Installation Guide. McAfee Security for Microsoft Exchange Software

(1)

Installation Guide

(2)

TRADEMARK ATTRIBUTIONS

AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE INFORMATION License Agreement

(3)

Preface

This guide provides the information you need to install your McAfee product. Contents

About this guide

Finding product documentation

About this guide

This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized.

Audience

McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

Conventions

This guide uses the following typographical conventions and icons.

Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis.

Bold Text that is strongly emphasized.

User input or Path Commands and other text that the user types; the path of a folder or program.

Code A code sample.

User interface Words in the user interface including options, menus, buttons, and dialog boxes.

Hypertext blue A live link to a topic or to a website.

Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,

software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardware

(6)

What's in this guide

This guide is organized to help you find the information you need.

Finding product documentation

McAfee provides the information you need during each phase of product implementation, from

installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase.

Task

1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.

2 Under Self Service, access the type of information you need:

To access... Do this...

User documentation _{1 Click Product Documentation.}

2 Select a product, then select a version. 3 Select a product document.

(7)

1

Pre-installation

McAfee Security for Microsoft Exchange safeguards the following Microsoft Exchange products. They are:

• Microsoft Exchange Server 2003 SP2 • Microsoft Exchange Server 2007 SP2, SP3 • Microsoft Exchange Server 2010 SP1

Use this information to prepare for the installation of McAfee Security for Microsoft Exchange.

Information includes server roles, system requirements, and components included with the software. Contents

Microsoft Exchange server roles What's included with the software System requirements

Components and services installed by the software

Microsoft Exchange server roles

The installation of McAfee Security for Microsoft Exchange is based on the role that was used to install Microsoft Exchange Server.

Microsoft Exchange Server 2003 can be installed as a front-end server (Gateway Role) or back-end server (Mailbox role) or as both. Appropriate files are installed based on the roles you select. Microsoft Exchange Server 2007 and 2010 can be installed in the following roles:

• Edge Transport Server — Runs in the perimeter outside a domain and provides message hygiene and security. It is installed on a standalone server that is not a member of an Active Directory domain. • Hub Server — Handles all mail flow inside the organization, applies transport rules, and delivers

messages to a recipient's mailbox in an Active Directory domain.

• Mailbox Server — Holds the Exchange databases containing the user mailboxes. • An installation with a dual role of Mailbox with Hub is also supported.

Client Access and Unified Messaging roles of Microsoft Exchange Server 2007 and 2010 are not applicable for installing McAfee Security for Microsoft Exchange.

(8)

What's included with the software

McAfee Security for Microsoft Exchange 7.6 includes the following components. • McAfee Anti-Spam for McAfee Security for Microsoft Exchange 7.6

• McAfee Agent 4.5 Patch3

McAfee Agent is a component of ePolicy Orchestrator that must be installed on each computer on the network. The agent collects and sends information between the ePolicy Orchestrator server and repositories, and manages McAfee Security for Microsoft Exchange installations across the network.

What's included in the package

The McAfee Security for Microsoft Exchange package contains the following folders:

• Setup — Contains four files: the setup.exe file, which is required for the standard installation, and the respective config.xml file for all the languages.

• setup_x86.exe — Installs McAfee Security for Microsoft Exchange on a 32 bit system. • setup_x64.exe — Installs McAfee Security for Microsoft Exchange on a 64 bit system. • ASAddon_x86.exe — Installs the Anti-Spam component on a 32 bit system.

• ASAddon_x64.exe — Installs the Anti-Spam component on a 64 bit system.

• MSMEePOUpgrade.exe — Migrates policies from GroupShield for Exchange 7.0.X to McAfee Security for Microsoft Exchange 7.6. in an upgrade using ePolicy Orchestrator.

There will be separate installation packages for 32bit and 64 bit operating systems.

• Readme — Contains the Readme.txt file.

• Manuals — Contains the installation guide, configuration guide and product guide in PDF format. • ePOExtension — Contains the extension that needs to be checked in to the ePolicy Orchestrator server

(9)

System requirements

Before you install McAfee Security for Microsoft Exchange, ensure that your server meets these requirements:

Table 1-1 System Requirements

Component Requirement

Operating system _{• Microsoft Windows 2003 Standard/Enterprise Server (32-bit)} • Microsoft Windows 2003 Standard/Enterprise Server R2 (32-bit) • Microsoft Windows 2003 Standard/Enterprise Server (64-bit) • Microsoft Windows 2003 Standard/Enterprise Server R2 (64-bit) • Microsoft Windows 2008 Standard/Enterprise Server SP2 (64-bit) • Microsoft Windows 2008 Standard/Enterprise Server R2 (64-bit) Microsoft Exchange

Server • Microsoft Exchange Server 2003 with Service Pack 2 • Microsoft Exchange Server 2007 SP2

• Microsoft Exchange Server 2007 SP3 • Microsoft Exchange Server 2010 SP1 Browser • Microsoft Internet Explorer 7.0, 8.0

• Mozilla Firefox 2.0 or later (Firefox 4.0 is not supported)

Processor • Intel x86 architecture-based processor (only for Exchange Server 2003) • Intel x64 architecture-based processor that supports Intel Extended Memory

64 technology (Intel EM64T)

• AMD x64 architecture-based processor with AMD 64-bit technology

Memory • Microsoft Exchange Server 2003 — Minimum: 1 GB RAM (Recommended: 2 GB RAM)

• Microsoft Exchange Server 2007 — Minimum: 2 GB RAM (Recommended: 4 GB RAM)

• Microsoft Exchange Server 2010 — Minimum: 4 GB RAM (Recommended: 4 GB RAM for all individual roles and 8 GB for multiple roles)

Disk space Minimum 740 MB

Network 10/100/1000 Mbps Ethernet card

Display 1024 x 768

McAfee ePolicy

Orchestrator Versions 4.5 or 4.6

McAfee Agent Version 4.5 Patch3 or Version 4.6

For IIS 7.0, you will need to configure IIS 6.0 in the Compatibility mode.

Pre-installation

(10)

Components and services installed by the software

McAfee Security for Microsoft Exchange installs several components on your Exchange server. • McAfee Anti-Spam for McAfee Security for Microsoft Exchange — Detects spam and phishing content.

• Access Control — Allows or denies access to the McAfee Security for Microsoft Exchange user interface for specific users or groups.

• Product Configuration — Launches McAfee Security for Microsoft Exchange standalone version or through a web interface.

• Sitelist Editor — Specifies the location where automatic updates (including DATs and scanning engines) are downloaded from.

• Cluster Replication Setup — Replicates the quarantine database, policy configurations and product updates (Microsoft Exchange Server 2010 only). This is dependent upon the replication setting across a Data Availability Group (DAG), recognized by a McAfee Security for Microsoft Exchange installation.

Services available

• McAfee Framework Service — Prerequisite for installing and using ePolicy Orchestrator. For more details on this service, refer the ePolicy Orchestrator product documentation.

• McAfee Security for Microsoft Exchange — Protects your Microsoft Exchange Server (versions 2003, 2007, 2010) from viruses, unwanted content, potentially unwanted programs, and banned file types/ messages.

(11)

2

Installing McAfee Security for Microsoft

Exchange

This section describes how McAfee Security for Microsoft Exchange is installed in various compatible environments with features depending on your requirement.

McAfee Security for Microsoft Exchange can be installed on a standalone server as well as be deployed using ePolicy Orchestrator. See Managing using ePolicy Orchestrator 4.5. for deployment using ePolicy Orchestrator.

Contents

Installing for Microsoft Exchange Server 2003

Installing for Microsoft Exchange Server 2007 and 2010 Using McAfee Security for Microsoft Exchange

Cluster replication Testing your installation

Installing for Microsoft Exchange Server 2003

Install McAfee Security for Microsoft Exchange on a system where Microsoft Exchange Server 2003 is installed. This method includes a wizard that leads you through the installation process with a series of instructions.

During the installation process, Exchange services could stop or restart.

Task

1 As an administrator, log on to the system where Exchange server 2003 is installed.

2 Create a temporary directory on your local drive.

3 Download the archived software package and extract it to the temporary directory you created.

4 From the Setup folder, double-click setup_x86.exe (this is the setup application for a 32-bit operating system). A dialog box appears with language options for the installation.

5 Select a language from the drop down list, then click OK. The Welcome screen appears.

6 Click Next. The Preparing to Install screen prepares the installation wizard to guide you through the program setup process and extracts all the required installation files. After this process completes, the Select Exchange Server Role dialog box appears.

(12)

7 Select the required role.

• Mailbox — Setup configures McAfee Security for Microsoft Exchange for the Mailbox role and install the relevant component - VirusScan API.

• Gateway — Setup configures McAfee Security for Microsoft Exchange for the Gateway role and install the relevant components —Transport Scan ( Anti-Spam and Anti-VirusScan API). • Both — Setup configures McAfee Security for Microsoft Exchange for both Mailbox and Gateway

roles and install the relevant components: On-Demand Scan and Transport Scan ( Anti-Spam and Anti-VirusScan API).

8 Select Enable User Junk Folder Routing to allow the scanner to route your spam emails to the client's junk folder.

This is applicable only for the Mailbox role, and if you have installed the McAfee Anti-Spam Add-on on your server.

9 Click Next to display the Setup Type dialog box.

10 Select an installation type:

• Typical — Commonly used features are installed. Buffer Overflow Protection and Anti-Spam Add-On components are not installed. You will not be protected against spam and phish emails. You can configure the product using a web browser or the standalone user interface.

Buffer Overflow Protection is applicable for a 32-bit operating system and only if VirusScan Enterprise is installed. Web based Product Configuration (Web user interface) is installed in all three types of installation.

• Complete — (Recommended) Web based Product Configuration, Buffer Overflow Protection and Anti-Spam Add-On are installed. The product is configured for maximum performance with protection against spam and phishing attacks.

• Custom — Select which application features you want to install and where to install them. This is recommended for advanced users. If you select Custom, a dialog box displays the features you can install with an option to change the installation folder.

(13)

12 Accept the terms in the license agreement, then click Next. The Additional Configuration Settings dialog box appears.

Figure 2-1 McAfee Security for Microsoft Exchange — Additional Configuration Settings

13 Select Import existing configuration to import the McAfee Security for Microsoft Exchange configuration from another system. This configuration setting is saved as a .cfg file. To import this configuration, click Import, browse to the .cfg file, then click Open.

This option is useful if you are installing McAfee Security for Microsoft Exchange on a new system and would like to retain the configuration from an existing installation on another system. You can also import existing configurations from versions of GroupShield for Exchange 7.0.x that are supported by McAfee Security for Microsoft Exchange. See Upgrading the software for the supported versions.

a Under Select Quarantine mechanism, select a location to store the quarantined items, then complete the options for the location you selected.

b If you select Local Database, click Browse to change the default location (optional). If you select

McAfee Quarantine Manager, type the IP address of the Quarantine Manager server, the Port number

and the Callback Port number.

c Under Administrator Email address, type the email address to which all notifications, configuration reports, and status reports must be sent.

14 Enter all the required details, then click Next. The Set Protection Profile dialog box appears. Installing McAfee Security for Microsoft Exchange

(14)

15 Select one of these protection profiles:

• Default —This profile provides maximum performance with optimum protection.

• Enhanced — This profile enables default file filter rules and provides maximum protection. It also provides real-time protection using McAfee Global Threat intelligence file and message reputation. • Use existing — (Upgrade only) This option uses the existing protection profile.

16 Click Next. The Choose Shortcuts screen appears.

17 Select Create Desktop shortcuts if you want the installation wizard to create shortcuts for the application on the desktop.

18 Click Next. The Ready to Install the Program screen displays a summary of all the selected configuration.

19 Verify the configuration, then click Install to proceed with the installation. The Installing progress bar displays the features being copied, initialized, and installed.

20 When the installation is complete, the installation wizard Completed screen appears. Select the options as required.

• Launch product User Interface — To launch the McAfee Security for Microsoft Exchange user interface after you exit the installation wizard.

• Show the readme file — To view the Release Notes of the product (Readme.txt) for information on any last minute additions or changes to the product, known issues or resolved issues.

• Update DAT and Engines — (Recommended) To update McAfee Security for Microsoft Exchange with the latest DAT files, engine, and anti-spam updates.

• Register at McAfee Business Community to stay up to date — To receive information regarding the product, new releases, updates and other relevant information.

21 Click Finish. When the installation wizard exits, McAfee Security for Microsoft Exchange is successfully installed on your system.

We recommend that you restart your computer after the installation process is complete.

Installing for Microsoft Exchange Server 2007 and 2010

McAfee Security for Microsoft Exchange can be installed with the Edge transport role, Hub transport role, and Mailbox role.

Install McAfee Security for Microsoft Exchange on a system where Microsoft Exchange Server 2007 or 2010 is installed.

McAfee Security for Microsoft Exchange will execute Transport Scanning for the Edge transport and Hub transport roles, and VirusScan API for the Mailbox role.

Task

1 As an administrator, log on to the system where Exchange server 2007 or 2010 is installed.

2 Create a temporary directory on your local drive.

3 Download the archived software package and extract it to the temporary directory you created.

(15)

5 Select a language from the drop down list, then click OK to display the Welcome screen.

6 Click Next to display the Preparing to Install screen. It prepares the installation wizard which will guide you through the program setup process and extracts all the required installation files. When this process is complete, the Exchange Server Role Detection screen appears.

Figure 2-2 McAfee Security for Microsoft Exchange — Exchange Server 2010 Role Detection

McAfee Security for Microsoft Exchange automatically detects the roles selected during the installation of Microsoft Exchange Server 2007 or 2010.

7 Click Next to display the Setup Type.

8 Select an installation type:

• Typical — Commonly used features are installed along with Web based Product Configuration. The Anti-Spam Add-On component is not installed.

• Complete — (Recommended) Web based Product Configuration, Anti-Spam Add-On and Cluster Replication Setup are installed.

Cluster Replication Setup is applicable only for a Microsoft Exchange Server 2010 installation.

• Custom — Select which application features you want to install and where to install. This is recommended for advanced users. If you select Custom, a dialog box displays the features you can install. To change the destination folder for the installation files, click Change.

If the Mailbox role has been installed in Microsoft Exchange Server 2007 or 2010, the service

Cluster Replication Setup is installed (only for Microsoft Exchange Server 2010).

9 Click Next to display the End User License Agreement screen appears.

Installing McAfee Security for Microsoft Exchange

(16)

10 Accept the terms in the license agreement, then click Next. The Additional Configuration Settings dialog box appears.

11 Select Import existing configuration to import the McAfee Security for Microsoft Exchange configuration from another system. This configuration setting is saved as a .cfg file. To import this configuration, click Import, browse to the .cfg file, then click Open.

This option is useful if you are installing McAfee Security for Microsoft Exchange on a new system and would like to retain the configuration from an existing installation on another system. You can also import existing configurations from versions of GroupShield for Exchange 7.0.x that are supported by McAfee Security for Microsoft Exchange. See Upgrading the software for a list of supported versions).

a Under Select Quarantine mechanism, select a location to store all the quarantined items, then complete the options for the location you selected.

b If you select Local Database, click Browse to change the default location (optional). If you select

McAfee Quarantine Manager, type the IP address of the Quarantine Manager server, the Port number

and the Callback Port number.

c Under Administrator Email address, type the email address to which all notifications, configuration reports and status reports must be sent.

12 Enter all the required details, then click Next. The Set Protection Profile dialog box appears.

13 Select one of these protection profiles:

• Default —This profile provides maximum performance with optimum protection.

• Enhanced — This profile enables default file filter rules and provides maximum protection. It also provides real-time protection using McAfee Global Threat intelligence file and messaging reputation.

• Use existing — (Upgrade only) This option uses the existing protection profile.

16 Click Next. The Ready to Install the Program screen displays a summary of all the selected configuration.

17 Verify the configuration, then click Install to proceed with the installation. The Installing progress bar displays the features being copied, initialized, and installed.

18 When the installation is complete, the installation wizard Completed screen appears. Select the options as required.

• Launch Product User Interface — To launch the McAfee Security for Microsoft Exchange standalone user interface after you exit the installation wizard.

• Show the readme file — To view the Release Notes of the product (Readme.txt) for information on any last minute additions or changes to the product, known issues or resolved issues.

(17)

• Register at McAfee Business Community to stay up to date — To receive information regarding the product, new releases, updates and other relevant information.

• Show Windows Installer logs — To view the log file of the installation process.

19 Click Finish. When the installation wizard exits, McAfee Security for Microsoft Exchange is successfully installed on your system.

We recommend that you restart your computer after the installation process is complete. To use the software, refer to the topic Using McAfee Security for Microsoft Exchange.

Using McAfee Security for Microsoft Exchange

This topic describes on how to access the McAfee Security for Microsoft Exchange software and other utilities.

Use the McAfee Security for Microsoft Exchange software by clicking Start | Programs | McAfee | Security for

Microsoft Exchange menu and accessing the following options:

• Access Control — To allow or deny access to the McAfee Security for Microsoft Exchange user interface for specific users or groups.

• Product Configuration — To launch McAfee Security for Microsoft Exchange standalone version. • Product Configuration (Web Interface) — To launch McAfee Security for Microsoft Exchange through a web

interface. You can use this to run the application from a remote system using the web. • Sitelist Editor — To specify the location from where automatic updates (including DAT file and

scanning engines) are downloaded.

Cluster replication

The Cluster Replication Setup Utility helps in the replication of the quarantine database, Policy configurations, engine and DATs.

This utility is available only for a McAfee Security for Microsoft Exchange installation that is recognized by a Data Availability Group (DAG), in which case the McAfee Security for Microsoft Exchange

Replication Service is also available. Depending on the configuration settings, this utility replicates quarantined items from one server to the other, and makes them highly accessible.

Data recorded on the active server node is copied to the passive server node, enabling a copy of the server configuration as well as the data. By not requiring shared storage, the active node and passive node can be located in separate geographical locations without the performance impact of

synchronous replication solutions. Automated failover to the passive server node is transparent to the end user, dramatically reducing the risk of data loss by relying on logs and queues and providing a less costly and less complex recovery solution for the administrator.

This utility is available only if McAfee Security for Microsoft Exchange 7.6 is installed on a 64-bit system with Microsoft Exchange Server 2010 in the Mailbox role.

(18)

The primary component in a Data Availability Group is called Active Manager. Microsoft Exchange Server 2010 relies on the Active Manager to manage switch-overs and fail-overs between mailbox servers that are a part of a Data Availability Group. Active Manager runs on all Mailbox servers in a given Data Availability Group and can be installed in two roles:

• Primary Active Manager (PAM) • Standby Active Manager (SAM)

For details regarding these roles, refer to the relevant Exchange 2010 documentation. Contents

Cluster replication setup Types of cluster installation

Adding McAfee Security for Microsoft Exchange as a resource to the cluster group on Windows 2003 (32 or 64 bit)

Adding McAfee Security for Microsoft Exchange as a resource to the cluster group Windows 2008 (64 bit)

Cluster replication setup

Configure the replication settings for Quarantine database, Policy configurations, Engine and DATs. Task

1 From the Start menu, click All Programs | McAfee | Security for Microsoft Exchange | Cluster Replication Setup. A dialog box appears with various parameters to be defined for this service.

If the Mailbox role is installed in Microsoft Exchange Server 2010, the service Cluster Replication Setup is automatically installed in all three types of setup (Typical, Complete and Custom).

2 From Server name retrieve the available servers for replication which are part of Data Availability Group and have McAfee Security for Microsoft Exchange installed with Exchange Server in the mailbox role.

• Available server(s) displays a list of servers that can be added for replicating the quarantine database, Policy configurations, Engine and DATs.

• Replication server(s) displays a list of servers that have been configured as replication servers for the quarantine database, Policy configurations, Engine and DATs.

3 Select the server from Available server(s) and click >> to add it to the Replication server(s) list.

4 Select Stop Replication service to stop the McAfee Security for Microsoft Exchange Cluster Replication service.

5 Select Start Replication service for to manage the McAfee Security for Microsoft Exchange Cluster Replication service. Select one or more options from the following:

• Policy Configuration • Engine/DATs • Quarantine Database

6 Click Apply to save and apply the cluster replication settings.

(19)

Types of cluster installation

Cluster replication can be carried out using the following three methods.

Cluster Continuous Replication (CCR) on Exchange Server 2007

To install McAfee Security for Microsoft Exchange on all the nodes of the cluster, follow the steps mentioned in the Standard Installation section.

McAfee Security for Microsoft Exchange 7.6 will not be a cluster aware application on Microsoft

Exchange Server 2007 CCR cluster. Both the nodes have to be managed independently and will work as standalone instances.

Single Copy Cluster (SCC) on Exchange Server 2007

To install McAfee Security for Microsoft Exchange on all the nodes of the cluster, follow the steps mentioned in the Standard Installation section. In a Single Copy Cluster environment, McAfee Security for Microsoft Exchange can be added only as a Cluster Resource.

We recommend that you always install the McAfee Security for Microsoft Exchange on the passive node first. Do a failover and install on the node that has become passive now. McAfee Security for Microsoft Exchange 7.6 should be added to the cluster groups where the Exchange virtual server is present after the installation on the nodes of the cluster. In case of an upgrade, ensure that the Active Node is upgraded first.

Cluster installation on Exchange Server 2003

In Exchange Server 2003, there are two types of nodes:

• Active node — The cluster server that currently owns cluster group resources and responds to network requests made to those services.

• Passive node — The cluster server that does not currently own cluster group resources, but is available if the active node fails.

These nodes form two types of server clusters:

• Active/Passive cluster— The cluster includes active and passive nodes. The passive nodes are used only if an active node fails.

• Active/Active cluster — All nodes are active. In the event of a failover of an active node, the remaining active nodes take on the additional processing operations.

To install McAfee Security for Microsoft Exchange on all the nodes of the cluster, follow the steps mentioned in the Standard Installation section.

Install McAfee Security for Microsoft Exchange as a standalone node on an Active/Active cluster.

(20)

Adding McAfee Security for Microsoft Exchange as a resource to

the cluster group on Windows 2003 (32 or 64 bit)

Use this task to add McAfee Security for Microsoft Exchange as a resource to a cluster group, so that McAfee Security for Microsoft Exchange can behave as a cluster application.

Task

1 In Cluster Administrator, select the Exchange cluster group where you want to add the McAfee Security for Microsoft Exchange resource.

Ensure that the McAfee Security for Microsoft Exchange cluster resource is created in the same cluster group where you have Microsoft Exchange resources configured.

2 From the File menu, select New | Resource. The New Resource wizard appears.

3 Type a suitable name for the McAfee Security for Microsoft Exchange resource.

4 From the Resource Type drop-down list, select McAfee Cluster Framework.

5 From the Group drop-down list, select the cluster group where the McAfee Security for Microsoft Exchange resource needs to be added.

6 Click Next. The Possible Owners screen appears. Check if the nodes of the cluster on which McAfee Security for Microsoft Exchange is installed, are listed in the Possible Owners list.

7 Click Next. The Dependencies screen appears. Make the current resource McAfee Cluster Framework dependent on a resource of type Physical Disk.

8 Click Next. The Parameters screen appears. In the Shared Data Drive section, verify if the disk that was selected from the Dependencies screen is displayed.

9 Click Finish. A confirmation dialog box appears.

10 Click OK. The cluster resource is successfully created.

11 In Cluster administrator, right-click on the newly created resource and from the context menu, select Bring Online. This will start the McAfee Security for Microsoft Exchange service on the active node and the quarantine database will be created in the designated drive. Multiple instances of the Postgress.exe*32 process will appear under the Processes tab of the Task Manager along with RPCServ.exe*32, and SAFeService.exe*32.

In a Windows 2003 (32 bit) environment, you will have Postgress.exe, RPCServ.exe, and SAFeService.exe running, as these are native 32 bit processes.

Adding McAfee Security for Microsoft Exchange as a resource to

the cluster group Windows 2008 (64 bit)

Use this task to add McAfee Security for Microsoft Exchange as a resource to a cluster group in a Windows 2008 (64 bit) environment.

Task

1 Click Start | Run, type cmd, then click OK.

(21)

2 Type the following commands to navigate to the cluster folder and run the cluster command. Press ENTER after each command.

• cd <windows folder>\cluster

• cluster /UNREGADMINEXT:McPPClusResEx.dll

3 Close the command prompt.

Ensure that the McAfee Security for Microsoft Exchange cluster resource is created in the same cluster group where you have Microsoft Exchange resources configured.

4 Click Start | Administrative Tools | Failover Cluster Management. The Failover Cluster Management console appears.

5 Select the cluster group in which you would like to create the cluster resource. In the Actions window (displayed on the right of the main console), click Add resource.

6 From the drop-down list select More resources. Then select Add McAfee Cluster Framework.

7 In the main console, New McAfee Cluster Framework appears. Right click on this and select

Properties. The New McAfee Cluster Framework Properties window appears. 8 Click the Properties tab.

9 In Grid, click the Value field and enter the drive that was selected to store the McAfee Security for Microsoft Exchange configuration and the database, for example F:\. Then click OK.

10 In Cluster administrator, right-click on the newly created resource and select Bring Online. This will start the McAfee Security for Microsoft Exchange service on the active node and the quarantine database will be created in the designated drive. Multiple instances of the Postgress.exe*32 process will appear under the Processes tab of the Task Manager along with RPCServ.exe*32, and SAFeService.exe*32.

Testing your installation

When you have completed the installation of McAfee Security for Microsoft Exchange, we recommend that you test the installation.

This is to ensure that the software is installed properly and can detect viruses and spam within email messages.

Contents

Testing the anti-virus component Testing the anti-spam component

Using McAfee Virtual Technician to test your installation

Testing the anti-virus component

The recommended method to test an anti-virus product is to attach an EICAR anti-virus test file to an email message, and to send the message through the Exchange server where you’ve just installed McAfee Security for Microsoft Exchange.

The EICAR standard anti-virus test file was created jointly by several anti-virus vendors throughout the world to implement a standard by which customers can verify their anti-virus installations.

(22)

Task

1 Copy the following line into its own file, then save the file with the name EICAR.COM:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

The file size will be 68 or 70 bytes.

2 Send an email message through the Exchange server with the EICAR test file as an attachment.

When McAfee Security for Microsoft Exchange examines the email message, it reports finding the EICAR test file, but is unable to clean or repair the EICAR file because it is a test file.

3 McAfee Security for Microsoft Exchange replaces the EICAR test file with an alert message.

Testing the anti-spam component

You can test the operation of the software by running the GTUBE (General Test mail for Unsolicited Bulk Email) test. The test email message must be sent from an external email account (a different domain).

Task

1 Create a new email message.

2 In the body of the message, copy the following text:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Ensure that you copy this with no extra spaces or line breaks.

3 From an external email address, send this email message to a mailbox address on the server where you have installed the McAfee Security for Microsoft Exchange with McAfee®

Anti-Spam Add-On component. McAfee ®

Anti-Spam scans the message, recognizes it as a junk email message, and takes action (as per the configuration).

The GTUBE test overrides blacklists and whitelists. For more information on the GTUBE test file, visit

http://spamassassin.apache.org/.

Using McAfee Virtual Technician to test your installation

McAfee ®

Virtual Technician automatically checks for common deviations that may have occurred since you installed the product.

You can test if McAfee Security for Microsoft Exchange is installed correctly by running McAfee Virtual Technician.

(23)

3

Program maintenance

You can use the Modify option to change the way in which program features are installed. The option Repair helps you in repairing installation errors in the program, such as fixing the missing or corrupt files, shortcuts, and registry entries.

Use this section to modify or repair an existing installation or remove the McAfee Security for Microsoft Exchange program from your computer.

Contents

Role based modification Modifying the installation Repairing the installation Removing the program Restoring default settings Purge and Optimization

Role based modification

In Exchange 2003, you can choose to install the front-end related components. Additionally you can protect the servers installed with Transport and Mailbox roles. The same is applicable for Exchange 2007 and Exchange 2010 servers.

The modify installation feature allows you to add or remove new features to an existing McAfee Security for Microsoft Exchange installation. For example, you have installed McAfee Security for Microsoft Exchange on a front-end Exchange 2003 server without the Anti-Spam Scanning and Buffer Overflow protection features. At a later stage you can modify the existing McAfee Security for

Microsoft Exchange installation and include these new capabilities without reinstalling the application. You can also modify the role of an existing McAfee Security for Microsoft Exchange installation depending on the requirement. Consider a scenario where you have installed McAfee Security for Microsoft Exchange with the Hub role on one server and with the Mailbox role on another server. All the users are connected to the server with the Mailbox role which in turn is connected to the sever with the Hub role. At some stage you decide to combine the two roles on a single server. You can modify the installation on the server with the Mailbox role to additionally execute the Hub role, without uninstalling and reinstalling the application.

If you are removing a role, then first remove it from the McAfee Security for Microsoft Exchange, then from Microsoft Exchange. If you are adding a role, then first add it to Microsoft Exchange, then to McAfee Security for Microsoft Exchange.

(24)

Modifying the installation

Use this task to change McAfee Security for Microsoft Exchange program features as required and change the way program features are installed on your computer.

Task

1 In the folder containing the installation files, double-click the icon for the setup file for your operating system:

• 32-bit — setup_x86.exe • 64-bit — setup_x64.exe

The Welcome screen appears.

2 Click Next. The Program Maintenance screen appears.

3 Select Modify to change program features as required, then click Next. The Custom Setup screen appears.

4 Select the program features you want to modify and click Next. The End User License Agreement screen appears.

5 Select I accept the terms in the license agreement, then click Next. The Ready to Modify the Program screen appears.

6 Click Install to complete the installation with the modified program features. On completion of the installation, the InstallShield Wizard Completed screen appears.

7 Click Finish to exit Program Maintenance.

Repairing the installation

Use this task to repair installation errors in the program. You can fix missing or corrupt files, shortcuts and registry entries.

Repairing an installation will revert to the default configuration settings.

Task

3 From the Program Maintenance screen, select Repair, then click Next. The Ready to Repair the program screen appears.

4 Click Install to complete the repair. On completion of the installation, the InstallShield Wizard Completed screen appears.

(25)

Removing the program

Use this task to remove an existing installation (standalone) of McAfee Security for Microsoft Exchange from your computer.

Task

3 From the Program Maintenance screen, select Remove, then click Next. The Preserve Settings screen appears.

4 Select Preserve quarantine database to retain the quarantine database. Then click Next. The Remove the program screen appears.

5 Click Remove to remove the installation of McAfee Security for Microsoft Exchange from your system. On completion of the removal, the InstallShield Wizard Completed screen appears.

6 Click Finish to exit Program Maintenance.

Use Add/Remove programs to uninstall McAfee Security for Microsoft Exchange. In this method, the quarantine database is preserved by default. If you do not want to preserve the existing quarantine database, follow the above procedure.

Restoring default settings

You can restore the interface to its original out-of-the-box configuration. Task

• Click Settings & Diagnostics | Import and Export Configuration | Restore Default. This restores the interface with the original out-of-the-box settings.

Program maintenance

(26)

Purge and Optimization

Use this task to remove old items marked for deletion from the database. Using the optimization task, you can recover disk space being taken up by deleted database records.

Task

1 Click Settings & Diagnostics | Detected Items. The Detected Items page appears. The section Local Database has two tasks:

• Purge of old items frequency — To specify how frequently old items marked for deletion should be removed from the database.

• Optimization frequency — To specify how frequently should the database be optimized.

The default value for both the tasks is set at Monthly.

2 Click Edit Schedule to modify the schedule. For more information, click Edit Schedule and refer the online help of the page that appears.

(27)

4

Upgrading the software

You can upgrade a standalone product to McAfee Security for Microsoft Exchange 7.6 or you can also upgrade your product using ePolicy Orchestrator.

Upgrade from earlier versions of GroupShield for Exchange to McAfee Security for Microsoft Exchange version 7.6. The product upgrades supported are:

• GroupShield for Exchange version 7.0.1 Patch 1 and above • GroupShield for Exchange version 7.0.2 Rollup2 and above Tasks

• Upgrading a standalone product on page 28

McAfee Security for Microsoft Exchange version 7.6 supports upgrading your configuration settings from the previous version of the product. When upgrading to a new version of McAfee Security for Microsoft Exchange, you do not need to uninstall the existing version. • ePolicy Orchestrator upgrade on page 29

If your existing product is managed by ePolicy Orchestrator and you upgrade it to McAfee Security for Microsoft Exchange version 7.6, then the policies present in ePolicy

Orchestrator also need to be upgraded to McAfee Security for Microsoft Exchange version 7.6.

• Upgrading McAfee Security for Microsoft Exchange using ePolicy Orchestrator 4.5 on page

29

This task will guide you through the process of upgrading your installation of McAfee Security for Microsoft Exchange through ePolicy Orchestrator 4.5.

• Upgrading McAfee Security for Microsoft Exchange using ePolicy Orchestrator 4.6 on page

30

Contents

Upgrading a standalone product ePolicy Orchestrator upgrade

(28)

Upgrading a standalone product

McAfee Security for Microsoft Exchange version 7.6 supports upgrading your configuration settings from the previous version of the product. When upgrading to a new version of McAfee Security for Microsoft Exchange, you do not need to uninstall the existing version.

The installation program updates your installation to the new version. This method includes a wizard that leads you through the installation process with a series of instructions for upgrading your software.

During the installation process, Exchange services could stop or restart. This includes all services related to Exchange Database and Exchange Transport.

Use this task to upgrade from earlier versions of GroupShield for Exchange to McAfee Security for Microsoft Exchange version 7.6.

Task

1 Follow steps 1 - 4 in the section Installing for Microsoft Exchange Server 2003 or Installing for Microsoft Exchange Server 2007 and 2010.

When upgrading, the dialog box for language options is not displayed.

2 The Preparing to Install screen prepares the installation wizard to guide you through the program upgrade process and extracts all the required installation files. After this process completes, the Select Exchange Server Role dialog box appears.

In the case of Exchange Server 2007 and 2010, the Exchange Server Role Detection screen appears.

3 Follow steps 7 - 9 in the section Installing for Microsoft Exchange Server 2003 or Installing for Microsoft Exchange Server 2007 and 2010.

4 Click Next. The Custom Setup dialog box is displayed reflecting all the features installed in the existing installation of GroupShield for Exchange.

5 Select the features you want to be updated with McAfee Security for Microsoft Exchange, then click

Next to display the End User License Agreement screen.

6 Accept the terms in the license agreement, then click Next. The Additional Configuration Settings dialog box appears.

7 This screen displays the settings for quarantine mechanism and quarantine database applied in GroupShield for Exchange. Change the settings if required, then click Next. The Set Protection Profile dialog box appears. The option Use Existing is selected by default.

(29)

11 Verify the configuration, then click Install to proceed with the upgrade. The Installing progress bar displays the features being copied, initialized, and installed. When the installation is complete, the installation wizard Completed screen appears. The option Migrate Quarantine Data is selected by default.

12 Click Finish. When the installation wizard exits, GroupShield for Exchange is successfully upgraded to McAfee Security for Microsoft Exchange version 7.6. on your system.

To migrate policies from GroupShield for Exchange 7.0.x to McAfee Security for Microsoft Exchange 7.6, select the option "Import existing configuration" during installation, then provide the path of the CFG file of GroupShield for Exchange. We recommend that you restart your computer after the installation process is complete.

ePolicy Orchestrator upgrade

If your existing product is managed by ePolicy Orchestrator and you upgrade it to McAfee Security for Microsoft Exchange version 7.6, then the policies present in ePolicy Orchestrator also need to be upgraded to McAfee Security for Microsoft Exchange version 7.6.

Ensure you have ePolicy Orchestrator version 4.5 or 4.6., which are the versions supported by McAfee Security for Microsoft Exchange version 7.6.

Existing GroupShield for Exchange 7.0.x policies will not be upgraded if you upgrade McAfee Security for Microsoft Exchange using ePolicy Orchestrator. To migrate policies from GroupShield for Exchange 7.0.X to McAfee Security for Microsoft Exchange 7.6. in an upgrade using ePolicy Orchestrator, run the tool "MSMEePOUpgrade.exe" See Upgrading the software for supported versions.

Task

1 Download the file MSMEePOUpgrade.exe on your ePolicy Orchestrator server and save it to a folder.

2 Go to the command prompt, navigate to the folder where the file is saved, and run the MSMEePOUpgrade.exe.

If your ePolicy Orchestrator database is located on a remote machine, then you will be prompted for the ePolicy Orchestrator database password. After the policies are upgraded, you can continue to manage earlier versions of GroupShield for Exchange and McAfee Security for Microsoft Exchange from the same ePolicy Orchestrator server with their existing policies. These older policies are not overwritten during the upgrade.

Upgrading McAfee Security for Microsoft Exchange using

ePolicy Orchestrator 4.5

Before you begin

See Upgrading the Software for supported versions. Close all instances of GroupShield for Exchange before starting the upgrade.

Close all instances of McAfee Security for Microsoft Exchange before starting the upgrade. Upgrading the software

(30)

Task

1 Log on to ePolicy Orchestrator as administrator.

2 Check in the package. See Checking in a package for the procedure.

3 Click Menu | Systems | System Tree. The "My organization" page appears.

4 Click Systems to display the systems in a particular group or all groups. Select the required group, groups or system, then click Client Tasks.

5 Click New Task to display the Client Task Builder page. Enter details for Name and Notes.

6 In type select Product Deployment, in Tags select the required option, then click Next. The Configuration page appears.

7 In Configuration, select the required options for what the task should do, then click Next. The Schedule page appears.

8 Select the required options to schedule the update task , then click Next. The Summary page appears, displaying the parameters for the task.

9 Click Save. Then click System tree | Systems.

10 Select the required group, groups or system, then click Wake Up Agents. The Wake Up McAfee Agent page appears.

11 Select the required parameters and click OK to send the wake-up call to the selected systems to upgrade the software.

Upgrading McAfee Security for Microsoft Exchange using

ePolicy Orchestrator 4.6

Before you begin

See Upgrading the Software for supported versions. Close all instances of GroupShield for Exchange before starting the upgrade.

Task

2 Check in the package. See Checking in a package for the procedure.

3 Click Menu | Systems | System Tree. The "My organization" page appears.

4 Click Systems to display the systems in a particular group or all groups. Select the required group, groups or system, then click Assigned Client Tasks.

5 Click Actions | New Client Task Assignment. The Client Task Assignment Builder page appears.

(31)

7 Enter details for Task Name and Description. Select the required options, then click Save.

8 Click System Tree | Systems. Select the required group, groups or system, then click Wake Up Agents. The Wake Up McAfee Agent page appears. Select the required parameters, then click OK to send the wake-up call to the selected systems to upgrade the software.

Upgrading the software

(32)

(33)

5

Managing using ePolicy Orchestrator 4.5

or 4.6

This chapter describes how to manage McAfee Security for Microsoft Exchange using McAfee ePolicy Orchestrator management software version 4.5. or 4.6.

To use this chapter effectively, you need to be familiar with ePolicy Orchestrator 4.5. or 4.6.

McAfee ePolicy Orchestrator 4.5 or 4.6 provides a scalable platform for centralized policy management and enforcement on your McAfee security products and systems on which they reside. It also provides comprehensive reporting and product deployment capabilities, all through a single point of control.

This guide does not provide detailed information about installing or using ePolicy Orchestrator software. See the McAfee ePolicy Orchestrator 4.5 or 4.6 Product Documentation.

Contents Prerequisites

Deploying the McAfee Agent

Checking in McAfee Security for Microsoft Exchange into the Master Repository Checking in the extension

Deploying the software using ePolicy Orchestrator 4.5 Deploying the software using ePolicy Orchestrator 4.6 Sending an agent wake-up call

Setting policies within ePolicy Orchestrator Scheduling tasks

Removing the extension using ePolicy Orchestrator 4.5 or 4.6

Prerequisites

Refer to the McAfee Agent product documentation for installation/upgrade instructions. All older McAfee Security for Microsoft Exchange policies or extensions files should be removed prior to installing the new files.

Before using the ePolicy Orchestrator software to manage McAfee Security for Microsoft Exchange, install or upgrade to McAfee Agent version 4.5 Patch 2 or Patch 3 on the client computer running Microsoft Exchange.

ePolicy Orchestrator 4.5 supports the following platforms:

(34)

McAfee Agent is a component of ePolicy Orchestrator that must be installed on each computer on the network and client computer. The Agent collects and sends information between the ePolicy

Orchestrator server, repositories, and manages McAfee Security for Microsoft Exchange installations across the network. Refer to the McAfee Agent documentation for installation and upgrade instructions.

Deploying the McAfee Agent

The McAfee Agent is a distributed component of ePolicy Orchestrator that must be installed on each system in your network that you want to manage.

The agent collects and sends information to the ePolicy Orchestrator server. It also installs and updates the endpoint products, and applies your endpoint policies. Systems cannot be managed by ePolicy Orchestrator unless the McAfee Agent is installed.

Use this task to deploy the McAfee Agent to your client systems. Before deploying the McAfee Agent, it is useful to verify communication between the server and systems, and access to the default

administrator share directory. You might also need to create firewall exceptions. Task

1 Click Menu | Systems | System Tree, then click Systems on the menu bar. You can directly click the System

Tree icon, then click Systems.

2 Highlight a group. If this group has no systems, but has subgroups with systems, click the Level Filter drop-down list and select This Group and All Subgroups.

3 Select one or more systems from the list, and click Actions | Agent | Deploy Agents.

4 Select the required Agent version, Installation options, Installation path, and other parameters. Type all the credentials that have rights to install software on client systems, such as a Domain, User name, and Password, then click OK.

It will take a few minutes for the McAfee Agent to install and for client systems to retrieve and execute the installation packages for the endpoint products. When first installed, the agent determines a random time within 10 minutes for connecting to the ePolicy Orchestrator server to retrieve policies and tasks.

Checking in McAfee Security for Microsoft Exchange into the

Master Repository

This task will guide you through the steps of checking in McAfee Security for Microsoft Exchange into the Master Repository using ePolicy Orchestrator 4.5 or 4.6.

Task

2 Click Menu | Software | Master Repository. The Packages in Master Repository page appears.

3 Click Action | Check In Package. The Check In Package page appears. (In ePolicy Orchestrator 4.6, you can also click the tab "Check In Package").

4 In Package type, select Product or Update (.zip). Click Browse and select the File Path for the required .zip folder, then click Next to check in the package.

(35)

Checking in the extension

Use this task to check in the extensions for McAfee Security for Microsoft Exchange. Task

1 Log on to the ePolicy Orchestrator server as an administrator.

2 Click Menu | Software | Extensions. The Extensions page appears.

3 Click Install Extension to install the McAfee Security for Microsoft Exchange policy extension. The Install Extension dialog box appears.

4 Click Browse, select the extension file MSME____7600_0409 .ZIP for English (corresponding extension files for available languages), then click OK.

5 To install Report extensions, select the extension file MSME76REPORTS.ZIP, and repeat steps 2 - 4.

Deploying the software using ePolicy Orchestrator 4.5

This section provides information on how to deploy McAfee Security for Microsoft Exchange using ePolicy Orchestrator 4.5.

Task

2 Click Menu | Systems | System Tree. The My Organization page appears. Select a required group or system(s).

3 In the Client Tasks tab, click Actions and select New Task, or click the tab New Task. The Client Task Builder page appears.

4 Under the tab Description, type a Name for the new task.

5 Type content for Notes if required.

6 In Type, select Product Deployment from the drop-down list.

7 In Tags, select an option to send this task to all computers or only to computers matching certain criteria, then click Next to display the Configuration page.

8 Select the required operating system in Target Platforms.

9 In Products and components, select McAfee Security for Microsoft Exchange version 7.6 as the product and select the Action as Install. Select the required Language and Branch.

10 In Options, select Run at every policy enforcement if required.

This is applicable for Windows platform only.

11 Click Next to display the Schedule page.

12 In the Schedule page, select the options and define the corresponding parameters as required for this task. In Schedule type, select Run immediately, then click Next. The Summary page displays the list of defined parameters for this task.

Managing using ePolicy Orchestrator 4.5 or 4.6

(36)

13 Click Save to add the client task.

Use the following command line options to have a customized installation of McAfee Security for Microsoft Exchange. To separate multiple parameters, use a space. These command line options are applicable for ePolicy Orchestrator 4.6 also.

Table 5-1 Command line arguments for the installer

Parameter Example Description

INSTALLDIR INSTALLDIR="C:\MSME" Installs McAfee

Security for

Microsoft Exchange in the specified folder location. DATABASEDIR DATABASEDIR="C:\MSME\DATA" Installs McAfee

Security for

Microsoft Exchange in the specified folder location. PP_ADMINEMAIL PP_ADMINEMAIL="[email protected]" Defines the

administrator email address which will receive all notifications.

RUNAUTOUPDATE RUNAUTOUPDATE=1 This will run an

autoupdate at the end of an

installation. The default value is "1". If you do not want to run this autoupdate, set the value to "0". NEED_DESKTOP_SHORTCUT NEED_DESKTOP_SHORTCUT=1 This will create

shortcuts on the desktop. The default value is "1". Set the value to "0" if you do not want to create desktop shortcuts.

In a Microsoft Exchange 2003 environment, you can set the parameter E2003_ROLE to execute a customized installation according to the Exchange role.

• For Mailbox role, set the value to "0". • For Gateway role, set the value to "1".

(37)

Deploying the software using ePolicy Orchestrator 4.6

This section provides information on how to deploy McAfee Security for Microsoft Exchange using ePolicy Orchestrator 4.6.

Task

2 Click Menu | Systems | System Tree. The My Organization page appears. Select a required group or system(s).

3 In the Assigned Client Tasks tab, click Actions and select New Client Task Assignment. The Client Task Assignment Builder page appears displaying existing tasks which can be scheduled.

4 Select a Product, Task Type, then click Create New Task.

5 Type a task name, enter a description if required, select the options and define the corresponding parameters as required for this task, then click Save. The new task is displayed in the column Task Name. Select other parameters as required, then click Next to display the Schedule Page.

6 In the Schedule page, select the options and define the corresponding parameters as required for this task. In Schedule type, select Run Immediately, then click Next. The Summary page displays the list of defined parameters for this task.

7 Click Save to add the client task.

Sending an agent wake-up call

All systems in the network are managed in the Systems tab. The System Tree contains all systems that are managed by the ePolicy Orchestrator server.

It is the primary interface for managing policies and tasks on these systems. You can organize or sort these systems into logical groups in the System Tree.

My Organization is the root of the System Tree. It includes a Lost&Found group that stores systems whose locations cannot be determined by the server. Depending on the methods you use to create and maintain the System Tree segments (systems), the server uses different characteristics to place the systems in the System Tree.

For information about adding a new system, see the McAfee ePolicy Orchestrator 4.5 or 4.6 Product

Guide. To send an agent wake-up call, follow these steps both for ePolicy Orchestrator 4.5 and 4.6. Task

2 Click Menu | Systems | System Tree and select a required group or system(s).

3 Select the Computer Name in that group.

4 Click Actions | Agent | Wake Up Agents. The Wake Up Agents page appears.

5 Select a Wake-up call type and a Randomization period, which is the length of time systems have to respond to the wake-up call sent by the ePolicy Orchestrator server.

Managing using ePolicy Orchestrator 4.5 or 4.6

(38)

6 Select Get full product properties for the agent(s) to send complete properties instead of sending only those that have changed since the last agent-to-server communication.

7 Click OK.

Navigate to Server Task Log to see the status of the agent wake-up call.

Setting policies within ePolicy Orchestrator

These policies override configurations set on individual computers.

For information regarding policies and how they are enforced, see the McAfee ePolicy Orchestrator 4.5 Product Guide. The ePolicy Orchestrator console allows you to enforce policies across groups of computers or on a single computer.

Before configuring any policies, select the group of computers for which you want to modify McAfee Security for Microsoft Exchange policies. You can modify McAfee Security for Microsoft Exchange policies from the pages and tabs that are available in the Details pane of the ePolicy Orchestrator console. These pages are nearly identical to those you can access directly from the McAfee Security for Microsoft Exchange user interface.

In ePolicy Orchestrator 4.5, you can assign policies to groups or individual users and you can include users, groups and organizational units in a single rule. Specific users can be excluded from a policy assignment rule.

After you have modified the appropriate policies and saved the changes for the intended computer or group of computers, you are ready to deploy new settings via the ePolicy Orchestrator agent.

Tasks

• Creating or editing policies in ePolicy Orchestrator 4.5 on page 38

You can create, edit, delete, or assign a policy to a specific group or a specific computer in the System Tree.

• Creating or editing policies in ePolicy Orchestrator 4.6 on page 39

• Enforcing policies on page 39

You can enforce a policy to multiple managed systems within a group.

Creating or editing policies in ePolicy Orchestrator 4.5

Task

2 Click Menu | Systems | System Tree and select a required group or system(s).

3 On the Assigned Policies tab under Product, select McAfee Security for Microsoft Exchange 7.6.0. A list of policies appears in the lower pane.

4 Locate the required policy, and click Edit Assignment next to the policy. The policy assignment page for the chosen group appears.