McAfee Endpoint Security Software

(1)

Installation Guide

McAfee Endpoint Security 10.0.0

Software

(2)

COPYRIGHT

TRADEMARK ATTRIBUTIONS

McAfee, the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundscore, Foundstone, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.

Product and feature names and descriptions are subject to change without notice. Please visit mcafee.com for the most current products and features.

LICENSE INFORMATION License Agreement

(3)

Preface

This guide provides the information you need to work with your McAfee product. Contents

About this guide

Find product documentation

About this guide

This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized.

Audience

McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

Conventions

This guide uses these typographical conventions and icons.

Book title, term,

emphasis Title of a book, chapter, or topic; a new term; emphasis. Bold Text that is strongly emphasized.

User input, code, message

Commands and other text that the user types; a code sample; a displayed message.

Interface text Words from the product interface like options, menus, buttons, and dialog boxes.

Hypertext blue A link to a topic or to an external website.

Note: Additional information, like an alternate method of accessing an

option.

Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,

software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardware

(6)

Find product documentation

After a product is released, information about the product is entered into the McAfee online Knowledge Center.

Task

1 Go to the McAfee ServicePortal at http://support.mcafee.com and click Knowledge Center.

2 Enter a product name, select a version, then click Search to display a list of documents. Preface

(7)

1

Product overview

McAfee®

Endpoint Security is a fully integrated security solution that protects servers, endpoint computer systems, laptops, and tablets against a full spectrum of threats. These threats include malware, suspicious communications, unsafe websites, and downloaded files. Endpoint Security intercepts threats, monitors overall system health, and reports detection and status information. The product can be installed on self-managed (standalone) systems or systems managed by these security management platforms:

• McAfee® ePolicy Orchestrator® (McAfee ePO™ ) version 5.1.1 • McAfee® ePolicy Orchestrator®

Cloud (McAfee ePO™

Cloud) version 5.2.0 • McAfee®

SecurityCenter Contents

What's in the product How the product works Security management options Where to go from here

What's in the product

McAfee Endpoint Security leverages a new, streamlined design that protects your systems with an arsenal of features optimized for efficiency, ease of use, and high performance.

The product includes automated installation and setup processes for multiple management environments, including management from the cloud.

(8)

Comprehensive protection

Endpoint Security provides a level of protection that previously required three separate products. Integrated modules work in tandem to protect systems from a wide range of threats from software, communications, and websites.

• McAfee®

Endpoint Security Threat Prevention (Threat Prevention) — Checks for viruses,

spyware, unwanted programs, and other threats by scanning items automatically when users access them or on demand.

Threat Prevention detects threats, then takes the actions that have been configured to protect systems. Based on McAfee®

VirusScan®

Enterprise. • McAfee®

Endpoint Security Firewall (Firewall) — Monitors communication between the

computer and resources on the network and the Internet. Intercepts suspicious communications. Based on McAfee®

Host Intrusion Prevention. • McAfee®

Endpoint Security Web Control (Web Control) — Displays safety ratings and reports

for websites during online browsing and searching. Blocks access to websites based on safety rating or content. Based on McAfee®

SiteAdvisor®

Enterprise.

Automated installation and deployment

A variety of installation methods ensures that you can select the level of automation or customization that best suits your needs.

• Automated wizards — Install and deploy the product with preconfigured, default settings and minimal interaction during installation.

• Customized options — Fine-tune the automated methods by configuring feature settings before deployment to managed systems. Specify installation features, such as installing silently, without user interaction.

• Single or multiple targets — Install on local systems or deploy remotely to all managed systems.

1

Product overview

(9)

How the product works

Endpoint Security detects, resolves, and logs information about detected threats. Software called McAfee®

Endpoint Security Client (the client software) is installed on each system to perform these tasks.

• For self-managed systems — A local system user installs the client software, customizes the features, and manages detections.

• For managed systems — Typically, an administrator installs the software on client computers, manages detections, and sets up security rules, called policies, that determine how product features work. Depending on the policies configured by the administrator, users might be able to customize some product features.

The role of the client software

Endpoint Security Client protects systems with regular upgrades, continuous monitoring, and detailed reporting.

1 It silently monitors all file input and output, downloads, program executions, inbound and outbound communications, visits to websites, and other system_{‑related activities on managed systems, then:} • Deletes or quarantines detected viruses.

• Removes potentially unwanted programs, such as spyware or adware. • Blocks or warns of suspicious activity, depending on product settings.

• Indicates unsafe websites with a color_{‑coded button or icon in the browser window or search} results page. These indicators provide access to safety reports that detail site-specific threats. • Blocks or warns of unsafe websites, depending on product settings.

(10)

2 It regularly connects to a local or remote McAfee ePO server or directly to a site on the Internet to check for:

• Updates to content files, which contain information that Endpoint Security uses to detect threats. These files are updated as new threats are discovered to ensure that systems are always protected against the latest threats.

• Upgrades to software components.

If new versions are available, the client software downloads them.

3 It logs security information for each managed system, including protection status and details about detections. Users can view this information in the client console on self-managed systems and on managed systems where policy settings are configured to allow it.

4 (Managed systems only) It regularly communicates with a security management server to: • Send logged security information.

• Receive new policy assignments.

The role of the security management platform

Administrators can use a network security management platform to manage security for all network systems from a centralized console.

If you're an administrator using a supported security management platform, you can perform these network security tasks:

• Deploy product software to managed systems.

• Manage and enforce network security using policy assignments and automated tasks.

• Update the product components and required security content to ensure that managed systems are secure.

• Create reports that display informative, user-configured charts and tables containing your network security data.

Management strategies vary according to the number and location of managed systems and the way they are used.

• Enterprise networks for industry and government typically employ a team of IT administrators to monitor and regulate security full time.

• Smaller businesses might ask an employee to dedicate an hour or two a week to monitoring security, subscribe to management software hosted on a server "in the cloud," or let individual users manage security on their own systems.

Endpoint Security adapts to any of these environments.

1

(11)

Security management options

Endpoint Security adapts to various users and settings by supporting multiple security management options. Select the right type of management for your needs based on your network's resources, the number and location of the managed systems, and the way systems are used.

Self-managed systems

On systems not managed with a security management platform, Endpoint Security: • Supports desktops and laptops.

• Requires no management server or server-side components. • Is installed on the local system by local users.

• Is configured and managed from the client console on the local system.

Managed systems

Endpoint Security supports these features on managed systems:

Features Security Management Platform

McAfee ePO McAfee ePO Cloud SecurityCenter System support

Servers, desktops, laptops, and tablets Yes Yes Yes Located on premise with the management

server Yes* No No

Installation

Administrators install server-side components Yes No No Administrators can install client software

remotely to multiple systems Yes Yes No**

Users can install client software on local

systems with a URL Yes Yes Yes

Management

Administrator uses console Network-based Web-based Web-based Users use local client console (Optional) Yes Yes Yes

* Can also manage remote devices ** Requires third-party deployment tools

Self-management

Install and manage the product directly on a local system that is not connected to a network or managed from a centralized security management platform.

In this case, users run the installation wizard directly on the local system. After installation is

complete, they can manage the security settings and product features directly from the client console. For example, they can schedule scans, view reports, and check for updates as needed.

(12)

Management with McAfee ePO

Use McAfee ePO to deploy and manage the product on systems located at sites with local McAfee ePO servers and at remote sites managed by those servers. In this case, one or more administrators typically manage the server and the network systems where the product is installed.

McAfee ePO was designed for large enterprise networks, and includes new features to facilitate ease of use and to enhance extensibility for many network configurations.

Managed systems follow the classic client-server model, in which they call into the management (McAfee ePO) server for instructions. (To facilitate this call, a McAfee Agent is deployed to each system in the network. Once an agent is deployed to a system, the system can be managed by McAfee ePO, and client software for managed products can communicate with the server.)

The following figure shows how Endpoint Security integrates into a secure McAfee ePO environment.

1 The administrator sets up the McAfee ePO server-side components, then deploys the McAfee Agent to managed systems.

The McAfee ePO database stores all data about the managed systems on the network, including: • System properties

• Policy information • Directory structure

• Threat events (information about detections)

• All other relevant data that the server needs to keep managed systems up to date

1

(13)

The McAfee Agent deployed to each system facilitates: • Policy enforcement

• Product deployments and updates • Reporting on managed systems

2 The administrator deploys Endpoint Security Client to managed systems.

3 The McAfee ePO server connects to the McAfee update server to pull down the latest security content.

The McAfee update server hosts the latest security content, so the McAfee ePO software can pull the content at scheduled intervals.

4 Agent-server secure communication (ASSC) occurs at regular intervals between the systems and the McAfee ePO server. Then:

• McAfee ePO sends any available new policy assignments or product updates for Endpoint Security Client to the managed systems. This communication occurs shortly after the client software is installed and at regular intervals thereafter.

• Endpoint Security Client sends the security information it has logged to the server.

5 The administrator logs on to the McAfee ePO console to perform security management tasks, such as running queries to report on security status or working with managed software security policies.

Management with McAfee ePO Cloud

Use McAfee ePO Cloud to deploy and manage the product on systems located at sites that do not have their own management server. In this case, McAfee hosts the server.

McAfee ePO Cloud was designed for small and medium networks that do not have a dedicated security management team or infrastructure in place. McAfee sets up the McAfee ePO Cloud server and

database "in the cloud," creates an account, makes products available to install on managed systems, and sends logon credentials to an account administrator.

Managed systems follow the classic client-server model, in which they call into the management (McAfee ePO Cloud) server for instructions. (To facilitate this call, a McAfee Agent is deployed to each system in the network. Once an agent is deployed to a system, the system can be managed by McAfee ePO Cloud, and client software for managed products can communicate with the server.)

(14)

The following figure shows how Endpoint Security integrates into a secure McAfee ePO Cloud environment.

1 McAfee sets up the server-side components "in the cloud," including the McAfee ePO Cloud server and database, then sends the URL and logon information to the administrator.

2 The McAfee ePO Cloud server connects to the McAfee update server to pull down the latest security content.

The McAfee update server hosts the latest security content, so the McAfee ePO Cloud software can pull the content at scheduled intervals.

3 The administrator uses a browser to log on to McAfee ePO Cloud, creates an installation URL, and sends it to users along with instructions for installing on their systems.

The URL installs the McAfee Agent (if it is not already installed) and Endpoint Security Client. The system communicates back to McAfee ePO Cloud and is then managed and protected by McAfee ePO Cloud.

4 Agent-server secure communication (ASSC) occurs at regular intervals between the systems and the McAfee ePO server. Then:

• McAfee ePO Cloud sends any available new policy assignments or product updates for Endpoint Security Client to the managed systems. This occurs shortly after the client software is installed and at regular intervals thereafter.

• Endpoint Security Client sends the security information it has logged to the server.

5 The administrator uses a browser to log on to McAfee ePO Cloud and perform security management tasks, such as running queries to report on security status or configuring managed software

security policies.

Management with the SecurityCenter

Use the McAfee SecurityCenter administrative website to deploy and manage the product on systems managed with a subscription to McAfee small and medium business products, such as McAfee®

SaaS

1

(15)

Endpoint Protection or McAfee®

Security-as-a-Service (McAfee SaaS). In this case, McAfee or another service provider hosts the management server at a remote location.

Products managed with the SecurityCenter were designed for hands-off, fully automated security management in small businesses. Newer features enable greater administrative oversight and provide viewing options for larger numbers of managed systems.

Like the McAfee ePO Cloud environment, the SecurityCenter management server and database are located "in the cloud." McAfee or another service provider sets up each account, then sends information for logging on and installing the product to the administrator.

Typically, an administrator receives a summary of the account's protection status in weekly status emails sent by McAfee or another service provider — in many cases, no other action is required. Administrators who want to be more proactive can log on to the SecurityCenter to manage detections and policies.

The SecurityCenter can also send security information to a McAfee ePO account, where the administrator can view it in reports. (Requires the McAfee Security-as-a-Service extension.)

1 McAfee or another service provider sets up the server-side components "in the cloud" and sends the installation URL and logon information to the administrator, who then sends the URL to users with instructions for installing the client software on local systems.

2 The client software downloads the latest content (threat information) files from an update server. It also checks for policy assignments from the SecurityCenter.

3 The client software uploads security information about each managed system to the SecurityCenter for use in status emails and administrative reports.

(16)

4 (Optional) If the account includes McAfee SaaS protection services, they run on separate servers and report security information to a SaaS protection portal for use in status emails and

administrative reports. The administrator can view the reports using the SecurityCenter.

5 The administrator checks a weekly status email sent by McAfee or another service provider. It contains information reported to the SecurityCenter by the client software.

6 (Optional) The administrator uses a web browser to log on to the SecurityCenter and view detection reports or configure policies and assign them to managed systems.

7 (Optional) The administrator downloads and installs the McAfee Security-as-a-Service extension, then views basic SecurityCenter detection and status data in the McAfee ePO security management console. (Not available for McAfee ePO Cloud accounts.)

Where to go from here

This guide explains how to install the product on centrally managed and self-managed systems. When you are ready to begin, follow this process.

1 Check the information in Chapter 2 to ensure that your systems and environment meet the requirements to install and run the product.

2 Follow the instructions in the chapter for your management environment.

To install on systems managed with... Go to...

McAfee ePO or McAfee ePO Cloud Chapter 3

McAfee SecurityCenter Chapter 4

Self-management (no security management platform) Chapter 5

3 See Chapter 6 for reference or troubleshooting information.

1

(17)

2

Pre-installation

Your managed systems must have specific hardware and software to run McAfee Endpoint Security. Review these requirements and recommendations before installing your Endpoint Security software to make sure that your installation is successful.

Contents

Hardware requirements and recommendations Supported operating systems

Supported Internet browsers

Supported security management platforms Other virus detection and firewall software Preconfiguring the product

Upgrading an existing version of the product Are you ready to install?

Hardware requirements and recommendations

Make sure that each system you want to protect conforms to these requirements and recommendations before installing Endpoint Security.

• Intel Pentium processor or compatible architecture

Check the Microsoft website for requirements that are specific to each operating system. For example, Windows Small Business Server 2011 requires at least a Quad core, 2 GHz 64-bit (x64) processor.

• Microsoft mouse or compatible pointing device • 256-color or higher VGA monitor

• A CD-ROM drive or Internet connection from which you can install or download software.

(18)

Supported operating systems

Endpoint Security protects both servers and workstations. The systems where you want to install the client software must be running a supported Microsoft Windows operating system.

Client operating systems

One of these supported operating systems must be running on workstations where you install the client software.

• Windows 8.1 Update 1

• Windows 8 (not including Windows RT edition) • Windows 7

• Windows Vista

• Windows XP Professional with Service Pack 3 (32-bit) • Windows Embedded 8: Pro, Standard, Industry • Windows Embedded Standard 7

• Windows Embedded for Point of Service (WEPOS)

Microsoft has announced that the End of Extended Support for Windows XP SP3 is April 8, 2014. For details, see http://windows.microsoft.com/en-us/windows/products/lifecycle. McAfee continues to support its current versions of Enterprise Endpoint products on Windows XP SP3 beyond April 8, 2014 for a limited time, as long as it is technically and commercially reasonable for us to do so, and there is no external dependency. For example, if a McAfee product requires Microsoft to provide a fix and Microsoft does not provide the fix, then McAfee cannot support the product any longer. See the KnowledgeBase article

KB78434 for details.

Server operating systems

One of these supported operating systems must be running on servers where you install the client software.

• Windows Server 2012, 2012 R2, and 2012 R2 Update 1: Essentials, Standard, Datacenter (including Server Core mode)

• Windows Server 2008 and 2008 R2: Standard, Datacenter, Enterprise, Web (including Server Core mode)

• Windows Storage Server 2008 and 2008 R2 • Windows Small Business Server 2011 • Windows Small Business Server 2008

• Windows Small Business Server 2003 and 2003 R2 • Windows Embedded Standard 2009

• Windows Point of Service Ready 2009 • Windows Point of Service 1.1

2

Pre-installation

(19)

Supported Internet browsers

Product features have been verified to function correctly on these versions of popular browsers. URL installation requires one of these browsers and an Internet connection.

• Microsoft Internet Explorer (versions 7, 8, 9, 10, and 11) • Mozilla Firefox (versions 3.0 through 28)

• Google Chrome (versions 4.0 through 34)

The installation wizard works with the default security level for Internet Explorer. For other browsers, select a security level that enables Javascript. See the web browser's documentation for instructions on configuring the security level if you must change it.

Supported security management platforms

If you plan to manage security for network systems, there must be a supported management platform set up, and the network systems must be placed under its management.

Make sure that your environment meets these requirements for the management platform:

Management

platform Requirements

McAfee ePO An administrator has:

• Installed McAfee ePO version 5.1.1.

• Deployed version 5 of the McAfee Agent to managed systems. See the McAfee ePO installation guide for instructions.

McAfee ePO Cloud _{• McAfee or another service provider has set up your account, installed} server-side components, and sent you logon credentials.

• An administrator has deployed version 5 of the McAfee Agent agent to managed systems.

See the McAfee ePO Cloud installation guide for instructions. SecurityCenter An administrator:

• Has logon credentials for an administrative SecurityCenter account. • Is using it to manage the network systems where McAfee SaaS Endpoint

Protection is installed.

(20)

Other virus detection and firewall software

It is not necessary to uninstall existing virus detection and firewall products on managed systems before installing Endpoint Security. The installation wizard detects these products and resolves most conflicts automatically.

• If the Windows firewall is enabled — The wizard disables the Windows firewall automatically to prevent conflicts.

• If incompatible virus detection or firewall software is installed — The wizard attempts to uninstall the software. If it can't, it prompts the user to cancel the installation, uninstall the incompatible software manually from the Windows Control Panel, then resume the installation. Installation resumes where it left off.

The user might be prompted to reboot the system after uninstalling firewall software. • If McAfee Host Intrusion Prevention or McAfee®

Deep Defender™

is installed — You must remove these conflicting products manually or with a client task before installing Endpoint Security.

When running the standalone installer, you can use the /override"hips" SETUP command-line option to remove Host Intrusion Prevention before installing Endpoint Security.

Preconfiguring the product

You can customize settings for product features before deploying the product to managed systems. This customization enables you to meet specific requirements, for example, in environments with security compliance standards. Preconfigured policy settings take effect upon installation.

McAfee preconfigures features with default settings that protect systems in medium-risk environments. These settings ensure that the system can access important websites and applications until the user has a chance to revise the settings.

To preconfigure product features, first create a policy and configure it with the settings required for your environment. Then assign this policy to managed systems when you deploy the client software. See your management platform's product guide for instructions about configuring and assigning policies. See the Endpoint Security product documentation for information about the features you can configure.

When preconfiguring product features, McAfee recommends that you configure the following information:

• Where and how managed systems get updates. • When managed systems check for updates.

• Access to required websites and applications without interruption.

2

(21)

Upgrading an existing version of the product

If you plan to install on a system where a previous version of the product is installed, your policy settings are not saved.

You must ensure that any settings you configured previously and want to keep are duplicated in the new policy settings. Make a note of those settings to use as reference when you configure them for the new product.

We do not support the automatic upgrade of a pre-release software version. To upgrade to a production release of the software, you must first uninstall the existing version.

In managed environments, you can preconfigure policy settings before deploying the product. In any environment, you can fine-tune the feature settings after installing the product.

McAfee preconfigures features with default settings that protect systems in medium-risk environments. These settings ensure that the system can access important websites and applications until the user has a chance to revise the settings.

Products that upgrade

Endpoint Security upgrades these existing products.

• On McAfee ePO, McAfee ePO Cloud, or self-managed systems: • McAfee VirusScan Enterprise, versions 8.7 and 8.8

• McAfee SiteAdvisor Enterprise, versions 3.0 and 3.5 • On SecurityCenter systems:

• McAfee SaaS Endpoint Protection, version 6.0.x

If you have configured policy settings for these products on managed systems, such as scheduled scans, trusted connections, and blocked websites, you can also configure them with Endpoint Security policy settings.

1 Create a policy and configure it with the settings you currently use.

2 Assign this policy to managed systems when you deploy the client software.

See your management platform's product guide for instructions about configuring and assigning policies. See the Endpoint Security product documentation for information about the features you can configure.

Conflicting products

You must remove these conflicting McAfee products manually or with a client task before installing Endpoint Security.

• Deep Defender

• Host Intrusion Prevention

When running the standalone installer, you can use the /override"hips" SETUP command-line option to remove Host Intrusion Prevention before installing Endpoint Security.

See the product documentation for instructions about uninstalling these products. See SETUP

command-line options (complete listing) in Chapter 6 for more information about using the SETUP

utility.

(22)

Are you ready to install?

When you finish these steps, you are ready to begin installation.

These components... Meet these requirements

All systems where you want to

install the product • Hardware components meet or exceed minimum requirements. • Supported Windows operating system is installed.

• Supported web browser is installed.

Managed systems only Required agent or software is installed and communicating with the management server.

Management server • Supported management platform is installed.

• (Optional) You have preconfigured policy settings for product features as needed.

Where to go from here

To install the product, follow the instructions in the chapter for your management environment.

For systems managed with... Go to...

McAfee ePO Chapter 3

McAfee SecurityCenter Chapter 4

Self-management (no security management platform) Chapter 5

(23)

3

Installation for systems managed with

McAfee ePO and McAfee ePO Cloud

Use this information to install the product on systems managed with McAfee ePO and McAfee ePO Cloud.

Contents

Installation overview

Install the product files on the management server Deploy to multiple systems with deployment tasks Install on local systems with an installation URL Verify the installation

Uninstall from systems managed with McAfee ePO or McAfee ePO Cloud

Installation overview

In McAfee ePO and McAfee ePO Cloud environments, administrators can deploy the product software remotely to managed systems or ask users to install it locally. For McAfee ePO, they must also install product software on the management server.

The primary differences in managing the two environments are:

• McAfee ePO — Administrators install product components on the management server, then they typically configure feature settings and deploy the client software to multiple managed systems using deployment tasks.

• McAfee ePO Cloud — McAfee or another service provider sets up each McAfee ePO Cloud account on an offsite management server and notifies the local administrator when products are ready to install on managed systems. Local administrators then typically create and send an installation URL to users for installation on local systems.

In McAfee ePO Cloud environments, you must have administrative logon credentials for a McAfee ePO Cloud account before installing the product. McAfee or your service provider sends these to you in an email. If you have not previously activated and configured an account, see the McAfee ePO Cloud product guide for instructions.

Endpoint Security supports both URL installation and deployment tasks in either environment. As an administrator, you can choose the method that best suits your needs.

1 Ensure that all managed systems meet the requirements described in Chapter 2, Pre-installation.

2 Open the management console. (Open your web browser and log on to your McAfee ePO or McAfee ePO Cloud account.)

3 (McAfee ePO only) Install the product files on the McAfee ePO server.

4 (Optional) Configure basic options as needed.

(24)

5 Deploy the client software with default or custom settings to managed systems in one of these ways.

• Remotely to multiple managed systems — Run product deployment tasks that deploy to managed systems automatically. (This is the preferred installation method for McAfee ePO systems.)

• Locally on managed systems — Create an installation URL, then email it to users with instructions about installing the product on their systems. (This is the preferred installation method for McAfee ePO Cloud systems.)

6 Verify that the client software is installed and up to date on all managed systems.

Install the product files on the management server

In McAfee ePO environments only, install server-side components for Endpoint Security on the McAfee ePO server as the first step in the installation process.

Before you begin

Your network security management platform must meet the requirements described in Chapter 2.

This task installs two types of product components on the management server:

• Product management extensions — Add Endpoint Security Client management features (such as queries, client tasks, and online Help) to the McAfee ePO server. These enable you to manage the product from the console.

• Product deployment packages — Add Endpoint Security Client software files to the Master Repository, which you can deploy to managed systems.

Task

For option definitions, click ? in the interface.

1 On the security management console, click Menu | Dashboards, then select Guided Configuration from the drop-down list.

2 On the Guided Configuration screen, click Begin.

3 Click Software Selection, then:

a Under the Software Not Checked In product category, click Licensed to display available products.

b In the Software table, select the product you want to check in. The product description and all

available components are displayed in the table below.

c Click Check In All to check in product extensions to your McAfee ePO server, and product packages to your Master Repository.

When installation is complete, the extensions are listed on the Extensions page and the packages are listed in the Master Repository.

You can now deploy the product to managed systems.

(25)

Deploy to multiple systems with deployment tasks

Automated tasks simplify the processes for deploying the client software to managed systems. This method deploys remotely from the security management console and does not require any user assistance.

• The systems where you want to install the product must meet the requirements described in Chapter 2.

• In a McAfee ePO environment, you must have installed the product's server-side components on the McAfee ePO server.

• In a McAfee ePO Cloud environment, you must have administrative logon credentials for a McAfee ePO Cloud account. McAfee or your service provider sends these in an email.

Task

You can use two types of automated tasks to deploy product software to multiple managed systems:

product deployment tasks and client tasks. Product deployment tasks are simpler to set up, and this

guide explains the process. See the McAfee ePO or McAfee ePO Cloud product guide for more information about configuring and running product deployment tasks and client tasks.

1 On the security management console, click Menu | Software | Product Deployment.

2 On the Product Deployment page, click New Deployment.

3 On the New Deployment page, configure these settings, then click Save at the top of the page.

Option Description

Name and

Description Type a name and description for this deployment.

This name appears on the Deployment page after the deployment is saved.

Type From the list, select the type of deployment. • Fixed — Deploys only to the selected systems.

• Continuous — Deploys to systems based on System Tree groups or tags. This option allows these systems to change over time as they are added or removed from the groups or tags.

If you want to automatically install product updates when they are available, select

Auto Update. This option deploys the hotfixes and patches for your product

automatically.

Package From the list, select McAfee Endpoint Security.

Language and

Branch If needed, select the Language and Branch, if not using the defaults.

Command line In the text field, specify a command line with installation options for the module you are installing. These options are supported:

• /INSTALLDIR="install_path" • /l"install_log_path" • /l*v"install_log_path" • /nocontentupdate

See SETUP command-line options (McAfee ePO and McAfee ePO Cloud deployment

tasks) in Chapter 6 for option descriptions.

Installation for systems managed with McAfee ePO and McAfee ePO Cloud

(26)

Option Description Select the

systems Click Select Systems to open the System Selection dialog box and select the systemswhere you want to deploy the client software. If needed, configure the following:

• Run at every policy enforcement (Windows only)

• Allow end users to postpone this deployment (Windows only) • Maximum number of postponements allowed

• Option to postpone expires after • Display this text

Select a start

time Select a start time or schedule for your deployment:_{• Run Immediately — Starts the deployment task the next time the systems check for}

updates from the management server.

• Once — Opens the scheduler so you can configure the start date, time, and randomization.

The Product Deployment page opens with your new project added to the list of deployments. Also, a client task is automatically created with the deployment settings.

4 Check the status of the deployment on the Product Deployment page.

Click the deployment task in the list on the left side of the page to display its details on the right side of the page.

See also

SETUP command-line options (McAfee ePO and McAfee ePO Cloud deployment tasks) on page 45

Install on local systems with an installation URL

Typically, McAfee ePO Cloud administrators create an installation URL that can be used to install Endpoint Security Client on managed systems.

They can:

• Use this URL to install the client software locally on their own system.

• Send this URL to users with instructions for installing the client software on their local systems. McAfee ePO also supports URL installation.

Tasks

• Create an installation URL on page 27

Create a URL for installing the client software on a local system. Then use it to install the client software on your own local system or send it to end users to install the client software on their systems.

• Install with an installation URL on page 28

Install the product on a local system with an installation URL.

(27)

Create an installation URL

Create a URL for installing the client software on a local system. Then use it to install the client software on your own local system or send it to end users to install the client software on their systems.

• In a McAfee ePO environment, the product extensions must be installed on the McAfee ePO server, and the product content must be available in the Master Repository.

• In a McAfee ePO Cloud environment, you must have administrative logon credentials for a McAfee ePO Cloud account. McAfee or your service provider sends these to you in an email.

Task

1 Open the security management console and begin the deployment in one of these ways.

On this

platform... Perform these steps...

McAfee ePO 1 Open your browser and log on to McAfee ePO.

2 Click Menu | Dashboards, then click Getting Started with ePolicy Orchestrator.

The product modules installed on managed systems are listed under Product.

3 Click Start Deployment.

The Product Deployment page opens.

McAfee ePO Cloud 1 Open your browser and log on to McAfee ePO Cloud.

2 Click Menu | Dashboards, then click Getting Started with ePolicy Orchestrator.

The product modules installed on managed systems are listed under Product. The Welcome to McAfee Security page opens.

2 Create an installation URL with default or custom settings.

(28)

To do this... In McAfee ePO In McAfee ePO Cloud Deploy all product modules with their default security settings • Click Deploy.

The Welcome to ePolicy Orchestrator page displays the software deployment URL.

• Click Install Protection on Other Computers. A page displays the software deployment URL.

Customize the

deployment 1 Click Customize.

2 Configure these settings:

• Group Name — Select the default group name or enter a custom group name.

• Operating System — Select McAfee Agent

for Windows.

• Software and Policies — Select McAfee

Endpoint Security product modules to

install and, if needed, click McAfee

Default Policies and Tasks to select an

alternative preconfigured policy. • Auto Update — Specify whether to

download the latest version of the software automatically whenever an update occurs.

3 Click Deploy.

A page displays the software deployment URL.

1 Click Customize Installation.

2 Configure these settings, then click

Done:

• Group Name — Select the default group name or enter a custom group name. • Operating System — Select McAfee Agent for

Windows.

• Software and Policies — Select McAfee

Endpoint Security product modules to

install and, if needed, click McAfee

Default Policies and Tasks to select an

alternative preconfigured policy. • Auto Update — Specify whether to

download the latest version of the software automatically whenever an update occurs.

3 Click Install Protection on Other Computers. A page displays the software deployment URL.

3 (McAfee ePO Cloud only) Install the product on your local system using one of these methods: • Click Install Protection on This Computer.

• Copy and past the URL into a new browser window. A window opens with a web-based installation wizard.

4 Send the URL to users.

a Copy this URL to a text file, then click OK to close the dialog box.

b Send the URL in an email message with any special instructions for installing on local systems.

Install with an installation URL

Install the product on a local system with an installation URL. Before you begin

• The system where you install the product must meet the requirements described in Chapter 2.

• You must have an installation URL that you created or received from your administrator.

(29)

Task

1 Open a web browser window and paste in the installation URL.

2 Follow the instructions on the screen to install. If the installation does not start automatically, click

Install.

• Click Run if prompted to run or save.

• Click Run if prompted to verify the installation.

A dialog box displays the progress of the installation and indicates when it is complete. If needed, you can click Cancel to stop the installation.

The installation log, McAfeeSmartInstall_<date>_<time>.log, is saved in <LocalTempDir> \McAfeeLogs (for example, C:\Windows\Temp\McAfeeLogs).

Verify the installation

After deployment, verify that the client software installed and updated correctly on managed systems. Task

1 Wait for client systems to report back to the security management platform (typically after an hour).

2 On the security management console, click Menu | Dashboards, then select Endpoint Security: Installation

Status for a complete listing of the managed systems where the software was installed and their

status.

After a URL installation, the list of systems matches the list of users you sent the installation URL to.

Uninstall from systems managed with McAfee ePO or McAfee

ePO Cloud

You can remove product modules from managed systems remotely from the management console or locally at the managed system. You might do this for testing or before reinstalling the client software.

If you uninstall the client software, the managed system is no longer protected against threats. We recommend that you reinstall as soon as possible.

Task

• Remove the client software using one of these methods.

(30)

To uninstall... Do this...

From multiple systems remotely

Run a product deployment task:

1 On the security management console, click Menu | Policy | Product Deployment.

2 Duplicate the task you used to install the product modules, then specify

Remove as the Action.

3 After the task has completed, verify that the client software was uninstalled from the selected systems. Click Dashboards, then select Endpoint Security:

Installation Status.

See the McAfee ePO or McAfee ePO Cloud product guide for more information about using product deployment tasks.

At the local managed system

Uninstall from the Windows Control Panel:

1 Open the Windows Control Panel, then go to the Uninstall Programs screen.

2 In the list of programs, select each product module, then click Uninstall. • McAfee Endpoint Security Firewall

• McAfee Endpoint Security Threat Prevention • McAfee Endpoint Security Web Control

3 If prompted, enter a password for each module.

If you do not know the password, ask your administrator for assistance.

(31)

4

Installation for systems managed with

the McAfee SecurityCenter

Use this information to install the product on systems managed with the McAfee SecurityCenter. Contents

Installation overview for systems managed with the SecurityCenter Install on local systems with an installation URL

Deploy silently to local systems

Verify the installation on the SecurityCenter

Uninstall from systems managed with the SecurityCenter

Installation overview for systems managed with the

SecurityCenter

The SecurityCenter is hosted on a remote server "in the clouds," and a local administrator manages security for network systems. As a local administrator, you need only to install the client software and configure custom settings, if needed.

McAfee or another service provider sets up the management server offsite and notifies you when products are ready to install on managed systems. You then create and send an installation URL to users for installation on local systems. You can also deploy the client software to managed systems silently without notifying users.

You must have administrative credentials for a SecurityCenter account. McAfee or your service provider sends these to you in an email.

1 Ensure that all managed systems meet the requirements described in Chapter 2, Pre-installation.

2 Open your web browser and log on to your SecurityCenter account.

3 (Optional) Configure basic options (groups and policies).

4 Install the client software on the administrative system. This is the system you will use to monitor security status for managed systems.

5 Deploy the client software with default or custom settings to managed systems in one of these ways.

• Locally on managed systems — Create an installation URL, then email it to users, along with instructions about installing the product on their systems.

• Silently — Deploy the client software with no user interaction.

6 Verify that the client software is installed and up to date on all managed systems.

(32)

Install on local systems with an installation URL

Typically, administrators create an installation URL that can be used to install Endpoint Security locally on managed systems. They send this URL to users with instructions.

Tasks

• Install on the administrative system on page 32

Install the product directly on the system you use to manage your network's computers with the SecurityCenter.

• Send an installation URL to other managed systems on page 32

As an administrator, you can obtain the company-specific installation URL in two ways. • Install with an installation URL on page 33

Install the client software with an installation URL that your administrator has sent to you.

Install on the administrative system

Install the product directly on the system you use to manage your network's computers with the SecurityCenter.

Task

• At the administrative computer, install using one of these methods.

If you want to Perform these steps

Install all modules in your subscription with their default settings

1 Open the welcome email that contains the installation URL.

2 Click the installation URL or copy and paste it into a web browser. Specify custom settings or

install from the SecurityCenter

1 In your web browser, log on to the SecurityCenter.

2 From the Dashboard or Computers page, click Install Protection.

3 Select the appropriate options:

• The group in which to place the client computers • The policy to assign to the computers

• The product modules to install • The language for the software

4 Click Install on this computer.

Send an installation URL to other managed systems

As an administrator, you can obtain the company-specific installation URL in two ways. Before you begin

(33)

• When you subscribe to Endpoint Security, you receive an email message containing the installation URL that has been set up for your company. This URL installs the products you have subscribed to into your account’s default group in its default language. You can copy this URL to an email message and send it to other managed systems at your company.

• You can log on to the SecurityCenter and create a custom URL to send to users. This enables them to install selected products in a designated group and language.

Follow these steps to create a custom installation URL and send it to users. Task

3 Select Obtain a URL for installing on other computers.

4 Select the appropriate options:

• The group in which to place the client computers • The policy to assign to the computers

• The protection services to install • The language for the software

5 Click Get URL.

A custom URL is displayed, along with simple instructions for users.

6 Click Select Text and Copy to Clipboard, then click Email.

An email message opens. The text and URL you copied appear in the message.

7 Type email addresses into the message, revise the instructions if needed, then click Send.

Install with an installation URL

Install the client software with an installation URL that your administrator has sent to you. Before you begin

The system where you install the product must meet the requirements described in Chapter 2.

When installation is complete, the product downloads the content (threat definition) files in the background. You don't have to wait for a lengthy download to complete.

The managed system is not fully protected until the product content files are downloaded. Do not turn off the managed system or disconnect the Internet connection until the download is complete. Task

1 Open the email message containing the URL on the managed system.

2 Select the URL or copy and paste it in a browser window to begin installation.

When entering the URL in a browser, make sure to enter the entire URL without spaces. Installation for systems managed with the McAfee SecurityCenter

(34)

3 Type your email address in the Email or identifier field, and click Continue.

The information entered here identifies the managed system in reports. If reports indicate a problem with the managed system, the administrator uses the email address to notify the person who uses the managed system. If you do not enter an email address, it is important that the administrator knows the correct contact information.

4 When prompted, click Install.

5 In the File Download dialog box, click Run.

6 Click Yes or Continue if you are prompted to allow the software to make changes to your managed system.

Deploy silently to local systems

You can run the VSSETUP utility to install the client software on managed systems with no user interaction.

Tasks

• Install with silent installation on page 35

Use this task to install the client software silently to a local managed system from an administrative system.

• Designate a relay server on page 35

Specify whether a managed system functions as a relay server.

Overview of silent installation

Silent installation uses the VSSETUP utility.

1 Download the utility from the SecurityCenter.

2 Deploy to each system where you want to install the client software.

3 _{On the local system, open a Command Prompt window and run the VSSETUP command using the}

appropriate command-line options.

Requirements for silent installation

Make sure that you meet these requirements before using the silent installation method.

• You must have a method for installing executable files on your network computers. For example: • A third-party deployment tool, such as Novell NAL, ZenWorks, Microsoft Systems Management

Server (SMS) installer, or Tivoli IT Director. • A login script.

• A link to an executable file in an email message. • A portable medium such as a CD.

• You must run this program using an account with sufficient rights to install the product. Typically local administrator rights are required, and some methods require remote execution rights. • You must know your company key (the series of characters in the installation URL after the

characters CK=). The company key appears on the Product Installation page and the Keys tab of the My

Licenses page in the SecurityCenter.

(35)

Install with silent installation

Use this task to install the client software silently to a local managed system from an administrative system.

• You must have administrative credentials for a SecurityCenter account.

• The systems where you install the software must meet the requirements described in Chapter 2.

Task

3 Select Desktop protection, then click Next.

4 Under Additional Installation Options | Select advanced options, click Silent install.

5 Select a language, select the correct version of the utility, then click Download.

32-bit Windows VSSETUP_X86.EXE

64-bit Windows VSSETUP_X64.EXE

6 Deploy the program to each client computer using your customary deployment tool.

7 Open a command prompt on a client computer and run this command: • 32-bit Windows:

VSSETUP_X86.EXE /CK=<your company key> /<parameters> • 64-bit Windows:

VSSETUP_X64.EXE /CK=<your company key> /<parameters> As shown, you must include your company key (CK) as a parameter.

On the Install Protection page, click More to display your company key and a link to a list of

command-line options for VSSETUP. Your company key also appears on the Keys tab of the My Licenses page in the SecurityCenter. For a list of command-line options, see Chapter 6.

See also

VSSETUP command-line options (SecurityCenter systems) on page 48

Designate a relay server

Specify whether a managed system functions as a relay server.

Relay servers retrieve updates directly from the McAfee update site, then make them available to managed systems that do not have an Internet connection.

Installation for systems managed with the McAfee SecurityCenter

(36)

Task

• Use a VSSETUP command-line option to specify whether a computer is a relay server.

To do this... Use this parameter

During installation, specify that a

managed system is a relay server VSSETUP_86.EXE /RelayServer=1 or

VSSETUP_64.EXE /RelayServer=1

If you do not specify this option, the default is 0 and the computer is not a relay server.

Modify an existing installation to specify

that a managed system is a relay server VSSETUP_86.EXE /SetRelayServerEnable=1 or

VSSETUP_64.EXE /SetRelayServerEnable=1 Modify an existing installation to specify

that a managed system is not a relay server

VSSETUP_86.EXE /SetRelayServerEnable=0 or

VSSETUP_64.EXE /SetRelayServerEnable=0

Verify the installation on the SecurityCenter

Check the SecurityCenter to verify that the product installed and updated correctly on managed systems.

Task

1 Wait for managed systems to report back to the SecurityCenter (typically about 20 minutes).

3 Click Computers to open the Computers page.

Check that each managed system appears in the listing. Check that a current date is listed under

Last Connect and DAT Date. Red entries in these columns indicate that the managed system is out of

date and needs to run an update.

Uninstall from systems managed with the SecurityCenter

You can remove product modules locally from a managed system. You might do this for testing or before reinstalling the client software.

If you uninstall the client software, the managed system is no longer protected against threats. We recommend that you reinstall as soon as possible.

(37)

Task

1 Open the Windows Control Panel, then go to the Uninstall Programs screen.

2 In the list of programs, select each product module, then click Uninstall. • McAfee Endpoint Security Firewall

• McAfee Endpoint Security Threat Prevention • McAfee Endpoint Security Web Control

3 If prompted, enter a password for each module.

By default, the password is the company key for your account. To change or view the password, go to the Client Settings policy page in the SecurityCenter, or ask your administrator for assistance.

Installation for systems managed with the McAfee SecurityCenter

(38)

(39)

5

Installation for self-managed systems

Use this information to install the product on systems that are not managed by a centralized network management tool.

Contents

Installation overview for self-managed systems Install with the installation wizard

Install from the command line Verify the installation

Uninstall from a self-managed system

Installation overview for self-managed systems

Local system users perform these high-level tasks to install the product on self-managed systems.

1 Ensure that the system meets the requirements described in Chapter 2, Pre-installation.

2 Copy the product files to the self-managed system.

Depending on how you purchased the product, you might need to download product files from a download site or copy them from a CD or DVD.

3 Launch the installation wizard, then follow the instructions in the wizard to install the product.

4 Verify that the client software is installed and up to date.

Install with the installation wizard

The installation wizard automates much of the process for installing the product on self-managed systems.

The systems where you install the product must meet the requirements described in Chapter 2.

(40)

Task

1 Obtain your copy of the product software, then launch the installation wizard on the self-managed system.

For this product

format... Perform these steps...

Download Download the Endpoint Security .zip file, unzip the contents of the file, then double-click setupEP.exe.

If you purchase the product online, McAfee or another provider sends instructions and a URL for downloading the product.

CD or DVD Insert the CD into a drive, open the contents, then double-click setupEP.exe. If there is a product license number on the CD label or packaging, make sure that you have a copy for reference.

2 On the License Agreement page, click Accept.

3 Resolve any conflicts detected by the wizard.

The wizard attempts to uninstall conflicting virus-detection and firewall software products automatically. If it can't, it prompts you to uninstall them manually, then prompts you to reboot. • If you reboot immediately, installation resumes after the system restarts.

• If you reboot later, run the installation wizard again at your earliest convenience.

4 On the Install Options page, select the modules to install.

Install all product modules that you purchased with their default settings, or select options to customize your installation.

5 Click Install.

The wizard displays a notification when installation is complete. A dialog box shows the progress of the installation and notifies you when it is complete. You can cancel the installation at any time, if needed.

6 Click Finish to close the wizard.

See also

Other virus detection and firewall software on page 20

Install from the command line

You can run the installation wizard from the command line, which lets you select additional options, such as silent installation. (By default, installation is interactive.)

The system where you install the product must meet the requirements described in Chapter 2.