NIHepovscanupdate by liaoxiuli


									McAfee Security Product Update
Shelane Blaz – Account Manager   Larry Kovalsky – Systems Engineer
• New Product Overview
  – VirusScan Enterprise
  – Installation Designer
  – ePO 3.0
  – AutoUpdate Architect

• Upgrade Best Practices
• Product Demo/Q&A
    VirusScan Enterprise 7.0 –Enhancements
     – Some of the most costly viruses have evaded
       detection by propagating through memory.
       Finds and removes viruses like CodeRed and
       SQLSlammer from memory.
     – Custom Scanning Profiles
     – Desktop & Fileserver protection in one
     – Designed to conserve bandwidth, simplify
       deployment, and reduce deployment costs
     – Optimized for road warriors and mobile
     – Granular administrative control
VirusScan Enterprise 7.0 — Highlights
• Operating systems                          • Package size: ~10 MB
   –   Desktop: WinNT 4, Win2000, WinXP         –   VS 4.5.1 SP1 + NetShield NT = 26 MB
   –   Server: WinNT 4 Server, WinNT 4
       Terminal Server, Win2K Server,
       Win2K Adv Server, Win2K DataCenter
       Server, .NET Standard Server, .NET
                                             • Languages
       Enterprise Server, . NET Web Server      –   English, German, French, Spanish,
                                                    Japanese, Dutch, Italian, Swedish,
• Companion releases                                Portuguese, Polish, Chinese Simplified,
                                                    Chinese Traditional, Korean
   –   Alert Manager 4.7 alerting utility
   –   McAfee Installation Designer 7.0
       package configuration utility         • Compatibility highlights
• Certifications                                –   ePO 2.5.x, new ePO 3.0
                                                –   Citrix Metaframe XP
   –   Microsoft: WinXP, Win2000 Advanced
       Server, Win Server 2003                  –   Microsoft Small Business Server
   –   ICSA & Checkmark Anti-Virus              –   EMC Celerra filer
Scanning Enhancements -- Speed
 • Excess interface layers between the scanners and the engine
   stripped out

       On-Demand Scanner                                   On-Access Scanner

                 800 files (365 MB) .doc, .xls, .mdb, .ppt, .pdf
                 Pentium 1.3GHz with 256 MB RAM, Windows 2000 Pro SP3
Scanning Enhancements -- On Access
Balancing scanning with other business needs                                                                          file 1

                                                                               Cache of filenames recently scanned
                                                                                                                      file 2
                                                                                                                      file 3
• Conserve processing power & maintain productivity                                                                   file 4
                                                                                                                      file 5

   – “Clean file cache” to limit needless scanning                                                                    file 6
                                                                                                                     File 7

                                                                                                                     File 8
          If file is clean and filename listed in cache, not scanned again                                          File 9    scan
                                                                                                                     File 10
   – Risk based scanning options for different classes of                                                            File 11

     applications or processes. Scan more where you need
     to, less where you don’t.
          Low Risk Processes: set a scanning configuration for processes
           that are low risk for causing or spreading infection: backup
           software, system processes, databases. Likely scenario: Limited
           or no scanning
          High Risk Processes: set a scanning configuration for processes
           that are high risk for causing or spreading infection: browsers,
           email clients, MS Office applications. Likely scenario: Stringent
           scanning                                                                                                  file X
                                                                                                                     file Y    scan
          Default: All other processes that are not included in the Low or                                          file Z

           High Risk lists. Likely scenario: Moderate scanning
Scanning Enhancements -- Precise Control

  lOW-risk processes                  High-risk processes
  Likely scenario: Reduced scanning   Likely scenario: Strict scanning
Scanning Enhancements -- Precise Control
 • Report location of
   potentially unwanted
    – AVERT decides what is
      “potentially unwanted” and adds
      detection signatures to DATs.
      Password crackers, etc.
    – McAfee’s role is to locate and
      inform, not delete
 Scanning Enhancements -- On Demand
• Resumable scanning
  – Program scheduled scans to
    avoid times when other
    computing demands are high
  – If scan not complete when
    task stops, scanning re-
    starts where it left off when
    scheduled time reoccurs
 Scanning Enhancements -- On Demand
• CPU utilization control
    –   Specifies the approximate CPU
        utilization for a scheduled scan
    –   Previously available only on
        servers. Now available for both
        desktop and server scheduled

• Intelligent handling of files
  not readily accessible
    –   Disable scanning of files migrated
        to an archive location by a
        hierarchical storage manager
Improved Exclusion Capability
• Exclusion capability handles:
   –   Wildcards
   –   Files and Folders
   –   Exclude by file age
   –   Exclude files protected by Windows
       File Protection
   –   Specify exclusions to occur on read
       or write or both

• Default files plus extensions
• Default files minus extension
• Scan all Files minus extension
Icon Tray Changes

•   VirusScan Console no longer has a sys tray
     –   It now resides on the right click menu
•   Update Now
     –   Very easy for the end user
     –   Gets updates from McAfee http site (default) or from
         nearest internal update site
     –   Gets updates weekly (default) or according to specified
•   On-Demand Scan can be opened from the icon
•   On-Access Scan Statistics
     –   Last file scanned, how many files scanned, etc.
Improved Updating
•   True mirroring of updates for desktops & servers
•   Updates via http, FTP, or UNC share
•   Hands-off updating
     –   Default VirusScan Enterprise 7.0 installation updates itself weekly from McAfee http site
         if client/server has internet connection

•   Single update delivers ALL update types
     –   DATs -- incremental or full (if required)
     –   Engine (if required)
     –   Extra.DATs, Service Packs, Hotfixes (if approved by administrator)

•   Resumeable updating after interrupted transfer
     –   Good for remote users with unreliable or low-speed connections
Security Improvements
• Updates protected by
  strong encryption and
  digital signatures
• Configuration
   – Control the amount of
     visible User Interface
   – User Interface Password
Configuration Control
• McAfee Installation Designer 7.0
   – Companion utility to VirusScan Enterprise 7.0
   – Purpose: Customized client & server package creation
   – Create complete packages for general deployment, COE images
          Client only, server only, or client & server
   – Create “delta” configuration packages for those inevitable changes
          Conserves company bandwidth. Deploy just the delta changes, not the entire package again
What’s new in ePO 3.0?
 ePO 3.0 - Enterprise
Express Global         •Update 50,000 systems in less than one hour
ePO Fusion Service     •Expert Services now offers ePO Fusion Service to
                       integrate third party applications

Enhanced               •Bandwidth smart, Automated tiered updating and
deployment &           comprehensive - DATs, engine, McAfee patches,
updating               hotfixes and SPs.

Enhanced mobile        •Pick nearest server, postponable, resumeable,
user protection        and secured HTTP updating

Simplified admin. &    •Executive summary reports and Global policy
visibility             server management

Extended platform & •Management of NAV 8.0, VSE 7.0, Windows 2003
Vendor Support      Server (agent only)
ePO 3.0 Updating
ePO 3.0 Updating
                                                                   •   Flexible - Updates are
                                                                       pulled from the public NAI
                                                                       site to the master site/ePO
                      Santa Clara
                                           ePO Server                  server - Automatic or
                                           Master Console              manual
                                           Master Database         •   Bandwidth Smart - Updates
                                           Master Repository           are replicated to repository
                                                                       sites for distributed
  Oregon                Sydney
                                                                   •   Comprehensive- Customer
                                                                       can deploy any DATS,
                                                                       engines, hotfixes,
                                                 Repository Site
   Repository Site       Repository Site
                                                                       Extra.DATs, SPs or patches.
                                                                       The machines updater will
                                                                       pull whatever is applicable.
                                                                   •   Visible - Update verification
                                                                       is displayed in the reports

             Each machine reports directly to ePO server
Express Global Updating
• Introducing the SuperAgent!
  – Reconfigure the existing ePO agent
  – Dramatically improves the speed of updating
  – Two levels
        1. - Distributes the load of wake up calls
        2. - Acts as a repository for updating on it’s subnet
  – Requirement of one per Subnet
Express Global Updating
                                                               • Check DAT from AVERT
                                                                 into Master
                       Santa Clara
                                         ePO Server
                                                               • Send SuperAgent wake up
                                         Master Console
                                                                 to refresh its repository
                                         Master Database
                                         Master Repository     • SuperAgents broadcast to
                                                                 subnet “Run immediate

                            (Exploded view of Oregon network   • Clients pull new DAT from
                            to demonstrate SuperAgent)           SuperAgent or existing
   Repository Site                                               repository.
                                                               • Clients report direct to
                                                                 ePO server for
                                                                 compliance reporting
                                                                         *Denotes agent configured as

           Subnet          Subnet                Subnet

                Each machine reports directly to ePO server
    Updating using ePO
•   WAN-efficient deployment of VirusScan
    Enterprise 7.0
• Resumable deployment after
  interrupted transfer
     –   Good for remote users with unreliable or low-speed

• Global updating in under 1 hour
• Postponable updating
     –   Gives remote users more control over bandwidth
         usage during quick email syncs

• “Pick nearest server” dynamic
     –   Quickest possible updates
     –   Fast updates for “road warriors” regardless of their
         physical location

• ePO reporting on update
Simplified Administration & Visibility
Global Server Policy Management
  – Single console to manage multiple servers - one at a time
  – Easily cut and paste policies
• Automatic removal of dead agents
• Quick machine find
• Centralized sharing of custom-created reports
• Faster report generation
Enhanced Status/Visibility
• New Executive Summary Reports
• History Reports – Task, Update, Infection
• Security Summary
   – Top Viruses & Top Infected Users
   – Firewall Attack type & Top Attack Victim
   – ThreatScan Vulnerabilities & Top Vulnerable Computers
• Compliance Summary
   – Compliance Summary by product
   – Infection resolution by product
   – Top Viruses and Top Infected
 ePO 3.0 Requirements/Recommendations
• >= Pentium II 400/Win 2K Member Server/NTFS
• Internet Explorer 6
• MSDE 7/2000 or MS SQL 7/2000 MDAC 2.7
• 9x machines – VCREDIST and DCOM95
• Upgrade DB before Upgrading ePO
• Review ePO 3 Install Guide for detailed scenarios
  on upgrading (Chapter 4)
ePO 3.0 Server Specs
Concepts to Understand
• Common Framework
• Sitelist.xml
• Catalog.z and PKGCatalog.z
• Source, Master, and Distributed Repositories
• Update Task is configured with the Agent
• Product Install is configured with built-in
  deployment task
Questions / Product Demo
Thank You

To top