McAfee Agent 4.
COPYRIGHT Copyright © 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
Contents About the McAfee Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Agent-server communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Agent-server communication interval. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Proxy settings for the agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Configuring proxy settings for the agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Retrieving system properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Scheduling a client task for a group. . . .
Contents Agent Activity Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Viewing the agent activity log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Viewing the agent activity log from the managed system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Viewing the agent activity log from the ePO server. .
About the McAfee Agent The term agent is used in three different contexts: • McAfee Agent • SuperAgent • Agent Handler McAfee Agent The McAfee Agent is the client-side component that provides secure communication between McAfee managed products and ePolicy Orchestrator. The agent also provides local services to these products and to products developed by McAfee's Security Innovation Alliance partners.
About the McAfee Agent Agent-server communication Agent-server communication During agent-server communication, the agent and server exchange information using a propietary network protocol (for ePO 4.0) or an industry-standard network protocol TLS (for ePO 4.5) that ePolicy Orchestrator uses for secure network transmissions. At each communication, the agent collects its current system properties, as well as events that have not yet been sent, and sends them to the server.
About the McAfee Agent Wake-up calls and wake-up tasks You can force the agent to communicate with the server at any time after installation by clicking the McAfee system tray icon, (if it has been enabled), and selecting McAfee Agent Status Monitor. When the Monitor appears, clicking Collect and Send Props sends full or minimal properties as defined on the General page of the McAfee Agent Policy Catalog.
About the McAfee Agent System requirements and supported operating systems and processors The process is: 1 Server sends a wake-up call to all SuperAgents. 2 SuperAgents broadcast a wake-up call to all agents in the same broadcast segment. 3 All agents (regular agents and SuperAgents) exchange data with the server. 4 An agent without an operating SuperAgent on its broadcast segment is not prompted to communicate with the server.
About the McAfee Agent System requirements and supported operating systems and processors Operating systems Processor Solaris 8; 32-bit or 64-bit Solaris 9; 32- bit or 64-bit SPARC Solaris 10; 64-bit SuSE Linux 8.
Installing the McAfee Agent The installation procedure for the McAfee Agent varies depending on: • The operating system in use — Windows, Solaris, HB-UX, Macintosh, or Linux. • The type of installation — First-time installation or upgrade on a system already hosting an agent. • The tools used to install — ePolicy Orchestrator native tools, login scripts, images, or none. This section provides instructions on installing the agent in a variety of environments.
Installing the McAfee Agent Methods of agent deployment and installation Method Action Notes upgrade products and update product content.. Using third-party software such as Configure your third-party software to • Microsoft Systems Management Server distribute the agent installation (SMS) or IBM Tivoli package, which is located on your ePO server. • The agent installation package contains necessary security keys and the site list.
Installing the McAfee Agent Methods of agent deployment and installation 1 Download both the agent extension, ePOAgentMeta.zip and the agent package, MA450Win.zip to the system containing the ePO server. 2 Install the agent extension: a Click Menu | Software | Extensions. The Extensions page opens. b Click Install Extension. c Browse to the location containing ePOAgentMeta.zip, select it and click OK. The Install Extensions summary page appears. d Click OK to complete the installation of the extension.
Installing the McAfee Agent Methods of agent deployment and installation Task For option definitions, click ? in the interface. 1 Download both the agent extension, ePOAgentMeta.zip, and the agent package, MA450Win.zip, to the system containing the ePO server. 2 Install the agent extension: a Click Menu | Software | Extensions. The Extensions page opens. b Click Install Extensions. c Browse to the location containing ePOAgentMeta.zip, select it and click OK. The Install Extensions summary page appears.
Installing the McAfee Agent Methods of agent deployment and installation Installing the agent manually Use these instructions to install agents manually. Tasks Installing on Windows manually Installing on UNIX-based operating systems Installing on Windows manually This method is appropriate if your organization requires that software is installed on systems manually. You can install the agent on the system, or distribute the FramePkg.exe installer for users to run the installation program themselves.
Installing the McAfee Agent Methods of agent deployment and installation 3 Operating system File name HP-UX MA450HPX.zip Linux MA450LNX.zip Macintosh MA450MAC.zip Solaris MA450SLR.zip AIX MA450AIX.zip Install the agent extension on the ePO server. a Click Menu | Software | Extensions, then click Install extension. b Browse to the location containing ePOAgentMeta.zip, select it and click OK. The Install Extensions summary page appears. c Click OK to complete the installation of the extension.
Installing the McAfee Agent Methods of agent deployment and installation Creating custom agent installation packages Use this task to create a custom agent installation package. If you use a distribution method other than ePolicy Orchestrator deployment capabilities (such as login scripts or third-party deployment software), you can create a custom agent installation package (FramePkg.exe or install.sh) with embedded administrator credentials.
Installing the McAfee Agent Methods of agent deployment and installation • Consult your operating system documentation for writing login scripts. The details of the login script depend on your needs. This task uses a basic example. • Create a batch file (ePO.bat) that contains commands you want to execute on systems when they log on to the network.
Installing the McAfee Agent Methods of agent deployment and installation Identifying and correcting a duplicate GUID If you deployed the agent on an image without first removing its GUID from the registry, multiple systems in your environment will have duplicate GUIDs. When these systems fail to communicate with the Agent Handler, they generate sequencing errors, which indicate a GUID problem.
Installing the McAfee Agent Methods of agent deployment and installation Duplicate Agent GUID - Clear error Duplicate Agent GUID - remove systems count with potentially duplicated GUIDs Sub-Actions 4 Clear Agent GUID Sequence Error Count Move Agent GUID to Duplicate List and Delete Systems • Click Next again to display the Schedule page. Specify the frequency, start and end dates, and time for running this query. Click Save.
Installing the McAfee Agent Methods of agent deployment and installation Before you begin To use this method, these requirements must be met: • Systems must already be added to the System Tree. NOTE: If you have not yet created the System Tree, you can deploy the agent installation package to systems at the same time that you add groups and systems to the System Tree. However, McAfee does not recommend this procedure if you are importing large domains or Active Directory containers.
Installing the McAfee Agent Methods of agent deployment and installation b Click Actions, then select Check In Package from the drop-down menu. c Browse to MA450Win.zip, select it, then click Next. d Ensure that Current is selected in the Branch field, then click Save. 4 Push the agent to target systems: a Click Menu | Systems | System Tree, then select the groups or systems where you want to deploy the agent. b Click Actions.
Installing the McAfee Agent Methods of agent deployment and installation Converting the agent mode from unmanaged to managed mode in Windows Use this task to convert the agent from unmanaged (updater) mode to managed mode in a Windows environment. Before you begin Before converting the agent mode, consider the following: • By default, the FrmInst.exe file is installed in this location: C:\Program Files\McAfee\Common Framework.
Installing the McAfee Agent Agent installation folder — Windows Task 1 On the target system, locate the msaconfig file in the binaries subfolder of the cma folder. For example, on HP-UX, Linux, and Solaris systems, the location is /opt/McAfee/cma/bin. On Macintosh systems, the location is /Library/McAfee/cma/bin. 2 Run /opt/McAfee/cma/bin/msaconfig -m -d [-nostart].
Installing the McAfee Agent Agent installation folder — UNIX-based systems Operating system AIX Location Contents /opt/McAfee/cma/ All binaries, logs, agent working area /etc/cma.d/ Configuration and management information (including GUID and agent version) needed to manage point-products. /etc/ cma.conf Configuration and management information in xml format, allowing point-products to read. /usr/sbin/ cma Script for starting and stopping the agent, manually and when called by the system.
Installing the McAfee Agent The agent installation package Operating system Location Contents /etc/cma.d/ Configuration and management information (including GUID and agent version) needed to manage point-products. cma.conf /etc/ Configuration and management information in xml format, allowing point-products to read. cma /etc/init.d/ Script for starting and stopping the agent, manually and when called by the system. The agent installation package A FramePkg.
Installing the McAfee Agent Agent installation command-line options FramePkg.exe and FrmInst.exe command-line options Command Description /DATADIR Specifies the folder on the system to store agent data files. The default location is: \All Users\Application Data\McAfee\Common Framework.
Installing the McAfee Agent Assigning values to custom properties Assigning values to custom properties Use this task to specify up to four custom properties during installation of the agent at the command line. These values override values set by the ePO administrator. Custom properties are reported back to the ePO server and are displayed in the system properties. These properties can be used to enhance custom reporting on systems or to allow custom tagging.
Upgrading and Restoring Agents Use these tasks to upgrade or restore existing agents in your environment. If you have been using an older version of ePolicy Orchestrator and have previous agent versions in your environment, you can upgrade those agents once you’ve installed your new ePO server. The procedure for upgrading the agent depends on which agent version is running on your managed systems. NOTE: Some previous agent versions do not support all functions in ePolicy Orchestrator 4.5.
Upgrading and Restoring Agents Upgrading agents manually or with login scripts Task For option definitions, click ? in the interface. 1 Ensure that the desired agent installation package is checked in to the desired branch of the master repository. 2 Click Menu | Systems | System Tree. 3 Click the Client Tasks tab. 4 Click Actions, then select New Task from the drop-down menu. The Client Task Builder wizard opens to the Description page.
Upgrading and Restoring Agents Restoring a previous version of the agent (UNIX) 4 Select Force installation over existing version. 5 Specify the target installation path for the forced installation. 6 Enter user credentials for agent installation. 7 Provide the Number of attempts, Retry interval, and Abort after information. 8 Select whether the connection used for the deployment is to use a selected Agent Handler or all Agent Handlers.
Configuring Agent Policies Agent policy general settings are specified on the Policy Catalog pages of the ePolicy Orchestrator console, including policies for events, logging, repositories, updates, and proxy.
Configuring Agent Policies About agent policy settings • Defining repository branches • Proxy, where proxy settings are specified. (See Proxy settings for the agent). Before distributing a large number of agents throughout your network, consider carefully how you want the agent to behave in the segments of your environment. Although you can configure agent policy settings after agents are distributed, McAfee recommends setting them prior to the distribution, to prevent unnecessary impact on your resources.
Configuring Agent Policies Proxy settings for the agent Selection Method Definition Subnet distance The fewest hops an ICMP packet makes while traversing the network from a local system to a remote system. The maximum number of hops can be used to control the packet traversal. The default is 15. Use order in repository list A user-defined list of repositories based on locally determined preferences.
Configuring Agent Policies Retrieving system properties • On Windows systems you can select Use Internet Explorer proxy settings and if appropriate, select Allow user to configure proxy settings. 5 • If you need a proxy other than Internet Explorer, select Configure the proxy settings manually. Select a form for the address of the source HTTP or FTP location where the agent is to pull updates.
Configuring Agent Policies Scheduling a client task for a group Minimal product properties whether or not they have changed since the last agent-server communication 1 Set the agent policy to send minimal product properties. 2 Set the wake-up task to send all properties, as defined by the agent policy. Full product properties whether or not they have changed. 1 2 Set the agent policy to send full properties. Set the wake-up task to send all properties, as defined by the agent policy.
Configuring Agent Policies Configuring selected systems for updating d Click Next. 4 On the Configuration page: • For a mirror task, type the location on the managed systems where you want to replicate contents from the repository. The repository is selected based on policy selections on the Repositories tab of the agent policy pages. • For an update task, indicate if the update progress dialog box is visible on managed systems and if users can postpone the update.
Working with the agent from the ePO server The ePO interface includes pages where agent tasks and policies can be configured, and where agent properties can be viewed. Use these tasks when working with the agent from the ePO server.
Working with the agent from the ePO server Accessing settings to retrieve properties 3 Scroll through the list of available information, including a field labeled Installed Products. 4 Click the More link to see detailed properties for each installed product. Accessing settings to retrieve properties Use these tasks to access the settings used for retrieving properties. Task For option definitions, click ? in the interface. To do this... Do this...
Working with the agent from the ePO server Sending manual wake-up calls to systems System properties This list shows the system data reported to ePolicy Orchestrator by your nodes' operating systems. Review the details on your system before concluding that system properties are incorrectly reported.
Working with the agent from the ePO server Sending manual wake-up calls to a group Before you begin Before sending the agent wake-up call to systems, make sure that Enable agent wake-up call support is enabled and applied on the General tab of the McAfee Agent policy pages. It is enabled by default. Task For option definitions, click ? in the interface. 1 Click Menu | Systems | System Tree, then select the group that contains the target systems.
Working with the agent from the ePO server Making the system tray icon visible 8 During regular communication, the agent sends only properties that the point-products designate as important. This task is set by default to Get full product properties.... To send the complete properties as a result of this wake-up call, ensure that this is option selected. 9 Click OK to send the agent or SuperAgent wake-up call.
Running agent tasks from the managed system Use these tasks to perform selected procedures from the system where the agent is installed. If you can access the managed system where the agent is installed, you can view and manage some features of the agent. NOTE: The agent interface is available on the managed system only if you selected Show McAfee system tray icon and Allow end users to update security from the McAfee System tray menu on the General tab of the McAfee Agent policy pages.
Running agent tasks from the managed system Enforcing policies • Managed-product signatures Enforcing policies Use this Windows-only task to prompt an agent to enforce all configured policies on the managed system. Task 1 On the managed system, right-click the McAfee system tray icon, then select McAfee Agent | Status Monitor. 2 Click Enforce Policies. The policy enforcement activity is displayed in the Agent Status Monitor.
Running agent tasks from the managed system Using the icon option to update 2 Click Send Events. A record of the sending-events activity is added to the list of activities in the Agent Status Monitor. NOTE: This action sends all events to ePolicy Orchestrator irrespective of their severity. Using the icon option to update For the administrator to control what is updated and when, the Windows-only option for users to Update Security is disabled by default.
Running agent tasks from the managed system Viewing version numbers and settings Viewing version numbers and settings Use this task to view the agent settings from the managed system and to look up the version numbers of the agent and product from the managed system. This is useful for troubleshooting when installing new agent versions, or to confirm that the installed agent is the same version as the one displayed in the agent properties on the server.
Using the system tray icon In a Windows environment, if the agent policy has been set to show the McAfee icon in the system tray of the managed system, the user can access shortcuts to information and functionality of managed products. What the system tray icon does Making the system tray icon visible Enabling user access to updating functionality What the system tray icon does Option Function About...
Using the system tray icon Enabling user access to updating functionality 2 Click a policy, for example McAfee Default. The McAfee Agent General tab for the selected policy opens. 3 Select Show the McAfee system tray icon (Windows only). You can also select Allow end users to update security from the McAfee system tray menu. When selected, users who are running McAfee Agent 4.
Removing the McAfee Agent Use these tasks to remove agents from systems. After deleting an agent, it is deleted from the System Tree and the agent removed during the next agent-server communication. Keep in mind that if point products still reside on systems after attempting to remove the agent, the agent will continue to run unmanaged in updater mode in order to maintain those point products.
Removing the McAfee Agent Removing agents when deleting groups from the System Tree 1 Click Menu | Systems | System Tree, then select the group with the systems you want to delete. 2 Select the systems from the list, then click Actions. 3 Select Directory Management from the drop-down menu, then select Delete from the submenu. 4 Confirm the deletion, then click OK.
Removing the McAfee Agent Uninstalling from non-Windows operating systems Task 1 Log on as "root" to the system where you want to remove the agent. 2 Run the command appropriate for your operating system. Operating System Commands AIX rpm -e MFEcma HP-UX swremove MFEcma Linux rpm -e MFEcma rpm -e MFErt NOTE: Be certain to follow the order listed here. Macintosh /Library/McAfee/cma/uninstall.
Agent Activity Logs The agent log files are useful for determining agent status or for troubleshooting. Two log files record agent activity and are located in the agent installation folders on the managed system. Agent activity log This log file records agent activity related to things such as policy enforcement, agent-server communication, and event forwarding. You can define a size limit of this log file.
Agent Activity Logs Viewing the agent activity log Task NOTE: The agent icon is available in the system tray only if the Show McAfee system tray icon (Windows only) option is selected on the General tab of the McAfee Agent policy pages. If it is not visible, select this option and apply it. When you finish viewing the log file content, you can hide the icon again by deselecting the option and applying the change.
Index A B agent command-line options 46 configuring client tasks 36 enabling on unmanaged McAfee products 22 installation, See agent installation introduction to 6 maintenance 38 modes, converting 23 properties, viewing 38 removal methods 49, 50 removing from systems in query results 50 restoring a previous UNIX version 31 restoring a previous Windows version 30 settings, viewing 46 status 52 system requirements 9 tasks, running from managed systems 43 uninstalling 50 UNIX installation folder 24 upgrading
Index GUID, See global unique identifier push technology initial agent deployment via 20 I icon, system tray, See system tray icon inactive agents 42 installation agent, See agent installation installation folder UNIX 24 Windows 24 Q queries removing agents in results of 50 R Locale IDs, settings for installation 26 login scripts install the agent via 17 removal agent, from UNIX systems 50 repositories selecting a source for updates 33 requirements operating systems 9 processors 9 M S managed mode
Index updater mode convert to managed mode in Windows 23 convert to managed mode on UNIX 23 updates agent installation packages 29 allow users via system tray icon 48 for selected systems 37 running tasks manually 43, 44 security 47 upgrading agents 29 updating agents, with login scripts or manually 30 global, event forwarding and agent settings 33 manually 43, 44 56 McAfee Agent software version 4.
