VMware VCENTER CONFIGURATION MANAGER 5.3 - SOFTWARE CONTENT REPOSITORY TOOL GUIDE Betriebsanweisung Seite 1

Product GuideMcAfee MOVE AntiVirus (Agentless) 3.6.0For use with McAfee ePolicy Orchestrator

VMware vCenter — Console that manages the ESXi servers, which host the guest VMs that requireprotection.Hypervisor (ESXi) — Allows multiple operating

Greater Data Center visibilityMcAfee Data Center Connector, which is also part of the Data Center Security suite, provides acomplete view into virtual

1IntroductionFeatures12McAfee MOVE AntiVirus (Agentless) 3.6.0 Product Guide

2Installation and configurationTo set up your environment for MOVE AV Agentless, you install VMware vShield Endpoint, configurethe Security Virtual Ap

These items come pre-installed:Operating system Ubuntu 12.0.4Software VirusScan Enterprise for Linux 2.0McAfee Agent 4.8McAfee MOVE AV AgentlessWe rec

• VMware vSphere 5.1, 5.5• VMware NSX Manager 6.0.5 and laterFor details about system requirements and instructions for setting up the ePolicy Orchest

• McAfee MOVE AV (Agentless) restore tool (MOVE‑AV‑AL_RestoreTool_3.6.0.zip)• McAfee MOVE AV (Agentless) multiple OVF deployment tool (MOVE‑AV‑AL_SVA_

TaskFor option definitions, click ? in the interface.1From the ePolicy Orchestrator console, click Menu | Software | Extensions | Install Extension.2B

Setting up the SVAYou must deploy the OVF and configure the SVA before you can begin using the Agentless deploymentoption.OVF deployment optionsThe pr

Product trial version — Allows you to use the McAfee ePO-based SVA deployment feature to managean environment with 10 hypervisors or fewer. If you use

COPYRIGHTCopyright © 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.comTRADEMARK ATTRIBUT

Set up a common configuration for SVA deploymentBefore deploying the SVA, complete this common configuration on the McAfee ePO server, so thatthese se

3From the Configuration tab, click IP Pool to open the IP Pool: IP Pool Details page with these SVA details andactions:4Click Actions | Add IP Pool to

4Click Actions | Add SVA to open the Check-in SVA (zip) file page.5From Select SVA (zip) file to check-in, browse to and select the SVA package, then

4Click Edit under Action to open the vShield Manager Configuration dialog box and edit these vShieldManager account details.Make sure that your vShiel

The SVA deployment process using McAfee ePO involves these three simple steps:1Common configuration — Before deploying the SVA, complete this common c

• SVA Host Name — Displays the name of the SVA host. Example: SVA-1- host-5421.• Here, SVA — Indicates the SVA Hostname Prefix, which is defined in th

• Warning — Check for specific warnings like:• VM Tools are not running.• Compatibility checking failed.• VMs are not part of the domain as McAfee ePO

3From the Status tab, you can view the SVA deployment or upgrade details.4Click any of the SVA deployment jobs to view these Job Status Details and it

Table 2-5 During SVA deployment (continued)Task type DescriptionEnabling vShield DriverEnables vShield Driver on the client machines.Testing EICARTes

Table 2-7 During SVA upgrade (continued)Task type DescriptionRemoving SVARemoving the powered off old SVA from hypervisorEnabling vShield DriverEnabl

ContentsPreface 5About this document ...5Conventions ... 5Find product documentation ...

After initiating the SVA removal process, you can view the Job Status Details and Task Status Details for theremoval on the McAfee ePO server.Table 2-

7On the Select storage page, select the Datastore where you want to add the SVA service virtualmachines storage, or select Specified on host.The selec

3From the Server Type drop-down list on the Description page, select NSX Manager, and specify a uniqueuser‑friendly name and some details that can hel

Check in the SVA package to McAfee ePOYou must check in and host the SVA package in McAfee ePO, so that you can use it with VMware NSXManager, then de

TaskFor option definitions, click ? in the interface.1Log on to McAfee ePO as an administrator.2Click Menu | Configuration | MOVE Service Registration

7On the Select storage page, select the Datastore where you want to add the SVA service virtualmachines storage, or select Specified on host.The selec

Create a global security groupYou can select all data centers from the available vCenter and configure them as a security group, sothat you can assign

For this... Do this...NameType the name of the MOVE service.DescriptionType some details about the MOVE service, which help you to identify the SVA.Ac

Task1Gather this information, which you require to run the configuration script:SVA IP addressvCloud Networkingand SecurityManagerIP address or DNS na

Column header OVF propertyePO Server NetworkThe name of the ESXi network that the McAfee ePO server uses to managethe McAfee SVA.To successfully deplo

3 Monitoring and managing your environment 45Integration with ePolicy Orchestrator ...45Policy management ...

Task1From the vSphere Client, select the resource pool on the hypervisor where you want to deploy theOVF, then click File | Deploy OVF Template to ope

• If you select the Manual Deployment option and don't provide the configuration information aboutthe Properties page, you must manually configur

3At the prompt, log on with these credentials:• User name: svaadmin• Password: adminThe configuration script runs automatically the first time you log

Category Setting DescriptionSVA Host name The host name of the SVA.SVA savaadminPasswordThe password of the svaadmin account.vCloud Networkingand Secu

Unregister the VMware NSX Manager from McAfee ePOSelect the registered VMware NSX Manager and unregister it from the McAfee ePO server.Task1Log on to

3Monitoring and managing yourenvironment The Agentless deployment option monitors the status of virtual desktops and changes behavior fromthe ePolicy

Policies and their categoriesPolicy information is grouped into two categories: SVA and Scan. You can create, modify, or delete asmany policies as nee

• User — Enter the user name credentials to connect with the server.• Password — Enter the password associated with the user.After you save and reopen

Table 3-1 Scan Items Option DefinitionOn-Access ScanfilesWhen an attempt is made to open, close, or rename a file, the scanner interceptsthe operatio

9In the Actions tab, configure When a threat is found behavior. You must select a first action and asecondary action.For the first action, available o

PrefaceThis guide provides the information you need to configure, use, and maintain your McAfee product.Contents About this document Find produc

2From the ePolicy Orchestrator console, click Menu | Systems | System Tree.3Select the system from the list, then select Actions | Agent | Wake Up Age

The restore tool at-a-glanceThis diagram provides an overview of how the quarantine restore tool works.The restore tool requires Java Runtime Environm

Task1From the folder where you extracted MOVE-AV-AL_RestoreTool.3.6.0.zip, run quarantine_restore.cmd tolaunch the quarantine restore tool.The Connect

Using the SVA policy quarantine settingsThe Quarantine settings tab is located on the SVA Policy page. The malware that is detected on any virtualmach

3In the Advanced Sharing dialog box, select Share this folder, then change Share name to quarantine$. The $symbol hides the share.4Click Permissions,

Follow these steps to run the policy collection immediately:aClick Menu | Configuration | Server Settings, then click MOVE AV [Agentless] under Settin

8Click Menu | Reporting | Queries & Reports and select MOVE AV [Agentless] under McAfee Groups to view and runthese scan diagnostic queries:• MOVE

At the end of specified minutes, the tool completes the analysis and displays the results. Thedefault allowed time limit is 1 minute.You can also chan

Monitoring the SVAMonitor the status of the SVA using the Threat Event Log in ePolicy Orchestrator, or the Health andAlarms feature in VMware vShield

To create reports, your assigned permission set must include the ability to create and edit reports. Youcan restrict access to reports using groups an

Find product documentationAfter a product is released, information about the product is entered into the McAfee online KnowledgeCenter.Task1Go to the

3Monitoring and managing your environmentQueries and reports60McAfee MOVE AntiVirus (Agentless) 3.6.0 Product Guide

4Managing the SVAsDeploying a new SVA to the hypervisor in the previous version of McAfee MOVE AV (Agentless)requires you to unregister the existing S

TaskFor option definitions, click ? in the interface.1Log on to McAfee ePO as an administrator.2Click Menu | Queries and Reports | Actions | Import De

Task1Gather this information, which you need to run the unregister script:ePolicy OrchestratorServer IP address and portUser name and passwordYou must

2From the folder where you extracted MOVE‑AV‑AL_SVA_Deployment_3.6.0.zip, run launch.bat tostart the command prompt.4Managing the SVAsUnregister the S

3Enter 1 to unregister the existing SVA from the selected vCloud Networking and Security Manager.You can enter 2 to deploy the new SVA. For details ab

6Turn off the SVA.Do not delete this SVA until the 3.6.0 version is successfully deployed. This SVA can be used to helptroubleshoot deployment issues.

3Delete the version 3.5 SVA from the cluster in the vCenter.4Remove all McAfee MOVE AV policy from Security policies in the VMware vCenter Web Clientc

4Managing the SVAsUpgrade the SVA using NSX Manager68McAfee MOVE AntiVirus (Agentless) 3.6.0 Product Guide

ASVA security requirementsThe following security measures are implemented on the SVA.SecuritymeasureDescriptionapparmorapparmor is a kernel module tha

1IntroductionMcAfee Management for Optimized Virtual Environments AntiVirus (McAfee® MOVE AntiVirus) is ananti-virus solution for virtual environments

ASVA security requirements70McAfee MOVE AntiVirus (Agentless) 3.6.0 Product Guide

IndexAaccountvShield Manager 22Agentless deployment optioninstall extension 16integration with ePolicy Orchestrator 45policy management 45Ccommon conf

Oopen virtualization formatdeployment options 18manual deployment 39properties 42PpermissionsVMware vCenter 18policiesAgentless 45applying 49assigning

00

The Multi-Platform deployment option:• Uses McAfee ePO to manage the MOVE configuration on the client systems, offload scan server, andSVA Manager (OS

Components and what they doEach component performs specific functions to keep your environment protected.ePolicy Orchestrator — Allows you to configur