Product guide

ManualsBrandsRed Hat ManualsOtherLINUX VIRTUAL SERVER 4.6 - ADMINISTRATION

Product Guide

McAfee

Agent 4.8.0

Summary of content (92 pages)

PAGE 1
Product Guide McAfee® Agent 4.8.
PAGE 3
Contents Preface 7 About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 7 7 8 Introducing McAfee Agent 1 About the McAfee Agent 11 McAfee Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 4
Contents Include the agent on an image . . . . . . . . . . . . . . . . . . . . . . . . . . . . Identify duplicate agent GUIDs . . . . . . . . . . . . . . . . . . . . . . . . . Correct duplicate agent GUIDs . . . . . . . . . . . . . . . . . . . . . . . . . Install agent on a non-persistent virtual image . . . . . . . . . . . . . . . . . . . . . 3 Upgrading and restoring agents Upgrading vs. updating . . . . . . . . . . . . . . . . . . . . . . . Upgrade agents using a product deployment task . . . . . . .
PAGE 5
Contents Enable relay capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . Collect McAfee Agent statistics . . . . . . . . . . . . . . . . . . . . . . . . . Disable relay capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . Respond to policy events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Run client tasks immediately . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Locate inactive agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 6
Contents 6 McAfee® Agent 4.8.
PAGE 7
Preface This guide provides the information you need for all phases of product use, from installation to configuration to troubleshooting. Contents About this guide Find product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience.
PAGE 8
Preface Find product documentation Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product. Find product documentation McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.
PAGE 9
Introducing McAfee Agent Get familiar with McAfee Agent and what it does after being installed on the client system. Chapter 1 About the McAfee Agent McAfee® Agent 4.8.
PAGE 10
Introducing McAfee Agent 10 McAfee® Agent 4.8.
PAGE 11
1 About the McAfee Agent The McAfee Agent is the client‑side component providing secure communication between ePolicy Orchestrator and managed products. It also serves as an updater for managed and unmanaged McAfee products. The McAfee Agent consists of an ePolicy Orchestrator extension and a number of client side packages that correspond to the client operating systems supported by the agent.
PAGE 12
1 About the McAfee Agent SuperAgent SuperAgent A SuperAgent is an agent that acts as an intermediary between the McAfee ePO server and other agents in the same network broadcast segment. You can only convert a Windows agent to SuperAgent. For more information about SuperAgents and their functionality see SuperAgents and how they work.
PAGE 13
Installing, upgrading, and removing the agent Installing the agent on client systems is required for managing your security environment through ePolicy Orchestrator. Chapter Chapter Chapter Chapter 2 3 4 5 Installing the agent Upgrading and restoring agents Changing agent management modes Removing the McAfee Agent McAfee® Agent 4.8.
PAGE 14
Installing, upgrading, and removing the agent 14 McAfee® Agent 4.8.
PAGE 15
2 Installing the agent There are various ways to install agent software on your client systems. The method you choose depends on the operating system, first‑time installation or upgrade, and tools used to install the agent. Contents System requirements Installation vs.
PAGE 16
2 Installing the agent System requirements Operating systems HP‑UX 11i v2 (build 11.23) HP‑UX 11i v3 Processor Itanium IBM AIX 5.3 (TL6 or later) Power 5, 6, 7 IBM AIX 6.1 Power 5, 6, 7 IBM AIX 7.1 Power 5, 6, 7 Red Hat Linux Enterprise 3 Red Hat Linux Enterprise 4 Red Hat Linux Enterprise 5 x86, x64 or compatible Red Hat Linux Enterprise 6 Solaris 9; 32‑ bit or 64‑bit Solaris 10; 64‑bit SPARC Solaris 11; 64‑bit Oracle Enterprise Linux 5 and 6 x86, x64 or compatible Scientific Linux 5.
PAGE 17
Installing the agent System requirements Operating systems 2 Processor Windows Vista Home Basic; 32‑bit or 64‑bit; GA, SP 1 or 2 Windows Vista Business; 32‑bit or 64‑bit; GA, SP 1 or 2 Windows Vista Enterprise; 32‑bit or 64‑bit; GA, SP 1 or 2 Windows Vista Ultimate; 32‑bit or 64‑bit; GA, SP 1 or 2 Windows 2008 Server; Standard; 32‑bit or 64‑bit; GA or SP 2 Windows 2008 Server Enterprise; 32‑bit or 64‑bit; GA or SP 2 Windows 2008 Server Datacenter; 32‑bit or 64‑bit; GA or SP 2 Windows 2008 Server, Web; 3
PAGE 18
2 Installing the agent Installation vs. deployment • Brazilian (Portuguese) • Italian • Chinese (Simplified) • Japanese • Chinese (Traditional) • Korean • Czech • Norwegian • Danish • Polish • Dutch • Portuguese • English • Russian • Finnish • Spanish • French • Swedish • German • Turkish Macintosh client systems support English, Japanese, French and German. All other supported non‑windows client systems support only English.
PAGE 19
Installing the agent Installation vs. deployment Method Action Notes ePolicy Orchestrator The McAfee ePO administrator specifies the systems and selects one of the Push Agents options when adding a new system, or Deploy Agents for systems already in the System Tree. • Selecting a large number of systems can temporarily affect network throughput. The network administrator installs the agent on each managed system individually.
PAGE 20
2 Installing the agent Installation vs. deployment Method Action Notes Unmanaged McAfee products on Windows systems Using the System Tree, the McAfee ePO administrator selects the systems to be converted from unmanaged status to managed status and selects Actions | Agent | Deploy Agents. • An agent must already be present on the target system in unmanaged mode.
PAGE 21
Installing the agent Installation vs. deployment • 2 Enable SSH on the Linux and Macintosh client systems before installing agent from McAfee ePO. Comment out the following line in the /etc/sudoers file on a Red Hat operating system. Default requiretty Remove the comment from the following line /etc/ssh/sshd_config file PermitRootLogin Yes • Network access must be enabled on Windows XP Home and Windows 7 Home client systems.
PAGE 22
2 Installing the agent Installation vs. deployment If the installer is unable to connect to the ePolicy Orchestrator server directly, it uses the proxy server setting configured on the client system to download and install the agent. The installer uses the proxy server settings configured in the Internet Explorer for Windows client systems and System Preferences for Macintosh client systems. • Download using proxy server is supported only on Windows and Macintosh client systems.
PAGE 23
Installing the agent Installation vs. deployment Operating system Location Contents /etc/cma.d/ Configuration and management information (including GUID and agent version) needed to manage point‑products. 2 cma.conf /etc/ Configuration and management information in xml format, allowing point‑products to read. cma Linux /sbin/init.d/cma Script for starting and stopping the agent, manually and when called by the system. /opt/McAfee/cma/ All binaries, logs, agent working area. /etc/cma.
PAGE 24
2 Installing the agent Install the agent extension and packages into ePolicy Orchestrator Install the agent extension and packages into ePolicy Orchestrator Before the agent can be installed on the managed systems, both the extension and the software package must be added to ePolicy Orchestrator. Task For option definitions, click ? in the interface. 1 Download the agent extension, ePOAgentMeta.zip, and the agent packages to the system containing the McAfee ePO server.
PAGE 25
Installing the agent Install the help extension 2 Install the help extension You can install the help extension separately on the McAfee ePO server using the Software tab. The help extension is a .ZIP file. Task For option definitions, click ? in the interface. 1 Log on to the McAfee ePO server as an administrator. 2 Click Menu | Software | Extensions | Install Extension. The Install Extension dialog box appears. 3 Click Browse and select the extension file help_msa_480.ZIP, then click OK.
PAGE 26
2 Installing the agent Agent installation package • You specifically create one within ePolicy Orchestrator • Agent packages are checked in to any branch of the repository (Previous, Current, or Evaluation) • Encryption key changes The default agent installation package contains no embedded user credentials. When executed on the targeted system, the installation uses the account of the currently logged‑on user.
PAGE 27
Installing the agent Agent installation package 2 Create customized McAfee Smart installer Use the New Systems page to create the McAfee Smart installer. The McAfee Smart installer can then be distributed to the user for downloading and installing the agent on the managed node. Before you begin • You can create customized McAfee Smart installer only with ePolicy Orchestrator 5.0 and McAfee Agent 4.8 or later.
PAGE 28
2 Installing the agent Agent installation package Task For option definitions, click ? in the interface. 1 Click Menu | Systems | System Tree | Agent Deployment. The Agent Deployment pages appears. 2 Click Actions, then select the required option. Options Definition Choose Columns Opens the Choose Columns page allowing you to select the columns that will be displayed in the Agent Deployment page.
PAGE 29
Installing the agent Agent installation package Command Description /FORCEINSTALL Specifies that the existing agent is uninstalled, then the new agent is installed. Use this option only to change the installation directory or to downgrade the agent. When using this option, McAfee recommends specifying a different directory for the new installation (/INSTDIR). 2 Example: FRAMEPKG /INSTALL=AGENT /FORCEINSTALL /INSTDIR=c: \newagentdirectory /INSTALL=AGENT Installs and enables the agent in managed mode.
PAGE 30
2 Installing the agent Agent installation package Install agent using customized McAfee Smart installer Managed node users can install the agent with the customized McAfee Smart installer created using ePolicy Orchestrator server. You can install the agent on Windows and other supported platforms using the McAfee Smart installer. Before you begin You must have administrator rights to install agent on the managed node.
PAGE 31
Installing the agent Agent installation package 2 Command-line options for installing URL-based agent manually By manually installing the URL‑based agent on Windows and other supported operating systems, you can override default installation parameters. Before you begin The glibc‑32bit library should be installed on the Linux 64‑bit client systems. Task For option definitions, click ? in the interface. • Run the following command on the client system with any of these parameters:
PAGE 32
2 Installing the agent Agent installation package Parameter Description ‑f Forces agent installation This command‑line parameter is supported only on Windows operating system. ‑s Installs the agent in silent mode This command‑line parameter is supported on Windows and Macintosh operating systems. ‑v Installs the agent in the VDI mode This command‑line parameter is supported only on Windows operating system. Displays the help for command‑line options.
PAGE 33
Installing the agent Install on Windows systems 2 Install on Windows systems You can install the agent on Windows systems directly from the ePolicy Orchestrator console.
PAGE 34
2 Installing the agent Install on Windows systems 3 Select the appropriate Agent version drop‑down list given the target operating system, and select an agent version from that list. You can only install one version of the agent onto one type of operating system with this task. If you need to install on multiple operating systems or versions, repeat this task for each additional target operating system or version.
PAGE 35
Installing the agent Install on Windows systems 2 e Click OK. f Select FramePkg.exe and save it to the desktop. 2 To embed credentials on systems not belonging to a domain, modify the local security policy on the target systems: a Log on to the target system using an account with local administrator permissions. b From the command line, run SECPOL.MSC to open the Local Security Settings dialog box. c In the System Tree under Security Settings | Local Policies, select User Rights Assignment.
PAGE 36
2 Installing the agent Install on Windows systems Install on Windows with login scripts Using Windows login scripts to install the agent can be an efficient way to make sure all systems in your network have an agent installed. Before you begin • McAfee recommends first creating segments of your System Tree that use either network domain names or sorting filters that add the expected systems to the desired groups.
PAGE 37
Installing the agent Install on UNIX-based and Macintosh systems 2 Task For option definitions, click ? in the interface. 1 Download Framepkg.exe from the ePolicy Orchestrator server to a shared folder on a network server, where all systems have permissions. 2 Execute the following command: Framepkg.exe /gengpomsi /SiteInfo=\SiteList.xml / FrmInstLogLoc=\.log The following files are extracted to your local drive. • MFEagent.msi • agentfipsmode • Sitelist.
PAGE 38
2 Installing the agent Install on UNIX-based and Macintosh systems Contents Install Install Install Install on on on on UNIX-based and Macintosh operating systems from ePolicy Orchestrator UNIX-based and Macintosh operating systems manually Ubuntu operating systems Unix-based systems using script options Install on UNIX-based and Macintosh operating systems from ePolicy Orchestrator Installing agents on your Macintosh or Red Hat Linux systems is a quick way to modify and manage a number of systems simu
PAGE 39
Installing the agent Install on UNIX-based and Macintosh systems 7 If you want the deployment to use a specific Agent Handler, select it from the drop‑down list. If not, select All Agent Handlers. 8 Click OK. 2 Install on UNIX-based and Macintosh operating systems manually The agent must be installed manually on AIX, HP‑UX, Solaris, and some Linux systems. Manual installation of agent is also supported on Macintosh and Linux systems.
PAGE 40
2 Installing the agent Install on UNIX-based and Macintosh systems Install agent in managed mode on Ubuntu systems The agent can be installed manually or pushed from an ePolicy Orchestrator server on managed systems running Ubuntu operating system. Task For option definitions, click ? in the interface. 1 Open the repository in ePolicy Orchestrator by selecting Menu | Software | Master Repository. Choose a repository from the Preset drop‑down list.
PAGE 41
2 Installing the agent Include the agent on an image Include the agent on an image The agent can be installed on an image that is subsequently deployed to multiple systems. You must take precautions to make sure the agent functions properly in this scenario. Tasks • Correct duplicate agent GUIDs on page 41 Agents with duplicate GUIDs can be automatically identified and removed with a server task. Identify duplicate agent GUIDs No two agents can share the same GUID.
PAGE 42
2 Installing the agent Install agent on a non-persistent virtual image 2 On the Description page, select Enabled. • To run the task with the default configuration, click Save. • To configure the Actions and Schedule tabs, click Next. 3 On the Actions page, select Actions | Run Query. 4 Select one of these queries from the System Management category, then click OK.
PAGE 43
3 Upgrading and restoring agents If you have been using an older version of ePolicy Orchestrator and have previous agent versions in your environment, you can upgrade those agents once you’ve installed your new McAfee ePO server. Periodically, McAfee releases newer versions of the agent that can be deployed and managed using ePolicy Orchestrator.
PAGE 44
3 Upgrading and restoring agents Upgrade agents using a product deployment task Upgrade agents using a product deployment task The Product Deployment client task in ePolicy Orchestrator can be used to upgrade the agents on a group of systems in the System Tree. Before you begin Appropriate agent packages must be added to the Master Repository before they can be used to upgrade existing agent installations. Task For option definitions, click ? in the interface. 1 Click Menu | Systems | System Tree.
PAGE 45
3 Upgrading and restoring agents Restore a previous version of the agent on Windows \McAfee\ePolicy Orchestrator\DB\Software\Current \EPOAGENT3700LYNX\Install\0409 This process supports upgrading an unmanaged McAfee Agent from version 4.5 to version 4.6. Agents running in managed mode can be upgraded with a deployment task in ePolicy Orchestrator. Task For option definitions, click ? in the interface. 1 Copy the installer files (MFRrt.i686.deb and MFEcma.i686.
PAGE 46
3 Upgrading and restoring agents Restore a previous version of the agent on UNIX-based and Macintosh systems Restore a previous version of the agent on UNIX-based and Macintosh systems Restoring a previous version of the agent on non‑Windows systems involves uninstalling the current agent version and installing the previous one. Task 1 On the client system, uninstall the currently installed version of the agent. 2 On the client system, install the earlier version of the agent.
PAGE 47
4 Changing agent management modes McAfee Agent operates in two modes, managed and unmanaged. If you have previously not managed McAfee products in your network, the agent installations in your network are running in updater mode.
PAGE 48
4 Changing agent management modes Change the agent mode on Windows • You must export the SiteList.xml, reqseckey.bin, and srpubkey.bin (repository list file) from the McAfee ePO server and copy to the target systems. The repository list contains network address and other information that the agent requires to call in to the server after being installed. If you are using McAfee ePO server 4.
PAGE 49
4 Changing agent management modes Change the agent mode on UNIX-based and Macintosh systems 3 Click Actions, select Directory Management, then click Delete. 4 Confirm the deletion. The selected system is no longer managed by ePolicy Orchestrator and now functions only as an updater. Change the agent mode on UNIX-based and Macintosh systems Agents can be toggled between unmanaged mode to managed mode.
PAGE 50
4 Changing agent management modes Change the agent mode on UNIX-based and Macintosh systems Change from managed to unmanaged mode on UNIX-based platforms Changing the agent mode on non‑Windows systems must be done manually. Task 1 On the target system, locate the msaconfig file in the binaries subfolder of the cma folder. Operating system Default location HP‑UX, Linux, AIX, and Solaris /opt/McAfee/cma/bin Macintosh /Library/McAfee/cma/bin 2 Open a terminal window on the target system.
PAGE 51
5 Removing the McAfee Agent After deleting an agent, the system is deleted from the System Tree and the agent is removed during the next agent‑server communication. Keep in mind that if point‑products still reside on systems after attempting to remove the agent, the agent continues to run unmanaged in updater mode in order to maintain those point‑products. You cannot remove the agent using the Product Deployment task, which can remove products such as VirusScan Enterprise.
PAGE 52
5 Removing the McAfee Agent Remove agents from systems in query results Remove agents from systems in query results You can remove agents from systems listed in the results of a query (for example, the Agent Versions Summary query). Task For option definitions, click ? in the interface. 1 Run the desired query, then from the results page, select the systems to be deleted. 2 Select Directory Management from the drop‑down menu, then select Delete from the submenu.
PAGE 53
Removing the McAfee Agent Remove agents from non-Windows operating systems 5 Task For option definitions, click ? in the interface. 1 Open a terminal window on the client system. 2 Run the command appropriate for your operating system, providing root credentials when requested. Operating system Commands AIX rpm ‑e MFEcma HP‑UX swremove MFEcma Linux rpm ‑e MFEcma rpm ‑e MFErt Run the commands in the listed order.
PAGE 54
5 Removing the McAfee Agent Remove agents from non-Windows operating systems 54 McAfee® Agent 4.8.
PAGE 55
Using the agent The agent can be updated and centrally managed from ePolicy Orchestrator through application and enforcement of policies and scheduled tasks. The log files record the events and actions on the managed systems. Chapter Chapter Chapter Chapter 6 7 8 9 Configuring agent policies Working with the agent from the McAfee ePO server Running agent tasks from the managed system Agent activity logs McAfee® Agent 4.8.
PAGE 56
Using the agent 56 McAfee® Agent 4.8.
PAGE 57
6 Configuring agent policies Agent policy settings determine the performance and behavior of an agent in your environment. Contents Agent policy settings Select a repository Repository Package Management Change the agent user interface and event log language Configure selected systems for updating Agent policy settings The agent provides configuration pages for setting policy options that are organized into four categories: General, Repository, Product Improvement Program and Troubleshooting. Agent 4.
PAGE 58
6 Configuring agent policies Agent policy settings Tab Settings General • Policy enforcement interval • Use of system tray icon in Windows environments • Agent and SuperAgent wake‑up call support • Whether to accept connections only from the McAfee ePO server • Yielding of the CPU to other processes in Windows environments • Rebooting options after product deployment in Windows environments • Agent‑server communication • Retrieving all system and product properties SuperAgent • Create SuperAgent and b
PAGE 59
Configuring agent policies Agent policy settings 6 Product Improvement Program Settings available for Product Improvement Program policies are contained within a single tab. Tab Settings Product Improvement Program Allowing Product Improvement Program to collect anonymous diagnostic and usage data. Priority event forwarding You can configure the agent to forward events on a priority basis if they are equal to or greater than a specified severity.
PAGE 60
6 Configuring agent policies Select a repository 8 Click the name of an existing task, or click Actions | New Task and choose a McAfee Agent Wake‑up task. 9 In Options, select Send all properties defined by the agent policy to retrieve all properties as defined by the agent policy, even if previously sent. The default is Send only properties that have changed since the last agent‑server communication which will only send new information to the server. 10 Click Save.
PAGE 61
6 Configuring agent policies Select a repository Tasks • Configure proxy settings for the agent on page 61 You might need to configure proxy settings if an agent is having trouble accessing the Internet. Proxy settings for the agent To access the McAfee update sites, the agent must be able to access the Internet. Use the agent policy settings to configure proxy server settings for managed systems.
PAGE 62
6 Configuring agent policies Repository Package Management 5 Select Manually configure the proxy settings if you need a proxy other than Internet Explorer, and configure the following settings: a Select a form for the address of the source HTTP or FTP location where the agent is to pull updates. • DNS Name • IPv4 • IPv6 b Type the DNS name or IP address and Port numbers of the HTTP and/or FTP source. If appropriate, select Use these settings for all proxy types.
PAGE 63
Configuring agent policies Change the agent user interface and event log language 6 Change the agent user interface and event log language When managed systems run in a different language than your administration staff can read, it can be difficult to troubleshoot issues on those systems. You can change the agent user interface and logging language on a managed system through an ePolicy Orchestrator policy.
PAGE 64
6 Configuring agent policies Configure selected systems for updating • Updating selected systems when troubleshooting • Distributing new DATs or signatures to a large number of systems, or all systems, immediately • Updating selected products, patches, or service packs that have been deployed previously Task For option definitions, click ? in the interface. 1 2 Click Menu | Systems | System Tree, then select the systems to be updated. Click Actions | Agent | Update Now.
PAGE 65
7 Working with the agent from the McAfee ePO server The McAfee ePO interface includes pages where agent tasks and policies can be configured, and where system properties, agent properties, and other McAfee product information can be viewed.
PAGE 66
7 Working with the agent from the McAfee ePO server How agent-server communication works Agent-server communication Interval The agent‑server communication interval (ASCI) determines how often the McAfee Agent calls in to the McAfee ePO server. The agent‑server communication interval is set on the General tab of the McAfee Agent Policy page. The default setting of 60 minutes means that the agent contacts the server once every hour.
PAGE 67
Working with the agent from the McAfee ePO server How agent-server communication works • No package to receive (status code from McAfee ePO server) • Agent needs to regenerate GUID (status code from McAfee ePO server) 7 Other results such as connection refused, failed to connect, connection timeout, or other errors causes the agent to retry immediately using connection method in the list until the next ASCI nears.
PAGE 68
7 Working with the agent from the McAfee ePO server SuperAgents and how they work 6 To send incremental product properties as a result of this wake‑up call, deselect Get full product properties.... The default is to send full product properties. 7 To update all policies and tasks during this wake‑up call, select Force complete policy and task update. 8 Enter a Number of attempts, Retry interval, and Abort after settings for this wake‑up call if you do not want the default values.
PAGE 69
Working with the agent from the McAfee ePO server SuperAgents and how they work 7 A SuperAgent also broadcasts wake‑up calls to other agents located on the same network subnet. The SuperAgent receives a wake‑up call from the ePolicy Orchestrator server, then wakes up the agents in its subnet. This is an alternative to sending ordinary agent wake‑up calls to each agent in the network or sending agent wake‑up task to each computer.
PAGE 70
7 Working with the agent from the McAfee ePO server SuperAgents and how they work 5 From the Assigned policy drop‑down list, select the desired General policy. From this location, you can edit the selected policy, or create a new policy. 6 Select whether to lock policy inheritance to prevent any systems that inherit this policy from having another one assigned in its place. 7 On the SuperAgent tab, select Convert agents to SuperAgents to enable broadcast of wake‑up calls. 8 Click Save.
PAGE 71
Working with the agent from the McAfee ePO server SuperAgents and how they work 7 • If the Checking new repository content interval has expired since the last time updates were requested, the SuperAgent downloads updates from the Master Repository, processes them, and completely flushes the cache if any new content is available. • When a global update occurs, SuperAgents receive a wake‑up call that flushes all content in the cache. • SuperAgents are flushed every 30 minutes by default.
PAGE 72
7 Working with the agent from the McAfee ePO server SuperAgents and how they work To ensure that the parent SuperAgent is up‑to‑date with the latest content update, SuperAgent wake‑up calls broadcast must be enabled. See Enable SuperAgent wake‑up call broadcast for more details. If the SuperAgents don’t serve agents with latest content update, agents reject the content update received from SuperAgent and fall back to the next repository configured in the policy.
PAGE 73
Working with the agent from the McAfee ePO server Agent relay capability 7 Agent relay capability If your network configuration blocks communication between the McAfee Agent and the McAfee ePO server, the agent can't receive content updates, policies, or send events. Relay capability can be enabled on agents that have direct connectivity to the ePolicy Orchestrator server or Agent Handlers to bridge communication between the client systems and the McAfee ePO server.
PAGE 74
7 Working with the agent from the McAfee ePO server Agent relay capability Task For option definitions, click ? in the interface. 1 Click Menu | Systems | System Tree | Systems, then select a group under System Tree. All the systems within this group appear in the details pane. 2 Select a system, then click Actions | Agent | Modify Policies on a Single System. The Policy Assignment page for that system appears. 3 From the product drop‑down list, select McAfee Agent.
PAGE 75
7 Working with the agent from the McAfee ePO server Respond to policy events 5 Click Create New task. The new client task page appears. 6 Select the required option, then click Save.
PAGE 76
7 Working with the agent from the McAfee ePO server Run client tasks immediately 6 From the Available Properties, select Event Description. 7 Click ... in the Event Description row and choose one of the following options from the list: Option Definition Agent failed to collect properties for This event is generated and forwarded when a property collection any point products failure first occurs. A subsequent success event is not generated. Each failing point product generates a separate event.
PAGE 77
Working with the agent from the McAfee ePO server Locate inactive agents 7 Locate inactive agents An inactive agent is one that has not communicated with the McAfee ePO server within a user‑specified time period. Some agents might become disabled or be uninstalled by users. In other cases, the system hosting the agent might have been removed from the network. McAfee recommends performing regular weekly searches for systems with these inactive agents. Task For option definitions, click ? in the interface.
PAGE 78
7 Working with the agent from the McAfee ePO server Windows system and product properties reported by the agent Agent GUID Is 64 Bit OS OS Version CPU Serial Number Last Sequence Error Sequence Errors CPU Speed (MHz) Is Laptop Server Key CPU Type Last Communication Subnet Address Custom Props 1‑4 MAC Address Subnet Mask Communication Type Managed State System Description Default Language Management Type System Location Description Number Of CPUs System Name DNS Name Operating Syst
PAGE 79
Working with the agent from the McAfee ePO server Queries provided by McAfee Agent 7 View agent and product properties A common troubleshooting task is to verify that the policy changes you made match the properties retrieved from a system. Task For option definitions, click ? in the interface. 1 Click Menu | Systems | System Tree. 2 On the Systems tab, click the row corresponding to the system you want to examine. Information about the system's properties, installed products, and agent appears.
PAGE 80
7 Working with the agent from the McAfee ePO server Queries provided by McAfee Agent 80 McAfee® Agent 4.8.
PAGE 81
8 Running agent tasks from the managed system If you can access the managed system where the agent is installed, you can view and manage some features of the agent. The agent interface is available on the managed system only if you selected Show McAfee system tray icon on the General tab of the McAfee Agent policy pages. To enable the Update Security... task for end users, you must have also selected Allow end users to update security from the McAfee System tray menu.
PAGE 82
8 Running agent tasks from the managed system Using the system tray icon Option Function View Security Status Displays the current system status of managed McAfee products, including current events. McAfee Agent Status Monitor Triggers the Agent Status Monitor, which: • Displays information on the collection and transmission of properties. • Sends events. • Enforces policies. • Collect and send properties. • Checks for new policies and tasks. About...
PAGE 83
Running agent tasks from the managed system Run a manual update 8 Run a manual update Updates can be run manually from a client system. Product updates can include: • Patch releases • Legacy product plug‑in (.DLL) files • Service pack releases • SuperDAT (SDAT*.
PAGE 84
8 Running agent tasks from the managed system Send properties to the McAfee ePO server Send properties to the McAfee ePO server The agent can manually send properties to the McAfee ePO server from the managed system if required before the next agent‑server communication. Task 1 On the managed system, right‑click the McAfee system tray icon, then select McAfee Agent Status Monitor. 2 Click Collect and Send Props.
PAGE 85
Running agent tasks from the managed system View version numbers and settings • Anti‑virus engines • Managed‑product signatures 8 View version numbers and settings Information about agent settings can be found on the managed system. This is useful for troubleshooting when installing new agent versions, or to confirm that the installed agent is the same version as the one displayed in the agent properties on the server. Each installed point product provides information to the About dialog.
PAGE 86
8 Running agent tasks from the managed system Agent command-line options Command‑line options Parameter Description 86 /C Checks for new policies. The agent contacts the McAfee ePO server for new or updated policies, then enforces them immediately upon receipt. /E Prompts the agent to enforce policies locally. /P Sends properties to the McAfee ePO server. /S Displays the Agent Monitor. /F Forwards events from Unix based and Macintosh client systems to ePO server. McAfee® Agent 4.8.
PAGE 87
9 Agent activity logs The agent activity log files are useful for determining agent status or for troubleshooting. Two log files record agent activity and are located in the agent installation folders on the managed system. Contents About the agent activity logs View the agent activity log from the managed system View the agent activity log from the McAfee ePO server About the agent activity logs The agent maintains two log files that track its actions.
PAGE 88
9 Agent activity logs View the agent activity log from the McAfee ePO server Task 1 On the managed system, right‑click the McAfee Agent icon in the system tray, then select McAfee Agent Status Monitor. 2 If you want to save the contents of the agent activity log to a file, click Save Contents to Desktop. A file called Agent_Monitor.log is saved on your desktop. 3 When finished viewing the agent activity log, click Close.
PAGE 89
Index A about this guide 7 agent command-line options 85 introduction to 11 maintenance 65 modes, converting 48 properties, viewing 79 relay capability 73 removal methods 51, 52 removing from systems in query results 52 restoring a previous UNIX version 46 restoring a previous Windows version 45 settings, viewing 85 system requirements 15 tasks, running from managed systems 81 uninstalling 51 UNIX installation folder 22 upgrading with phased approach 44 user interface 81 wake-up calls 67 agent activity log
PAGE 90
Index G global unique identifier (GUID) duplicate 41 scheduling corrective action for duplicates 41 global updating event forwarding and agent settings 59 groups deleting from System Tree 51 GUID, See global unique identifier I icon, system tray, See system tray icon inactive agents 77 install script (install.
PAGE 91
Index system tray icon (continued) visibility 82 System Tree deleting systems from 51 groups and manual wake-up calls 68 removing agents 51 removing agents from systems 51 systems properties 77 T Technical Support, finding product information 8 troubleshooting upgrading agents by group 44 verifying properties of agent and products 79 U unmanaged mode (continued) convert to managed mode on UNIX 49 updater mode convert to managed mode in Windows 48 convert to managed mode on UNIX 49 updates agent installa
PAGE 92
00