Migration Flashcards
What is the ENS Migration Assistant
A tool that allows for the migration of custom settings and assignments belonging to legacy products to ENS in the event of an upgrade
What ePO versions does the migration assistant migrate settings for?
Environments managed with ePO version 5.1.1 or later
What are the products that Migration Assistant provides migration for?
VSE 8.8 HIPS Firewall 8.0 HIPS 8.0 SiteAdvisor Enterprise 3.5 Endpoint Protection for Mac 2.3 McAfee VirusScan for Mac 9.8 VSE for Linux 2.0.2
What settings from VSE 8.8 can be migrated?
Policies(Workstation Policies, Server Policies, or both) and Client Tasks
What settings from HIPS firewall can be migrated?
Host IPS Catalog
Firewall and General Policies
What settings from HIPS can be migrated?
IPS Rules policy:
- Excluded Application Protection Rules
- IPS Exceptions
- Custom Signatures
- McAfee-defined signatures supported
IPS Protection Policy
What settings from SiteAdvisor Enterprise can be migrated?
Policies
Client Tasks
What settings from Endpoint Protection for Mac/VirusScan for Mac can be migrated?
Anti-malware policy:
- On Access Scan
- Exclusions: On-Access Scan
What settings from VirusScan Enterprise for Linux 2.0.2 can be migrated?
On-Access Scanning Policy
On-Demand Scanning Client Tasks
What is the difference between Automatic Migration and Manual Migration?
Automatic Migration:
- Migrates all supported settings for all supported products you have installed on your systems
- Requires minimal input from you
- Create and assign new ENS policies and client tasks automatically, based on your current product settings
Manual Migration:
- Requires user input
- Lets you select specific objects to migrate and edit the policies if needed
- Does not retain assignments for migrated objects
What happens to objects from a previous migration when you initiate another one?
Automatic Migration: Deletes objects created during a previous automatic migration session for the same systems
Manual Migration: Has no effect on objects migrated during a previous session
Are assignments retained post migration for migrated objects?
Manual Migration: No
Automatic Migration: Yes
The path for the quarantine folder is limited to 190 characters in ENS, but VSE allowed 256. What does this mean for migration?
If the migrated quarantine folder path contains more than 190 characters, the path automatically reverts to the default location
How is VSE’s organization of Server vs Workstation policies addressed in migration?
When migrating, you can specify either Workstation, server, or workstation and server for migration.
If you choose to migrate only one at a time, you can migrate the other one at a later time. If you migrate both types simultaneously, the number of target polices may increase, depending on the system tree structure.
If a group contains both workstations and servers, the policy assigned to the greatest number of systems is assigned to the group, and the policy assigned to fewer systems is assigned to individual systems within the group as needed.
Thus, the best practice to minimize the number of assignments is to place workstations and servers in separate groups
What happens to Access Protection port-blocking rules from VSE?
They are not migrated. Also, user added inclusions and exclusions for predefined rules are not migrated.
If you want to continue using legacy rules that don’t migrate from VSE, you can create firewall rules in ENS Firewall to replicate their behavior
What is the name for the Buffer Overflow Protection settings in ENS?
Exploit Prevention
How does the difference in characters supported by VSE and ENS affect the migration of exclusions in policies?
VSE allows semi-colons to separate include and exclude processes, while the Migration Assistant recognizes only the comma character to separate include and exclude processes
This means if you migrate an exclusion rule that uses ; to separate multiple include and exclude processes, the Migration Assistant migrates them as a single process, resulting in the migrated policies not containing all the exclusions that were in the original policy
How can you correct the migration issue related to unsupported characters in exclusions?
Before Migrating: Review source VSE policies. Locate unsupported ; characters and change them to , before migrating
During Manual Migration - The Migration Assistant notifies you that one or more policies have unsupported characters, affording you the opportunity to cancel the migration and revise the VSE policies
After migration - Edit your migrated policies to replace each ; character with a , character
Where do VSE policies end up in ENS?
BOP -> Exploit Prevention
On Access Default, High Risk, Low Risk processes and general -> On Access Scan
Quarantine Manager, Unwanted Programs -> Options(TP)
Access Protection -> Access Protection, Options(Common Policy)
Alert -> Options(Common Policy)
General Options -> On Demand Scan, Options(Common Policy)
Where do HIPS policies end up in ENS?
IPS Protection -> Access Protection, Exploit Prevention
IPS Rules -> Access Protection, Exploit Prevention
Trusted Applications -> Access Protection
Firewall Rules -> Rules(Firewall)
Firewall Options, DNS Blocking -> Options(Firewall)
Trusted Networks -> Options(Firewall)
Client UI -> Options (Firewall), Options (Common Policy)
Where do SiteAdvisor Policies end up in ENS?
Enforcement Messaging -> Enforcement Messaging
Authorize List -> Block and Allow List, Options (Web Control)
Prohibit List -> Block and Allow List
Hardening -> Browser Control, Options (Web Control)
Content Actions -> Content Actions, Options (Web Control)
Rating Actions -> Content Actions, Options (Web Control)
Enable or Disable -> Options (Web Control)
Event Tracking -> Options (Web Control)
General -> Options (Web Control), Options (Common Policy
T/F During Automatic Migration, unassigned policies or tasks are migrated over?
False, Automatic Migration only works for policies/tasks that are assigned. You must perform manual migration on tasks that are unassigned
T/F If you make a change to a legacy product’s policy, client task, or host ips catalog during migration, the end result will reflect those changes.
False, the end result of the migration will reflect the object as it was right at the beginning of the migration, thus any changes made in the midst of the migration will in fact not be included
Therefore, it is a good idea to alert other users that possess that authority to modify these settings not to make changes during the migration
When is it recommended to use Automatic Migration?
- Have a network with fewer than 250 managed systems
- Use default policy settings or a minimum number of custom policies
When is it recommended to use Manual Migration?
- Have a network with more than 250 managed systems
- Use multiple custom policies
- Want to fine-tune existing policy settings during the migration process
- Want to fine-tune assignments
- Want to migrate settings to single-platform policies
- Want to personally supervise and approve each step of the migration process
