field guide to setting up poc’s - community.mcafee.com · page 2 purpose this guide is intended...

FIELD GUIDE TO SETTING UP POC’S MICHAEL LAWSON

MCAFEE | 2821 Mission College Blvd Santa Clara, CA 95054

Contents Purpose ............................................................................................................................................................................ 2

Planning ............................................................................................................................................................................ 2

Deployment Options ........................................................................................................................................................ 2

Requirements ................................................................................................................................................................... 3

Checklist for Current Solution(s) ...................................................................................................................................... 3

Checklist for ATD Setup .................................................................................................................................................... 3

Setup and Installation of ATD .......................................................................................................................................... 3

Quick Start ........................................................................................................................................................................ 4

IP Configuration. .............................................................................................................................................................. 4

Access the McAfee Advanced Threat Defense Web Application ..................................................................................... 6

Update ATD to Current Version ....................................................................................................................................... 7

Analyzer Virtual Machines ............................................................................................................................................. 11

Use of Pre-Built Images .............................................................................................................................................. 11

Custom Image Guidelines .......................................................................................................................................... 12

Virtual Machine Validation Process. .......................................................................................................................... 12

Post Image Creation check list ................................................................................................................................... 13

Upload Image to ATD ................................................................................................................................................. 14

Convert the Image ...................................................................................................................................................... 14

VM Profile Creation ........................................................................................................................................................ 17

Analyzer Profile Creation ............................................................................................................................................... 22

Configure McAfee Network Security Manger Integration ............................................................................................. 23

Configure McAfee Web Gateway Integration ................................................................................................................ 26

Creat Analyzer Profiles for Network Solutions to use ................................................................................................ 27

Configure McAfee Integration with McAfee® ePolicy Orchestrator® ............................................................................ 29

Final Validation ............................................................................................................................................................... 29

Appendix ........................................................................................................................................................................ 31

Network Ports Outgoing ............................................................................................................................................ 31

Network Ports Incoming ............................................................................................................................................ 32

Windows XP SP3 Pre-Built Image import and preparation guide .............................................................................. 32

Windows Server 2008 Pre-Built Image import and preparation guide ..................................................................... 47

Windows 7 Pre-Built Image import and preparation guide ....................................................................................... 66

Purpose This guide is intended assist Sales Engineers with the setup, configuration, and deployment of MATD. Prior to starting a MATD

evaluation it is import to determine the scope, length and the customer’s expectations.

Planning The setup and configuration of ATD does require some time to complete all the tasks. It is recommended that at least 4 hours is

allocated for the completion of all the tasks in this guide. One of the largest consumers of time in this guide is the building of

virtual machines for use as sandboxes or virtual analyzers in ATD. It is recommended that the building of the VMs is done as pre-

work prior to arriving on site. It is also recommened that the integrated solutions be deployed, configured, and validated prior

to installing ATD.

Deployment Options There are three main deployment scenarios Standalone, Integration with Network Security Platform, and Integration with Web

Gateway. Additionally integration with EPO can be added for a more comprehensive solution.

Standalone deployment

This is the simplest way of deploying McAfee Advanced Threat Defense. In this case, it is not integrated with other

externally installed McAfee products. You manually submit the suspicious files using the McAfee Advanced Threat

Defense web application. You can deploy McAfee Advanced Threat Defense as a standalone box with just the minimum

required network connectivity. Therefore, this deployment is typically used to analyze suspicious files in an isolated

network segment. This deployment is also used during the testing and evaluation phase and to fine tune the

configuration.

Integration with Network Security Platform

This involves integrating McAfee Advanced Threat Defense with Network Security Platform Sensor and Manager. Based

on how you have configured this feature, an inline Sensor detects a file download and sends a copy of the file to

McAfee Advanced Threat Defense for analysis. If McAfee Advanced Threat Defense detects a malware in real-time, the

Sensor blocks the download. If McAfee Advanced Threat Defense requires more time for analysis, the Sensor allows the

file to be downloaded. If McAfee Advanced Threat Defense detects a malware after it has been downloaded, it informs

Network Security Platform and you can use the Sensor to quarantine and remediate the host immediately. Whenever

McAfee Advanced Threat Defense identifies a malware, it updates Network Security Platform, so that the next time the

same file is downloaded, the Sensor blocks it. Additionally NSP can be configured for span port operation. In this mode

no files are blocked just sent to ATD for alalysis.

Integration with McAfee® Web Gateway

When a user downloads a file, McAfee® Web Gateway sends a copy of the file to McAfee Advanced Threat Defense for

analysis. The download is allowed or denied based on the findings by McAfee Advanced Threat Defense. Web Gateway

can be configured for span port operation during evaulations. In this configuration no files would be block they would

just be sent to ATD for analysis.

o In-line(blocking) wait for results from ATD

o Transparent submit to ATD do not wait for results from ATD (never block based on ATD results)

Integration with McAfee® ePolicy Orchestrator®

McAfee Advanced Threat Defense retrieves the information regarding the target host of file download. Knowing the

operating system on the target host enables it to create the exact sandbox environment to dynamically analyze the file.

Dynamic analysis requires the suspicious file to be executed for a specific time period. During this time, the malware is

likely to have reach the intended target. McAfee Advanced Threat Defense uses this integration to cleanup the affected

host.

This integration also enables you identify the other hosts infected by the same malware and take remedial steps.

Requirements What is required for a MATD evaluation? The customer must current have or is evaluating one of the two solutions below prior

to evaluating MATD. Essentially MATD needs one of the gateway solutions to feed samples to it.

Required at least one.

o McAfee Web Gateway (MWG) Version

o McAfee Network Security Platform (IPS) Version 7.5

o MATD 3000 or 6000 appliance

Optional

o EPO

o Real-time EPO (Real-time Command)

Checklist for Current Solution(s) Current Solution Version Required Customer Version Verified By Advance Threat Defense 3.0.4.55.37306 McAfee Web Gateway 7.4 Network Security Manager 8.0.5.9 IPS Sensor 8.0.3.13 EPO 5.0

Checklist for ATD Setup Requirement Yes No Verified By 1U (3000) or 2U (6000) Management Network Connection Network Sensor Network Connection Power Dual 750w PS Putty or SSH Client FTP Client KVM in datacenter is optional Analyzer VM or VM(s)

Setup and Installation of ATD Most of the ATD configuration can be completed prior to arriving on site. If these items are done prior to arriving on site this can

help ensure a successful evaluation.

Verify Appliance is functional Import and creation of Analyzer Profiles.

Set IP Address Adjust default admin account

Set Gateway Create user accounts

Set DNS Proxy Create VM Profile

Set UI_timeout Create Analyzer Profiles

Quick Start Please use the Quick Start Guide included in the box for the Rack and Power Guidelines. Please not the network

interface cable should be plugged into port

IP Configuration. Once the appliance has been racked and powered on it is recommended to use KVM (Keyboard and Monitor to set

the name and IP configuration. However, a serial cable option is available.

Step Instructions Image or amplifying instructions

1. Login to ATD

Using a KVM or Serial Cable. At the logon prompt, log on to the McAfee Advanced Threat Defense Appliance using the default

o Username: atdadmin o Password: atdadmin

2. Serial Cable Settings Name Setting

Baud Rate 115200

Number of Bits 8

Parity None

Stop Bits 1

Control Flow None

3. Set Sensor Name

At the prompt, type set appliance name<Name> to set the name of the McAfee Advanced Threat Defense Appliance. You need to type the values between <> characters, excluding the <> characters. Example: set appliance name appliance_1 The McAfee Advanced Threat Defense Appliance name can be an alphanumeric character string up to 25 characters. The string must begin with a letter and can include hyphens, underscores, periods but not spaces.

4. Set IP and Subnet Mask

Type set appliance ip A.B.C.D E.F.G.H to set the management port IP address and subnet

mask of the McAfee Advanced Threat Defense Appliance. Specify a 32‑bit address

written as four eight‑bit numbers separated by periods as in <A.B.C.D>, where A,

B, C, or D is an eight‑bit number between 0‑255. <E.F.G.H> represents the subnet mask. Example: set appliance ip 192.34.2.8 255.255.255.0 Setting the IP address for the first time during the initial configuration of the McAfee Note: Advanced Threat Defense Appliance does not require a McAfee Advanced Threat Defense Appliance reboot. Subsequent changes to the IP address however, require reboot for the change to take effect.

5. Set the default Gateway Note: This has to be done for ATD to have internet access.

Set the address of the default gateway. set appliance gateway <A.B.C.D> Use the same convention as for the set sensor ip command. Example: set appliance gateway 192.34.2.1

6. Port Speed and Duplex

Set the Port Speed and Duplex. Set the port speed and duplex settings for the management port using one of the following commands:

o set mgmport auto: Sets the management port in auto mode for speed and duplex.

o set mgmtport speed (10|100) duplex (full|half): Sets the speed to 10 or 100 Mbps at full or half duplex.

7. Verify Configuration and Connectivity

To verify the configuration, type show. This displays the current configuration details. To check the network connectivity, ping other network hosts. At the prompt, type: ping <IP address> The success message host <ip address> is alive appears. If the host is not reachable, failed to talk to <ip address> appears.

8. Check Software Version Type Show at command prompt. Verify Software, Active, and back up are the same. If not type copyto backup. This will back up the the Active version to the backup version.

9. Change UI Time-out The deault UI time out is set very low. It is recommend that this is increased during setup to allow extra time for configuration.

SET_UI_TIMEOUT 3600

10. Change Password

You can change the McAfee Advanced Threat Defense Appliance password by using the passwd command. A password must be between 8 and 25 characters, is

case‑sensitive, and can consist of any alphanumeric character or symbol. McAfee strongly recommends that you choose a password with a combination of characters that is easy for you to remember but difficult for someone else to guess

Access the McAfee Advanced Threat Defense Web Application Step Instructions Image or amplifying instructions.

1. From a client machine, open a session using one of the supported browsers. Use the following to access the McAfee Advanced Threat Defense web application:

URL: http://<McAfee Advanced Threat Defense Appliance host name or IP address>

2. Log in using the values below. •Default user name: admin •Password: admin •Domain: Local

3.

In the Dashboard check the System Health and System Information monitors to verify the installation and performance.

4. Under Mange|DNS Setting Enter your Domain: Preferfed DNS Server: Alternate DNS Server:

Note: This will give the VM’s internet access during the profile creation process to allow for activating Windows.

5. Under Manage|Date and Time Setting A. Enable Network Time

Protocol B. Enter NTP Server

Name and Submit C. Check Date and Time

Settings

D. Select Time-zone Setting and Submit

Update ATD to Current Version McAfee is always working to make product improvements ensure you are using the most up-to-date version of the

software.

Step Instructions Image or amplifying instructions.

1. Download the software from

https://secure.mcafee.com/apps/downloads/my-products/login.aspx

https://secure.mcafee.com/apps/downloads/my-products/login.aspx

2. Enter Your Grant Number:

3. Select the correct ATD appliance

4. Select MATA-3000

5. Click ‘I Agree’

6. Click to Download the most current release. (MATDFILENAME.MSU)

7. Log into ATD using Default credinentials U: admin P: admin

8. Navigate to Manage |Software Management

9. Navigate to the location you downloaded the update to. Select the file and click Open.

10. Select Import.

Note: The file path displayed is incorrect and will be fixed in a future release. Warning: Do not select Reset Database. This will remove all customer data and reset the appliance close to manufacture defaults.

11. The progress bar is displayed.

12. Once the update has been applied click OK and wait 2 minutes for the web Sever to be restarted.

13. Once the web server is

restarted. Log in and the Version: should now be updated.

14. Amplifing instructions or

release specific guidance is available in the release notes and product guide.

Analyzer Virtual Machines For dynamic analysis, McAfee Advanced Threat Defense executes a suspicious file(s) in a secure virtual machine (VM) and monitors its behavior for malicious activities. This Virtual Machine is referred to as an Analyzer VM. The next steps cover the process for either creating an Analyzer VM or using a pre-built Analyzer VM.

Use of Pre-Built Images McAfee has provided pre-built images. The instructions for using these images are located at the end of this guide.

The images can be downloaded from

https://sft.mcafee.com/jonpaterson

https://sft.mcafee.com/jonpaterson

Custom Image Guidelines Guidelines for building a custom image are available from McAfee.

Format: VMware VMDK is the only supported format.

2. Supported Operating Systems

Android 2.3

Microsoft Windows XP Service Pack 2

Microsoft Windows XP Service Pack 3

Microsoft Windows Server 2003 Service Pack 1

Microsoft Windows Server 2003 Service Pack 2

Microsoft Windows Server 2008 64‐bit Service Pack 1

Microsoft Windows 7 32‐bit Service Pack 1

Microsoft Windows 7 64‐bit Service Pack 1

3. Memory: 1024 (need further guidance)

4. CPU: 1 (need further guidance)

5. Hard Drive

Must be IDE

Maximum disk size(s)

Windows 7 64‐bit, the maximum disk size is14 GB.

Windows 7 32‐bit, the maximum disk size is 12 GB.

Windows XP, the maximum disk size is 5 GB.

6. Applications

a) Microsoft Office 2003, 2007, 2012.

a. If installing and older version of Microsoft Office is is recommended that the compatibility pack

is installed in order to analyze the newer formats of Word, Excel, and PowerPoint. (Go to

http://www.microsoft.com/en‐us/download/details.aspx?id=3 and download the required)

b) PDF viewer. Adobe Reader is the most tested but, any PDF viewer is acceptable.

c) Java

7. Security Tools: Any security software or low-level utility tool on an analyzer VM, might interfere with the dynamic analysis of the sample file. The sample-file execution might itself be terminated during dynamic analysis. As a result, the reports might not capture the full behavior of the sample file.

Virtual Machine Validation Process. It is strongly recommended that the VM’s are validated prior to uploading to ATD. This will ensure a successful VM creation.

1. Validate the VM. Field

engineering has provided a

small VM for validating

Analzer VM. Start this VM

and Click the terminal icon.

2. In the Terminal window

type the following

‘./validate-vm.bin’

Enter the IP of the VM to be

analyzed.

Look for 6. Host verification

PASS

Note: If the verification fails

troubleshoot the failed

component.

Post Image Creation check list Line System Configuration Yes No

1. Automatic Log-In Enabled

2. Administrator Accout Password

cr@cker42

3. FTP Home Directory Set to C:\

4. FTP Permission Read, Write, List

5. Sigcheck C:\Windows\System32\Sigcheck.exe

6. MergeIDE Run MergeIDE.bat

7. Telnet Service Set to automatic and started

Upload Image to ATD The image files are 5GB to 14GB and will take several minutes to upload. It is recommended the ssing an FTP client

with the SFTP protocol will increase the chance for a successful file transfer. The VM images can only be uploaded

using the ATDADMIN/atdadmin (default) account.


1. Using an FTP client i.e. Filezilla upload the name.vmdk to the ATD appliance. Ensure ONLY ACCOUNT ATDADMIN is used for SFTP uploads. Also only SFTP is supported.

Convert the Image The Advance Threat Defense appliance uses a ZEN based hypervisor so the images need to be converted from

VMware (VMDK) to ZEN (img). The conversion process for Windows XP and Windows 2003 Server is approxomily 10

minutes. The conversation process time for all Windows 7 and Windows Server 2008 is 15 minutes.


1. Log On to ATD UI HTTP://ATDAPPLIANCE. Enter Username\Password

2. The home page is

displayed. Select ‘Manage’

3. The ‘Manage’ page is

displayed. Select ‘Image Management’

4. Under ‘VMDK’ Select

the Image that you just uploaded and Under ‘Operating System’ Select the matching Operating System. Note: if the wrong operating system is selected ATD will attempt to convert the image using incorrect

steps and the conversion will fail.

5. Verify your selection and click ‘Convert’

6. The below status message is displayed. At this point the image is being converted from VMWare to a Zen.IMG.

7. This progress bar will

process will continue for about 3-4 minutes. Note: This Process is not complete. As previously noted please allow 10 to 15 minutes (depending on os type) for the converstion to complete.

8. Once the image conversion has completed the Image Conversion Logs can be viewed by selected the name and click View

9. Pop up window is

displayed. Click the X to close

VM Profile Creation This process can take up to 60 minutes to complete as it requires creating and updating of the Analyzer VM

Snapshots.


1. Navigate to Policy\VM Profile Click New

2. Select the image,

enter a name, enter Maximum Licenses and then click Validate.

3. Click on the Check

Status.

Select your Image

Name Click Validate

Click Validate

4. The Image Validate Log completes. Note the Host verification PASS. Click the X to close.

5. Click Activate

4. A java applet will

launch a VNC Viewer (Port 6000-6050). This process will start the virtual machine you have created and finalize the hardware installation process. Note: Ensure you have pop up blockers disabled in your browser for this site.

Host Validation Pass

Host Validation Pass

5. Click Continue to the Security Warning.

6. Check “I accept and I

want to run this app.” Click Run on the Security Warning.

7. Windows boots up.

8. Update with correct

Hardware wizard instructions Note: At this time the VM has internet access and if the VM is Windows 7/Server 2008 it will require reactivation and it is recommended that the activation is complete or the analyzer results can be impacted after the key has expired.

9. The VNC viewer will close and

10. Click Save. This will start the snapshot creation process. You have completed VM Profile creation process.

Analyzer Profile Creation Step Instructions Image or amplifying instructions.

1. Navigate to Policy\Analyzer Profile. Select New

2. Enter the following.

1. Name 2. Description 3. VM Profile 4. Automatically

Select OS 5. Runtime

Parameters 6. Artifacts and

Logging 7. Analyze Options 8. Save Note: This process is complete it is recommended that you manually upload sample code test ATD Warning: If you Enable Malware Internet Access. The Analyzer VM will have access to the internet and will download live malware. This could cause some unintended consequences.

Configure McAfee Network Security Manger Integration Step Instructions Image or amplifying instructions.

1. Create User in ATD for NSM

2. Validate NSM

version 8.0.5.9

(As of 1/16/2014)

Note: Check with support to ensure version is correct)

3. To enable ATD

integration and configure credentials, go to the NSM Manage/ Integration and select Advanced Threat Defense. This presents the pane where ATD can be enabled and configured.

Login ID and password used here, needed when configuring ATD

integration on the NSM.

Default profiles used to analyze any file received from an NSP sensor.

Role and Access needed: Admin User, FTP Access, Restful Access

Enable

4. Enter Credentials and Test credentials.

5. Configure Sensor

Check Inherit Settings

6. Define a Advance Threat Defense Policy. Select and Save

Enter ATD

Credentials

Test Connection

Advanced Threat Defense

Set to Low for PoCs

7. Deploiy policy to ports

8. Update Sensor with

latest policy changes. Version: 8.0.3.13 (As of 1/16/2014) Note: Check with support to ensure version is correct.

9. Once changes have been deploy Complete will be displayed.

10. If NSP has been correctly configured it will show connectivity is made with ATD.

11. Span port. If using

IPS as a file aggregagtor in span

port. The internal network ranges need to be defined.

Configure McAfee Web Gateway Integration Step Instructions Image or amplifying instructions.

1. A MWG is created by deault. It is suggested that you update the password.

2. On MWG go to

Policy\Add Rule Set from Library and enter “Advance Threat Defense”

3. Update the User Account Settings ensure that https is used for the URL

Creat Analyzer Profiles for Network Solutions to use Step Instructions Image or amplifying instructions.

1. Log into ATD and go to Policy\Analyzer Profile. Select New

2. Enter the following 1. Name 2. Select a VM

Profile 3. Check all

Reports, Log, and Artifacts

4. Check all Analyzer Options except Run All Selected.

Click Save.

3. Got to Manage\User

Management, and under “Default Analzer Profile” select the profile you just created.

Configure McAfee Integration with McAfee® ePolicy Orchestrator® Step Instructions Image or amplifying instructions.

1. In ATD go to Manage\EPO Login. Enter the Following: 1. Login ID 2. Password 3. IP Address 4. Port Number

2. ePO is not Configured and enpoint data will now sync to ATD.

Final Validation Step Instructions Image or amplifying instructions.

1. In ATD browes to Analysis. Drag or Browes to submit a file Select an Analyzer Profile Click Submit

2. After a moment this dialog will display. Click okay.

3. Go to Analysis Status. Observe the status is “Analyzing” Samples typically take about 1 minute to be analyzed.

4. The status will update

to Completed.

5. Go to Analysis Results

and you should see the same you submitted.

6. Click on the file icon

next to the name and the list of reports is shown. Select Anaysis Summary.

7. The Summar report will be displayed.

8. Advance Threat

Defense configuration is now complete.

Appendix

Network Ports Outgoing

Network Ports Incoming

Tiger VNC 6000

NSM 8505

User Interface (Browser) 443

McAfee Web Gateway 443

Network Security Manager 8050

Windows XP SP3 Pre-Built Image import and preparation guide

For dynamic analysis, McAfee Advanced Threat Defense executes a suspicious file in a secure virtual machine (VM) and monitors its behavior for malicious activities. This VM is referred to as an analyzer

VM. This document provides the steps for importing the pre-built analyzer VM into VMware Workstation and preparing it for use in a PoC\evaluation. Pre-Analyzer VM creation checklist.

VMWare Workstation 9 or 10 Yes No

License Key for Operating System

Office Installation Media

Note: VMware Fusion and other software hypervisors have not been tested. It is strongly recommended that only

VMWare Workstation is used.

1. This document covers the following zip files and MD5 hashs. If your file hash doesn’t match then your results will vary. Note If you don’t have a Windows MD5 hash tool. Here are two recommened tools. WinMD5 http://www.winmd5.com/)

Microsoft http://www.microsoft.com/en-us/download/details.aspx?id=11533

Name: WIN_XP_SP3_ADB9_JV75_FF_SYS.zip MD5 Hash: e1a91f89dc2900d696952b2c02c595dc Password: cr@cker42

2. File Open.

3. Open the VMware

Configuration File

http://www.winmd5.com/

http://www.microsoft.com/en-us/download/details.aspx?id=11533


4. Once the import is done select “Power on this virtual machine”

5. Select “I copied it”

6. Click “Next”

7. Click “I accept this agreement” and then “Next”

8. Enter the Volume License

Product Key and click “Next”

9. Click “Not right now” and click “Next”.

10. Click ‘Next’

11. Enter ‘cr@cker42’ for the Administrator password twice and click ‘Next’

12. Select ‘No, don’t make

this computer part of a domain’ should be selected and click ‘next’

13. Click ‘Skip’ on the Internet Connectivity.

14. Select ‘No, not at this

time’ to the Register with Microsoft and click ‘Next’

15. Enter ‘root’ for the user name and click ‘Next’

16. Windows Setup Wizard is

complete click ‘Next’.

17. Windows reboots

18. Go to Computer

Management ‘Local Users and Groups’ find the ‘root’ account and right click to delete.

19. Click ‘Yes’ to the warning

and log off Windows.

20. Enter ‘cr@cker42’ for the password and logon.

21. Locate and Open Java in

the control panel. Select the ‘Update’ tab and uncheck ‘Check for Updates Automatically’ Then select ‘Do Not Check’ at the pop up window.

22. Click ‘Apply’ and then ‘OK’ to close Java.

23. Verify Windows updates

are not enabled. Go to Control Panel\Windows Update Select ‘Turn off Automatic Updates.’ Click ‘Ok’ to exit

24. Verify the Windows Firewall is Off.

25. Set Windows to

Automatically logon. Click Start\run and type ‘rundll32 netplwiz.dll,UsersRunDll’

26. Uncheck “Users Must enter a username and password to use this computer” Click Apply

27. Enter the Administrator

password “cr@cker42” twice. Click okay and Click okay to exit User Account screen. (It is advisable at this point to reboot in order to validate automatic logon hasben set correctly)

28. Open Adobe Reader. Click Edit Preferences and verify that “Check for updates” is not selected. Close Adobe Reader.

29. Open any Office

Application. Enter the customer\Prospects Product Key.

30. Go to Tools\Macro\Security and ensure setting is on Low. Do this for all Office Applications.

31. Accept Sigcheck license

agreement. Browse to C:\Windows\System32\ Locate “sigcheck.exe” and double click.

32. Select “Run”

33. Shutdown the VM. Locate

the VMDK and upload to ATD. Use the PoC Guide for the next steps.

Windows Server 2008 Pre-Built Image import and preparation guide










Name: WINSVR_2K8_SP1_ADB9_JV75_FF.zip MD5 Hash: Password: cr@cker42

2. File Open.





3. Select the VMWare Configuration File.

4. Once the import is done

select “Power on this virtual machine”


6. Windows boot screens are displayed.

7. Click next to start the

setup process.

8. Select “Yes, I accept” and click Start.

9. Click Okay

10. Enter “cr@cker42” in the password field twice and click the arrow to continue.

11. Click OK and Windows

boots to desktop.

12. Click “Do not show me this console at login” and click the “X” to close.

13. Click Start and type

“netplwiz” and hit enter.

14. Uncheck “Users must enter a user name and password to use this computer.” Click “Apply”

15.

16. Enter “cr@cker42” in the password fields twice and click OK to exit.

17. Click ‘OK’ and Click ‘OK’ to

exit netplwiz screen. Note. Rebooting now would validate that no user credentials are required to log-in

18. Locate Java in the Control Panel and open it.

19. Click on “Update” and ensure “Check for Updates Automatically” is unchecked. Click “Do Not Check” and Click Apply and OK.

20. Verify Windows updates

are not enabled.

21. Ensure Windows Firewall is Off.

22. Open Adobe. Go to

Edit\Preferences and ensure “Check for updates” is not checked.

23. Open any Microsoft Office application. Enter the Customer\Prospects Product Key.

24. After entering the

Product Key. Go to Tools\Macro\Security. Ensure it is set to low. Do this for all Office Applications. Close all applications. Clean up the desktop of any shortcuts and empty the recycle bin.

25. Open internet Explorer. Select next to the prompt.

26. Select ‘No’ to default

browser and click ‘Next’

27. Select ‘Yes, turn on Suggested Sites’

28. Select Use express

settings and click finish.

29. Select Tools|Internet Options. Set ‘Home page’ to ‘Use blank’ and click Advanced.

30. Click Advanced and Select

“Allow active content to run in files on My Computer” Click ‘Apply’ and ‘OK’.

31. Open FireFox, Select ‘Don’t Import anything’ and click next

32. Uncheck ‘Always perform

this check when starting FireFox’

33. Press the Alt key to show

the menu bar and select Tools\Options

34. Select ‘Never check for updates (not recommended: security risk)’ Uncheck ‘Search Engines’ Close FireFox

35. Explore to C:\Tools Double Click on the the sigcheck short cut. Click Agree on the License Terms.

36. Activate Windows. Click on Properties of ‘Computer’

37. Click on ‘Change product

key’

38. Enter Product Key: and click next.

39. Wait while Windows

Activates.

40. Windows Activation is successful. Click close.



Windows 7 Pre-Built Image import and preparation guide










Name: WIN7_X86_SP1_ADB9_JV75_FF.zip MD5 Hash: 85be4c25048cc7ab524641abfff4b6d6 Password: cr@cker42 Name: WIN7_X64_SP1_ADB9_JV75_FF.zip MD5 Hash: 0691e51ed6f4c3075dfcadabb71e8c41 Password: cr@cker42

35. File Open.




36. Open the VMware Configuration File

37. Once the import is done

select “Power on this virtual machine”


39. Click “Next”

40. Enter “root” for user and

anything for the computer name.

41. Enter “cr@cker42” for the password and a hint.

42. Select “I accept the license

terms” and click next.

43. Select “Ask me later” This is important as if you select anything else Windows will start downloading updates and changing the posture of the Virtual Machine.

44. Enter the time.

45. Select “Work Network”

46. It is Recommend (not

required) Adjusting Resolution to 1024 X 768 for ease of navigation.

47. Go to Computer Management. Select Users. Right Click on Administrator and select properties. Uncheck “Account is Disabled”. Click Apply and Okay. Now Log Off

48. Click on the Administrator

account and enter “cr@cker42” to log on.

49. Go to Computer

Management. Select Users and delete the user root. Click Yes to the warning

50. Click “OK” and exit computer management.

51. Select start\run and type

netplwiz. Uncheck “Users Must enter a username and password to use this computer” Click Apply (It is advisable at this point to reboot in order to validate automatic logon has been set correctly)

52. Enter the Administrator password “cr@cker42” twice. Click okay and Click okay to exit Netplwiz screen.

53. Open Adobe Reader. Click Edit Preferences and verify that “Check for updates” is not selected. Close Adobe Reader.

54. Locate Java in the Control

Panel and open it. (Open Control Manager and type JAVA in the search field) Click on “Update” and ensure “Check for Updates Automatically” is unchecked. Then select “Do Not Check” to the warning. Select “Apply and OK”

55. Right Click and select properties on my computer. Click change product key and Activate Windows. Enter the customer\prospects windows key and activate.

56. Verify Windows updates are not enabled. Go to Control Panel\System and Security\Windows Update\Change Settings. Set Important updates drop down to “Never check for updates (not recommended)” Uncheck “Allow all users to install on this computer”

57. Open any Office

Application. Enter the customer\Prospects Product Key.

58. Go to Tools\Macro\Security and ensure setting is on Low. Do this for all Office Applications.

59. Verify the Windows

Firewall is disabled.

60. Open internet Explorer. Select “Ask me Later”

61. Select “Use blank” and

click on the Advanced Tab at the top.

62. Open internet Explorer. Click Advanced and Select “Allow active content to run in files on My Computer”

63. Open FireFox, Select

‘Don’t Import anything’ and click next

64. Uncheck ‘Always perform

this check when starting FireFox’

65. Press the Alt key to show the menu bar and select Tools\Options

66. Select ‘Never check for

updates (not recommended: security risk)’ Uncheck ‘Search Engines’ Close FireFox

67.

68. Accept Sigcheck license agreement. Browse to C:\Tools Locate “sigcheck-shortcut” and double click.

69. Select “Run”

70. Select “Agree”. Close all

open windows and shut down Windows. Note: The although the MergeIDE folder is not needed for these instructions it is recommended that it is left here for assistance with troubleshooting later.



field guide to setting up poc’s - community.mcafee.com · page 2 purpose this guide is intended...

Documents