McAfee Deep Defender Trial Installation & Walkthrough

Co-developed with Intel, McAfee Deep Defender is a first-of-its-kind rootkit protection for Windows 7 and 8 systems with Intel Core processors (i3, i5, or i7) or Intel Xeon processors (E3, E5, or E7 with extended page tables) with Intel® VT technology. Support also extends to Windows 2008 64-bit R2 SP1 Servers with Xeon processors. Once installed, it can detect and block rootkit attacks below the operating system. Deep Defender’s inline approach lets it monitor and evaluate events in real time; allowing it to detect, block, and remediate advanced, hidden attacks that traditional operating system-based security does not detect. To learn more about Deep Defender features, please download the data sheet.


Trial Installation Requirements

During the installation of this McAfee endpoint suite, the Deep Defender client and associated management files were checked into your McAfee ePO server. Two deployment tasks were automatically created for you. In order to verify which systems are capable of running Deep Defender, the command line switch “–report” was added to one of these tasks. This will provide reporting back to McAfee ePO as to which systems in your environment are compatible with Deep Defender.


Use Cases

Deployment of Deep Defender software
In order to successfully deploy Deep Defender a compatibility check should be performed. This use case will provide the instructions to perform this check, read the results, and deploy the software.

Deploying Deep Defender in Report Mode

  1. Click the System Tree button, select the My Organization group, and then click Assigned Client Tasks.
  2. Click Actions, then click New Client Task Assignment.
  3. Under Product, select McAfee Agent.
  4. Under Task Type, select Product Deployment.
  5. Under Task Name, select the EASI - Deploy Deep Defender in report mode, and then click Next.
  6. On the Schedule page, set the following options:
    1. Schedule status Enabled
    2. Schedule type Run Immediately
  7. Click Next.
  8. On the Summary page, click Save.
  9. Repeat the above process for the Laptops group as well. Client will retrieve and run this task the next time they poll the server. If desired you may send an Agent Wake Up Call to have the clients run this task immediately. After clients have run the task and report back to McAfee ePO, you can view the Deep Defender Compatibility Report to review the findings.

Viewing the Deep Defender Compatibility Report
Follow these steps to view the results regarding compatibility of your systems with Deep Defender.

  1. Click the Queries & Reports button on the favorites bar.
  2. Expand the Shared Groups on the left. Each group contains a number of predefined queries.
  3. Highlight the Deep Defender group.
  4. Scroll down the alphabetical list of queries, locate Deep Defender Compatibility Report, and click Run at the far right. Assuming the clients have had time to report their findings, you will see a pie chart showing which systems are compatible with Deep Defender and which are not.
  5. If desired you can click Options on the right side of the page and select Export Data to save a list of compatible and non-compatible systems.
  6. Click Close.

Deploying Deep Defender
Note: Installation of VirusScan Enterprise 8.8 is required prior to deployment of Deep Defender.

After discovering which systems are compatible with Deep Defender, you can simply assign the task named POC - Deploy Deep Defender to your systems and groups. Note that after deployment of Deep Defender, a reboot is required to begin providing rootkit protection.

Resources