ICC Home  /  Members  /  Meetings  /  Peer Support  /  Documentation  /  Projects


ePO:


Return to IT/SA Services Documentation Home

Lead: Wayne Hyde

Introduction:

The ePO agent is no longer installed via login script. You may manually install the program, by running the latest agent from \\ad.ufl.edu\ifas\SECURITY-TOOLS\ePO-Agents\.

CMA v4.5

With the 4.5 agent the system tray shows a new "capital M" icon which provides access to both the VirusScan Console and the McAfee Agent gui:

Right-clicking this icon and selecting "McAfee Agen Status Monitor..." opens a screen like the following:

The "Agent Settings" button on that displays the following:

There is also a new "About..." feature that provides a good deal of information about the current agent and VSE status:

The ePO Console: v4.5 is now in use

ePO 4.5 was just installed in August 2009 and appears to have some advantages regarding improved integration with AD. The console is web-based and available at https://if-srvv-epo4.ad.ufl.edu:8443/. Aliases have been set for https://epo.ifas.ufl.edu:8443/ and https://epo4.ifas.ufl.edu:8443/ so they should work as well.

Logging in / Requesting an account

The new console can be configured so OU Admins can monitor the status of the machines within their OU. To do that, Wayne Hyde must create management console accounts tied to ADMN accounts for authentication. Consequently, the first step to using this is to contact Wayne. Once things have been configured you may access the console by logging on with your "IF-ADMN" credentials, and with ePO 4.5 you MUST preface your username with "ufad\".

Monitoring machines in your OU

Wayne will configure a number of dashboards which should suffice for most monitoring purposes. Each OU Admin may configure their own dashboards as well, though this may not be much needed.

Dashboard drill-downs

There are a number of "drill-down" opportunities within the various dashboards which may not be immediately obvious. For example, in the "Your Systems" dashboard:

Machine details by OS

If you click on one of the operating systems or AV versions on the bottom two panels, it will bring up some additional useful information. Clicking on one of the "OS Type" entries for the "Public - ePO: Count of Operating Systems" panel, provides a list of those machines including: System Name, Operating System, User Name, Total Physical RAM, CPU Speed, IP Address, and Last Update time.

Query machines by VirusScan version

Clicking on one of the "VirusScan product version" entries for the for the "Public - ePO: AV Deployment count" query will provide a list of machines with that version including: System Name, Operating System, Product Version (Agent), Product Version (AV), Hotfix Version (AV), Tags, and Service Pack (AV). This feature allows one to easily access a list of all machines, for example, for which VirusScan requires updating. They may then be tagged as a group (details below) in order to automate that process.

Missing machines

If a machine doesn't appear where you expect within your ePO System Tree view, that is likely because the computer account was just recently created. New computers won't show up within the console view until after the next 4AM AD sync.

Managing machines in your OU

Currently, there are a limited number of management tasks which an OU Admin can perform for the machines in their care. Using the console an OU Admin can locate machines and deploy either the latest CMA agent or VirusScan 8.7i Patch 1 by "tagging" those with "PushCMA" or "PushAV" tags respectively.

How tagging triggers installation

Tagged systems now remain in their groups rather than being moved to a separate groups. That makes tracking progress much easier than was the case with ePO 4.0.

Preparing an agent install for imaging (e.g., via Ghost, etc.):

Agents automatically create a unique GUID to identify a machine. Because you don't want multiple machines using the same GUID, you need to prepare a machine specially before imaging if you want the image to include the agent.

Preparation involves using REGEDIT to delete the AGENTGUID key (not just that data) from HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent just prior to shutting down for imaging. This key is recreated at boot, so you must make sure this is done as the final step before imaging.

ePO Common Management Agent (CMA):

As mentioned in the introduction above, the agents must be installed by the OU Admin as that is no longer being done with login script. You can tag machines with "PushCMA" order to install or you can install manually.

McAfee naming convention for threat detections:

It can be useful to understand the naming convention which McAfee applies to threats it detects. Those are detailed in the Release Notes for McAfee DAT Files.

Off-line scanning:

Wayne updates a "cleaner.iso" from time-to-time, which you may use to burn a WinPE boot disc that will scan computer off-line. If you want something more up-to-date, you can make your own via these instructions. You will want to grab the latest superdat.

Support:


last edited 25 May 2010 by Steve Lasley