Introduction to ePolicy Orchestrator

With McAfee ePO software, IT administrators can unify security management across endpoints, networks, data, and compliance solutions from McAfee and third-party solutions. McAfee ePO software provides flexible, automated management capabilities so you identify, manage, and respond to security issues and threats. You define how McAfee ePO software should direct alerts and security responses based on the type and criticality of security events in your environment, as well as create automated workflows between your security and IT operations systems to quickly remediate outstanding issues. As a result, you save time and money—with a more effective security program. McAfee ePO software helps drive down the cost and complexity of managing security.

The ePO Software Repository
The McAfee ePO server is the central software repository for all McAfee product installations, updates, and other content. The modular design of ePolicy Orchestrator allows new products to be added as extensions. This includes new or updated versions of McAfee and McAfee-compatible solutions from the Security Innovation Alliance. Packages are components that are checked in to the master repository, and then deployed to client systems. ePolicy Orchestrator also allows for replication to distributed repositories at remote locations for bandwidth optimization.

For McAfee ePO to keep your client systems up-to-date, a repository task that retrieves updates from a McAfee site (HTTP or FTP) was created to run daily at 1:00 am. The steps below show you how to modify the task so that it checks the McAfee update site every 12 hours instead.

Editing the Repository Pull Task

  1. Click Menu | Automation | Server Tasks.
  2. In the list, find the task named Update Master Repository and, under the Actions column, click Edit to open the Server Task Builder.
  3. On the Description page, make sure Schedule status is set to Enabled, then click Next.
  4. Select Move existing packages to Previous branch, then click Next.
    NOTE: Checking this option allows ePolicy Orchestrator to maintain more than one set of signature files. When the task runs next, the current updates are moved to a directory on the server called Previous. This allows you to roll back updates if necessary.
  5. On the Schedule page, choose when you want ePolicy Orchestrator to check the McAfee site for updates.
    1. Schedule the task to run Hourly, with No End Date.
    2. Set Schedule to every 12 hours.
  6. Click Next.
  7. On the Summary page, click Save. The console returns to the Server Tasks page.

You can set any update schedule you desire. There are generally two approaches — the standard approach similar to that described above, and a more advanced methodology to use if you are required to test signatures (DATs) on a subset of your systems prior to deployment to the remainder of your population. The standard approach is appropriate for most evaluations. Information on the advanced approach is detailed in the white paper Validating DAT and Other Content Files with McAfee ePolicy Orchestrator located on the McAfee Customer Portal.

Systems and the System Tree
The ePolicy Orchestrator System Tree organizes managed systems in units for monitoring, assigning policies, scheduling tasks, and taking actions. These units are called groups, which are created and administered by Global Administrators or users with the appropriate permissions. Groups may contain both systems and other groups. As shown in the graphic below, the installer created a sample system tree during setup.

Three groups were created under the default My Organization group; Laptops, Servers, and Workstations. The Servers group also has several subgroups for different server types based on function or role. These sample groups were created for your convenience. You are not required to use them, but they are referenced in the instructional exercises that follow. If you wish to test system & group creation through Active Directory, detailed steps are provided in the McAfee Quick Tips video Active Directory Synchronization in ePO.

Adding Systems to your System Tree Groups
If you chose Automatic Discovery of systems during the installation, use the following steps to organize your test systems in the System Tree. If you did not select Automatic Discovery, skip to the following task, entitled Adding Systems Manually.

Systems Added with Automatic Discovery

  1. Click the System Tree button on the favorites bar.
  2. Click on the My Organization group on the left. The systems are displayed on the right.
  3. If there are any systems discovered that you do not want to be included in your testing, you can remove them from the tree. Place a check in the box next to all the systems you want to remove (you can use Shift+Click to select more than one), click Actions | Directory Management | Delete, and then click OK. You do NOT need to check the box for Remove Agent on Next Agent-to-Server Communication.
  4. Drag and drop the remaining systems to their appropriate groups. You can drag multiple systems by placing a check mark by each first. A dialog box will appear asking “Are you sure you want to move the system(s)?”. Click OK. You can check the box if you do not wish to see this dialog in the future.

Adding Systems Manually

  1. In the System Tree, highlight the Workstations group and click System Tree Actions | New Systems.
  2. For How to Add Systems, select Add systems to the current group, but do not push agents.
  3. For Target Systems, type the NetBIOS name for each system in the text box, separated by commas, spaces, or line breaks. You can also click Browse to select systems.
  4. Verify that System Tree sorting is disabled.
  5. Click OK.
  6. As needed, repeat these steps to add any servers to your Laptops or Servers group or its subgroups.

There are several methods of organizing and populating the System Tree:

  • Manually structure your System Tree by creating your own groups and adding individual systems.
  • Synchronize with Active Directory or NT domain as a source for systems. In the case of using Active Directory, synchronization mirrors AD and automatically provides System Tree structure.
  • Create your own groups and sort based on IP ranges or subnets. This is called criteria-based sorting.
  • Import a text file of groups and systems.

Note: Please proceed to Installing the McAfee Agent software and Configuring Dashboards before your individual product review. This will insure a smooth experience for your trial.