• No results found

About Help Desk. McAfee Help Desk 2.0 Software. Product Guide. Functions of McAfee Help Desk software. Quarantine release.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "About Help Desk. McAfee Help Desk 2.0 Software. Product Guide. Functions of McAfee Help Desk software. Quarantine release."

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

About Help Desk

McAfee® Help Desk is an extension installed in McAfee® ePolicy Orchestrator® (McAfee ePO). Administrators use McAfee Help Desk to issue challenge/response keys for uninstalling protected applications, removing files from quarantine, and temporarily bypassing security policies when there is a legitimate business need.

McAfee Help Desk version 2.0 works with: • McAfee ePolicy Orchestrator 4.5 and later

• McAfee® Data Loss Prevention Endpoint 9.2 and later • McAfee® Client Proxy 1.0.0.203 and later

Functions of McAfee Help Desk software

McAfee Help Desk software version 2.0 works with McAfee DLP Endpoint software and McAfee Client Proxy software, and has similar functionality in both situations. All operations are logged to the ePolicy Orchestrator audit log.

Quarantine release

Quarantine release is required when McAfee DLP Discover finds file system or email storage files with sensitive content and places them in quarantine. To release the files from quarantine, the user must request a quarantine release code from the administrator.

Policy bypass

A user can be given permission to access or transfer sensitive information for a limited time. When this is done, all sensitive information is monitored, rather than blocked, according to existing rules. Both the user and the system administrator receive messages about the bypass status when it is enabled and disabled (the user by a pop‑up message, and the administrator by an event entry in the ePO Event Monitor).

Client uninstall

Both the McAfee DLP Endpoint client and McAfee Client Proxy are protected from unauthorized removal. While they are typically uninstalled from ePolicy Orchestrator by the McAfee ePO administrator, there are situations where they need to be uninstalled in the field using the Microsoft Windows Add or Remove Programs function. This can be done when a challenge/response key has been issued.

Product Guide

(2)

How release keys work

McAfee Help Desk software allows administrators to create release keys for situations outside the normal workflow.

McAfee content security software uses a challenge/response mechanism to bypass security in special cases. When a situation affects multiple users, a slightly different mechanism is applied.

Individual release keys

Examples of situations requiring an individual release key are:

• A user needs to release emails from quarantine to delete sensitive information.

• McAfee content security software needs to be uninstalled, but ePolicy Orchestrator can't be used because the computer is outside the corporate network.

• A user has a valid business reason to perform a one‑time operation that is blocked by a security policy.

In such situations, the endpoint user in McAfee Client Proxy opens a pop‑up window that displays an Identification Code ( the challenge) and Policy Revision information. In McAfee DLP Endpoint, the Tasks tab in the DLP Policy console contains this information. This is communicated, typically by phone, text message, or email, to an administrator who enters the information into McAfee Help Desk and

generates a Release Code (the response). The administrator communicates the release code back to the user, who enters it in the appropriate text box and continues with the release, bypass, or uninstall task.

Master release keys

Examples of situations requiring a master release code are:

• An error in a discovery rule might quarantine non‑sensitive files across the entire network.

• An error in a plug‑and‑play device rule might disconnect hundreds of computers from the network, requiring removal and re‑installation of the McAfee DLP Endpoint client.

Release keys generated with a master release code are not keyed to the entry of a challenge code generated by a specific McAfee client, and thus can be used by any computer in the network. To prevent misuse they are time limited, and must be applied within 60 minutes of being generated.

Set up McAfee Help Desk software

After McAfee Help Desk is installed in ePolicy Orchestrator, you must set the permissions for the administrators.

Tasks

Install the McAfee Help Desk extension on page 2

When McAfee Help Desk is not installed with McAfee Client Proxy or McAfee DLP Endpoint, you can install it independently in ePolicy Orchestrator

Add administrator permissions on page 3

After installation, add permissions for McAfee Help Desk administrators.

Install the McAfee Help Desk extension

(3)

Task

For option definitions, click ? in the interface.

1 In ePolicy Orchestrator, select Menu | Software | Extensions, then click Install Extension.

2 Click Browse and select the McAfee Help Desk .zip file (..\HelpDeskTool.zip). Click Open, then OK. The installation dialog box displays the file parameters to verify that you are installing the correct extension.

3 Click OK. The extension is installed.

Add administrator permissions

After installation, add permissions for McAfee Help Desk administrators.

The default is to grant permissions only to the administrator who installs the extension. If you log on as a different administrator, you do not see any services and thus cannot use the software.

Task

For option definitions, click ? in the interface.

1 In McAfee ePolicy Orchestrator, select Menu | User Management | Permission Sets.

2 In the left pane, select an administrator who will have McAfee Help Desk permissions. In the right pane, select Help Desk Actions and click Edit.

The available actions appear for each installed point product. 3 Select actions and click Save.

Granular options are provided to allow large organizations to divide the workload and responsibility as required.

The option Generate master response key becomes available when any other option is selected.

Understanding revision numbers

Revision numbers are automatically assigned to policies, and are used for troubleshooting and agent bypass key creation.

All McAfee Help Desk functions create release codes using revision numbers, referred to as the Policy Revision in the McAfee Client Proxy bypass request pop‑up window, and as Revision ID on the DLP Policy console Tasks tab. For McAfee DLP Endpoint bypass release codes, use of the revision number is optional, but it is the default setting.

When McAfee DLP Endpoint or McAfee Client Proxy creates a policy, the policy is assigned the revision number 1. This number is incremented each time the policy is changed.

(4)

Create response keys

An administrator generates a response key for each challenge key request. Alternately, a master release code can be generated when multiple computers are involved.

All response keys require similar entries. The following differences should be noted:

• McAfee Client Proxy bypass and uninstall keys take the password from the selected policy, that is, the generated response key works with only one policy. The policy revision number is required and is verified when you generate the key.

• For McAfee DLP Endpoint bypass, quarantine release, and uninstall keys, the policy revision number is the preferred option (default in the McAfee Help Desk interface), but you also have the options of taking the password from the policy or entering it manually.

• Bypass keys have a set duration. You can set a time from 15 minutes to 30 days. Shutting down or restarting the computer does not affect the timer.

• Master release codes must be activated within 60 minutes. For bypass keys, the duration they are active is set as in regular bypass release keys.

Table 1 Response key form

Field Notes

End user name Required field.

Must be a valid user name. Validated against Windows AD. End user email address Required field.

Must match user name. Validated when the key is generated. End user computer name Optional field.

Request details (Business

reason) Optional field.

Client bypass password For McAfee Client Proxy requests, the password consists of the current policy name and revision number. Policy name is selected from a list of valid McAfee Client Proxy policies in the ePolicy Orchestrator Policy

Catalog. The revision number is supplied by the user requesting the bypass key.

For McAfee DLP Endpoint requests, the default is to create a password from the policy Revision ID supplied by the user. You can also use the password from the current policy, or enter it manually.

Identification code Required field, supplied by the user. Alternately, select Use master release code.

Bypass duration Required field in bypass release keys only. The default is15 minutes.

Task

For option definitions, click ? in the interface.

1 In ePolicy Orchestrator, select Menu | Systems | Help Desk.

McAfee Help Desk service options for the available point products are displayed.

If you do not see a particular product, either that point product is not installed or you do not have permission to author response keys for that product.

2 Select a service option and fill in the text fields. Click Generate Key when you have finished.

(5)

Copyright © 2013 McAfee, Inc. Do not copy without permission.

McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.

References

Download now ( PDF - 5 Page - 244.68 KB )

Related documents

LOCAL CABLE SYSTEM MODEL DISASTER RECOVERY PLAN INCIDENT RESPONSE MANUAL

• Determine methods and procedures for essential recovery personnel, including the Incident Recovery Team, Disaster Recovery Planning Manager, engineering, operations, and

How To Manage A Help Desk Ticket In An Ipa.Org (Sdfie) Help Desk

- Ticket Pending Reminder - SDSFIE Help Desk Support Team when a ticket has status of Pending.. Reminder and the ticket

Help for the Help Desk

You will be asked for your name, email address (please make sure this is correct as this is used as your login id, to link all your tickets under a single account and as the

The McIntire Help Desk

As a faculty or staff member, you have 24/7 access to the building, to all classrooms and conference rooms, to the Faculty Support Office (RRH 389), and to all other

UnitedHealthcare Community Plan M Plus Medicaid Member Handbook For Non-Reform Counties FLORIDA

beginning on the first page of the Health Plan Notices of Privacy Practices, plus the following UnitedHealthcare affiliates: AmeriChoice Health Services, Inc.; DBP Services of New

Coming to Terms: The Poetics of More-than-human Worlds

As outlined above, both ecopoetics and zoopoetics have emerged as ways to describe literary poetics on the one hand, and as theoretical perspectives on the other, thus

Dignity in America: The Role of an Idea During the American Enlightenment

Enlightenment rationalism and Judeo-Christian theologies, yielded correlated strands of dignity thought: namely, “individual dignity” and “national dignity.” Using rich

A simple new test for slope homogeneity in panel data models with interactive effects

Recently, Su and Chen (2013) proposed a residual-based LM test for slope homo- geneity in high-dimensional panel data models with interactive fixed effects.. Although their test