Overview/Installation Flashcards
What is ENS?
An integrated, extensible security solution that protects servers, computer systems, laptops, and tablets against known and unknown threats.
What are some of the types of threats that ENS can provide protection from?
Malware, suspicious communications, unsafe websites, and downloaded files.
Why is ENS unique?
It is made up of multiple security modules that communicate in real time to analyze and protect against threats
What are the security modules that comprise ENS?
Threat Prevention
Firewall
Web Control
Adaptive Threat Protection
Give a brief overview of Threat Prevention
Prevents threats from accessing systems, scans files automatically when they are accessed, and runs targeted scans for malware on client systems
Give a brief overview of Firewall
Monitors communication between the computer and resources on the network and the Internet. Intercepts suspicious communications
Give a brief overview of Web Control
Monitors web searching and browsing activity on client systems and blocks websites and downloads based on safety rating and content
Give a brief overview of Adaptive Threat Protection
Analyzes content from your enterprise and decides how to respond based on file reputation, rules, and reputation thresholds. Adaptive Threat Protection is an optional Endpoint Security module
What is the role of the common module?
Provides settings for common features, such as interface security and logging. It is installed automatically if any other module is installed
What is the workflow for a First Time Installation?
- Install software server side by checking in the desired product package file to the ePO server
- Update ePO server with the latest content files required for Endpoint Security: AMCore, Exploit Prevention, and ATP content Files
- Deploy the client software with default or custom settings to managed systems either:
a. Remotely with deployment tasks
b. Locally on managed systems with an installation URL - Verify that the client software is installed and up to date on all managed systems
- Configure settings as needed
What is the workflow for an upgrade?
- Confirm that your upgrade path is supported
- Check in the product package files and the McAfee Agent package files (if required) to the ePO server
- Upgrade McAfee Agent, if required
- Manually update your ePO server with the latest content files required for Endpoint Security: Amcore, Exploit Prevention, and ATP content files
- Deploy the client software with default or custom settings to managed systems in one of these ways:
a. Remotely with deployment tasks
b. Locally on managed systems with an installation URL - Verify that the client software is installed and up to date on all managed systems
- Configure settings as needed
What additional steps need to be taken when upgrading legacy software with migrated settings?
- Review and prepare legacy settings
- Migrate settings with Endpoint Migration Assistant
- Verify that your settings migrated correctly
What does Endpoint Upgrade Assistant do?
Upgrade all the systems that meet requirements with a single deployment task, and to plan deployments that ensure compatibility between Endpoint Security and other McAfee products running on managed systems
Before deploying ENS to your production environment, what should be done first?
You need to deploy the software you plan to install in a test environment or to a test group, then verify the results before deploying it to the larger environment. Testing lets you verify that endpoints upgrade as expected, and make changes as needed, before deploying upgrades to all endpoints
What consideration needs to be made prior to deploying ATP?
If you plan to install Endpoint Security ATP, decide whether to integrate it with the optional TIE server
What are some general considerations to be made prior to the deployment of ENS?
- How it will be deployed (platform software, third-party tools, or an installation URL)
- Management Strategy
- Update Strategy
- Whether or not you will use Migration Assistant and Upgrade Assistant
What products can be upgraded?
ENS 10.2.x ENS 10.5.x VSE 8.8 HIPS 8.0 SiteAdvisor Enterprise 3.5 Endpoint Security ATP 10.5 ENS Threat Intelligence
T/F: You need to uninstall existing legacy Virus Detection and Firewall products prior to the deployment of ENS.
False, You don’t need to uninstall existing virus-detection and firewall products on systems before installing Endpoint Security. The installation wizard detects these products and resolves most conflicts automatically
If incompatible virus detection or firewall software is installed - The wizard tries to uninstall the software. If it can’t, it prompts the user to cancel the installation, uninstall the incompatible software manually from the Windows Control Panel, then resume the installation where it left off
T/F: The ENS Install wizard will disable the Windows firewall automatically to prevent conflicts.
False
If Common Event Enabler (CEE)/Common AntiVirus Agent (CAVA) is running, what does this mean for ENS.
You can install ENS with CAVA support by using a command line option.
This disables the blocking cache in the OAS, increases the number of OAS scanning threads to 200, and enables network scanning.
These setting changes are needed for OAS to scan all files from CAVA
What happens if HIPS is installed when you attempt to deploy ENS?
ENS firewall replaces HIPS firewall, and you can optionally migrate your Firewall settings to the new firewall.
HIPS (without its firewall module) can run side by side with ENS
Note: you are not required to upgrade to ENS firewall or migrate your settings. You can continue to run the HIPS firewall after installing ENS firewall. Whenever HIPS Firewall is installed and enabled, ENS firewall is disabled even if enabled in the policy settings
What is the compatibility like with McAfee Client Proxy and ENS
If McAfee Client Proxy is installed - Web Control disables itself automatically if it detects a web gateway appliance or if McAfee Client Proxy is installed and in redirection mode
What is the compatibility like with McAfee Application Control and McAfee Change Control
If McAfee Application Control and McAfee Change Control are running - The system stops responding (hangs) when memory protection features in McAfee Application Control, McAfee Change Control 8.x or 7.x and Endpoint Security or Host Intrusion Prevent are running at the same time.
What should you do if you need to run ENS on a system with Application Control and Change Control
- Installation order - Install ENS first, then Application Control and Change Control.
- If already installed - Disable the Memory protection and Script as Updater features in Application Control and Change Control. See KB81465 for more information.
What are the tasks that should be done before installing ENS?
- Make sure that systems meet requirements
- Make sure that other products are compatible with Endpoint Security
- Make sure that the software you want to upgrade is supported
- Review settings you want to save
- Run McAfee GetClean
- Run McAfee SysPrep
What does the ENS Package Designer do?
Endpoint Security Package Designer steps through the process of creating a custom installation file, which you can deploy to managed systems using ePO or third party software
What does the ENSConfigTool do?
ENS config tool allows you export all policy settings from select product modules to a location that you specify
It is located in the ENS platform folder
What does the Migration Assistant Tool do?
Use this tool to save (or migrate) settings and assignments for legacy products when upgrading to ENS
What does the Upgrade Assistant Tool do?
Simplifies and automates many of the tasks required to upgrade managed systems to ENS in complex environments
- Analyze managed systems
- Identify the systems that are ready to upgrade
- Plan, implement, and track product upgrades throughout your environment
- Maintain compatibility on systems running multiple McAfee products and versions
- Deploy using ePO or third party tools
What are the post installation tasks that should be undergone?
Verify client software is installed and up to date on managed systems.
Test virus detection feature of threat prevention by downloading the EICAR Standard AntiVirus Test File to the local system.
Test that the Real Protect Scanning features in Adaptive Threat Protection are Installed correctly and that systems can communicate with the McAfee cloud for detections
