McAfee Application Control/ McAfee Change Control Administration

Similar documents
McAfee VirusScan and McAfee epolicy Orchestrator Administration Course

McAfee Drive Encryption Administration Course

McAfee Host Intrusion Prevention Administration Course

McAfee Web Gateway Administration

McAfee Network Data Loss Prevention Administration

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee Network Security Platform Administration Course

Interface Reference. McAfee Application Control Windows Interface Reference Guide. Add Installer page. (McAfee epolicy Orchestrator)

McAfee Embedded Control

Release Notes McAfee Application Control 6.1.0

Release Notes McAfee Application Control 6.1.2

McAfee epolicy Orchestrator

McAfee Application Control Linux Product Guide. (McAfee epolicy Orchestrator)

McAfee Application Control and McAfee Change Control Linux Product Guide Linux

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

McAfee Application Control 6.2.0

McAfee Public Cloud Server Security Suite

McAfee Application Control Windows Installation Guide

McAfee Application Control Windows Product Guide. (McAfee epolicy Orchestrator)

McAfee Embedded Control for Retail

McAfee MVISION Endpoint 1811 Installation Guide

McAfee Data Protection for Cloud 1.0.1

McAfee Red and Greyscale

Building Resilience in a Digital Enterprise

McAfee MVISION Endpoint 1808 Installation Guide

Reference Guide. McAfee Application Control 7.0.0

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0

McAfee epolicy Orchestrator Release Notes

Installing Client Proxy software

McAfee Security Management Center

Comprehensive Database Security

McAfee Change Control and McAfee Application Control 8.0.0

McAfee MVISION Mobile epo Extension Product Guide

McAfee File and Removable Media Protection Installation Guide

McAfee Change Control and McAfee Application Control 6.1.4

McAfee Database Security Insights

McAfee Firewall Enterprise epolicy Orchestrator Extension

Release Notes McAfee Change Control 8.0.0

McAfee Embedded Control

McAfee Endpoint Threat Defense and Response Family

Understanding the McAfee Endpoint Security 10 Threat Prevention Module

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Administering System Center 2012 Configuration Manager

The McAfee MOVE Platform and Virtual Desktop Infrastructure

McAfee epolicy Orchestrator Release Notes

Migration Guide. McAfee File and Removable Media Protection 5.0.0

Product Guide. McAfee Performance Optimizer 2.2.0

McAfee Change Control Linux Product Guide. (McAfee epolicy Orchestrator)

Power, Patch, and Endpoint Managers Expand McAfee epo Platform Capabilities While Cutting Endpoint Costs

Client Proxy interface reference

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

McAfee Cloud Workload Security Product Guide

McAfee Endpoint Security

McAfee Network Security Platform 8.3

McAfee Network Security Platform 8.3

McAfee Client Proxy Product Guide

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Installation Guide

McAfee Embedded Control for Healthcare

McAfee Network Security Platform 9.1

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud)

Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide

Power, Patch, and Endpoint Managers Expand McAfee epolicy Orchestrator Platform Capabilities While Cutting Costs

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

McAfee Policy Auditor 6.2.2

McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide

McAfee Content Security Reporter 2.6.x Migration Guide

McAfee Advanced Threat Defense

Migration Guide. McAfee Content Security Reporter 2.4.0

Reference Guide. McAfee Application Control 8.0.0

MOVE AntiVirus page-level reference

McAfee Network Security Platform 9.1

McAfee Security for Microsoft SharePoint Hotfix

McAfee Application Control 8.0.0

McAfee Network Security Platform 9.1

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

McAfee Endpoint Security

McAfee Endpoint Security for Servers Product Guide

McAfee Endpoint Security

Client Proxy interface reference

McAfee Endpoint Security

Firewall Enterprise epolicy Orchestrator

Product Guide. McAfee Web Gateway Cloud Service

Product Guide Revision A. McAfee Client Proxy 2.3.2

Defend Against the Unknown

McAfee Data Loss Prevention Endpoint

Administering System Center 2012 Configuration Manager (10747D)

SIEM: Five Requirements that Solve the Bigger Business Issues

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0

McAfee Data Loss Prevention Endpoint 10.0

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator)

McAfee Security Connected Integrating epo and MFECC

McAfee Security Connected Integrating epo and MVM

Product overview. McAfee Web Protection Hybrid Integration Guide. Overview

McAfee Network Security Platform 8.3

McAfee Data Loss Prevention Endpoint

Transcription:

McAfee Application Control/ McAfee Change Control Administration Education Services Administration Course The McAfee University McAfee Application Application Control/McAfee Change Control Administration course enables attendees to receive in-depth training on the full benefits and deployment of McAfee Application Control/McAfee Change Control products. Enabling administrators to fully understand the capabilities of their security solution not only reduces the risks of misconfiguration but also ensures an organization gets the maximum protection from their installation. Audience System and network administrators, security personnel, auditors, and/ or consultants concerned with network and system security should take this course. Course Goals Understand the capabilities of McAfee Application Control/ McAfee Change Control solution Install and administer ACCC Manage Remote Clients Protect end points 1 McAfee Application Control/McAfee Change Control Administration

Agenda at a Glance Day 1 Connected Security and McAfee epolicy Orchestrator (McAfee epo ) Overview Introduction to the McAfee Application Control/McAfee Change Control Planning a McAfee AC/CC-McAfee epo Deployment McAfee Agent McAfee Application Control/McAfee Change Control Extension Installation MACCC McAfee Application Control/McAfee Change Control Server Tasks and Permissions Solidcore Clients Day 3 Events and Alerts Introduction to McAfee Change Control and Integrity Monitoring Change Control Configuration Dashboards and Reporting Recommended Pre-Work It is recommended that the students have a working knowledge of Microsoft Windows administration, system administration concepts, a basic understanding of computer security concepts, and a general understanding of viruses and antivirus technologies. Day 2 Introduction to McAfee Application Control Policies Policy Modifications Inventory Day 4 Troubleshooting Case Studies CLI Administration Best Practices Course Outline Module 1: Introduction to the McAfee Application Control/McAfee Change Control What is MACCC? Supported Operating Systems Solidcore Architecture Multilayered Security Solution Whitelisting Trust Model Image Deviation Differentiators Visibility and Enforcement for End- to-end Compliance File Integrity Monitoring Change Prevention Install Workflow Navigation to Solidcore Components Solidcore Configuration Updaters or Publishers Solidcore Configuration Installers 2 McAfee Application Control/McAfee Change Control Administration

Solidcore Policies Windows Path Definitions Solidcore Server Tasks Solidcore: Purge Task Migration Server Task Calculate Predominant Observations (Deprecated) Content Change Tracking Report Generation Solidcore: Run Image Deviation Image Deviation (McAfee Application Control) Specifying a Golden Image Solidcore: Scan a Software Repository Module 2: Planning a McAfee epolicy Orchestrator Deployment Platform Requirements McAfee epo Server Hardware Requirements McAfee epo Server Operating Systems McAfee epo Server Prerequisite Software Supported Web Browsers Supported SQL Server Releases Default Communication Ports Default Ports Determining Ports in Use Virtual Infrastructure Requirements Deployment Guidelines Deployment Scenario: Basic Plan Solution A: One McAfee epo Server Solution B: Two McAfee epo Servers Solution C: McAfee epo server with Agent Handlers Deployment Scenario: Disk Configuration Solution: Less than 5,000 Nodes Solution: 5,000 to 25,000 Nodes Deployment Scenario: Disk Configuration Solution: 25,000 to 75,000 Nodes Solution: More than 75,000 Nodes Database Sizing How Products and Events Affect Calculations Example: Calculating Averages Calculating Your Environment Managing Scalability Environmental Factors Module 3: Security Connected and McAfee epolicy Orchestrator Overview Security Evolution Security Connected Breadth and Depth for Security McAfee epo Solution Overview New for this Release Basic Solution Components How McAfee epo Works Essential Features Integration with Third-Party Products McAfee epo Web Interface 3 McAfee Application Control/McAfee Change Control Administration

Menu Page Customizing the User Interface Architecture and Communication Functional Process Logic Data Storage Module 4: McAfee Agent McAfee Agent Overview New for This Release Agent Components Agent-Server Secure Communication Keys Communication after Agent Installation Typical Agent-to-Server Communication Agent-to-Product Communication Forcing Agent Activity from Server Wake-Up Calls and Wake-Up Tasks Configuring Agent Wake-up Locating Agent Node Using DNS Using System Tray Icon Forcing Agent Activity from Client Viewing Agent Log McAfee epo 4.x/Agent 4.x Feature Dependencies Agent Files and Directories Sitelist.xml Agent Log Files Using Log Files Installation Folders Module 5: McAfee Application Control/McAfee Change Control Extension Installation Extensions in McAfee epo Extensions Menu Integration of AC/CC Extension Installation Requirements System Requirements McAfee epo Database Sizing Installation of Extension Solidcore Licensing What is Solidcore? Install Workflow Review Installing Licenses Solidcore Database Tables Module 6: Solidcore Client Solidcore Architecture The Agent Plug-in and How It Works Types of Platforms Protected Supported Systems Check in Agent Plug-In Package into McAfee epo Deploying the Solidcore Agent Plug-In Verifying Installation from the Endpoint Solidcore Client Tasks Enable Solidcore Agent Task Disable Solidcore Agent Task Initial Scan to Create Whitelist 4 McAfee Application Control/McAfee Change Control Administration

Pull Inventory Begin Update Mode End Update Mode Change Local CLI Access Collect Debug Info Run Commands Get Diagnostics for Programs Features for the Client Client Notifications and Events Client Events and Approvals Customizing Client Notifications Module 7: McAfee Application Control Initial Configuration What are Observations? Observe Mode Manage Requests Review Requests Process Requests Allow by Checksum on All Endpoints Allow by publisher on All Endpoints Ban by Checksum on All Endpoints Define Custom Rules for Specific Endpoints Allow by Adding to Whitelist for Specific Endpoints Define Bypass Rules for All Endpoints Delete Requests Review Created Rules Throttle Observations Define the Threshold Value Review Filter Rules Manage Accumulated Requests Exit Observe Mode Inventory Introduction Fetch Inventory GTI Integration Trust Level and Score Cloud Trust Score Inventory Without Access to McAfee GTII Fetch McAfee GTI Ratings for Isolated Networks Export SHA1s of All Binaries Run the Offline McAfee GTI Tool Fetch Inventory Bad File Found Event Manage the Inventory Manage Binaries McAfee Application Control Policies Role of the Policy McAfee Application Control Configuration Managing Rule Groups Creating a McAfee Application Control Rule Group Updater Tab Trusted Users Exceptions Using a Rule Group to Block an Application 5 McAfee Application Control/McAfee Change Control Administration

Module 8: Application Control Feature Administration What is Update Mode? How to Update a Solidified System Auto-updaters Authorized Updaters Determining Updaters Understanding Publishers Understanding Installers Scan a Software Repository Revisit Solidcore Permission Sets Reboot Free Activation Inventory Management Enhancements Inventory Management Pull Inventory Inventory by Application Inventory by Systems Inventory Application Drill-Down Inventory Binary Drill-Down Search Filters Modifying Enterprise Trust Level Module 9: Event and Alerts Understanding Events What Creates an Event When Are Events Sent Back? Viewing Events Advanced Filters Selecting Columns to Display Viewing the Details of an Event Solidcore Events Example of Solidcore Events McAfee Application Control Events Planning Automatic Responses Throttling, Aggregation, and Grouping Alerts Understanding Alerts Scenarios Configuring a Solidcore Alert Viewing an Alert Support of SNMP Alerts Customizing End-User Notifications Syslog Enhancements Module 10: McAfee Change Control Initial Configuration McAfee Application Control and McAfee Change Control McAfee Change Control and Integrity Monitoring Scenario File Integrity Monitoring Workflow Disable Solidcore Enable Solidcore on the Endpoint Verifying Client Task Completion 6 McAfee Application Control/McAfee Change Control Administration

Integrity Monitoring Policies Using Integrity Monitor Creating an Integrity Monitor Policy Integrity Monitoring Policies Testing your Monitoring Reducing Noise Example of Reducing Noise Module 11: Using the Policy Catalog and Managing Policies McAfee Change Control Policies Role of the Policy Variables for Use in Policies Example of Variables in a Rule Group Scenario Write Protect a File, Trusted Program Can Alter Write Protect a Registry Key, Program can Alter Write Protect a File, Trusted User Can Alter Verifying only Trusted User Can Alter Read Protection Must Be Enabled Read Protect a File, Trusted Program can Access Emergency Changes Content Change Tracking One-Click Exclusion (Advanced Exclusion Filtering) One-Click Exclusion Configuration Troubleshooting Module 12: Dashboards and Reporting The Dashboard McAfee epo Dashboards Queries as Dashboard Monitors Dashboard Access Dashboard Configuration Solidcore Dashboards McAfee Application Control Dashboard McAfee Change Control Dashboard Integrity Monitor Dashboard Inventory Dashboard Solidcore Queries Reporting > Solidcore McAfee Application Control > Inventory McAfee Application Control > Image Deviation Automation > Solidcore Client Task Log Scenario Creating a Customized Dashboard Making a Dashboard Public Set the Default Dashboard Module 13: Troubleshooting Solidcore Architecture and Components Solidcore 6.1.3 Architecture Troubleshooting References Location of Solidcore Files on Endpoint 7 McAfee Application Control/McAfee Change Control Administration

McAfee epolicy Orchestrator Application Server Service Logs Solidcore Registry Keys on Endpoint Solidcore Services Troubleshooting Best Practice Escalation Best Practices Troubleshooting McAfee GTI Cloud Issues Best Practice Top Issues Task Failure Top Issues Denied Execution Issues Top Issues Denied Execution of a Network Share Top Issues Network Share Top Issues KB Useful Tools Solidcore Event Logs Solidcore User Notifications Solidcore Troubleshooting Tools Escalation Tools Solidcore Database Tables Minimum Escalation Requirements (MER) Running MER Tool on Client Dump Tools Module 14: Case Studies A Case from History Unpatched, Known Vulnerabilities in the Client Browser-Based Exploits The Remedy Application Whitelisting Increasing Compliance Requirements Remedy File Monitoring Complete the Task Module 15: CLI Administration Solidcore CLI Location of Solidcore Files on Endpoint Viewing the CLI Access Enabling the CLI Unlocking the CLI Locally Securing the CLI Using the CLI SADMIN Commands Solidifying from the CLI Unsolidifying What is Solidcore s Status? Beginning the Update Status Ending the Update Status Enabling and Disabling Solidifier SADMIN Commands Advanced SADMIN Commands Solidcore Commands New CLI Commands McAfee Application Control Rules and Helpful Commands 8 McAfee Application Control/McAfee Change Control Administration

Read/Write Protect Files Change Control Commands Write Protection How to Write Protect a File Modifying a Read/Write Protected Files Change Control Features Write Protection Application Control Authorize Command Arguments Discovering and Adding Updaters SADMIN Diag Notations Discovering and Adding Updaters Using Attributes to Control File Execution Attributes Using Attributes to Control File Execution Viewing Solidcore Events Event Sinks Logging Events Event Names and Log Entries Product Tools Module 16: Best Practices Review of Initial Setup Tasks Systems Tree Infrastructure Communication between McAfee epo and Agent Activation Options: McAfee Application Control Only Inventory Collection Scan Protection State Selection Protection State Delivery Testing Protection Mechanisms Policies and Rule Groups Policy Tuning Bypass Rules and Exclusions Inventory and Whitelist Updaters McAfee Application Control Memory Protection Maintenance Basic Troubleshooting and FAQs Solving Memory Discrepancies Helpful Resources Learn More To order, or for further information, please call 1 888 847 8766 or email SecurityEducation@mcafee.com. 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com McAfee and the McAfee logo, epolicy Orchestrator, and McAfee epo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. Copyright 2017 McAfee, LLC.3544_0917 SEPTEMBER 2017 9 McAfee Application Control/McAfee Change Control Administration

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback