McAfee VirusScan and McAfee ePolicy Orchestrator Training

Course Details

Course Code

TRN-AVD-101-TCL

Duration

4 days

Objectives

• Install, repair, and remove VirusScan Enterprise 8.5i
• Navigate the VirusScan console
• Configure on-access, on-demand, and email scanning
• Understand high-risk and low risk process scanning
• Examine buffer overflow features
• Examine and enable port blocking rules
• Understand share, file, and directory lockdown
• Block unwanted programs such as spyware and adware
• Configure and run update and mirror tasks
• Describe the components and features of McAfee ePolicy Orchestrator (ePO™)
• Determine prerequisites for installation and understand deployment options
• Install ePolicy Orchestrator server and console
• Log on to ePolicy Orchestrator console, and navigate the interface
• Understand how to create and use named policy objects and the concept of inheritance.
• Design and build the directory tree
• Understand sites and site permissions, user authentication, and product permissions.
• Define the ePO agent and describe its interaction with the ePO Server
• Create, deploy, and manage ePO repositories
• Add products and software updates to repositories
• Use the ePO agent to deploy and manage VirusScan Enterprise 8.5i
• Understand and configure global updating and manage global updates
• Run reports from the ePolicy Orchestrator reports database, and create custom queries
• Understand maintenance and backup requirements for ePolicy Orchestrator
• Understand high availability and performance tuning options

Prerequisites

Participants who wish to take this class should have a general understanding of viruses and anti-virus technology.

Course Agenda

Day 1

Overview

 

McAfee VirusScan® foundation

• Feature and highlights
• Foundation features
• VirusScan components
• Companion utilities
• The common framework

Installation

• Hardware and software requirements
• Rights required for installation
• Installation methods and options
• 64-bit support and differences
• Installation process and uninstall.ini
• Installation on a cluster server
• VirusScan files and directories
• Repair and removal
• Lab: Installing VirusScan using a GUI
• Lab: Installing and removing VirusScan using a command line

Anti-spyware installation

• Software requirements
• Rights required for installation
• Installation methods and options
• Installation process
• Anti-spyware changes to VirusScan
• Lab: Installing Anti-spyware using a GUI

Console and graphical user interface

• Accessing VirusScan
• The console
• Default tasks and policies
• On-access scanner configuration
• Scriptscan component
• Scanner exclusions in Microsoft® Exchange and Lotus® Domino®
• Low- and high-risk process protection
• Testing virus detection
• Email scanning on delivery and on demand
• On-demand scanner and scheduler configuration
• Scanning from the command line
• User interface and remote administration options
• Lab: Creating and testing a port blocking rule
• Lab: Configuring and testing a file, share and folder protection
• Lab: Testing buffer overflow protection
• Lab: Testing unwanted program policy
• Lab: Identifying default scanner configuration
• Lab: Configure high- and low-risk scanning
• Lab: Password protecting the user interface

Console and graphical user interface

• Accessing VirusScan
• The console
• Default tasks and policies
• Remote administration
• System tray icon
• On-access statistics
• User interface options
• Testing virus detection
• Lab: Navigate the VirusScan console
• Lab: Remote connection to another computer through the console

On-access scanner

• On-access scanning versus on-demand scanning
• On-access scanner properties
• Anti-spyware module changes
• Scriptscan component
• Scanner exclusions in Microsoft Exchange and Lotus Domino
• McAfee GroupShield® exclusions
• Common management agent exclusions
• Other exclusions for file-level scanning
• VSE Behavior with the clean, delete, and move actions
• Low- and high-risk process protection
• Lab: Configure high- and low-risk scanning
• Lab: Test the high- and low-risk scanning

On-demand scan

• Understand stealth malware (rootkits)
• Using the on-demand scan task
• On-demand scan properties
• On-demand scanner and scheduler configuration
• Anti-spyware changes to the on-demand scan
• Scanning from the command line
• Lab: Configuring the on-demand scan

Email scanner

• Email scanner components
• On-delivery email scan configuration
• Email scanning on delivery and on demand
• Lotus Notes scanner settings
• Lab: Configure and test the on-Delivery email scan

Support and maintenance

• Overview
• Types of updates
• Signature and engine updates
• Other updates
• McAfee web sites
• CommonUpdater directories
• Enterprise support
• Threat Center and WebImmune
• McAfee AVERT® Labs notification service
• McAfee Virtual Technician

Updating

• Understand the repository list
• Update strategies
• Security features in the update process
• Default updating
• The auto-update task and process
• Incremental updating
• Configuring and scheduling auto-update
• Editing auto-update repository list
• Alternative updating methods
• The mirror task and process
• Lab: Creating an ftp server to host updates
• Lab: Mirror from a remote server to a local repository
• Lab: Modify the VirusScan repository list
• Lab: Configure and schedule an auto update

Day 2

Overview

 

McAfee VirusScan advanced

• Understand rootkits
• Advanced features in McAfee VirusScan

System access protection

• Understand access protection
• Rule categories
• Protection levels and properties
• Default rules and configuration options
• User-defined rules
• MASE Anti-spyware access protection rules
• Reporting on access protection events
• Port blocking properties
• File/folder protection
• Registry blocking rules
• VirusScan self-protection
• Maximum protection options
• Processing protection rules
• Purpose and application of rules
• Creating user-defined rules
• What happens when an access violation occurs
• VirusScan 8.5i upgrade rules
• Infection trace and blocking
• Lab: Create and test a port blocking rule
• Lab: Create and test the file, share, and folder protection
• Lab: Configure and test the self-protection
• Lab: Utilize the VirusScan trace and block capabilities
• Lab: Implement protection against a newly discovered SimBot worm

Buffer overflow protection

• Understand buffer overflows
• Buffer Overflow properties and configuration options
• Buffer Overflow limitations
• Lab: Examine and test the buffer overflow rule set

Unwanted program protection

• Understand unwanted program protection
• Anti-spyware options in the VirusScan console
• Unwanted program types
• Potentially unwanted programs
• VirusScan alone versus VirusScan with anti-spyware
• Overview of the unwanted programs policy
• On-Access scanning of unwanted programs
• Specifying unwanted programs
• Excluding unwanted programs
• User-defined unwanted programs
• Unwanted programs—actions
• MASE unwanted programs changes
• Testing spyware and unwanted programs
• Lab: Configure and test the unwanted programs policy

Quarantine Manager

• Understand the quarantine management purpose and workflow
• Configuration and management of Quarantine Manager policy
• Quarantine Manager actions
• Lab: Configure and manage the Quarantine Manager policy
• Lab: Test and customize the unwanted program detection. Recover a quarantined file from Quarantine Manager.

Installation designer

• Install installation designer
• Package creation
• Installation package wizard
• Deploying packages
• Lab: Install McAfee installation designer
• Lab: Create and test the file, share, and folder protection
• Lab: Create a customized installation package
• Lab: Install VirusScan using the new customized installation package

Troubleshooting

• Configure session settings
• Default log file directory
• Performance issues
• Minimum escalation requirements tool
• Anatomy of a successful update
• Troubleshooting failed updates
• Troubleshooting using WireShark
• Quarantine fails for files in temporary internet files

Day 3

Overview

 

Security risk management with McAfee ePolicy Orchestrator®

• The four stages in risk management
• Feature management and product management
• Components, architecture, and communication

Installation

• Deployment options
• Server and database sizing
• Upgrade paths to ePO 3.6.1
• The installation process
• The ePO console and interface
• Lab: Installing ePO 3.6.1
• Lab: Accessing the ePO console

The Directory and policy objects

• Directory concepts and objects
• Sites, groups, and inheritance
• Policy objects and the policy catalog
• Policy configuration and assignment
• Authentication types and account permissions
• Lab: Examine directory objects
• Lab: Examine the policy catalog and policy objects
• Lab: Examining console account roles
• Lab: Policy inheritance and ownership

Creating the directory

• Directory organization methods
• Creating the directory structure
• Active directory discovery
• IP address filtering
• Searching the directory
• Lab: Using IP filtering
• Lab: Text import of systems
• Lab: Using an active directory discovery task

The Agent

• Installation requirements and supported platforms
• Deploying the agent through ePO and other methods
• Understanding ePO agent files
• Customizing the agent installation package
• Agent communications and forcing agent activity
• Lab: Viewing agent log files
• Lab: Forcing agent activity
• Lab: Determining agent configuration

Policies, properties, and client tasks

• Agent policies and communication
• Agent update options
• Product policy and client tasks
• Site, group and system properties
• Client update tasks
• Lab: Creating and agent policy and observing inheritance
• Lab: Examining machine properties
• Lab: Setting VirusScan policy
• Lab: Observing agent event collection
• Lab: Adding a VirusScan scan task

Day 4

Overview

 

Repositories and server tasks

• Repositories overview
• Repository prerequisites and system requirements
• Master, distributed, source, and fallback repositories
• Creating repositories
• Managing software in a repository
• Tasks types and definitions
• Pull and replication tasks
• Sample topologies
• Global updating and the super agent
• Lab: Adding software to the repository
• Lab: Deploying VirusScan using ePO
• Lab: Creating a pull and replication task
• Lab: Using global updating

Reports

• Accessing the ePO database
• Authentication restrictions
• Database options
• Directory filtering
• Event filtering
• Reports types and the report interface
• Infection and coverage reports
• Report drilldown
• Customizing reports and saving settings
• Query types and examining queries
• Running a query
• Lab: Running ePO reports and queries
• Lab: Adding reports and queries

Notification and compliance

• MyAVERT threat notification
• The notification process
• Notification methods, variables, and rules
• Compliance check notification
• System compliance profiler scanning process
• System compliance profiler compliance policies
• System compliance reports
• Rogue system detection process
• Detection response
• Sensor policy
• Subnet coverage management
• Rogue system reports
• Lab: Observing notifications
• Lab: Systems compliance profiling
• Lab: Rogue systems detection

Maintenance and monitoring

• SQL maintenance
• Configuring ePO and SQL authentication
• The backup and restore process
• Examining auditing
• Lab: Backup and restore of database
• Lab: ePO auditing

Performance and availability

• Optimizing disk and memory usage
• Clustering ePO server

Schedule and Registration

View our online course schedule and registration information.