Welcome and Introduction
Uploaded by
Ryuu RongWelcome and Introduction
Uploaded by
Ryuu RongWelcome and
Introduction
McAfee ePolicy Orchestrator 5.10 Administration
Presented by: Doug Keller
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 1
© 2019 McAfee LLC M01 - 1 McAfee LLC Confidential
Welcome
Introductions
Name
Responsibility
Product Experience
Expectations
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 2
Welcome to the McAfee® ePolicy Orchestrator® (McAfee® ePO™) Administration course. This first module
provides an overview of course design, logistics, and helpful resources, as well as provides the opportunity for the
instructor to learn about you and your training expectations.
© 2019 McAfee LLC M01 - 2 McAfee LLC Confidential
Doug Keller
Who Am I?
Birthday 01/01
Offroad Enthusiast
(and the Jeep I have basically built)
Life Long
Computer Geek
Joined McAfee/Intel on 02/17/2015
3 Wonderful Daughters
Change your
(Who are all out of the house!!!)
Big Batman Fan
Confidential
Latitude 3
© 2019 McAfee LLC M01 - 3 McAfee LLC Confidential
About the course
Install, configure, and maintain McAfee ePolicy Orchestrator for centralized management
Through lecture, hands-on labs, and class discussions, you will learn about and practice using the
tools you need to design, implement, configure, and use McAfee® ePolicy Orchestrator® (McAfee®
ePO ™) for centralized management and deployment of McAfee products.
Prerequisites:
Networking and system administration concepts
Basic understanding of computer security concepts
General understanding of viruses and antivirus technologies
Resources:
Student and lab guides
Virtual lab environment
Course evaluation
Duplication of course materials is strictly prohibited by copyright.
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 4
The McAfee ePolicy Orchestrator Administration course from McAfee Education Services provides in-depth training
on the benefits of the centralized management and deployment of McAfee products. Enabling administrators to
fully understand the capabilities of their security solution not only reduces the risks of misconfiguration, but also
ensures that an organization gets the maximum protection from installation.
Who should take this class
This course is intended for system and network administrators, security personnel, auditors, and/or consultants
concerned with network and system security. A working knowledge of Microsoft Windows* and network
administration is recommended. A basic understanding of computer security concepts, internet services, viruses,
and antivirus technologies are also recommended.
Resources
The resources include a student guide, lab guide, virtual lab environment, and course evaluation.
Alert: You are not permitted to audiotape or videotape the course presentation. Duplication of course materials or
labs is strictly prohibited by copyright.
© 2019 McAfee LLC M01 - 4 McAfee LLC Confidential
Course objectives
After completing this course, you will be able to:
Plan an ePO deployment
Install and configure ePO software
Set up the ePO server
Administer and maintain McAfee-managed
security, policies, and databases
Monitor and report on McAfee-managed
security status
Install and use McAfee Agent
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 5
The course modules include a mixture of lectures and hands-on labs to support their learning objectives. The
course goals are described on this slide and following slides.
© 2019 McAfee LLC M01 - 5 McAfee LLC Confidential
Acronyms and terms for this course
Admin: Default administrator account created Policy: Settings (rules) that govern how ePO-
when the ePO server is installed. managed systems operate within ePO
ASCI: Agent-server communication interval. environment.
ASSC: Agent-to-server secure communication. Repository: House security software packages
Agent: McAfee Agent software deployed to client and their updates for distribution to ePO-
machines, so ePO can manage them. managed systems.
Agent GUID: Global Unique Identifier. 64-bit value Super Agent: McAfee Agent with additional
created when the McAfee Agent is installed on an responsibilities as defined by the agent’s policies.
endpoint.
Tags: Labels assigned to systems, either manually
Endpoint Security (ENS): Comprehensive security or automatically, by criteria definitions.
management solution that runs on network
computers to identify and stop threats Tasks: Software feature that automates common
automatically. management activities for ePO-managed systems
MVision ePO and ePO On-Premises: ePO (clients) and ePO server through a schedule.
deployment platforms. With MVision ePO,
configuration, maintenance, and patching of the
centralized server managed by McAfee. With ePO
On-Premises, ePO software is deployed on
customer-supplied and managed server.
These and additional terms are discussed in more detail in subsequent modules.
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 6
Some commonly-used terms are listed below. For more terms and acronyms, see the on-line glossary at
https://kc.mcafee.com/corporate/index?page=glossary.
Admin: Default administrator account created when the ePO server is installed.
ASCI: Agent-server communication interval. After an agent has been installed, it communicates with the local
product at regular intervals. The ASCI determines the frequency of the McAfee Agent calls into the McAfee
ePO server.
ASSC: Agent-to-server secure communication. McAfee Agents use ASSC keys to communicate securely with
the ePO server.
Agent: McAfee software deployed to client machines so that ePO can manage them.
Agent GUID: Global Unique Identifier. It is a random 64-bit value assigned to an ePO-managed system when
the system first joins the ePO environment. The ePO server uses this GUID during the agent-server
communication process to locate the system in the System Tree.
Agent Handler: Component of ePO used to communicate with agents installed on managed endpoint
systems.
Endpoint Security (ENS): Comprehensive security management solution that runs on network computers to
identify and stop threats automatically. ENS includes a Threat Prevention module, Firewall module, and Web
Control module.
Continued on the next page.
© 2019 McAfee LLC M01 - 6 McAfee LLC Confidential
Key terms and concepts (continued)
ePO Cloud and ePO On-Premises: These are different McAfee ePolicy Orchestrator solution platforms.
Cloud ePO refers to a deployment where ePO is installed on a McAfee-owned server in a security
operations center (SOC). This solution is primarily deployed by small businesses. ePO On-Premises is a
traditional ePO deployment where ePO is installed on a customer-supplied and managed server. Within
this course, the terms ePolicy Orchestrator and ePO refer only to the on-premises ePO solution. The ePO
Cloud is beyond the scope of this course.
Policy: These are a collection of settings (rules) created, configured, and assigned to ePO-managed
systems (endpoints). Policies govern how the ePO-managed systems operate within the ePO environment.
Example: agent-to-server communication, policy enforcement, event forwarding, logging, update settings,
and more.
Repository: Repositories house security software packages and their updates for distribution to ePO-
managed systems. There is one Master Repository that is always installed on the ePO server. This is
configured when the ePO software is initially installed. Optionally, you can add other repository types
throughout the network to balance the ePO server’s load.
RSD: Rogue System Detection. Rogue systems are any devices on your network with a network interface
card (NIC) that access the network but are not managed by the ePO server. McAfee Rogue System
Detection provides near real-time discovery of rogue systems using Rogue System Sensors installed
throughout your network. These sensors use various passive and active network discovery techniques to
detect systems connected to the network.
SuperAgent: A special type of agent that acts as an intermediary between the ePO server and other
agents in the same network broadcast segment. In organizations that are distributed across different
locations, SuperAgents can be useful to minimize network traffic between locations. The SuperAgent
caches information received from an ePO server, the Master Repository, or a mirrored Distributed
Repository. It then distributes the information to the agents in its network subnet.
Tags: Labels applied to systems, manually or automatically, based on the criteria assigned to the tag.
Similar to IP sorting criteria, you can use tags for automated sorting into groups. Tags are used to identify
systems with similar characteristics. If you organize some of your groups by such characteristics, you can
create and assign tags based on such criteria and use these tags as group sorting criteria to ensure these
systems are automatically placed within the appropriate groups.
Tasks: A software feature that automates common management activities, such as product deployment
and product functionality.
© 2019 McAfee LLC M01 - 7 McAfee LLC Confidential
Threat Center
Current and emerging threats
Threat analysis and research Security updates and notices
Top cybersecurity threats Feedback, threat detection resources, and
Searchable threat library free tools
Podcast offerings Blogs, tips, and techniques
https://www.mcafee.com/us/threat-center.aspx
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 8
The Threat Center menu contains helpful information and resources about current and emerging threats. This
includes threat research and reports, a searchable threat library, feedback, notifications and tools, and McAfee Labs
blog. For more information, go to www.McAfee.com > For Business > Threat Center.
© 2019 McAfee LLC M01 - 8 McAfee LLC Confidential
ServicePortal
Single point of access to valuable resources and tools
Knowledge Center: Search for Support Tools: Run Virtual Technician or
documentation, technical articles, and other diagnostic tools to help solve
other resources for your products. problems.
Patches and Download: Obtain patches, Customer Community: Collaborate and
hotfixes, and product downloads as well engage in ongoing conversations with
as manage product license. other product users.
https://support.mcafee.com
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 9
The ServicePortal provides documentation, technical articles, tools, and other resources for all phases of your
product use, from planning and deployment through ongoing management and use. For more information, go to
www.McAfee.com > Support. You can also go to https://support.mcafee.com.
© 2019 McAfee LLC M01 - 9 McAfee LLC Confidential
Product documentation
Product documentation
McAfee ePolicy Orchestrator 5.10 Product Guide (PD27630)
McAfee ePolicy Orchestrator 5.10 Release Notes (PD27627)
McAfee ePolicy Orchestrator 5.10 Installation Guide (PD27628)
McAfee ePolicy Orchestrator 5.10 Interface Reference Guide (PD27629)
ePO-MER Walkthrough Guide (PD22739)
Online product help (https://docs.mcafee.com)
NOTES:
Localized product documentation and help are available
Check the Knowledge Center regularly for the most current information
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 10
McAfee provides products product documentation for all phases of ePO deployment, from installation, ongoing
administration, and troubleshooting. You can find these at the McAfee support web site.
Helpful documentation titles that are available on the Knowledge Center include:
Product Guide: Product introduction and features, detailed instructions for configuring the software, and
information on: deployment, recurring tasks, and operating procedures.
Release Notes: Information on the latest version of ePolicy Orchestrator.
Installation Guide: System requirements and detailed instructions for installing the ePO software.
Browse the Knowledge Center for Technical Articles (also known as Knowledge Base Articles) for the products
you support.
© 2019 McAfee LLC M01 - 10 McAfee LLC Confidential
Knowledge Base (KB) articles
https://support.mcafee.com
Supported platforms, environments, and operating systems for ePolicy Orchestrator (KB51569)
ePolicy Orchestrator 5.10.x Known Issues (KB90382)
ePolicy Orchestrator 5.10.x minimum supported extensions versions (KB90383)
Supported upgrade paths for ePolicy Orchestrator (KB86693)
ePolicy Orchestrator cannot make outbound connections to SQL, LDAP, or other servers where
TLS 1.0 is disabled (KB90222)
How to migrate policies and systems from one ePO server to another (KB88822)
Migration enhancement introduced in McAfee ePolicy Orchestrator 5.10 (KB90825)
Policy and Task approval feature with ePolicy Orchestrator 5.10 (KB90769)
Regularly check the online documentation for the most current information.
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 11
For troubleshooting resources online, begin at the McAfee Security Knowledge Center, https://support.mcafee.com.
In addition to product documentation, valuable resources include Release Notes, Security Bulletins, and Technical
Articles. Technical Articles are organized by functional categories, such as frequently asked questions (FAQs),
installation and upgrades, known issues, etc.
© 2019 McAfee LLC M01 - 11 McAfee LLC Confidential
Expert Center
Videos, resource documents, links
Getting started
Product functionality
Integrations
Helpful links
https://community.mcafee.com/community/business/expertcenter
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 12
The Expert Center provides additional resources to help learn about your security products. These include:
Videos and resource documents:
Getting started
Product functionality
Integrations
Links:
Product page
Data sheet
Product manuals
Sign up for training
Community
Find answers and solutions across hundreds of support communities, hundreds of groups, from thousands of
McAfee customers and experts who have contributed thousands of resources. For more information, go to
https://community.mcafee.com/community/business/expertcenter.
© 2019 McAfee LLC M01 - 12 McAfee LLC Confidential
Resources: Idea exchange on the community forums
Submit your request or idea - See KB60021
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 13
If you require a change to the features or functions of McAfee products or have other suggestions that could make
our products better, McAfee encourages you to submit your request or idea to the new Ideas forum located at
https://community.mcafee.com/t5/Ideas/idb-p/business-ideas.
To participate and view the Ideas Community, you must register to the portal. It’s free to join. Create a username
and password, provide your email address, read and agree to the Terms of Service, provide your first and last
name, and select your time zone.
Once logged into the Ideas forum, not only can you submit suggestions to improve McAfee products, you can also
browse, search, and vote for ideas submitted by others.
For more information, see Technical Article KB60021.
https://kc.mcafee.com/corporate/index?page=content&id=KB60021.
© 2019 McAfee LLC M01 - 13 McAfee LLC Confidential
Support Notification Service (SNS)
Communicates critical information in a timely manner
https://sns.secure.mcafee.com/signup_login
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 14
The Support Notification Service (SNS) is a proactive notification service that allows McAfee to communicate critical
information in a timely manner. Subscribing to SNS ensures that you have the most up-to-date information on
product upgrades, releases, and End-of-Life notices. Additionally, SNS is a vital information link during critical
incidents, providing you with the updates you need to ensure that your systems and organization are protected.
The SNS Subscription Center provides SSL security for data input and transmission and secure access for returning
subscribers. Go to the Subscription Center to submit your personal preferences. To receive SNS, you must
subscribe and select your products from the SNS Subscription Center at
https://sns.secure.mcafee.com/signup_login.
© 2019 McAfee LLC M01 - 14 McAfee LLC Confidential
Security Content Release Notes
Product Content Releases .DAT files
McAfee Database Activity Monitoring Readme
McAfee Exploit Prevention Downloads
McAfee Foundstone FSL
McAfee Policy Auditor
McAfee Threat Intelligence Exchange
McAfee Vulnerability Manager for Databases
https://www.mcafee.com/us/content-release-notes/index.aspx
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 15
The Security Content Release Notes page provides information about the security content of McAfee solutions.
From this page, you can also download relevant security content. To access this page, go to McAfee.com > For
Business > Threat Center. Scroll down to the bottom of the page to the Feedback, Notifications & Tools section
and click Security Content Release Notes. In the United States, click http://www.mcafee.com/us/content-release-
notes/index.aspx.
© 2019 McAfee LLC M01 - 15 McAfee LLC Confidential
Lab exercises
Lab: Access lab systems
Goal:
Start your virtual machines and verify that your lab
environment is ready to use
Duration: 15 minutes*
See lab guide for instructions
* Varies depending on lab environment
McAfee LLC Confidential 2019 McAfee Tech Forum Americas 16
© 2019 McAfee LLC M01 - 16 McAfee LLC Confidential
McAfee and the McAfee logo, and McAfee® ePolicy Orchestrator® (McAfee® ePO™) are trademarks or registered trademarks of McAfee LLC or its subsidiaries in the US and other countries. Other
marks and brands may be claimed as the property of others. Copyright © 2019 McAfee LLC
McAfee Confidential. McAfee restricts the re-distribution of this training material to unauthorized audiences.
