User guide

ManualsBrandsMcafee ManualsOtherUNINSTALLER 6.0

User Guide

revision 1.0

McAfee

GroupShield

™

version 7.0

For Microsoft

Exchange

Summary of content (180 pages)

PAGE 1
User Guide revision 1.0 ® McAfee GroupShield version 7.
PAGE 2
COPYRIGHT Copyright © 2007 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system or translated into any language in any form or by any means without the written permission of McAfee, Inc. or its suppliers or affiliate companies.
PAGE 3
Contents 1 Introduction 7 About GroupShield for Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 What is GroupShield? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 How does GroupShield work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 How GroupShield protects Exchange? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 How does scanning work? . . . . . . . . . . . . . . . . . .
PAGE 4
® ™ McAfee GroupShield 7.0 User Guide 5 6 Contents Testing GroupShield installation using McAfee Virtual Technician . . . . . . . . . Quarantining using McAfee Quarantine Manager 4.1 . . . . . . . . . . . . . . . . . . . . . Upgrading Blacklists and Whitelists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Maintaining your GroupShield application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Modifying the GroupShield installation . . . . . . . . . . . . . . . . . . . . .
PAGE 5
® ™ McAfee GroupShield 7.0 User Guide Contents Creating a new on-demand scan task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Creating a new AutoUpdate task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 8 9 Getting Started with the User Interface 87 Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 6
® ™ McAfee GroupShield 7.0 User Guide Contents Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Debug logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Error reporting service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Event logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 7
1 Introduction About GroupShield for Exchange ® ™ This section introduces McAfee GroupShield 7.0 and describes how it protects your ® ® Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007 from potentially harmful, unwanted, and undesirable content.
PAGE 8
® ™ McAfee GroupShield 7.0 User Guide Introduction About GroupShield for Exchange Each time, an email message is sent to or received from a source, GroupShield scans it comparing it with a list of known viruses and suspected virus-like behavior. GroupShield can also scan for content within the email message using rules and policies defined within the GroupShield software.
PAGE 9
® ™ McAfee GroupShield 7.0 User Guide Introduction About GroupShield for Exchange protect the email server from harmful scripts sent within the email system. block messages with specific attachments. block messages based on words that appear either within the subject line/body of the message. block messages from specific addresses. How does scanning work? ® Central to your GroupShield software is the McAfee Security scanning engine and the virus definition (DAT) files.
PAGE 10
® ™ McAfee GroupShield 7.0 User Guide Introduction About GroupShield for Exchange Document repository protection — McAfee PortalShield Using computers within corporate environment has made it easy to create documents that might contain mission-critical information. Several software vendors produce portal servers to store, index and control your critical documents in a way that enables them to be easily located when needed.
PAGE 11
® ™ McAfee GroupShield 7.0 User Guide Introduction GroupShield Features GroupShield Features GroupShield includes these major features on Exchange Server 2003 and 2007: Anti-virus scanning — GroupShield provides the ability to scan for viruses contained ® in email messages that are transmitted over Microsoft Exchange SMTP or held ® within the Microsoft Exchange Server store. Anti-spam scanning — Spam is increasingly becoming an issue within the workplace.
PAGE 12
® ™ McAfee GroupShield 7.0 User Guide Introduction GroupShield Features What is New? New Web Based User Interface — GroupShield for Exchange provides a user friendly web-based interface based on DHTML. To access this, click Start | Programs | McAfee | GroupShield for Exchange | GroupShield for Exchange (Web). Policy Management — The Policy Manager menu option lists different policies that you can set up/manage in GroupShield.
PAGE 13
® ™ McAfee GroupShield 7.0 User Guide Introduction GroupShield Features Filter for Password Protected ZIP Files — For more information about this filter, refer to Password-protected files on page 140. Filter for Protected Content (Password protected Microsoft Office files) — For more information about this filter, refer to Protected content on page 137.
PAGE 14
® ™ McAfee GroupShield 7.0 User Guide Introduction GroupShield Features McAfee ProtectionPilot version 1.5 and above — to provide security management that simplifies anti-virus management tasks for network administrators who manage up to 500 computers. Management consists of deploying (sending and installing) anti-virus products, configuring product settings, and keeping those products up-to-date. For more information, refer to the chapter Integrating with ProtectionPilot 1.5 on page 77.
PAGE 15
® ™ McAfee GroupShield 7.0 User Guide Introduction GroupShield Features Integration with McAfee Common Management Agent (CMA) version 3.6 and above — You can use the CMA component to manage GroupShield and perform product updates, scheduled tasks, and events reporting as a part of the core installation. Features not supported Integration with black and whitelist server application installed along with GroupShield for Exchange version 6.x. Integration with Outbreak Manager (OBM).
PAGE 16
® ™ McAfee GroupShield 7.0 User Guide Introduction Using this Guide Using this Guide ™ This guide describes the sequential process of installing McAfee GroupShield 7.0 for ® Microsoft Exchange 2003 and 2007. It also gives a detailed description of the software usage. Topics covered are: Pre-Installation — Pre-installation scenarios and system requirements. Installing the Software — Accessing and installing GroupShield.
PAGE 17
® ™ McAfee GroupShield 7.0 User Guide Introduction Using this Guide Conventions This guide uses the following conventions: Bold Condensed All words from the interface, including options, menus, buttons, and dialog box names. Example: Type the User name and Password of the appropriate account. The path of a folder or program; text that represents something the user types exactly (for example, a command at the system prompt).
PAGE 18
® ™ McAfee GroupShield 7.0 User Guide Introduction Getting product information Getting product information Unless otherwise noted, product documentation comes as Adobe Acrobat .PDF files, available on the product CD or from the McAfee download site. Standard documentation User Guide — System requirements and instructions for installing and starting the software.
PAGE 19
® ™ McAfee GroupShield 7.0 User Guide Introduction Contact information Contact information ® Threat Center: McAfee Avert Labs http://www.mcafee.com/us/threat_center/default.asp Avert Labs Threat Library http://vil.nai.com Avert Labs WebImmune & Submit a Sample (Logon credentials required) https://www.webimmune.net/default.asp Avert Labs DAT Notification Service http://vil.nai.com/vil/signup_DAT_notification.aspx Download Site http://www.mcafee.
PAGE 20
® ™ McAfee GroupShield 7.
PAGE 21
2 Pre-Installation This chapter provides information that is important to consider before installing GroupShield for Exchange 7.0. Topics covered are: Pre-Installation scenarios System requirements Pre-Installation scenarios ® You MUST log on to Microsoft Windows as a domain administrator. This gives you relevant rights and permissions to install GroupShield. Before installing GroupShield: ® Make sure Microsoft Exchange Server 2003/2007 is installed on the installation server.
PAGE 22
® ™ McAfee GroupShield 7.0 User Guide Pre-Installation Pre-Installation scenarios Types of installation ® GroupShield can be installed on Microsoft Exchange Server 2003/2007 in these ways: Standard installation Silent installation Cluster installation Standard installation ® ® You can install McAfee GroupShield software on Microsoft Exchange Server 2003/2007. Refer to Installing GroupShield for Microsoft® Exchange Server 2003/2007 on page 26 for step-by-step instructions.
PAGE 23
® ™ McAfee GroupShield 7.
PAGE 24
® ™ McAfee GroupShield 7.
PAGE 25
3 Installing the Software Installing GroupShield software consists of these topics: Accessing the software What is included with the software? Installing GroupShield for Microsoft Exchange Server 2003/2007 Installing additional components Silent installation Configuring GroupShield in a cluster environment Upgrading GroupShield from v6.0.
PAGE 26
® ™ McAfee GroupShield 7.0 User Guide Installing the Software ® Installing GroupShield for Microsoft Exchange Server 2003/2007 What is included with the software? GroupShield for Exchange has these components in the installer that you can install separately. McAfee GroupShield for Exchange 7.0 Buffer Overflow Protection McAfee Anti-Spam for GroupShield The McAfee GroupShield for Exchange 7.0 option is selected by default.
PAGE 27
® ™ McAfee GroupShield 7.0 User Guide Installing the Software ® Installing GroupShield for Microsoft Exchange Server 2003/2007 4 Using Windows Explorer, navigate to the folder where you copied the installation files and double-click SETUP.EXE. The GroupShield for Exchange setup dialog box appears. Figure 3-1 McAfee GroupShield for Exchange - Welcome 5 Click Next. The Component Selection dialog box displays the software components you can install.
PAGE 28
® ™ McAfee GroupShield 7.0 User Guide Installing the Software ® Installing GroupShield for Microsoft Exchange Server 2003/2007 McAfee Anti-Spam for GroupShield (Evaluation) provides filters to block spam and phish emails. Anti-Spam and Anti-Phish feature is available only if you install McAfee Anti-Spam for GroupShield component during installation. McAfee Anti-Spam for GroupShield requires Note activation to enable it to work in licensed mode.
PAGE 29
® ™ McAfee GroupShield 7.0 User Guide Installing the Software ® Installing GroupShield for Microsoft Exchange Server 2003/2007 12 Click Next to display the Updating System dialog box. A progress bar indicates the features being copied and installed. Once the installation process completes, click Finish to complete the GroupShield for Exchange installation process.
PAGE 30
® ™ McAfee GroupShield 7.0 User Guide Installing the Software Installing additional components Permissions can be applied to any object in directory or on the local computer, but majority of permissions should be applied to groups, rather than individual users. This eases the task of managing permissions on the software.
PAGE 31
® ™ McAfee GroupShield 7.0 User Guide Installing the Software Installing additional components Buffer overflow protection prevents exploited buffer overflows from executing arbitrary code on your computer. It monitors usermode API calls and recognizes when they are called as a result of buffer overflow. GroupShield for Exchange uses the buffer overflow protection of VirusScan Enterprise to protect these processes: RPCServ.exe PrfCtrs.exe RunScheduled.exe SAFeService.exe SDEDIT.
PAGE 32
® ™ McAfee GroupShield 7.0 User Guide Installing the Software Silent installation Silent installation The GroupShield for Exchange installation is performed by MSI. You can set the properties used by the MSI either by editing the SILENT.INI file or by passing the properties directly to the MSI via the command line. Silent installation allows you to choose the most convenient time to install GroupShield ® for Exchange on Microsoft Windows.
PAGE 33
® ™ McAfee GroupShield 7.0 User Guide Installing the Software Configuring GroupShield in a cluster environment MSIEXEC /I INSTALLDIR= and press ENTER. Install folder = C:\GSE7INSTALL MSIEXEC /I C:\GSE7\GROUPSHIELD.MSI INSTALLDIR=C:\GSE7INSTALL /QN Note MSIEXEC /I INSTALLDIR= /l* MSIEXEC /I C:\GSE7\GROUPSHIELD.MSI INSTALLDIR=C:\GSE7INSTALL /l* C:\GSE7\GSELOG.
PAGE 34
® ™ McAfee GroupShield 7.0 User Guide Installing the Software Configuring GroupShield in a cluster environment Local Continuous Replication (LCR) on Exchange Server 2007 Local Continuous Replication (LCR) is a single-server solution that uses built-in asynchronous log shipping technology to create and maintain a copy of a storage group on a second set of disks that are connected to the same server as the production storage group. LCR is not a failover implementation. So GroupShield 7.
PAGE 35
® ™ McAfee GroupShield 7.0 User Guide Installing the Software Configuring GroupShield in a cluster environment Adding GroupShield for Exchange as a resource to the Cluster group In Cluster Administrator, select the Exchange cluster group to which the GroupShield for Exchange resource needs to be added. 1 From the File menu, select New | Resource. The New Resource wizard appears. Figure 3-6 New Resource 2 Type a suitable Name and Description for the Resource.
PAGE 36
® ™ McAfee GroupShield 7.0 User Guide Installing the Software Configuring GroupShield in a cluster environment 7 Click Next. The Parameters screen appears. In the Shared Data Drive section, verify if the disk (selected from the Dependencies screen) is displayed. 8 Click Finish. A confirmation dialog box appears. 9 Click OK. The cluster resource is successfully created.
PAGE 37
® ™ McAfee GroupShield 7.0 User Guide Installing the Software Upgrading GroupShield from v6.0.2 or higher Cluster Uninstallation 1 Open the Cluster Administrator. 2 Make all the resources of type McAfee Cluster Framework offline. 3 Delete all the resources of type McAfee Cluster Framework. 4 Close the Cluster Administrator. Make the nodes of the cluster as passive and uninstall GroupShield for Exchange version 7.0 as mentioned in the topic Uninstalling GroupShield for Exchange on page 45 of this guide.
PAGE 38
® ™ McAfee GroupShield 7.0 User Guide Installing the Software Upgrading GroupShield from v6.0.2 or higher 3 When the installation is completed successfully, your system is upgraded to GroupShield for Exchange version 7.0. Note After the upgrade, policies, scheduled tasks, rules, and configuration settings are carried forward to GroupShield 7.
PAGE 39
4 Post-Installation Tasks and Maintenance This chapter includes information that is important to consider when performing post installation and maintenance tasks: Testing your GroupShield installation Quarantining using McAfee Quarantine Manager Maintaining your GroupShield application Uninstalling the GroupShield for Exchange software Testing your GroupShield installation When you have completed installation of GroupShield for Exchange, we recommend that you test the installation to ensure
PAGE 40
® ™ McAfee GroupShield 7.0 User Guide Post-Installation Tasks and Maintenance Testing your GroupShield installation 1 Copy the following line into its own file, then save the file with the name EICAR.COM: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TESTFILE!$H+H* The file size will be 68 or 70 bytes. 2 Send an email message through the Exchange Server 2003/2007 with the EICAR ® test file as an attachment.
PAGE 41
® ™ McAfee GroupShield 7.0 User Guide Post-Installation Tasks and Maintenance Quarantining using McAfee Quarantine Manager 4.1 Quarantining using McAfee Quarantine Manager 4.1 ® McAfee Quarantine Manager (MQM) can be used as a repository for quarantining infected email messages. McAfee products (like GroupShield for Exchange) uses a pre-assigned port number to send the detection information to MQM.
PAGE 42
® ™ McAfee GroupShield 7.0 User Guide Post-Installation Tasks and Maintenance Quarantining using McAfee Quarantine Manager 4.1 8 Click Apply, to save the changes. Note Once you have completed the above setup, GroupShield starts to quarantine detected items on McAfee Quarantine Manager Server; however it also logs them in the local database. You must install McAfee Quarantine Manager version 4.1 Patch1 and HotFix 285970 on the McAfee Quarantine Manager Server.
PAGE 43
® ™ McAfee GroupShield 7.0 User Guide Post-Installation Tasks and Maintenance Maintaining your GroupShield application -h: help you can also substitute the parameters: Note - m with /m -d with /d -h with /h Syntax examples: To upgrade GroupShield 6.x user blacklists and whitelists to version 7.0: bwl -m “c:\GSE_60_BWL_Path\” “c:\GSE_70_BWL_Path” To upgrade GroupShield 6.x user blacklists and whitelists to version 7.
PAGE 44
® ™ McAfee GroupShield 7.0 User Guide Post-Installation Tasks and Maintenance Maintaining your GroupShield application 2 Ensure that the server and clients are shut down. 3 From the Start menu, click Settings, then Control Panel. The Control Panel window appears. 4 Double-click Add/Remove Programs. The Add/Remove Programs dialog box appears. 5 Select McAfee GroupShield for Exchange from the list. 6 Click Change. The Application Maintenance dialog is displayed. 7 Select Modify, then click Next.
PAGE 45
® ™ McAfee GroupShield 7.0 User Guide Post-Installation Tasks and Maintenance Uninstalling GroupShield for Exchange 8 Click Finish to close the dialog box. Restoring original out-of-box configuration To restore default settings and values from the user interface, click Settings & Diagnostics | Import and Export Configuration | Restore Default.
PAGE 46
® ™ McAfee GroupShield 7.0 User Guide Post-Installation Tasks and Maintenance Uninstalling GroupShield for Exchange 9 Once the software is removed, a message is displayed. Click Finish to close the dialog box.
PAGE 47
5 Integrating with ePolicy Orchestrator 3.6 Introduction This chapter describes how to configure GroupShield for Exchange using McAfee ePolicy Orchestrator management software version 3.6. To use this guide effectively, you need to be familiar with ePolicy Orchestrator. See the ePolicy Orchestrator v3.6 Product Guide for more information.
PAGE 48
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Introduction Introducing ePolicy Orchestrator console ® The Microsoft Management Console (MMC) is your interface to the ePolicy Orchestrator product and its features. Here you register and configure the GroupShield for Exchange products that are managed through ePolicy Orchestrator. The console uses standard MMC features. The console is divided into two panes.
PAGE 49
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Installation Assumptions: Computer 1: ePolicy Orchestrator version 3.6 is installed and configured on a supported operating system. ® Computer 2: Microsoft Exchange Server 2003/2007 is installed and configured on the server. Exchange Server is added into the ePolicy Orchestrator’s managed server list under the “Directory” branch.
PAGE 50
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Installation 3 Click Add. The New Site dialog box appears. You can create a new site to administer specific group of computers. Note 4 Type the Name for the new site. If the new site is a domain and you want to include all the computers under the domain, select Domain and Include computers as child nodes. 5 Click OK to add the new site. The Add Site dialog box appears.
PAGE 51
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Installation Adding GroupShield Installation Package files to the ePolicy repository 14 Click Repository. The Repository page appears. 15 Click Check in Package. The Check in package wizard appears. 16 Click Next. The select package type wizard appears. 17 Select Products or updates, then click Next. The Check in package - Browse dialog box appears.
PAGE 52
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Installation Installing GroupShield on the client computer 1 From the ePolicy Orchestrator console, select the Site or the Exchange Server on which you intend to install GroupShield, then click the Tasks tab. The deployment task page appears. 2 Double-click the Deployment task. The ePolicy Orchestrator Scheduler dialog box appears.
PAGE 53
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Configuring GroupShield Policies Importing the GroupShield for Exchange version 6.x NAP settings 1 Using an administrative account, log on to the computer containing ePolicy Orchestrator Server. 2 Create a temporary directory on the network or your local drive.
PAGE 54
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Configuring GroupShield Policies Managing Policies The ePolicy Orchestrator console allows you to manage policies across groups of computers or on a single computer. These policies override configurations set on individual computers. For information regarding policies and how they are enforced, see the ePolicy Orchestrator Product Guide.
PAGE 55
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Scheduling tasks 2 Click the Policy Name drop-down list and select New Policy. The Create a new policy dialog box appears. Note You cannot configure the McAfee Default policy settings for a selected Category. To configure a selected category, you must create a new policy or a duplicate copy of the policy for the selected Category.
PAGE 56
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Scheduling tasks On-Demand scan Scheduled tasks for a computer can be set to execute based on the local time or GMT (Greenwich Mean Time). However, ePolicy Orchestrator cannot monitor the progress of a scheduled task. So we recommend you to view the log file in the server periodically to check if the scheduled task was executed successfully. AutoUpdate task GroupShield 7.
PAGE 57
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Scheduling tasks 2 Click Settings, edit the required options in both the Task and Schedule tabs. The Update Task page appears with message No additional settings are required for this task. Note Note AutoUpdate is configured to update the product with latest DATs, spam rules, spam and anti-virus engines from McAfee http/ftp website.
PAGE 58
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Scheduling tasks 3 Deselect Inherit. 4 Select the desired on-demand policy from the list: 5 Click OK. Scheduling settings 6 Click the Schedule tab. Table 5-2 Schedule Options Schedule Task Start Time UTC Time Local Time Select one of the available task type from the drop-down list.
PAGE 59
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Reports Table 5-2 Schedule Options Repeat Task Click Advanced on the Advanced Scheduled Options dialog box. Use this option to run a task multiple times in the same day. To do this, select Repeat Task and then set the repeat interval appropriately. Typically, you might do this to run a client update task several times a day, especially if there are a lot of new viruses.
PAGE 60
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Uninstallation If No is selected, the complete report is shown. Note Tabs may vary based on which report is selected. See ePolicy Orchestrator Product Guide v 3.6 for more details on all the available settings tabs. Configuring reports There are several ways in which you can control what data appears on reports.
PAGE 61
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Uninstallation 5 Deselect Inherit. From the listed products, select Remove from the list item given against GroupShield for Exchange. 6 Deselect Run this task at every policy enforcement interval. 7 Click OK. 8 Click Schedule tab. Deselect Inherit. 9 From the Schedule Task list item, select Run Immediately and click Apply. 10 Send an agent wakeup call.
PAGE 62
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 3.6 Uninstallation 3 Right-click groupshield7.0 and select Remove to uninstall the report file from the ePolicy Orchestrator server.
PAGE 63
6 Integrating with ePolicy Orchestrator 4.0 Introduction This chapter describes how to configure GroupShield for Exchange using McAfee ePolicy Orchestrator management software version 4.0. To use this chapter effectively, you need to be familiar with ePolicy Orchestrator 4.0. ePolicy Orchestrator 4.0 provides a scalable platform for centralized policy management and enforcement on your security products and systems on which they reside.
PAGE 64
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Introduction Insert the CD into the computer’s drive and copy the installation .ZIP files into the temporary directory you created. Download the ZIP files to the temporary directory ePolicy Orchestrator agent ePolicy Orchestrator agent is a distributed component of ePolicy Orchestrator that must be installed on each computer on the network.
PAGE 65
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Installation 9 Enter the credentials (Domain, User, and Password) for agent installation, then click OK. Deploying an ePolicy Orchestrator agent 1 Using an administrative account, log on to the ePolicy Orchestrator server. 2 Click Systems. 3 Choose a group in the System Tree. 4 Select the desired Computer Name(s) of that group. 5 Click Deploy Agents. The Deploy McAfee Security Agent page appears showing the Target systems.
PAGE 66
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Installation 5 Choose the Branch as Current. 6 Click Save. Installing GroupShield for Exchange on the client computer 1 Using an administrative account, log on to the ePolicy Orchestrator server. 2 Click Systems | System Tree and choose a desired group. 3 From the Client Tasks tab, click Create Task. 4 Type a Name, Notes for the task and choose the Type as Product Deployment (McAfee Agent 4.0.0). 5 Click Next.
PAGE 67
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Installation Extensions You can install, remove and manage the GroupShield for Exchange extension files. Extension files are in ZIP file format and must be installed before that product or component can be managed by ePolicy Orchestrator 4.0. The two extension files for GroupShield for Exchange are: GROUPSHD7000.ZIP GSE7REPORTS.
PAGE 68
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Introducing ePolicy Orchestrator 4.0 Dashboard Introducing ePolicy Orchestrator 4.0 Dashboard Dashboards are a collection of pre-configured and/or user-selected monitors that provide current data about your detections. The ePolicy Orchestrator dashboard consists of a collection of named dashboard monitors.
PAGE 69
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Reporting Table 6-1 Dashboard Options Options Description Make Public Adds the selected private dashboard to the Public Dashboards list, making it available to all users with permissions, to use public dashboards. Make Active Adds the selected dashboard to the Dashboards tab for easy access. Reporting Reports are pre-defined queries which queries the ePolicy Orchestrator database and generates a graphical output.
PAGE 70
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Systems 7 The Filter page appears. Specify criteria by selecting properties and operators to limit the data retrieved by the query. 8 Click Run, then Save. The Save Query page appears. 9 Enter a Name and Notes (if required) for the query, then click Save. Table 6-2 Reporting Options Options Description Delete Deletes a selected query.
PAGE 71
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Systems 3 Choose a group in the System Tree. 4 Select the desired Computer Name(s) of that group. 5 Click More Actions | Wake Up Agent. The Wake Up Agents page appears. 6 Choose a Wake-up call type and a Randomization period (0-60 minutes) during which the system(s) respond to the wakeup call sent by the ePolicy Orchestrator server.
PAGE 72
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Systems Enforcing Policies You can enforce a policy to multiple managed systems within a group. 1 Using an administrative account, log on to the ePolicy Orchestrator server. 2 Click Systems | System Tree and choose a desired group. 3 Select the desired system(s). 4 Click Assign Policy. The Assigning Policy for system page appears. 5 Select the desired Product, Category, and Policy from the drop-down, then click Save.
PAGE 73
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Systems Creating a new autoupdate task 1 Using an administrative account, log on to the ePolicy Orchestrator server. 2 Click Systems | System Tree and choose a desired group. 3 From the Client Tasks, select the desired group in the System Tree for which you want to create the autoupdate task. 4 Click Create Task. The Client Task Builder page appears.
PAGE 74
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Uninstallation 6 Choose On Demand Scan (GroupShield for Exchange 7.0.0) as the Type of the task and click Next. 7 Under Configuration, choose a policy from the drop-down. 8 Click Next and schedule the task as desired. 9 Click Next to view the Summary of the on-demand scan task, which includes the Name, Notes, Product, Type of the task, and the Schedule information. 10 Click Save. 11 Send an agent wakeup call.
PAGE 75
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Uninstallation Run update after successful product deployment (4.0 or above) 10 Click Next to schedule this task as desired. 11 Click Next to view a summary of the task, then click Save. 12 In the Systems tab, select a group and a computer where you want to install GroupShield 7.0. You can select all the computers in a group to install GroupShield 7.0 by clicking Select Note all in the page.
PAGE 76
® ™ McAfee GroupShield 7.0 User Guide Integrating with ePolicy Orchestrator 4.0 Uninstallation 4 Select the option Force removal, bypassing any checks or errors. 5 Click OK.
PAGE 77
7 Integrating with ProtectionPilot 1.5 Introduction ProtectionPilot software is a security management system that simplifies anti-virus management tasks for network administrators who manage up to 500 computers. Management consists of deploying (sending and installing) anti-virus products, configuring product settings, and keeping those products up-to-date. Here you register and configure GroupShield for Exchange to be managed through ProtectionPilot.
PAGE 78
® ™ McAfee GroupShield 7.0 User Guide Integrating with ProtectionPilot 1.5 Introduction The console tree is the navigation pane of the console. It shows the servers, workstation, and appliances that you can administer using ProtectionPilot. The details pane is to the right of the console. Depending on the item selected in the console tree, the details pane might have an upper details pane and lower details pane.
PAGE 79
® ™ McAfee GroupShield 7.0 User Guide Integrating with ProtectionPilot 1.5 Installation Exchange Server is added into the ProtectionPilot’s managed server list under the “Directory” branch. McAfee Common Agent installed on the ProtectionPilot server. From ProtectionPilot server console, ProtectionPilot agent is installed or pushed on the Exchange Server. Before you begin 1 Create a temporary directory on the network or your local drive.
PAGE 80
® ™ McAfee GroupShield 7.0 User Guide Integrating with ProtectionPilot 1.5 Configuring GroupShield policies Adding McAfee GroupShield for Exchange NAP file to the ProtectionPilot server: 1 Locate the NAP file, on the product CD or in the installation .ZIP file downloaded from the McAfee website, and save it to a temporary folder accessible from the ProtectionPilot server. 2 Log on to the ProtectionPilot server with administrative rights. 3 From the Server page, select the Repository tab.
PAGE 81
® ™ McAfee GroupShield 7.0 User Guide Integrating with ProtectionPilot 1.5 Configuring GroupShield policies Setting and enforcing policies The ProtectionPilot console allows you to enforce policies across groups of computers or on a single computer. These policies override configurations set on individual computers. For information regarding policies and how they are enforced, see the ProtectionPilot Product Guide.
PAGE 82
® ™ McAfee GroupShield 7.0 User Guide Integrating with ProtectionPilot 1.5 Configuring GroupShield policies 7 Select the debug logging Level. you can select: High - to collect large number of log entries. Medium - to collect medium number of log entries. Low - to collect low number of log entries. None - to disable debug logging. 8 Select Limit size of debug log files option to specify whether there should be a size limit for debug log files.
PAGE 83
® ™ McAfee GroupShield 7.0 User Guide Integrating with ProtectionPilot 1.5 Scheduling tasks 3 Specify the Database location or specify a different location for the product log. Use the first field to tell the software about the type of location you are going to specify in the second field. For example, if you select Full Path in the first field, enter the full path name in the second field. If you select a location, specify the file name, or sub-directory path and file name.
PAGE 84
® ™ McAfee GroupShield 7.0 User Guide Integrating with ProtectionPilot 1.5 Scheduling tasks On-Demand (Full Scan) - Policies in this set contain settings for all scanners and filters. These policies will be the typically used for scanning at regular intervals. Creating a new on-demand scan task 1 Log on to the ProtectionPilot server.
PAGE 85
® ™ McAfee GroupShield 7.0 User Guide Integrating with ProtectionPilot 1.5 Uninstallation 4 Click the Scheduled Tasks tab. The Scheduled Tasks for Computer page appears. 5 Click Create Task. The Tasks Types page appears. 6 Click GroupShield 7.0 for Exchange with the Task type as AutoUpdate Task. 7 Click Next. The Task Settings page appear. 8 Enter a Name for the task. 9 Under Schedule Settings, deselect Inherit.
PAGE 86
® ™ McAfee GroupShield 7.0 User Guide Integrating with ProtectionPilot 1.5 Uninstallation 2 Select the GroupShield for Exchange under Repository | View contents of Server Repository. 3 Select GroupShield for Exchange with the Type as Install from the View contents of server repository list. 4 Click Delete to uninstall GroupShield for Exchange package file from the server.
PAGE 87
8 Getting Started with the User Interface The user interface provides critical function for GroupShield administrators. It is important for the administrators to know how well their server is being protected from viruses and banned content. Dashboard is your interface to the GroupShield for Exchange. The left pane of the console has links namely Dashboard, Detected Items, Policy Manager, and Settings and Diagnostics that you can administer.
PAGE 88
McAfee® GroupShield™ 7.0 User Guide Getting Started with the User Interface Dashboard Dashboard The dashboard provides an overview of the scanning details, latest detections, graphical view of these detections, product updates and versions, a list of recently scanned items, anti-virus news, and security news.
PAGE 89
McAfee® GroupShield™ 7.0 User Guide Getting Started with the User Interface Dashboard Statistics This section shows you the percentage and the number of clean items, detected spam, phish, viruses, PUPs, banned file types/messages and unwanted content. It also shows you the average scan time (in milliseconds) and the total number of email messages scanned. Click Reset to reset the statistics of detected items.
PAGE 90
McAfee® GroupShield™ 7.0 User Guide Getting Started with the User Interface Dashboard Licenses: This tab gives the description of the installed product(s), the type of license, expiry date (if the license type is Beta), and the number of day(s) remaining for the license to expire. Reports This section has three tabs: Recently Scanned Items: This tab shows a list of recently scanned items.
PAGE 91
McAfee® GroupShield™ 7.0 User Guide Getting Started with the User Interface Dashboard 3 In Choose when to scan, choose any of these options: Not scheduled — Select the checkbox and specify the number of hours and minutes after which the scanning has to stop. Once — From the respective drop-down lists, choose a date, month, year and the time when a scan has to start. You can select the checkbox and specify the number of hours and minutes after which the scanning has to stop.
PAGE 92
McAfee® GroupShield™ 7.0 User Guide Getting Started with the User Interface Dashboard Remove Viruses Find Banned Content Remove Banned Content Full Scan 7 Select Resumable Scanning to enable Restart from last item. Note Using this option, you can specify whether a scan can restart from the point where it was stopped. 8 Click Next. 9 Enter a name for the task. 10 Click Finish, then Apply. Modifying an existing on-demand scan 1 Click Dashboard | On-Demand Scans.
PAGE 93
McAfee® GroupShield™ 7.0 User Guide Getting Started with the User Interface Dashboard The ‘Run Now’ link Once you have scheduled a new task, you can run a scan. This option is available only if you click Apply after creating a new scan task. Note 1 Click Dashboard | On-Demand Scans. The On-Demand Scans page lists all the on-demand scans. 2 Click the Run Now link of the task you wish to start. A confirmation dialog box appears. 3 Click OK to run the on-demand scan immediately.
PAGE 94
McAfee® GroupShield™ 7.0 User Guide Getting Started with the User Interface Dashboard Days — Specify the time how frequently, in days, the report task should take place and at what time of the day. You can select the checkbox and specify the number of hours and minutes after which the report task has to stop. Weeks — Specify how frequently, in weeks, the report task should take place. You can also specify on which days and at what time of day the task should take place.
PAGE 95
McAfee® GroupShield™ 7.0 User Guide Getting Started with the User Interface Dashboard 3 Click OK. Click Refresh to update the schedule summary information. Note Graphical reports The Graphical Reports section gives an explicit view of a graph of detected items. You can also find each detection by setting filters to specify the type of detections that are of interest.
PAGE 96
McAfee® GroupShield™ 7.0 User Guide Getting Started with the User Interface Dashboard Reason Ticket Number Detection Name Spam Score 4 Choose All Dates or a desired Date Range from the drop-down lists. 5 Choose Bar Graph or Pie Chart as required. 6 If you choose Pie Chart, choose to Query on, from the drop-down list.
PAGE 97
9 Detected Items Detected Items is used to view information about emails that contains spam, phish, viruses, potentially unwanted programs, unwanted content, banned file types or messages, and all items. You should select at least one search filter, however you can use up to three search filters to narrow your search.
PAGE 98
McAfee® GroupShield™ 7.0 User Guide Detected Items Spam Spam Spam is an unwanted email message, specifically unsolicited bulk messages. 1 Click Detected Items | Spam. The Spam page appears. 2 Select up to three of these search filters: Ticket Number Sender Spam Score Action Taken 3 Select All Dates to include all the entries. Else, select the desired date and time range from the Date Range drop-down lists. 4 Click Search.
PAGE 99
McAfee® GroupShield™ 7.0 User Guide Detected Items Viruses 3 Select All Dates to include all the entries. Else, select the desired date and time range from the Date Range drop-down lists. 4 Click Search. A list of phish items matching your search criteria are displayed in the View Results section. Click Clear Filter to return to the default search filter settings.
PAGE 100
McAfee® GroupShield™ 7.0 User Guide Detected Items Unwanted content 1 Click Detected Items | Potentially Unwanted Programs. The Potentially Unwanted Programs page appears. 2 Select up to three of these search filters: Ticket Number Filename Action Taken Submit to Avert 3 Select All Dates to include all the entries. Else, select the desired date and time range from the Date Range drop-down lists. 4 Click Search.
PAGE 101
McAfee® GroupShield™ 7.0 User Guide Detected Items Banned file types/messages Banned file types/messages Banned file types are any files which are banned by an administrator. 1 Click Detected Items | Banned File types/Messages. 2 Select any of these search filters: Ticket Number Filename Action Taken 3 Select All Dates to include all the entries. Else, select the desired date and time range from the Date Range drop-down lists. 4 Click Search.
PAGE 102
McAfee® GroupShield™ 7.0 User Guide Detected Items All items Search filters used: Action Taken — to search according to the type of action taken when the item was detected. Filename — to search by file name. Sender — to search by the email address of the sender. Spam Score — to search by the spam score. Spam score is a number that indicates the amount of potential spam contained within an email message. Ticket Number — to search by ticket number.
PAGE 103
McAfee® GroupShield™ 7.0 User Guide Detected Items All items You can also use: Columns to display - to select additional column headers to be listed in the View Results pane. Click this option, select the desired options, and click OK. You must select at least one column header. Note Select All — to select all the detected items in the View Results pane. Select None — to deselect all the detected items in the View Results pane.
PAGE 104
McAfee® GroupShield™ 7.
PAGE 105
10 Policy Manager This chapter explains how you enforce policies in GroupShield for Microsoft® Exchange Server 2003/2007. You can use Policy Manager to specify policies that determine how different types of threats are treated when detected. Each type of policy has a master policy, which is the default policy for that policy type. Master policy cannot be deleted, because there should always be one policy from which other policies can be created. The master policy is configured to cover most situations.
PAGE 106
McAfee® GroupShield™ 7.0 User Guide Policy Manager Policy manager views Inheritance view Inheritance View enables you to view policy settings inherited from another policy. The policy that inherits the settings is known as the “child policy”, and the policy from which it inherits those settings is know as the “parent policy”. If the policy name is indented, that policy inherits some of its settings from its parent policy. You can use: The Name of the policy — to edit its settings.
PAGE 107
McAfee® GroupShield™ 7.0 User Guide Policy Manager Policy manager views Advanced view The main purpose of Advanced View is to allow you to change the order in which any subpolicies are applied (in the Move column). You can click on: The Name of the policy — to edit its settings. Create sub-policy — to create a subpolicy. You can create a subpolicy for exceptions that are not covered by the master policy. Note Enabled — to enable or disable a subpolicy.
PAGE 108
McAfee® GroupShield™ 7.0 User Guide Policy Manager Creating a subpolicy Creating a subpolicy 1 From Policy Manager, select a menu item for which you want to create a subpolicy. 2 Click Create sub-policy. The Create a sub-policy page appears with three tabs: Initial configuration Trigger rules Scanners and filters 3 In the Initial configuration page, type a sub-policy name that identifies the policy and what it does.
PAGE 109
McAfee® GroupShield™ 7.0 User Guide Policy Manager Policy settings Initialize selected settings with values copied from another policy to choose a policy from the drop-down and initialize the selected settings with the values of that policy. 10 Click Finish, then Apply. Policy settings You can set up policies that determine how different types of threats are treated for different groups of users or databases stored on the server.
PAGE 110
McAfee® GroupShield™ 7.0 User Guide Policy Manager Policy settings Anti-Phishing (Gateway) For more information on Core Scanners mentioned above, see Scanners and filters on page 113 Note Filters — to configure the policy for each type of filter.
PAGE 111
McAfee® GroupShield™ 7.0 User Guide Policy Manager Policy settings 6 If you choose Select existing time slot, choose any one of these from the drop-down menu: Weekdays Weekends Working hours 7 If you choose Create a new time slot, specify a name for the new time slot and select the desired day(s) and time. 8 Click Save, then Apply. You can delete a new time slot that you have created.
PAGE 112
McAfee® GroupShield™ 7.0 User Guide Policy Manager Policy settings View settings In the View Settings tab, you can configure scanner/filter settings for a selected policy and the scanner/filter that you choose. You can: View and configure option settings, including specifying which alert message to use when a detection triggers a content rule. View and configure content rules and actions. View and configure the desired action to take place in case of a detection.
PAGE 113
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters 5 Click Apply. Scanners and filters Policy Manager has core scanners, filters and miscellaneous settings for different types of policies (submenu items). The different scanning types in GroupShield for Exchange are: On-Access — to create policies for email messages every time they are opened, copied or saved to determine if they contain a virus or other potentially unwanted code.
PAGE 114
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters The core scanners, filters, and miscellaneous settings for each type of policy are explained in detail below. Core scanners Core scanners in GroupShield 7.0 include: Anti-Virus Scanner Content Scanning File Filtering Anti-Spam Anti-Phishing Anti-virus scanner Anti-Virus Scanner consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software.
PAGE 115
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters 5 In Options, select any one of these anti-virus option set that you want to view or configure: High Protection — to view and configure the settings that are applied when a high level of protection is required. Medium Protection — to view and configure the settings that are applied when a medium level of protection is required.
PAGE 116
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Default file types — to specify that only the default file types should be scanned. Defined file types — to specify which file types should be scanned. 6 Under Scanner options, select the scanner options you require. You can select: Scan archive files (ZIP, ARJ, RAR...) — to scan inside archive files, such as ZIP files. Find unknown file viruses — to use heuristic analysis techniques to search for unknown viruses.
PAGE 117
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Exclude specified names — to specify which packers can be ignored. Include only specified names — to specify which packers you want the software to detect. Add — to add packer names to a list. Delete — to remove packer names from a list. 11 In PUPs, use: Enable detection — to enable or disable the detection of PUPs. Click on the this disclaimer link and read the disclaimer before configuring PUP detection.
PAGE 118
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Editing anti-virus scanner actions 1 From Policy Manager, select a submenu item that has anti-virus scanner. The policy page for the submenu item appears. 2 Choose a desired policy. 3 Click Anti-Virus Scanner. The View Settings tab for the anti-virus scanner appears. 4 Under Actions to take section, click the Edit link. The Anti-Virus Scanner Actions page appears.
PAGE 119
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Primary actions for On-Demand (Default), On-Demand (Find Viruses), On-Demand (Remove Viruses), and On-Demand (Full Scan) scan include: Replace detected item with an alert — to replace the detected item with an alert message. Delete message — to delete the email message item. Allow through — to allow the item to continue to the next scanning phase or on to its final destination.
PAGE 120
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters 3 Click Content Scanning. The View Settings tab for the content scanner appears. 4 In Activation, select or deselect Enable to enable or disable the content scanner settings for this policy.
PAGE 121
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters 6 Under Content Scanning Alert, choose the desired Style, Font, Size, and Tokens from the respective drop-down lists. These options are available only if you choose HTML content (WYSIWYG) from the Show drop-down menu. Note 7 Choose any of these tools available in Content Scanning Alert. Bold — to make the selected text bold. Italic — to make the selected text italic. Underline — to underline the selected text.
PAGE 122
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Insert Table — to insert a table at the current cursor position. Type the values in Rows, Columns, Table width, Border thickness, Cell padding, and Cell spacing to configure the table, then click Insert Table. 8 From the Show drop-down menu, specify how the alert message should be displayed within the user interface.
PAGE 123
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters 6 Under If detected, take the following action, choose the desired primary and secondary content scanner actions. See Primary and secondary content scanner actions on page 123. Note 7 Click Save, then Apply. Primary and secondary content scanner actions Primary actions for On-Access scan include: Replace item with an alert — to replace the detected item with an alert message. Delete embedded item — to delete the detected item.
PAGE 124
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Notify recipient — to send an alert message to the recipient, when the recipient is not in the same domain as Microsoft® Exchange Server 2003/2007. Secondary actions for On-Demand (Find Banned Content), On-Demand (Remove Banned Content), and On-Demand (Full Scan) scan include: Log — to record the detection in a log. Quarantine — to take a copy of the item and store it in the quarantine database.
PAGE 125
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Change — to change the primary and secondary actions associated with a file filtering rule. For more information on changing the primary and secondary actions associated with a file filtering rule, refer to Primary and secondary file filtering actions on page 127 Note Delete — to delete the file filtering rule. Creating a new file filtering rule 1 From Policy Manager, select a submenu item that has a file filter.
PAGE 126
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters 11 In File categories, click on a file type. An asterisk symbol (*) appears next to the file type to indicate that the selected file type will be filtered. 12 In Subcategories, click on the subcategory you want to filter. Note Note To select more than one subcategory, use Ctrl+Click or Shift+Click. To select all of the subcategories, click All. Click Clear selections to undo the last selection.
PAGE 127
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Primary and secondary file filtering actions Primary actions for On-Access scan include: Replace detected item with an alert — to replace the detected item with an alert message. Delete embedded item — to delete the detected item. For example, to delete an attachment that triggers a detection rule. Delete message — to delete the email message item.
PAGE 128
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Notify administrator — to send an alert message to the email administrator. Anti-spam You can configure the file filtering settings for a selected policy. 1 From Policy Manager, select Gateway. The policy page for Gateway appears. 2 Choose a desired policy. 3 Click Anti-Spam. The View Settings tab for the anti-spam scanner appears.
PAGE 129
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Reject the Message — to reject the email message. Delete message — to delete the email message item. Allow through — to allow the item to continue to the next scanning phase or on to its final destination. Secondary actions for Gateway scan (for high, medium, and low spam score) include: Log — to record the detection in a log. Quarantine message — to take a copy of the item and store it in the quarantine database.
PAGE 130
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Caution These default settings have been carefully optimized to maintain the balance between a high spam detection rate and a low false positive rate. In the unlikely event that you need to change these settings, there is a technical notice available from Technical Support.
PAGE 131
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters 12 Select or deselect Verbose reporting to specify whether verbose reporting is required or not. Verbose reporting includes the names and descriptions of the anti-spam rules that have been triggered. Verbose reporting is available only if you do not choose Never in step 10. Note 13 In the Advanced tab, use: Maximum message size to scan (KB) — to specify the maximum size (in kilobytes) that an email message can be scanned.
PAGE 132
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Select a required Spam profile from the drop-down. A spam profile is a set of characteristics that identify a category of spam. To enable the anti-spam software to better detect spam, users can submit examples of spam, which enables the software to learn to recognize further spam. The anti-spam software builds a spam profile - a view of what the users regard as spam.
PAGE 133
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters create new set of options — to create a new set of options for anti-phising setting of a selected policy. For more information, refer to Creating new set of options for anti-phishing settings on page 133 Note Edit — to change the anti-phishing setting options associated with a policy. 6 In Actions, click Edit. The Anti-Phishing Actions page appears. 7 Choose the desired primary and secondary actions.
PAGE 134
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters 5 In Instance name, specify a name for the anti-phishing settings. This field is mandatory. 6 In Reporting options, select or deselect these options as required: Add prefix to subject of phishing messages — to specify that you want to add text to the start of the subject line of any email message that probably contains phish.
PAGE 135
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Filters Filters in GroupShield 7.0 include: Corrupt Content Protected Content Encrypted Content Signed Content Password-Protected Files Scanner Control MIME Mail Settings HTML Files Mail Size Filtering Corrupt content The content in some mails can be corrupt, which means such content cannot be scanned. Corrupt Content policy specifies how the mails with corrupt content are handled when detected.
PAGE 136
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Primary and secondary filtering actions for corrupt content Primary actions for On-Access scan include: Replace detected item with an alert — to replace the detected item with an alert message. Delete embedded item — to delete the detected item. For example, to delete an attachment that triggers a detection rule. Delete message — to delete the email message item.
PAGE 137
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Notify recipient — to send an alert message to the recipient, when the recipient is not in the same domain as Microsoft® Exchange Server 2003/2007. Protected content The content of some mails can be protected, which means that content cannot be scanned. For example, password-protected MS Office files. Protected Content policy specifies how the mails with protected content are handled when detected.
PAGE 138
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Delete message — to delete the email message item. Allow through — to allow the item to continue to the next scanning phase or on to its final destination. Secondary actions for On-Access, On-Demand (Find Banned Content), On-Demand (Remove Banned Content) scan include: Log — to record the detection in a log. Quarantine — to take a copy of the item and store it in the quarantine database.
PAGE 139
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters 5 In Actions, view the action that will be taken when encrypted content is detected. To change those actions, click the Edit link. Note Primary and secondary filtering actions for encrypted content is the same as those of protected content. Refer to Primary and secondary filtering actions for protected content on page 137.
PAGE 140
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Delete embedded item — to delete the detected item. For example, to delete an attachment that triggers a detection rule. Allow changes to break the signature— to break the signature of the signed content which leads to the change of the content before being uploaded. Allow through — to allow the item to continue to the next scanning phase or on to its final destination.
PAGE 141
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters 1 From Policy Manager, select a submenu item. The policy page for the submenu item appears. 2 Choose a desired policy. 3 Click Password-Protected Files. The View Settings tab for the password-protected file filter appears. 4 In Activation, select or deselect Enable to enable or disable the password-protected file filter settings for the policy.
PAGE 142
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Quarantine — to take a copy of the item and store it in the quarantine database. Notify administrator — to send an alert message to the email administrator. Secondary actions for On-Demand(Default) scan include: Log — to record the detection in a log. Quarantine — to take a copy of the item and store it in the quarantine database. Notify administrator — to send an alert message to the email administrator.
PAGE 143
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters 6 In Alert selection, select an existing alert to use when a scanner control option is triggered, else Create a new alert. If the alert text is not shown and you would like to preview it, click View/Hide to display the text. If the alert text is displayed, click View/Hide to hide it. For more information, refer to Creating a new alert on page 120.
PAGE 144
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters The maximum scanning time is exceeded. Primary actions for On-Access scan include: Replace detected item with an alert — to replace a detected item, such as an attachment, with an alert message. Delete embedded item — to delete the detected item. For example, to delete an attachment that triggers a detection rule. Delete message — to delete the email message item.
PAGE 145
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Secondary actions for On-Demand (Find Viruses), On-Demand (Remove Viruses), On-Demand (Find Banned Content), On-Demand (Remove Banned Content), On-Demand (Full Scan), and Gateway scan include: Log — to record the detection in a log. Quarantine — to take a copy of the item and store it in the quarantine database. Notify administrator — to send an alert message to the email administrator.
PAGE 146
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters 5 In Options, choose any one of these: Core Mail Settings — to view and configure the default mail size filter settings. An existing instance of MIME mail setting. create new set of options — to create a new set of MIME mail setting options for a selected policy. For more information, refer to Creating new set of options for MIME mail settings on page 146.
PAGE 147
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Re-encode using HTML with numeric unicode references Re-encode using the following character set (in this case, choose a character set from the drop-down list).
PAGE 148
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Do not treat as corrupt content 15 In NULL characters in the headers of a MIME message, choose the desired option: Treat as corrupt content and take appropriate action Do not treat as corrupt content 16 In the MIME Types tab, specify which MIME types should be treated as text attachments and which, as binary attachments. Note Click Add to add the MIME types to the list or Delete to delete a MIME type from a list.
PAGE 149
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Notify recipient — to send an alert message to the recipient, when the recipient is not in the same domain as Microsoft® Exchange Server 2003/2007. Secondary actions for On-Demand (Default) has two additional primary actions namely: Notify internal sender — to send an alert message to the internal sender, when the original email message originates in the same domain as Microsoft® Exchange Server 2003/2007.
PAGE 150
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Edit — to change the HTML File setting options associated with a policy. Creating a new set of options for HTML file settings 1 From Policy Manager, select a submenu item. The policy page for the submenu item appears. 2 Choose a desired policy. 3 Click HTML Files. The View Settings tab for HTML File settings appear. 4 From the Options drop-down menu, choose create new set of options. The HTML Files page appears.
PAGE 151
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters ActiveX controls — to remove ActiveX control elements from the HTML message. For example: Macromedia Flash — to remove Macromedia Flash elements from the HTML message. This option gets enabled if you have selected ActiveX controls. For example: 8 Click Save, then Apply.
PAGE 152
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters 4 From the Options drop-down menu, click create new set of options. The Mail Size Filtering page appears. 5 Specify an Instance name for the mail size filter settings. This field is mandatory. 6 In Maximum overall mail size (KB), specify the maximum size (in kilobytes) that an email message can be. We recommend 100,000 kilobytes (100 megabytes).
PAGE 153
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Secondary actions are the same for all tabs. Log — to record the detection in a log. Quarantine — to take a copy of the item and store it in the quarantine database. Notify administrator — to send an alert message to the email administrator. Notify sender — to send an alert message to the sender, when the original email message does not originate in the same domain as Microsoft® Exchange Server 2003/2007.
PAGE 154
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Edit — to change the alert setting options associated with a policy. Creating new set of options for alert settings 1 From Policy Manager, select a submenu item. The policy page for the submenu item appears. 2 Choose a desired policy. 3 Click Alert Settings. The View Settings tab for alert settings appears. 4 From the Options drop-down menu, click create new set of options. The Alert Settings page appears.
PAGE 155
McAfee® GroupShield™ 7.0 User Guide Policy Manager Scanners and filters Disclaimer text 1 From Policy Manager, select Gateway. The policy page for Gateway appears. 2 Choose a desired policy. 3 Click Disclaimer Text. The View Settings tab for the disclaimer text settings appear. 4 In Activation, select or deselect Enable to enable or disable the disclaimer text settings for the policy. 5 In Options, choose any one of these: Default Settings — to view and configure the default disclaimer text settings.
PAGE 156
McAfee® GroupShield™ 7.0 User Guide Policy Manager Shared resource Shared resource When setting up policies, you might want the same resource to be used by more than one policy. For example, you might want to use the same disclaimer text in two policies. The disclaimer text can be thought of as a resource that can be shared by more than one policy. Instead of creating two disclaimer texts, you can create a single copyright message that can be used by both policies.
PAGE 157
McAfee® GroupShield™ 7.0 User Guide Policy Manager Shared resource HTML Files Mail Size Filtering. Create New — to create a new shared resource for a selected category. Note For detailed information, refer to Creating a new shared resource for anti-virus scanner, Creating a new shared resource for anti-spam, Creating a new shared resource for scanner control, and Creating a new shared resource for alert settings Delete — to delete a resource that is no longer used by any of the policies.
PAGE 158
McAfee® GroupShield™ 7.0 User Guide Policy Manager Shared resource Creating a new shared resource for anti-spam 1 In Policy Manager, click Shared Resource. The Shared Resources page appears. 2 In Scanners & Alerts tab, choose Anti-Spam from the Category drop-down menu. 3 In the Scanners pane, click Create New. The Anti-Spam Settings page appears. 4 Perform step 6 -16 of Creating new set of options for anti-spam settings on page 129. 5 In the Alerts pane, choose a Category.
PAGE 159
McAfee® GroupShield™ 7.0 User Guide Policy Manager Shared resource 4 Enter the Instance name. 5 Enter the Maximum nesting level. 6 Enter the Maximum expanded file size (MB). 7 Enter the Maximum scan time (minutes). 8 Click Save. 9 In the Alerts pane, choose a Category. 10 Click Create New and perform steps of Creating a new alert on page 120. Creating a new shared resource for alert settings 1 In Policy Manager, click on Shared Resource. The Shared Resources page appears.
PAGE 160
McAfee® GroupShield™ 7.0 User Guide Policy Manager Shared resource 5 In the Alerts pane, choose a Category. 6 Click Create New and perform steps of Creating a new alert on page 120. Creating a new shared resource for mail size filtering 1 In Policy Manager, click on Shared Resource. The Shared Resources page appears. 2 In Scanners & Alerts tab, choose Mail Size Filtering from the Category drop-down menu. 3 In the Scanners pane, click Create New. The Mail Size Filtering page appears.
PAGE 161
McAfee® GroupShield™ 7.0 User Guide Policy Manager Shared resource In File Filtering Rules, you can set up rules that apply to file name, file type, and file size. You can use: Create New — to create a new file filtering rule. For more information, refer to Creating new file filtering rule on page 162 Note Delete — to delete a rule that is no longer used by any of the policies. Edit — to change the rule settings.
PAGE 162
McAfee® GroupShield™ 7.0 User Guide Policy Manager Shared resource 8 Under the File Format tab, select Everything to select all the file categories and its subcategories. You can select multiple categories and file types within the selected categories to be matched. Selecting All in the subcategory selector overrides any other selections that may already have been made. 9 Click Save, then Apply. Creating new file filtering rule 1 In Policy Manager, click on Shared Resource.
PAGE 163
11 Settings & Diagnostics This chapter describes the settings and diagnostics you could perform on GroupShield for Exchange. Topics covered are: On-Access Settings Notifications Anti Spam Detected Items User Interface Preferences Diagnostics Product Log DAT Settings Import and Export Configuration On-access settings On-Access Settings is used to configure the General settings, Microsoft Virus Scanning API (VSAPI) settings, and Transport Scan Settings.
PAGE 164
McAfee® GroupShield™ 7.0 User Guide Settings & Diagnostics On-access settings 2 In General, choose Allow Through or Remove depending on whether you want to allow the email message through or delete it, if scanning fails. 3 In Microsoft Virus Scanning API (VSAPI): Select or deselect Enabled to specify whether VSAPI should be enabled or not. VSAPI is implemented at a very low-level in the Exchange Information Store.
PAGE 165
McAfee® GroupShield™ 7.0 User Guide Settings & Diagnostics On-access settings Note Select Enabled to benefit from direction-based SMTP scanning control. If deselected, the remaining options also becomes inactive. Select Scan Inbound Mails to scan messages coming from an external server (for example, Internet-based email messages). If this option is selected and the next two options are deselected, then a mail going to a different domain is not scanned.
PAGE 166
McAfee® GroupShield™ 7.0 User Guide Settings & Diagnostics On-access settings 4 Select Only Un-Scanned Items to enable background scanning only to those messages that have not been scanned yet. 5 Select Force Scan All to scan items irrespective of whether the item has a scan stamp or not. If an item has a scan stamp, it means that the item is scanned and up to date. 6 Select Update Scan Stamp to perform background scanning up to date. When you deselect this option, do not update stamp.
PAGE 167
McAfee® GroupShield™ 7.0 User Guide Settings & Diagnostics Notifications Notifications Notification settings allows the user to configure the content and SMTP address for the administrator to send email notifications. 1 Click Settings & Diagnostics | Notifications. The Notifications page appears. 2 Type the Administrator E-mail address to notify the administrator email account of that Exchange Server. 3 Type the Sender E-mail to notify using the sender email address.
PAGE 168
McAfee® GroupShield™ 7.0 User Guide Settings & Diagnostics Anti spam %idy% — Scanned By %psn% — Policy Name %svr% — Server %avd% — AV DAT %ave% — AV Engine %rpt% — Recipient %rsn% — Reason %sbj% — Subject %ssc% — Spam score %ase% — Anti-Spam Engine %asr% — Anti-Spam Rules Anti spam You can use Anti Spam settings to configure Gateway Spam Filter and User Junk Folder Routing. 1 Click Settings & Diagnostics | Anti Spam. The Anti Spam Settings page appears.
PAGE 169
McAfee® GroupShield™ 7.0 User Guide Settings & Diagnostics Detected items Configure the settings used when communicating with McAfee Quarantine Manager. Configure maintenance settings for the local quarantine database. McAfee Quarantine Manager 1 Click Settings & Diagnostics | Detected Items. The Detected Items page appears. 2 Select Enabled to use McAfee Quarantine Manager as a repository to quarantine detected items. If deselected, the remaining options are also disabled.
PAGE 170
McAfee® GroupShield™ 7.0 User Guide Settings & Diagnostics User interface preferences 7 Click Apply. User interface preferences You can use User Interface Preferences to configure user interface refresh, report, metric, graph and chart settings. Dashboard settings 1 Click Settings & Diagnostics | User Interface Preferences. The User Interface Preferences page appears.
PAGE 171
McAfee® GroupShield™ 7.0 User Guide Settings & Diagnostics Diagnostics 3 Select Anti-alias to specify whether you want to use anti-aliasing techniques when displaying pie charts. If anti-aliasing is used, you will see smoother curves in pie charts. If anti-aliasing is not used, pie chart curves appear more jagged. 4 Select Explode pie to specify whether the segments should remain within the circle of the pie chart or be shown with some distance between each segment.
PAGE 172
McAfee® GroupShield™ 7.0 User Guide Settings & Diagnostics Diagnostics \ \ \ Avoid using debug logging indiscriminately because it fills up the hard disk space and affects the overall performance of the Exchange Server. It should be enabled for a limited duration as advised by an authorized personnel (McAfee support engineer).
PAGE 173
McAfee® GroupShield™ 7.0 User Guide Settings & Diagnostics Product log \ 2 Select Specify filename of database to specify whether you want to use the default file name or specify a different name. If deselected, the default file name is used. The default Database filename is productlog.bin. 3 In Size Limits section: Select Limit database size to specify that you want to limit the size of the product log database.
PAGE 174
McAfee® GroupShield™ 7.0 User Guide Settings & Diagnostics DAT settings Description — Select the relevant description. You can select up to three search filters. Note 3 Choose the All Dates radio button to include all entries, else choose Date Range and choose the desired date range from the drop-down menu. 4 Click Search. A list of detected items matching your search criteria, are displayed in the View Results section.
PAGE 175
McAfee® GroupShield™ 7.0 User Guide Settings & Diagnostics Import and export configuration There are two tabs, Configuration and Site List. Configuration You can copy the configuration of this Exchange Server system and save it to a location where it can be imported by other Exchange Server systems. To do so: 1 Click Settings & Diagnostics | Import and Export Configuration. The Import and Export Configurations page appears. 2 Select the Configuration tab. 3 Click Export.
PAGE 176
McAfee® GroupShield™ 7.0 User Guide Settings & Diagnostics Import and export configuration 3 Click Apply.
PAGE 177
Index A customer service, contacting 19 Add a content rule 120 Add scanner/filter 110 Adding a new content rule 122 Advanced Reports 95 Alert Settings 153 GroupShield 7 D Dashboard 88 H dashboard 88 HotFix and Patch releases (for products and security vulnerabilities) 19 DAT files Avert Labs notification service for updates 19 All Items 101 Anti Spam settings 168 updates, website 19 Anti-phish 132 DAT settings 174 anti-phish 132 Delete an On-Demand Scan 92 Anti-Virus Scanner 114 Detected It
PAGE 178
® ™ McAfee GroupShield 7.
PAGE 179
SonicWALL Product Line Manager (408) 962-6359