McAfee VirusScan and McAfee ePolicy Orchestrator Training

Course Details

Course Code

TRN-AVD-101-TCL

Duration

4 days

Objectives

• Install, repair, and remove VirusScan Enterprise 8.0i
• Navigate the VirusScan console
• Configure on-access, on-demand, and email scanning
• Understand high-risk and low risk process scanning
• Examine buffer overflow features
• Examine and enable port blocking rules
• Understand share, file, and directory lockdown
• Block unwanted programs such as spyware and adware
• Configure and run update and mirror tasks
• Describe the components and features of McAfee ePolicy Orchestrator (ePO™)
• Determine prerequisites for installation and understand deployment options
• Install ePolicy Orchestrator server and console
• Log on to ePolicy Orchestrator console, and navigate the interface
• Understand how to create and use named policy objects and the concept of inheritance.
• Design and build the directory tree
• Understand sites and site permissions, user authentication, and product permissions.
• Define the ePO agent and describe its interaction with the ePO Server
• Create, deploy, and manage ePO repositories
• Add products and software updates to repositories
• Use the ePO agent to deploy and manage VirusScan Enterprise 8.0i
• Understand and configure global updating and manage global updates
• Run reports from the ePolicy Orchestrator reports database, and create custom queries
• Understand maintenance and backup requirements for ePolicy Orchestrator
• Understand high availability and performance tuning options

Prerequisites

Participants who wish to take this class should have a general understanding of viruses and anti-virus technology.

Course Agenda

Day 1

Overview

 

VirusScan overview

• Feature and highlights
• Trusted connection strategy
• VirusScan components
• Companion utilities
• The common framework

Installation

• Hardware and software requirements
• Rights required for installation
• Installation methods and options
• Installation process and uninstall.ini
• Installation on a cluster server
• VirusScan files and directories
• Repair and removal
• Lab: Installing VirusScan using a GUI
• Lab: Installing and removing VirusScan using a command line

Configuration

• Accessing VirusScan
• The console
• Default tasks and policies
• Access protection using port blocking
• File, share, and folder protection
• Default access protection rules
• Creating rules
• Buffer overflow protection and exclusions
• Unwanted program protection
• On-access scanner configuration
• ScriptScan component
• Scanner exclusions in Microsoft® Exchange and Lotus® Domino®
• Low-risk and high-risk process protection
• Testing virus detection
• Email scanning on delivery and on demand
• On-demand scanner and scheduler configuration
• Scanning from the command line
• User interface and remote administration options
• Lab: Creating and testing a port blocking rule
• Lab: Configuring and testing a file, share, and folder protection
• Lab: Testing buffer overflow protection
• Lab: Testing unwanted program policy
• Lab: Identifying default scanner configuration
• Lab: Configure high-risk and low risk scanning
• Lab: Password protecting the user interface

Updating

• Overview
• Types of updates
• Signature and engine updates
• Other updates
• Update strategies
• McAfee web sites
• Security features in the update process
• Default updating
• The auto update task and process
• Incremental updating
• Configuring and scheduling auto update
• Editing auto update repository list
• Alternative updating methods
• The mirror task and process
• Lab: Creating an ftp server to host updates
• Lab: Mirroring from a remote server to a local repository
• Lab: Modifying the VirusScan repository list
• Lab: Configuring and scheduling an auto update

Alert manager

• Hardware and software requirements
• Compatibility with other products
• The alerting process
• Events and event priority
• Event priority and alert suppression
  • Alert manager alerting
  • Lab: Installing alert manager
  • Lab: Customizing alert messages and priority levels

Day 2

Overview

 

Security risk management with ePolicy Orchestrator

• Four stages of risk management
• Feature management and product management
• Components, architecture, and communication

Installation

• Deployment options
• Server and database sizing
• Upgrade paths to ePO 3.6
• Installation process
• ePO console and interface
• Lab: Installing ePO 3.6
• Lab: Accessing the ePO console

Directory and policy objects

• Directory concepts and objects
• Sites, groups, and inheritance
• Policy objects and the policy catalog
• Policy configuration and assignment
• Authentication types and account permissions
• Lab: Examining directory objects
• Lab: Examining the policy catalog and policy objects
• Lab: Examining console account roles
• Lab: Policy inheritance and ownership

Creating the directory

• Directory organization methods
• Creating the directory structure
• Active directory discovery
• IP address filtering
• Searching the directory
• Lab: Using IP filtering
• Lab: Text import of systems
• Lab: Using an active directory discovery task

Day 3

Overview

 

The agent

• Installation requirements and supported platforms
• Deploying the agent through ePO and other methods
• Understanding ePO agent files
• Customizing the agent installation package
• Agent communications and forcing agent activity
• Lab: Viewing agent log files
• Lab: Forcing agent activity
• Lab: Determining agent configuration

Policies, properties and client tasks

• Agent policies and communication
• Agent update options
• Product policy and client tasks
• Site, group and system properties
• Client update tasks
• Lab: Creating and agent policy and observing inheritance
• Lab: Examining machine properties
• Lab: Setting VirusScan policy
• Lab: Observing agent event collection
• Lab: Adding a VirusScan scan task

Repositories and server tasks

• Repositories overview
• Repository prerequisites and system requirements
• Master, distributed, source, and fallback repositories
• Creating repositories
• Managing software in a repository
• Tasks types and definitions
• Pull and replication tasks
• Sample topologies
• Global updating and the super agent
• Lab: Adding software to the repository
• Lab: Deploying VirusScan using ePO
• Lab: Creating a pull and replication task
• Lab: Using global updating

Day 4

Overview

 

Reports

• Accessing the ePO database
• Authentication restrictions
• Database options
• Directory filtering
• Event filtering
• Reports types and the report interface
• Infection and coverage reports
• Report drilldown
• Customizing reports and saving settings
• Query types and examining queries
• Running a query
• Lab: Running ePO reports and queries
• Lab: Adding reports and queries

Notification and compliance

• MyAvert threat notification
• The notification process
• Notification methods, variables, and rules
• Compliance check notification
• System compliance profiler scanning process
• System compliance profiler compliance policies
• System compliance reports
• Rogue system detection process
• Detection response
• Sensor policy
• Subnet coverage management
• Rogue system reports
• Lab: observing notifications
• Lab: Systems compliance profiling
• Lab: Rogue systems detection

Maintenance and monitoring

• SQL maintenance
• Configuring ePO and SQL authentication
• The backup and restore process
• Examining auditing
• Lab: Backup and restore of database
• Lab: ePO auditing

Performance and availability

• Optimizing disk and memory usage
• Clustering ePO serve

Schedule and Registration

View our online course schedule and registration information.