integration Guide Revision A McAfee Firewall Enterprise epolicy Orchestrator Extension COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo,

More information

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee MVISION Mobile Microsoft Intune Integration Guide McAfee MVISION Mobile Microsoft Intune Integration Guide Administrator's guide for providing Integration with Microsoft Intune MDM September 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS

More information

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud)

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud) McAfee Agent 5.5.0 Interface Reference Guide (McAfee epolicy Orchestrator Cloud) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee File and Removable Media Protection 6.0.0

McAfee File and Removable Media Protection 6.0.0 Product Guide McAfee File and Removable Media Protection 6.0.0 COPYRIGHT 2017 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the

More information

McAfee Host Intrusion Prevention 8.0

McAfee Host Intrusion Prevention 8.0 Product Guide Self Protection addendum Revision A McAfee Host Intrusion Prevention 8.0 COPYRIGHT 2017 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel and McAfee logos, McAfee Active Protection,

More information

McAfee MVISION Endpoint 1811 Installation Guide

McAfee MVISION Endpoint 1811 Installation Guide McAfee MVISION Endpoint 1811 Installation Guide COPYRIGHT Copyright 2019 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee Content Security Reporter 2.6.x Migration Guide

McAfee Content Security Reporter 2.6.x Migration Guide McAfee Content Security Reporter 2.6.x Migration Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator) McAfee Endpoint Upgrade Assistant 2.0.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0 Product Guide McAfee Endpoint Upgrade Assistant 1.4.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0)

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0) McAfee Endpoint Upgrade Assistant 1.6.0 Product Guide (McAfee epolicy Orchestrator 5.9.0) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

Migration Guide. McAfee Content Security Reporter 2.4.0

Migration Guide. McAfee Content Security Reporter 2.4.0 Migration Guide McAfee Content Security Reporter 2.4.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

McAfee Content Security Reporter 2.6.x Installation Guide

McAfee Content Security Reporter 2.6.x Installation Guide McAfee Content Security Reporter 2.6.x Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee Client Proxy Installation Guide

McAfee Client Proxy Installation Guide McAfee Client Proxy 2.3.5 Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM,

More information

Migration Guide. McAfee File and Removable Media Protection 5.0.0

Migration Guide. McAfee File and Removable Media Protection 5.0.0 Migration Guide McAfee File and Removable Media Protection 5.0.0 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK

More information

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0 Reference Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator)

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator) McAfee Content Security Reporter 2.5.0 Release Notes (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

About this release This document contains important information about the current release. We strongly recommend that you read the entire document.

About this release This document contains important information about the current release. We strongly recommend that you read the entire document. Release Notes Hotfix 1044054 McAfee Drive Encryption 7.1.1 For use with epolicy Orchestrator Contents About this release New features Resolved issues Installation instructions Known issues Additional information

More information

Boot Attestation Service 3.0.0

Boot Attestation Service 3.0.0 Product Guide Boot Attestation Service 3.0.0 For use with epolicy Orchestrator 4.6.0, 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

Archiving Service. Exchange server setup (2010) Secure Gateway (SEG) Service Administrative Guides

Archiving Service. Exchange server setup (2010) Secure  Gateway (SEG) Service Administrative Guides Secure E-Mail Gateway (SEG) Service Administrative Guides Archiving Service Exchange server setup (2010) 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks

More information

McAfee MVISION Mobile epo Extension Product Guide

McAfee MVISION Mobile epo Extension Product Guide McAfee MVISION Mobile epo Extension 1809 Product Guide September 11, 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee MVISION Mobile Microsoft Intune Integration Guide McAfee MVISION Mobile Microsoft Intune Integration Guide MVISION Mobile Console 4.22 February 11, 2019 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active

More information

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0 Migration Guide McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel

More information

McAfee Boot Attestation Service 3.5.0

McAfee Boot Attestation Service 3.5.0 Product Guide McAfee Boot Attestation Service 3.5.0 For use with epolicy Orchestrator 4.6.7, 4.6.8, 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator) McAfee Endpoint Security 10.6.0 - Migration Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee MVISION Mobile Citrix XenMobile Integration Guide

McAfee MVISION Mobile Citrix XenMobile Integration Guide McAfee MVISION Mobile Citrix XenMobile Integration Guide MVISION Mobile Console 4.22 February 11, 2019 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active

More information

McAfee Application Control Windows Installation Guide

McAfee Application Control Windows Installation Guide McAfee Application Control 8.2.0 - Windows Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee Endpoint Security

McAfee Endpoint Security Migration Guide McAfee Endpoint Security 10.2.0 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the

More information

McAfee Rogue Database Detection For use with epolicy Orchestrator Software

McAfee Rogue Database Detection For use with epolicy Orchestrator Software McAfee Rogue Database Detection 1.0.0 For use with epolicy Orchestrator 4.6.0 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo,

More information

McAfee Policy Auditor 6.2.2

McAfee Policy Auditor 6.2.2 Release Notes McAfee Policy Auditor 6.2.2 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel

More information

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator) McAfee Endpoint Security for Servers 5.1.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee Investigator Product Guide

McAfee Investigator Product Guide McAfee Investigator Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone,

More information

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

McAfee Endpoint Security Threat Prevention Installation Guide - Linux McAfee Endpoint Security 10.5.1 - Threat Prevention Installation Guide - Linux COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Drive Encryption Administration Course

McAfee Drive Encryption Administration Course McAfee Drive Encryption Administration Course Education Services administration course The McAfee Drive Encryption Administration course from McAfee Education Services provides attendees with hands-on

More information

McAfee Data Protection for Cloud 1.0.1

McAfee Data Protection for Cloud 1.0.1 Product Guide McAfee Data Protection for Cloud 1.0.1 For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,

More information

Intel Security/McAfee Endpoint Encryption

Intel Security/McAfee Endpoint Encryption RSA Ready Implementation Guide for RSA SecurID Last Modified: March 13, 2015 Partner Information Product Information Partner Name Intel Security formerly McAfee Web Site www.mcafee.com Product Name for

More information

Addendum. McAfee Virtual Advanced Threat Defense

Addendum. McAfee Virtual Advanced Threat Defense Addendum McAfee Virtual Advanced Threat Defense 3.10.2 COPYRIGHT 2017 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or

More information

Firewall Enterprise epolicy Orchestrator

Firewall Enterprise epolicy Orchestrator Integration Guide McAfee Firewall Enterprise epolicy Orchestrator Extension version 5.2.1 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

McAfee Endpoint Security Threat Prevention Installation Guide - macos

McAfee Endpoint Security Threat Prevention Installation Guide - macos McAfee Endpoint Security 10.5.5 - Threat Prevention Installation Guide - macos COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee MVISION Mobile MobileIron Integration Guide

McAfee MVISION Mobile MobileIron Integration Guide McAfee MVISION Mobile MobileIron Integration Guide Administrator's guide for providing Integration with MobileIron MDM September 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee

More information

McAfee Endpoint Security for Servers Product Guide

McAfee Endpoint Security for Servers Product Guide McAfee Endpoint Security for Servers 5.2.0 Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

Scripting Guide. McAfee Drive Encryption 7.2.0

Scripting Guide. McAfee Drive Encryption 7.2.0 Scripting Guide McAfee Drive Encryption 7.2.0 COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other

More information

Table of Contents. Table of Figures. 2 Wave Systems Corp. Client User Guide

Table of Contents. Table of Figures. 2 Wave Systems Corp. Client User Guide 2 Wave Systems Corp. Client User Guide Table of Contents Overview... 3 What is the Trusted Drive Manager?... 3 Key Features of Trusted Drive Manager... 3 Getting Started... 4 Required Components... 4 Configure

More information

Reference Guide. McAfee Security for Microsoft Exchange 8.6.0

Reference Guide. McAfee Security for Microsoft Exchange 8.6.0 Reference Guide McAfee Security for Microsoft Exchange 8.6.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee Enterprise Mobility Management 12.0 Software

McAfee Enterprise Mobility Management 12.0 Software Product Guide McAfee Enterprise Mobility Management 12.0 Software For use with epolicy Orchestrator 4.6.7-5.1 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide

McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide McAfee Endpoint Security for Linux Threat Prevention 10.5.0 Interface Reference Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee MVISION Mobile IBM MaaS360 Integration Guide McAfee MVISION Mobile IBM MaaS360 Integration Guide Administrator's guide for providing Integration with IBM MaaS360 MDM September 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee

More information

McAfee Application Control Windows Installation Guide. (Unmanaged)

McAfee Application Control Windows Installation Guide. (Unmanaged) McAfee Application Control 8.1.0 - Windows Installation Guide (Unmanaged) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee MVISION Mobile IBM MaaS360 Integration Guide McAfee MVISION Mobile IBM MaaS360 Integration Guide MVISION Mobile Console 4.22 February 11, 2019 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee MVISION Mobile AirWatch Integration Guide

McAfee MVISION Mobile AirWatch Integration Guide McAfee MVISION Mobile AirWatch Integration Guide Administrator's guide for providing Integration with AirWatch MDM September 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and

More information

Addendum. McAfee Virtual Advanced Threat Defense

Addendum. McAfee Virtual Advanced Threat Defense Addendum McAfee Virtual Advanced Threat Defense 3.10.0 COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or

More information

ZENworks 2017 Full Disk Encryption Pre-Boot Authentication Reference. December 2016

ZENworks 2017 Full Disk Encryption Pre-Boot Authentication Reference. December 2016 ZENworks 2017 Full Disk Encryption Pre-Boot Authentication Reference December 2016 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions,

More information

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0 Installation Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Management of Native Encryption 3.0.0

McAfee Management of Native Encryption 3.0.0 Product Guide McAfee Management of Native Encryption 3.0.0 For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,

More information

Product Guide. McAfee Web Gateway Cloud Service

Product Guide. McAfee Web Gateway Cloud Service Product Guide McAfee Web Gateway Cloud Service COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

Hardware Guide. McAfee MVM3200 Appliance

Hardware Guide. McAfee MVM3200 Appliance Hardware Guide McAfee MVM3200 Appliance COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARKS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis,

More information

McAfee epolicy Orchestrator 5.9.1

McAfee epolicy Orchestrator 5.9.1 Configuration Guide McAfee epolicy Orchestrator 5.9.1 Hosted in Microsoft Azure Cloud Services and Amazon Web Services (AWS) McAfee epolicy Orchestrator 5.9.1 Configuration Guide 1 COPYRIGHT Copyright

More information

McAfee Agent 5.6.x Product Guide

McAfee Agent 5.6.x Product Guide McAfee Agent 5.6.x Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone,

More information

McAfee Application Control and McAfee Change Control Linux Product Guide Linux

McAfee Application Control and McAfee Change Control Linux Product Guide Linux McAfee Application Control and McAfee Change Control 6.3.0 - Linux Product Guide 6.3.0 - Linux COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee MVISION Mobile Silverback Integration Guide

McAfee MVISION Mobile Silverback Integration Guide McAfee MVISION Mobile Silverback Integration Guide Administrator's guide for providing Integration with Silverback MDM September 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee

More information

Product Guide. McAfee Performance Optimizer 2.2.0

Product Guide. McAfee Performance Optimizer 2.2.0 Product Guide McAfee Performance Optimizer 2.2.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Performance Optimizer 2.1.0

McAfee Performance Optimizer 2.1.0 Product Guide McAfee Performance Optimizer 2.1.0 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager Coupa Cloud Connector Guide McAfee Cloud Identity Manager version 2.5 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager Marketo Cloud Connector Guide McAfee Cloud Identity Manager version 3.5 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

McAfee MOVE AntiVirus Installation Guide. (McAfee epolicy Orchestrator)

McAfee MOVE AntiVirus Installation Guide. (McAfee epolicy Orchestrator) McAfee MOVE AntiVirus 4.7.0 Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Security Drive Encryption 7.1.3

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Security Drive Encryption 7.1.3 RSA SECURID ACCESS Authenticator Implementation Guide Intel Security Daniel R. Pintal, RSA Partner Engineering Last Modified: December 12, 2016 Solution Summary Intel Security/McAfee

More information

Symantec Endpoint Encryption Full Disk Maintenance Pack Release Notes

Symantec Endpoint Encryption Full Disk Maintenance Pack Release Notes Symantec Endpoint Encryption Full Disk Maintenance Pack Release Notes Thank you for using this Symantec Corporation product. These Release Notes contain important information regarding this release of

More information

Product Guide. McAfee Content Security Reporter 2.4.0

Product Guide. McAfee Content Security Reporter 2.4.0 Product Guide McAfee Content Security Reporter 2.4.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0 Product Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager WebExConnect Cloud Connector Guide McAfee Cloud Identity Manager version 3.5 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager Syncplicity Cloud Connector Guide McAfee Cloud Identity Manager version 3.1 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager BoxNet Cloud Connector Guide McAfee Cloud Identity Manager version 3.1 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

Revision A. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

Revision A. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide Revision A McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

ZENworks 2017 Update 1 Full Disk Encryption Pre-Boot Authentication Reference. July 2017

ZENworks 2017 Update 1 Full Disk Encryption Pre-Boot Authentication Reference. July 2017 ZENworks 2017 Update 1 Full Disk Encryption Pre-Boot Authentication Reference July 2017 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions,

More information

Product Guide. McAfee Web Gateway Cloud Service

Product Guide. McAfee Web Gateway Cloud Service Product Guide McAfee Web Gateway Cloud Service COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee Change Control and McAfee Application Control 8.0.0

McAfee Change Control and McAfee Application Control 8.0.0 Installation Guide McAfee Change Control and McAfee Application Control 8.0.0 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are

More information

Account Management. Administrator Guide. Secure Gateway (SEG) Service Administrative Guides. Revised August 2013

Account Management. Administrator Guide. Secure  Gateway (SEG) Service Administrative Guides. Revised August 2013 Secure E-Mail Gateway (SEG) Service Administrative Guides Account Management Administrator Guide Revised August 2013 * The Directory Services Connector (DSC) feature is not included as a standard feature

More information

Client Proxy interface reference

Client Proxy interface reference Reference Guide McAfee Client Proxy 2.3.2 Client Proxy interface reference These tables provide information about the settings found in the Client Proxy UI. Policy Catalog On the McAfee Client Proxy page

More information

McAfee epolicy Orchestrator Software

McAfee epolicy Orchestrator Software User Guide McAfee epolicy Orchestrator 5.3.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

McAfee Content Security Reporter Product Guide. (McAfee epolicy Orchestrator)

McAfee Content Security Reporter Product Guide. (McAfee epolicy Orchestrator) McAfee Content Security Reporter 2.5.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

Sophos Central Device Encryption. Administrator Guide

Sophos Central Device Encryption. Administrator Guide Sophos Central Device Encryption Administrator Guide Contents About... 1 Manage BitLocker Drive Encryption... 2 Migrate to...2 Prepare Device Encryption...3 Device Encryption step by step... 3 Device Encryption

More information

McAfee Endpoint Encryption

McAfee Endpoint Encryption Secured by RSA Implementation Guide for SecurID Authenticators Last Modified: December 4, 2013 Partner Information Product Information Partner Name McAfee Web Site www.mcafee.com Product Name (EEPC) Version

More information

Symantec Endpoint Encryption Full Disk Maintenance Pack Release Notes

Symantec Endpoint Encryption Full Disk Maintenance Pack Release Notes Symantec Endpoint Encryption Full Disk Maintenance Pack Release Notes Thank you for using this Symantec Corporation product. These Release Notes contain important information regarding this release of

More information