national insurance company-mcafee
TRANSCRIPT
![Page 1: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/1.jpg)
ePolicy Orchestrator Architecture and Concepts
Indrajit Majumder
![Page 2: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/2.jpg)
Agenda
Define ePolicy Orchestrator.
McAfee Architecture for NIC.
Repository.
Rogue Sensor System.
Installation, Updation and Uninstallation.
User Awareness.
![Page 3: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/3.jpg)
What is ePolicy Orchestrator ?
ePolicy Orchestrator is a management tool from McAfee Antivirus which
provide a tool for centralized anti-virus management , security policy
management and enforcement.
Usage of ePolicy Orchestrator :-
1. Deploy McAfee Products.
2. Updation of the Products.
3. Enforcement and management of policies.
![Page 4: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/4.jpg)
Components
The ePolicy Orchestrator software contain following components :-
1. The ePolicy Orchestrator Server :- It is a management server and a repository for
all data collected from distributed ePolicy Orchestrator agents.
2. The ePolicy Orchestrator Console :- A clear , understandable view of all virus
activity and status, with the ability to manage and deploy agents and products.
3. The ePolicy Orchestrator Agent :- An intelligent link between the ePolicy
Orchestrator Server and the anti-virus and security products that enforces policies
and tasks on client computers.
![Page 5: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/5.jpg)
Communication Port
Different communication Port in ePolicy Orchestrator :-
Agent to Server communication Port : 80
Console to server communication Port : 81
Agent Wake-Up communication Port : 8081
Agent Broadcast communication Port : 8082
Sensor to Server communication Port : 8444
Security Threats HTTP port : 8801
![Page 6: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/6.jpg)
MCAFEE ARCHITECTURE FOR NIC
![Page 7: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/7.jpg)
REPOSITORY
What is Repository ?
Repository is a Place or folder which content all Virus Updates, SuperDAT,
Patches for all McAfee product, Signature, McAfee default Policy, etc.
Component of Repository ?
Source Repository ( McAfee Updates.ini sites).
Master Repository ( NIC-800000-EPO1 placed in Head Office).
Distributed Repository ( in 24 Regional Offices).
Clients Machines ( In all over Operating Offices).
![Page 8: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/8.jpg)
Source Repository
A Source Repository is a location from which Master Repository retrieves Updates.
Scheduled from 8:00 PM onwards.
HTTP:// update.nai.com /Products/ CommonUpdater.
FTP:// ftp.nai.com/ CommonUpdater.
![Page 9: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/9.jpg)
Master Repository
The Master Repository maintain a original copy of Source Repository.
The Master Repository distribute (PUSH) all the packages to the Distributed
Repository. (Schedule from 5:00 AM to 9:00 AM)
The Master Repository is placed in Head Offices that is NIC-800000-EPO1.
![Page 10: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/10.jpg)
Distributed Repository
The Distributed Repository maintain a
duplicate copy of Master Repository.
The DR PULL all the packages from
the Master Repository.
Clients computer retrieves updates
from Distributed Repository.
![Page 11: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/11.jpg)
Clients
Clients present on Operating Offices running with McAfee Antivirus , retrieves
updates from there respective Regional Offices.
Schedule from 11:00 AM to 11:45 AM.
Normally Clients download new policies from ePO Server ( NIC-800000-EPO1) , and
SDAT from Distributed Repository.
![Page 12: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/12.jpg)
Repository Flow Chart
![Page 13: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/13.jpg)
Rogue Sensor System
Rogue system detection means find unmanaged computers in your network or
subnet.
Rogue means “ computers which do not have ePolicy Orchestrator Agent ” or the
computer that is not managed by an ePO agent but should be.
The Rogue System Detection system helps you to monitor all the system on your
network-Not only the once ePO manages already , but also the rogue system
( system without agent) as well.
Rogue system Detection integrates with your ePO Server to provide real-time
detection of rogue system.
The Rogue sensor placed on each network broadcast segment.
![Page 14: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/14.jpg)
Rogue Sensor System ( cont…)
In NIC Rogue Sensor are placed on Genisys Server of each Operating office. It
detect all the rogue machines in there network and send report to ePO Server( NIC-
800000-EPO1) placed in HO.
HOW IT WORKS ?
The Sensor is a small WIN32 native executable application. We deploy at least one
sensor to each broadcast segment. The sensor run on any NT-based Windows
operating system.
To detect system on the network, the sensor utilize WinPCap , an open source
packet capture library. Using WinPCap , the rogue system detection sensor captures
network layer two broadcast packets sent by computers connected to the same
network broadcast segment.
![Page 15: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/15.jpg)
Rogue Sensor System ( cont…)
The sensor listens for Address Resolution Protocol (ARP) , Reverse Address
Resolution Protocol (RARP) , and IP traffic.
The sensor is able to “listen” to the broadcast traffic of all that part of the network.
Like Rogue computers , Printer , router , Switch and all other devices.
The Rogue sensor system gather all information includes DNS name ,IP, MAC
Address, NetBIOS name , Operating system version , and list of currently logged-in
users . And after that send all those information to ePO Server sensor that is
NIC-800000-EPO1 placed in HO.
The Sensor-to-Server communication Port is : 8444
![Page 16: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/16.jpg)
Rogue Sensor System ( cont…)
![Page 17: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/17.jpg)
Rogue Sensor System ( cont…)
![Page 18: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/18.jpg)
Rogue Sensor System ( cont…)
![Page 19: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/19.jpg)
Rogue Sensor System ( cont…)
![Page 20: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/20.jpg)
INSTALLATION
Installation of ePO Agent. (FramePkg.exe)
Installation of VirusScan Enterprise (setupvse.exe)
Updation of ePO Agent and VirusScan Enterprise.
Distributed Repository selection.
Uninstallation.
![Page 21: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/21.jpg)
ePO Agent Installation
In the MacAfee package all these files are available. First we have to install ePO agent then we will install MacAfee virus scan enterprise.
McAfee Package present in ftp://10.80.0.25/ domainjoin/ McAfee Package.
For installation of ePO agent double click on
“ FramePkg.exe ”
![Page 22: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/22.jpg)
ePO Agent Installation
it will start installation.
After ePO agent installation is complete it show msg. “ Setup completed successfully”. Press OK.
![Page 23: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/23.jpg)
VirusScan Enterprise Installation
Double Click on
Setupvse.exe” .
First screen come for McAfee
VirusScan Enterprise Setup.
Click “ NEXT ” .
![Page 24: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/24.jpg)
VirusScan Enterprise Installation
In the License expiry type, we
need to select “ Perpetual”
And Select country where
purchased and used. We
need to select " United States
{default for use in US}”.
Select “ I accept the terms in
the License agreement ”. Click
OK.
![Page 25: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/25.jpg)
VirusScan Enterprise Installation
Select “Typical ”. Click NEXT.
Click “ Install ”. Then it starts
Installation.
![Page 26: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/26.jpg)
VirusScan Enterprise Installation
Deselect “ update Now ” and
“ Run On-Demand Scan ”
Installation is complete now.
Press YES.
![Page 27: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/27.jpg)
VirusScan Enterprise Installation
After we restart the machine the
Following LOGO will come.
First check Symbol of VirusScan
Enterprise in the Right hand side
corner of the Desktop. That means
virus scan installed successfully.
![Page 28: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/28.jpg)
Updation of ePO Agent
If ePO agent symbol not come in the Right hand side corner of the Desktop. Do following steps.
Go to: Start Run cmd.
Type the complete path for enforces Policies. C:\Program Files\Network Associates\Common Framework> cmdagent /P /E /C
![Page 29: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/29.jpg)
Distributed Repository selection.
Right click on VirusScan
Enterprise symbol Select “
VirusScan Console.”.
Go to: Tools Edit
AutoUpdate Repository List
![Page 30: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/30.jpg)
Distributed Repository selection.
If we are installing this package for CRO-1 Operating office. Then select CRO-1 and deselect all other Repositories.
Then click Move up.
Click OK.
![Page 31: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/31.jpg)
Update of VirusScan Enterprise
Right click on VirusScan Enterprise
symbol.
Click Update Now.
Then you can see the VirusScan
Enterprise take update from CRO-1.
![Page 32: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/32.jpg)
Update of ePO Agent
Again Right click on ePO agent
symbol.
Click Update Now.
Then you can see the ePO
agent take update from CRO-1.
![Page 33: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/33.jpg)
Update of ePO Agent
Right click on ePO agent symbol.
Click Status Monitor.
Finally click on Collect and Send Properties.
Then the client collects all update automatically from server.
![Page 34: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/34.jpg)
Uninstallation of ePO agent
Go to: Start Run cmd.
Type the complete path for uninstall ePO agent. C:\Program Files\Network Associates\Common Framework> frminst.exe /remove=agent
![Page 35: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/35.jpg)
Uninstallation of ePO agent
Click OK. Uninstallation is
complete.
And for uninstall Virus Scan
Enterprise click remove from
CONTROL PANAL
ADD/REMOVE program.
![Page 36: National Insurance Company-MCAFEE](https://reader038.vdocuments.us/reader038/viewer/2022102721/5464ee60b4af9fd1058b4f2c/html5/thumbnails/36.jpg)
USER AWARENESS
ePO Agent and Virus Scan Enterprise Symbol must be shown in the Task bar.
On- Access Scan must be enabled.
Super DAT Of McAfee Virus Scan Enterprise must be updated. User can check latest
Version of Super DAT from FTP:// 10.80.0.25/ domain join/ MacAfee-Package . Or
HTTP://10.X.0.3/epo/Current/VSCANDAT1000/DAT/0000/dat ( Where X = Regional
office code ) .
ePO Agent of client machines must communicate with NIC-800000-EPO1 ( main
server ) Properly. At least once in a day click-on “Collects and send Properties” of
ePO Agent.
ePO Agent and Virus Scan Enterprise must be taking updates from there respective
Regional Office only.
User should scan there computer completely at least once in a week.