McAfee Shores Up Your Defenses

I tested a beta copy of ePo 3.0 on a Windows 2000 server in our Syracuse University Real-World Labs®. Syracuse has been using ePo 2.5 for the past year to manage desktop virus protection, and Network Computing editors here have offered improvement ideas to McAfee. The ePo software consists of the ePo server, which contains the database of managed clients; a console application used to manage the server from administrators' workstations; and an ePo agent installed on the managed machines. The software uses a Microsoft database back end that lets you choose between Microsoft SQL Desktop Engine (MSDE), included as part of the install, and Microsoft SQL Server.

I chose SQL Server 2000 because of the limitations with MSDE that would have confined me to managing a mere 5,000 clients.

I set up the server OS and SQL Server with patches and installed ePo easily. The software self-installs its required packages and creates the appropriate database structure, automatically detecting your installed database and adjusting itself appropriately.

To manage the software remotely, ePo contains a console-only client application that communicates to the server via ODBC and ePo client-server protocols. I installed console software on a remote desktop after creating the required ODBC connections to the server database.

I configured the software to deploy and manage products, manage machines, enforce the policies and report on compliance policies. Although deploying and managing software is much easier in an NT Domain environment, because of the trust relationships that are part of that structure, it is possible to use ePo without a domain. I installed the software I wanted to manage into the ePo server database and created the appropriate policies within console.Enforcing Security

For security, McAfee offers ePo Fusion Services, which customizes third-party toolkits so ePo can manage almost any desktop-security product. I chose, however, to manage and deploy McAfee VirusScan Enterprise 7.0--one of the products ePo can manage out of the box.

Before deploying antivirus protection to managed machines, you must install the software into the master software repository. Once the managed software is imported into ePo, you can customize the default security policy's level of enforcement. I created a policy that forces managed clients to run VirusScan, update the virus definitions at start-up once per day and perform weekly virus scans of local hard drives during off-hours.

Next I deployed VirusScan to machines. First I had to install an ePo agent on each managed computer--this can be done from the server using appropriate credentials within the domain or manually using the silent install executable.

I created a group containing the server and a desktop computer, and created a task to deploy and manage VirusScan on this group. It was installed within minutes.The ePo agent runs in the background, checking with the server on a regular basis to ensure that the policies you've set are enforced. To test this I modified the settings of VirusScan on a managed desktop, removing the setting that updates the virus definitions at start-up. The machine's agent checked in server as designated and reset the setting.

Emergency protection, such as when a new virus threat is detected on the Internet, is provided via optional Super Agent technology. During such an event, the Orchestrator notifies the Super Agents of new policies or software updates. This causes ePo on the Super Agents to enforce updates to all clients on their network. Orchestrator also will update managed clients without the Super Agents, but at significantly slower speeds using the server itself.

Writing Reports

The ePo's console reports compliance data, coverage information and virus trend analysis of all managed machines. The Orchestrator software can report on versions of agents, software and virus definitions; the top 10 viruses detected and actions taken to protect against them; and machines that are not conforming to security policy. With more than 30 preconfigured reports, that's a lot of information about your managed environment.

Christopher T. Beers is a Unix Systems Engineer at Syracuse University. Write to him at [email protected].Post a comment or question on this story.