McAfee Security Product Update

1
McAfee Security Product Update

• Shelane Blaz Account Manager Larry
  Kovalsky Systems Engineer

2
Agenda

• New Product Overview
• VirusScan Enterprise
• Installation Designer
• ePO 3.0
• AutoUpdate Architect
• Upgrade Best Practices
• Product Demo/QA

3
VirusScan Enterprise 7.0 Enhancements

• WORM KILLING CAPABILITIES
• Some of the most costly viruses have evaded
  detection by propagating through memory. Finds
  and removes viruses like CodeRed and SQLSlammer
  from memory.
• RISK BASED / PER PROCESS SCANNING
• Custom Scanning Profiles
• COMPLETE
• Desktop Fileserver protection in one
• SMALL
• Designed to conserve bandwidth, simplify
  deployment, and reduce deployment costs
• MOBILE
• Optimized for road warriors and mobile employees
• PRECISE
• Granular administrative control

4
VirusScan Enterprise 7.0 Highlights

• Package size 10 MB
• VS 4.5.1 SP1 NetShield NT 26 MB

• Operating systems
• Desktop WinNT 4, Win2000, WinXP
• Server WinNT 4 Server, WinNT 4 Terminal Server,
  Win2K Server, Win2K Adv Server, Win2K DataCenter
  Server, .NET Standard Server, .NET Enterprise
  Server, . NET Web Server

• Languages
• English, German, French, Spanish, Japanese,
  Dutch, Italian, Swedish, Portuguese, Polish,
  Chinese Simplified, Chinese Traditional, Korean

• Companion releases
• Alert Manager 4.7 alerting utility
• McAfee Installation Designer 7.0 package
  configuration utility

• Compatibility highlights
• ePO 2.5.x, new ePO 3.0
• Citrix Metaframe XP
• Microsoft Small Business Server
• EMC Celerra filer

• Certifications
• Microsoft WinXP, Win2000 Advanced Server, Win
  Server 2003
• ICSA Checkmark Anti-Virus certification

5
Scanning Enhancements -- Speed

• Excess interface layers between the scanners and
  the engine stripped out

On-Demand Scanner
On-Access Scanner
800 files (365 MB) .doc, .xls, .mdb, .ppt,
.pdf Pentium 1.3GHz with 256 MB RAM, Windows 2000
Pro SP3
6
Scanning Enhancements -- On Access
Balancing scanning with other business needs

• Conserve processing power maintain productivity
• Clean file cache to limit needless scanning
• If file is clean and filename listed in cache,
  not scanned again
• Risk based scanning options for different classes
  of applications or processes. Scan more where you
  need to, less where you dont.
• Low Risk Processes set a scanning configuration
  for processes that are low risk for causing or
  spreading infection backup software, system
  processes, databases. Likely scenario Limited or
  no scanning
• High Risk Processes set a scanning configuration
  for processes that are high risk for causing or
  spreading infection browsers, email clients, MS
  Office applications. Likely scenario Stringent
  scanning
• Default All other processes that are not
  included in the Low or High Risk lists. Likely
  scenario Moderate scanning

scan
scan
Cache of filenames recently scanned
scan
7
Scanning Enhancements -- Precise Control

• High-risk processes
• Likely scenario Strict scanning

lOW-risk processes Likely scenario Reduced
scanning
8
Scanning Enhancements -- Precise Control

• Report location of potentially unwanted programs
• AVERT decides what is potentially unwanted and
  adds detection signatures to DATs. Password
  crackers, etc.
• McAfees role is to locate and inform, not delete

9
Scanning Enhancements -- On Demand

• Resumable scanning
• Program scheduled scans to avoid times when other
  computing demands are high
• If scan not complete when task stops, scanning
  re-starts where it left off when scheduled time
  reoccurs

10
Scanning Enhancements -- On Demand

• CPU utilization control
• Specifies the approximate CPU utilization for a
  scheduled scan
• Previously available only on servers. Now
  available for both desktop and server scheduled
  scans
• Intelligent handling of files not readily
  accessible
• Disable scanning of files migrated to an archive
  location by a hierarchical storage manager

11
Improved Exclusion Capability

• Exclusion capability handles
• Wildcards
• Files and Folders
• Exclude by file age
• Exclude files protected by Windows File
  Protection
• Specify exclusions to occur on read or write or
  both
• Default files plus extensions
• Default files minus extension
• Scan all Files minus extension

12
Icon Tray Changes

• VirusScan Console no longer has a sys tray icon
• It now resides on the right click menu
• Update Now
• Very easy for the end user
• Gets updates from McAfee http site (default) or
  from nearest internal update site
• Gets updates weekly (default) or according to
  specified schedule
• On-Demand Scan can be opened from the icon tray
• On-Access Scan Statistics
• Last file scanned, how many files scanned, etc.

Right-click
13
Improved Updating

• True mirroring of updates for desktops servers
• Updates via http, FTP, or UNC share
• Hands-off updating
• Default VirusScan Enterprise 7.0 installation
  updates itself weekly from McAfee http site if
  client/server has internet connection
• Single update delivers ALL update types
• DATs -- incremental or full (if required)
• Engine (if required)
• Extra.DATs, Service Packs, Hotfixes (if approved
  by administrator)
• Resumeable updating after interrupted transfer
• Good for remote users with unreliable or
  low-speed connections

14
Security Improvements

• Updates protected by strong encryption and
  digital signatures
• Configuration lockdown
• Control the amount of visible User Interface
• User Interface Password

15
Configuration Control

• McAfee Installation Designer 7.0
• Companion utility to VirusScan Enterprise 7.0
• Purpose Customized client server package
  creation
• Create complete packages for general deployment,
  COE images
• Client only, server only, or client server
• Create delta configuration packages for those
  inevitable changes
• Conserves company bandwidth. Deploy just the
  delta changes, not the entire package again

16
Whats new in ePO 3.0?
17
ePO 3.0 - Enterprise
18
ePO 3.0 Updating
19
ePO 3.0 Updating

• Flexible - Updates are pulled from the public NAI
  site to the master site/ePO server - Automatic or
  manual
• Bandwidth Smart - Updates are replicated to
  repository sites for distributed deployment.
• Comprehensive- Customer can deploy any DATS,
  engines, hotfixes, Extra.DATs, SPs or patches.
  The machines updater will pull whatever is
  applicable.
• Visible - Update verification is displayed in the
  reports

Santa Clara
ePO Server Master Console Master Database Master
Repository
Dallas
Sydney
Oregon
Repository Site
Repository Site
Repository Site
Each machine reports directly to ePO server
20
Express Global Updating

• Introducing the SuperAgent!
• Reconfigure the existing ePO agent
• Dramatically improves the speed of updating
• Two levels
• 1. - Distributes the load of wake up calls
• 2. - Acts as a repository for updating on its
  subnet
• Requirement of one per Subnet

21
Express Global Updating

• Check DAT from AVERT into Master
• Send SuperAgent wake up to refresh its repository
• SuperAgents broadcast to subnet Run immediate
  AutoUpdate!
• Clients pull new DAT from SuperAgent or existing
  repository.
• Clients report direct to ePO server for
  compliance reporting

Santa Clara
ePO Server Master Console Master Database Master
Repository
Oregon
(Exploded view of Oregon network to demonstrate
SuperAgent)
Repository Site
Denotes agent configured as SuperAgent
Subnet
Subnet
Subnet
Each machine reports directly to ePO server
22
Updating using ePO

• WAN-efficient deployment of VirusScan Enterprise
  7.0
• Resumable deployment after interrupted transfer
• Good for remote users with unreliable or
  low-speed connections
• Global updating in under 1 hour
• Postponable updating
• Gives remote users more control over bandwidth
  usage during quick email syncs
• Pick nearest server dynamic updating
• Quickest possible updates
• Fast updates for road warriors regardless of
  their physical location
• ePO reporting on update progress/errors

23
Simplified Administration Visibility

• Global Server Policy Management
• Single console to manage multiple servers - one
  at a time
• Easily cut and paste policies
• Automatic removal of dead agents
• Quick machine find
• Centralized sharing of custom-created reports
• Faster report generation

24
Enhanced Status/Visibility

• New Executive Summary Reports
• History Reports Task, Update, Infection
• Security Summary
• Top Viruses Top Infected Users
• Firewall Attack type Top Attack Victim
• ThreatScan Vulnerabilities Top Vulnerable
  Computers
• Compliance Summary
• Compliance Summary by product
• Infection resolution by product
• Top Viruses and Top Infected

25
ePO 3.0 Requirements/Recommendations

• gt Pentium II 400/Win 2K Member Server/NTFS
• Internet Explorer 6
• MSDE 7/2000 or MS SQL 7/2000 MDAC 2.7
• 9x machines VCREDIST and DCOM95
• BACKUP TEST RESTORE ePO DB
• Upgrade DB before Upgrading ePO
• Review ePO 3 Install Guide for detailed scenarios
  on upgrading (Chapter 4)

26
ePO 3.0 Server Specs
27
Concepts to Understand

• Common Framework
• Sitelist.xml
• Catalog.z and PKGCatalog.z
• Source, Master, and Distributed Repositories
• Update Task is configured with the Agent
• Product Install is configured with built-in
  deployment task

28
Questions / Product Demo

• Thank You