Product Guide McAfee VirusScan Enterprise for Storage 1.1.0 For use with ePolicy Orchestrator 4.5.7, 4.6.x, 5.0.
COPYRIGHT Copyright © 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundscore, Foundstone, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure are trademarks or registered trademarks of McAfee, Inc.
Contents 1 2 Preface 5 About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 5 5 6 Introduction 7 How McAfee VirusScan Enterprise for Storage works . . . . . . . . . . . . . . . . . . . . How scanning of NetApp filer works . . .
Contents Index 4 McAfee VirusScan Enterprise for Storage 1.1.
Preface Contents About this guide Find product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: • Administrators — People who implement and enforce the company's security program.
Preface Find product documentation Find product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. Task 1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. 2 Under Self Service, access the type of information you need: To access... Do this...
1 Introduction ® ® McAfee VirusScan Enterprise for Storage detects and removes viruses, malware, and other potentially unwanted software programs from your network-attached storage (NAS) devices. ® ® VirusScan Enterprise for Storage is added to McAfee VirusScan Enterprise and expands its capability. The software performs remote scanning on NAS devices such as NetApp filers and Internet Content Adaptation Protocol (ICAP) storage appliances.
1 Introduction How McAfee VirusScan Enterprise for Storage works How scanning of NetApp filer works VirusScan Enterprise for Storage performs scanning operation when a scan request is received from registered filers. For Cluster-Mode scanning, VirusScan Enterprise for Storage requires Clustered Data ONTAP Antivirus Connector software. The software must run on the same scanner server, where McAfee VirusScan Enterprise for Storage is running. When the loop-back IP address (127.0.0.
Introduction Product features 1 How scanning of ICAP servers works VirusScan Enterprise for Storage scans Internet Content Adaptation Protocol servers. The ICAP client is a Network Attached Storage (NAS) device. Product features The VirusScan Enterprise for Storage features help you to configure, protect, and manage your network-connected storage devices.
1 10 Introduction Product features • Standard solution for multiple vendors — Protects multiple storage systems and devices, and works on different storage environments and configurations. • Support for Clustered Data ONTAP 8.2.1 Cluster-Mode scanning — Supports scanning of Clustered Data ONTAP 8.2.1 using Clustered Data ONTAP Antivirus Connector, a NetApp product. This version supports Cluster-Mode and 7-Mode scanning that provide greater scalability than a single scanning instance.
2 Installation and deployment Install VirusScan Enterprise for Storage on a standalone system, or deploy the software from ePolicy Orchestrator to a managed system. Contents System requirements Package contents Install the software on a standalone system Deploy the software to a managed system Upgrade the software Configure the software on Windows Server 2008 and 2012 System requirements Make sure that your system meets these minimum requirements, and you have administrator rights.
2 Installation and deployment System requirements Component Requirements ePolicy Orchestrator McAfee ePolicy Orchestrator 4.5.7–5.0.x. McAfee Agent McAfee Agent 4.6 patch 3 and later. Recommendations for scanner count Consider these recommendations for your test environment, then determine the requirements for your production environment based on actual loads. Physical scanner for NetApp filers The best practice for scanner count for physical scanner is: No.
Installation and deployment Package contents 2 Package contents The software package contains these files that are necessary for installation. Package Description VSESTOR__LML_.zip Contains standalone installer and ePolicy Orchestrator deployment package files. VSESTOMD__extension_.zip • Contains these policies: • VirusScan Enterprise for Storage 1.1.0: NetApp Filer Policy • VirusScan Enterprise for Storage 1.1.
2 Installation and deployment Deploy the software to a managed system Install the software from the command line You can use the command line to install the software on a standalone system without user intervention. Before you begin Make sure that a directory named temp is created in the C drive to save the log file. Task 1 Log on to the system as an administrator. 2 Download VSESTOR__LML_.zip to a temporary location on your system, then double-click it to execute.
Installation and deployment Upgrade the software 2 Task For option definitions, click ? in the interface. 1 Log on to the ePolicy Orchestrator server as an administrator. 2 Click Menu | Software | Extensions, then click Install Extension. 3 Browse to the VSESTOMD__extension_.zip file, then click OK. Deploy the software from ePolicy Orchestrator Use ePolicy Orchestrator to deploy the software to managed systems in your network.
2 Installation and deployment Configure the software on Windows Server 2008 and 2012 Upgrade the software on a standalone system When a previous version of the software is found during the installation, the installation program upgrades the software to the new version. You can upgrade the software from McAfee VirusScan Enterprise for Storage 1.0.2, 1.0.3 to McAfee VirusScan Enterprise for Storage 1.1.0. To upgrade from McAfee VirusScan Enterprise for Storage 1.0.
3 Configuration for standalone systems Configure VirusScan Enterprise for Storage to add NetApp filers and to scan the storage appliances using the ICAP server. Contents Configure NetApp filers scan settings Configure the ICAP settings Static IP address for scanners Configure the service dependency View filers scan statistics Configure NetApp filers scan settings Configure the NetApp filer AV scanner options such as, add filers, define file types to scan or exclude, and define actions for threat items.
3 Configuration for standalone systems Configure NetApp filers scan settings 4 On the Network Appliance Filers tab, define these options: • Specify which filers this server protects • For Cluster-Mode — Click Add, type the loop-back IP address (127.0.0.1), then click OK. • For 7-Mode — Click Add, type the filer IP address, then click OK. • Settings Apply to all filers • Administrative Accounts 5 On the Scan Items tab, define the types of files, options, and heuristics for a scan.
Configuration for standalone systems Configure the ICAP settings 3 Configure the ICAP settings Configure the server connection for scan requests, file types to scan or exclude, action for threat items, and log settings. Task 1 Log on to the system as an administrator. 2 On the Windows taskbar, right-click the McAfee menulet 3 On the VirusScan Console, right-click the ICAP AV Scanner, then select Properties.
3 Configuration for standalone systems Configure the service dependency Use the tracert command on each filer to examine the number of router hops between filers and scanners. There should be 0 hops, with only bridges and switches between the filers and scanners. Assigning static IP addresses prevents the scanner from inadvertently changing IP addresses.
Configuration for standalone systems View filers scan statistics 3 11 Start the McAfee VirusScan Enterprise for Storage service and the McAfee VirusScan Enterprise for Storage Monitor service. 12 On the VirusScan console, enable Access Protection. View filers scan statistics View the statistics for NetApp filer scanner threads, scanning statistics, performance statistics and statistics update interval settings. Task 1 Log on to the system as an administrator.
3 Configuration for standalone systems View filers scan statistics 22 McAfee VirusScan Enterprise for Storage 1.1.
4 Manage the software from ePolicy Orchestrator Integrate and manage VirusScan Enterprise for Storage using ePolicy Orchestrator management software. Contents Manage policies Create a NetApp filer policy Create an ICAP server scan policy Manage policies Policies for VirusScan Enterprise for Storage allow you to configure the features and feature administration, and to log details on managed systems.
4 Manage the software from ePolicy Orchestrator Create a NetApp filer policy To create a policy To modify a policy 1 Click New Policy. 1 Click the policy you want to change. 2 Type a name for the policy, then click OK. 2 Configure the settings. 3 Configure the settings. 4 Click Save. Assign policies After you create or modify policies, assign them to the systems that are managed by ePolicy Orchestrator. Task For option definitions, click ? in the interface.
4 Manage the software from ePolicy Orchestrator Create a NetApp filer policy In... Define... Filers list • Overwrite client filer list — Processes scan requests only for filers defined in the policy. • Filers — Use the plus and minus signs to add and remove filers. These settings apply to all filers • Enable 'keep-alive' probes — To make sure that the filer and scanner-server are in communication.
4 Manage the software from ePolicy Orchestrator Create a NetApp filer policy In... Define... What not to scan Select the type of exclusion from the drop-down list, then specify the details for the exclusion: • Exclude by pattern — Type the pattern in the text box. Separate multiple entries with a space. Select Include subfolders as needed. • Exclude by file type — Type the file type in the text box. Separate multiple entries with space.
Manage the software from ePolicy Orchestrator Create a NetApp filer policy In... 4 Define... When a threat Perform this action first — Select the first action that you want the scanner to take when a is found threat is detected. • Clean Files Automatically — The scanner tries to remove the detected threat from the file. • Continue Scanning — A clean or delete action is not attempted on the threatened file. The filer is notified of the threat and the action is logged.
4 Manage the software from ePolicy Orchestrator Create an ICAP server scan policy In... Define... Log file format Select the format of the log file. Default = Unicode (UTF8). • Unicode (UTF8) — Recommended if you are storing eastern text (every character is one or two bytes), or sharing information within a multi-national organization. • Unicode (UTF16) — Recommended if you are storing eastern text (every character is one or two bytes), or sharing information within a multi-national organization.
4 Manage the software from ePolicy Orchestrator Create an ICAP server scan policy In... Define... Scanning • Enable Scanning — Enable or disable scanning. File types to scan • All files — Scans all files. • Default + specified file types — Scans default and specified files. You can add more file types by typing the file extensions separated by spaces. • Include files with no extension — Scans files that do not contain an extension.
4 Manage the software from ePolicy Orchestrator Create an ICAP server scan policy 8 On the Reports tab, configure these log activities preferences: In... Define... Activity log • Enable activity logging — Enables the default log file location. • Log file location — Defines the log file location. • Log file size — Log file location • Log file location — Defines the log file location. Log file size • Log file size — Sets the maximum size of the log file.
A Frequently asked questions Here are answers to frequently asked questions. What are the file types that I should exclude from on-access scanning? Exclude these common file types from on-access scanning. Add other files in the exclusion list according to your environment. Database files • .ldb • .pst.tmp • .mdb • .nsf • .pst Archives or large files • .7z • .tar • .cab • .tgz • .iso • .vhd • .jar • .vmdk • .rar • .
A Frequently asked questions • Large-size files — Files that are larger in size should be scanned using on-demand scanning because it requires more system resources. This is evident in an ICAP on-access scanning solution, where the entire file must be copied to the scanner before the scan is initiated. McAfee recommends that you schedule an on-demand scan to scan these files. Scanning these files with the on-access scanning solution increases the frequency of scan timeout.
Frequently asked questions A To deploy NetApp 2 X Y scanners, you must configure the NetApp scan thread count for each scanner as (50 X (Z) threads. ** ** The value must be provided by the filer vendor based on how many outstanding scan requests the filer’s operating system issues from the discrete filer IP address. VirusScan Enterprise for Storage can be configured with a maximum of 800 threads. One scanner can handle scan requests from a maximum of 16 filers.
A Frequently asked questions 34 McAfee VirusScan Enterprise for Storage 1.1.
Index A about this guide 5 C Clustered Data ONTAP Anti-virus Connector 8 command-line installation 14 configuration ICAP settings 19 NetApp filers 17 windows Server 2008 16 windows Server 2012 16 conventions and icons used in this guide 5 D installation (continued) upgrading 15 using wizard 13 introduction 7 how ICAP server scanning works 9 how NetApp filer scanning works 8 M malware quarantine 9 managed systems configuration 16 installation 14 McAfee ServicePortal, accessing 6 deployment, ePolicy Orc
Index S ServicePortal, finding product documentation 6 software deployment 14 upgrade 16 software, upgrade 15 standalone systems configuration 16 36 McAfee VirusScan Enterprise for Storage 1.1.
0-00
