Professional Documents
Culture Documents
PD27093
PD27093
PD27093
Table of Contents
3 Introduction 25 Test
3 Audience 26 Recovery
4 Methodology 26 Installation
4 Plan 28 Configuration
5 Planning Checklist 30 Upgrade
5 Project Success 30 Validation
8 Technology Implementation 31 Implement
12 Solution Validation 32 Recovery
15 Ongoing Operations 32 Installation
18 Design 33 Deployment
18 Solution Integration 34 Validation
20 Design Principles 35 Appendix
21 Design Validation 35 Plans and Tracking Sheets
22 Assess 38 Examples
22 Technical Review 43 Technical Information
46 About McAfee
Introduction
This document serves as a recommended approach to planning and executing an upgrade
from McAfee legacy endpoint security products to McAfee® Endpoint Security 10.x.
It can also serve as a general guide for planning new deployments of McAfee Endpoint
Security 10.x.
This guide is derived from McAfee Professional Services, based on current methodology
incorporated into field engagements for endpoint software upgrades from any or all of the
following McAfee endpoint legacy products: McAfee® VirusScan® Enterprise 8.8, McAfee®
Host Intrusion Prevention 8.0, and McAfee® SiteAdvisor® Enterprise 3.5.
Audience
The intended audience for this outline is administrators who are experienced with McAfee endpoint security
products. It is not intended to be a comprehensive solution document, containing detailed supporting information.
McAfee recommends that project participants refer to this document as supplemental to their own guidelines and
requirements for software deployment within their environment.
Questions or requests for detailed information on steps outlined in this summary should be directed to McAfee
subject matter experts within your organization. You can obtain additional information from the McAfee Knowledge
Center and McAfee Communities. Contact McAfee Technical Support for further assistance.
Connect With Us
Test: Test the newly designed policies and configuration The Planning Checklist identifies a set of initial
to ensure that they work as designed. considerations to assist you with upgrade planning.
The decisions you make should be documented for use
Implement: After successfully validating your design, during the subsequent Design, Assess, Test.
roll out the upgrade across all intended endpoints.
Success ■
Identify endpoints for the initial pilot administrators
deployment
Project planning discussions should include business
Discuss end user communications
critical application administrators and application
■
■
Discus product features might affect these key stakeholders.
Learn about solution relationships
The project manager should identify enterprise
■
■
Review supported platforms
applications and their owners, and maintain a
Technology ■
Discuss supported McAfee Agent versions
Implementation stakeholder register as necessary. This will help the
■
Consider integration with other McAfee
solutions application owners understand the potential impact
■
Review conflicts with existing products of the migration and validate the functionality of their
■
Determine the implementation process software after McAfee Endpoint Security is deployed.
■
Establish business application testing Note: You can find an Application Owner’s tracking
procedures
sheet on page 38 in the Appendix.
Solution ■
Determine performance testing and baseline
Validation
metrics
■
Plan McAfee application validation testing
■
Identify current security management
practices
■
Review change control processes
■
Develop back-out and recovery plans
Ongoing
Operations
■
Discuss software updates
■
Document McAfee ePolicy Orchestrator
reporting requirements
■
Review corporate security policies and
supporting documentation
Determine project and business objectives Identify endpoints for the initial pilot deployment
Project participants should clearly identify the project Identify a set of endpoints that will be part of the initial
and business objectives. A common business objective pilot deployment. It is recommended that you use a
is to improve security by applying technical safeguards variety of endpoints that are representative of your
that enforce policies. Ensure that your company’s overall environment.
information security strategy aligns with its strategic
■ Determine the operating system platforms to be
objectives.
managed (such as Windows, Mac, Solaris, etc., as
You can get the conversation started by asking the supported by the product).
project participants these questions: ■ Determine groups for type of endpoints: workstations
1. What are our success criteria for the Endpoint or servers, remote users or VPN, etc. The scope of
Security Upgrade Project? your project may be limited to only workstations, only
servers, or both.
2. Have we identified any business risks concerning the
project?
■ Verify that McAfee Agent deployment credentials for
each platform are available.
3. How can the results of this project make our
organization more effective?
■ Record the list of hostnames on a pilot endpoint
planning sheet.
Review security requirements
Note: You can find a Pilot Endpoint Plan tracking sheet
Review specific use cases and core product capabilities
on page 37 in the Appendix.
as needed to ensure policy configurations will meet your
organization’s defined security requirements.
Technology Implementation
Before starting the technology implementation, Key Resources
you’ll want to confirm you understand the solution’s
capabilities, know which modules you’ll be implementing, McAfee Endpoint Migration Endpoint Upgrade Assistant
and be clear on the features of those modules. Assistant McAfee Endpoint Upgrade Assistant is a
McAfee® Endpoint Migration Assistant is McAfee ePO console extension that simplifies
Discuss product features a McAfee® ePolicy Orchestrator ® (McAfee and automates the tasks required to upgrade
ePO™) console extension that walks you the McAfee products on your managed
Review McAfee Endpoint Security features, capabilities,
through the migration process. You can let endpoint. Endpoint Upgrade Assistant
and operational functionality. Endpoint Migration Assistant migrate all minimizes the number of upgrade tasks and
your settings and assignments automatically, ensures product interoperability.
Determine which modules or core features you will be
based on your current settings and new Refer to McAfee Enterprise Product
implementing for Endpoint Security: Threat Prevention,
product defaults, or you can select and Documentation and McAfee Endpoint
Adaptive Threat Protection, Firewall, and Web Control or configure them manually. Upgrade Assistant Product Guide for
McAfee Client Proxy. Use Endpoint Migration Assistant to migrate guidance on installing Endpoint Upgrade
product settings where a supported legacy Assistant extension to the McAfee ePO
■ Review technical article McAfee KB86704 in the
version of a product module is installed. console and understanding:
McAfee Knowledge Center, “FAQs for Endpoint
Endpoint Migration Assistant ensures that ■
The Overview tab, to assess current
Security.” the settings in your legacy policies are moved endpoints in the environment
■ Review Endpoint Security product, installation, and to the correct policies in Endpoint Security. ■
The Prepare tab, to verify correct
migration guides, plus release notes for further In some cases, they are merged with other prerequisites have been met
Endpoint Security settings, and in others, The Deploy & Track tab, to configure,
information. ■
new default settings are applied to support deploy, and track the status of upgrade
updated technologies. tasks
Refer to the Endpoint Security 10.x
Migration Guide for information on:
■
Installing the Endpoint Migration Assistant
extension to the McAfee ePO console
■
Migrating policies automatically
■
Migrating policies manually
■
Mapping migrated policies (old solution to
Endpoint Security 10.x)
Endpoint
Security 10.x Replaces Description
Module
McAfee
Client Proxy
Optional component that integrates with McAfee® Web Gateway
For more information on McAfee Endpoint Security components, refer to the product guide.
Endpoints that are not good candidates for P2P are: Solution Validation
■ Laptops that spend the majority of their time Prior to installation, determine the application testing
connected via VPN practices for your organization. It’s imperative that
you understand any existing business application
■ Fixed-function machines that have extremely limited
testing that needs to be performed, which may require
spare processing cycles
additional support (such as Exchange, SharePoint,
Endpoints that may be good candidates for P2P are: database applications, VPN, etc.)
■ Physical or virtual machines in the datacenter. These Establish business application testing procedures
machines typically have an extremely high bandwidth Best Practices
connection to a McAfee ePolicy Orchestrator McAfee recommends that:
repository, so bandwidth costs are very low.
1. You perform the initial installation or upgrade in a lab,
■ Physical or virtual machines at a remote site development, or other non-production environment
that is representative of your production environment.
Follow these steps for Peer-to-Peer updating:
2. IT application administrators and business application
1. Review performance metrics, both before and after users perform any existing application tests prior to
P2P is enabled, to establish a baseline and the actual the full production rollout.
load of the P2P process. Work with your network
3. During the technical implementation, you use a
admin and monitor traffic via Wireshark or a similar
phased deployment approach. This typically begins
Trace program to complete this task.
with a series of pilot deployments that bring IT and
2. Enable P2P on a subset of workstations. Document how business units together.
many nodes are in these specific broadcast domains.
4. Your environment’s Service Desk personnel should
3. Review performance metrics. be involved as early as possible to gain valuable
4. Continue deploying P2P to additional sites and review experience needed to provide support for your
their performance. organization.
A basic functional application testing process should Before and after installing McAfee Endpoint Security,
include: consider measuring:
■ Organization-specific testing procedures (what testing ■ Average time for endpoint startup
is done for other applications being rolled out to ■ Average time for user logons
users?)
■ Average CPU utilization
■ Basic tests that need to be performed (such as
■ Business application-specific performance metrics
Windows updates, enterprise application use, etc.).
■ A testing methodology or testing scripts to produce The tests and benchmark indicators need to be
repeatable tests consistent for both testing environments.
■ Preparation of your test environment McAfee® Endpoint Security Scan Avoidance is the
■ Installation of the appropriate software most efficient way to ensure optimal performance on
the endpoint. This feature, which is only available in
■ Testing and analysis of the results
McAfee Endpoint Security, leverages the AMCore Trust
■ Resolution of application issues, should any arise
Model to help recognize when a scan is not necessary.
Determine performance testing and This mechanism provides the greatest performance
baseline metrics increase because it not only indicates whether a scan is
necessary early in the scan workflow, but also has longer
Prior to installing McAfee Endpoint Security, determine
term relevance because cached Trusted + Clean results
whether application performance testing baseline metrics
survive an AMCore Content update, whereas Clean
exist for legacy security products within your organization.
results alone will not.
You must be sure you understand existing performance
issues, which should be baselined prior to installing In the new AMCore performance model, the strategy
McAfee Endpoint Security. You also must identify the is based around the notion of an “actor.” An actor is
performance testing benchmarks to be measured before defined as a running process and its state of trust can
and after upgrading to Endpoint Security. be one of three values:
■ Suspicious
■ Normal
■ Trusted
An actor is trusted when it has come from a trusted Plan McAfee application validation testing
origin or is directly related to a trusted package. Discuss and review the high-level activities that will
be performed for your McAfee Endpoint Security
Note: For more information, please review the
deployment and validation testing for your McAfee
white paper, “Understanding Next-Generation
application. These activities are designed to validate
Performance Models.”
that the solution is working as designed, and are not
McAfee Endpoint Security includes a policy setting intended to fulfill or replace existing requirements for
that allows the administrator to trust certain third- the validation of your critical business applications.
party certificates. These certificates are from third-
Endpoint Security validation tests
party software that client endpoints have identified
Validation tests ensure that your McAfee Endpoint Security
and reported back to the McAfee ePolicy Orchestrator
product is capable of blocking/monitoring activity and
software. Once trusted, file access by trusted processes
producing logs/events that are viewable on your client
and of trusted files will benefit from the performance
endpoint and from the McAfee ePolicy Orchestrator
optimization provided through Scan Avoidance.
console. Validation tests should be created for all McAfee
McAfee recommends that you review your legacy Endpoint Security modules and features you plan to deploy.
policies to decide whether they are relevant to the
Tests may include, but are not limited to:
new McAfee Endpoint Security scan optimization
architecture. By default, McAfee Endpoint Security ■ On Access Scanning—EICAR Test
includes an optimized “Let McAfee Decide” option for ■ Viewing the Quarantine Folder
On-Access Scanning. For more information, see technical ■ Exploit Prevention—Hidden PowerShell Detected
article KB88205 in the McAfee Knowledge Center, “How ■ Dynamic Application Containment
to improve performance with Endpoint Security 10.x.” ■ Firewall policy block/allow
■ Web Control
■
■
Change control
required for individual reports)
■
Management of technical vulnerabilities
■ Report distribution requirements −
Endpoint Update management
standards
■ Reporting on risk and risk mitigation within the ■
Database server hardening and configuration
enterprise standards
■ Incidents, for example, violations of rules, malware, ■
Network diagrams
etc. ■
End-user computing configuration standards, for
example, gold disk images
■ Incident response, for example providing information
on how the applications reacted to incidents Figure 2. Review corporate security policies and supporting
(quarantined, blocked, would have been prevented, etc.) documentation.
Solution
■
Learn about the McAfee solution architecture
Integration Client UI
■
Review the endpoint architecture Download of a malicious file from the web
■
Identify required network infrastructure A file hash is sent from Web Control to Threat
services and McAfee network services Prevention, triggering an ODS
■
Understand the role of registered servers Malicious files are detected and blocked before they Web Control Firewall
have full access to the system McAfee
Design
■
Determine users and groups ePO
Forensics data is captured (Source URL, file hash, Threat
Principles Establish roles and responsibilities
■
■
Review known issues Event data is shared with other modules and McAfee
Design
ePO and is visible in the client UI ENS Collaborative Framework
Validation ■
Verify that the installation environment meets
specifications
■
Confirm pilot endpoints configuration
■
Verify accounts and permissions Project participants can download the Endpoint Threat
Protection data sheet located on https://www.mcafee.
Figure 3. Design Checklist
com/enterprise/en-us/assets/data-sheets/ds-
endpoint-security.pdf. This will provide a high-level
Solution Integration review of McAfee Endpoint Security and its related
During this phase of the migration process, the components.
main goals are to ensure that all project participants
understand the McAfee Endpoint Security platform, how
it connects to the network infrastructure, and confirm
the high-level design of the newly configured network.
Default
On access Stateful Site ratings File Protocol Traffic Direction
Port
■ ■ ■ ■
Theft
Protection
repository, inbound connection
from other McAfee Agents.
Figure 4. McAfee Endpoint Security Platform
Users should be assigned privileges based upon their Review known issues
operational role for the solution. Operational Roles You can find the list of known product incompatibilities
might include: in the McAfee Service Portal; be sure to review this list
during the course of your project. Please reference
■ McAfee ePolicy Orchestrator Global Administration
technical article KB82450 in the McAfee Knowledge
■ Product Administration
Center, “Endpoint Security 10.x Known Issues.”
■ Global Reviewer
■ Product-level Reviewer Verify that the installation environment meets
specifications
In the production McAfee ePolicy Orchestrator
Compare the endpoints in your environments against
environment, consider providing global administrators
technical article KB82761 in the McAfee Knowledge
with two accounts:
Center, “Supported platforms, environments, and
■ A Global Administrator account operating systems for Endpoint Security.”
■ A “day-to-day” operations type of account that has
Note: This KB article is updated frequently, as new
more restrictive permissions than the Global Admin
operating systems are released. Your environment
account
will likely have a mix of operating system versions
Typical user permissions include read-access to: and hardware configurations. Pay special attention to
operating systems that are not supported by McAfee
■ Events in McAfee ePolicy Orchestrator
Endpoint Security.
■ Policies in McAfee ePolicy Orchestrator
■ System tree objects in McAfee ePolicy Orchestrator Confirm pilot endpoints configuration
Verify that your pilot endpoints have supported versions
Typical “administrative” permissions (only to be used in a
of the McAfee Agent software installed. Also, ensure that
change control window) include full access to:
pilot endpoints meet the system requirements as listed
■ Policies in technical article KB82761 in the McAfee Knowledge
■ System tree Center, “Supported platforms, environments, and
operating systems for Endpoint Security.”
Design Validation
Validating the design is important in order to confirm You’ll also want to verify that prerequisite software is
that everything is ready for the implementation. installed by using McAfee Endpoint Upgrade Assistant,
and reviewing the product release notes.
Note: You can view a full list of system requirements on
page 43 in the Appendix.
The McAfee Enterprise Product Documentation can McAfee Endpoint Upgrade Assistant. Prior to checking
provide you with compatibility information that is specific in the McAfee Endpoint Upgrade Assistant extension,
to your McAfee ePolicy Orchestrator environment. McAfee recommends that you follow your organization’s
McAfee Endpoint Upgrade Assistant examines the practices for submitting change requests, performing
software packages in your repository and compares endpoint backups, and developing a back-out plan.
that info against the list of compatible software. The
“Overview” and “Prepare” tabs in McAfee Endpoint Assess
Upgrade Assistant provide a visual representation
Prepare for… By performing these activities…
of minimum software versions supported by McAfee
Endpoint Security. Technical ■
Run Endpoint Upgrade Assistant
review
■
Analyze Endpoint Upgrade Assistant results
Verify accounts and permissions
■
Review dashboards and queries
Verify that all your account(s) have the correct ■
Perform McAfee VirusScan Enterprise
permissions. The same account may be used to upgrade policy review
software and deploy solution components on endpoints, ■
Conduct McAfee Host Intrusion policy review
as needed. You’ll want to ensure that you have ■
McAfee Site Advisor Enterprise policy review
permissions set for: ■
Export production policies and tasks
Activities performed during the assessment will Refer to Enterprise Product Documentation for an
result in changes to your production environment; explanation of the tool, a video tutorial, and links to
one specific change is checking in the extension for product documentation.
Analyze McAfee Endpoint Upgrade Assistant results Perform McAfee VirusScan Enterprise policy review
Carefully analyze the results from McAfee Endpoint The McAfee Endpoint Migration Assistant can be
Upgrade Assistant and prepare to implement the used to migrate McAfee VirusScan policies and tasks to
recommended upgrade scenarios (after you’ve McAfee Endpoint Security 10.x. In order to streamline
completed testing—See Test phase.) The objective the migration activities, consider consolidating the
of this initial analysis is to understand the upgrade number of On-Access Scanning (OAS) VirusScan policies
readiness of your environment. that are present in your environment. To do this,
first identify the business purpose for each McAfee
Review dashboards and queries
VirusScan policy, paying special attention to On-Access
Next, you’ll want to review the McAfee ePolicy Scanning exclusions within the policies.
Orchestrator dashboards and queries for:
Identify a policy consolidation workflow that works for
■ McAfee VirusScan your environment. You can use the example workflow
■ McAfee Host IPS shown in this figure as a starting point.
■ McAfee Site Advisor
Present the
These dashboards and queries will likely need to Identify policies consolidated
Document the
be ported into their McAfee Endpoint Security 10.x that are very policies and
Review existing consolidated
equivalent. Identify if automated queries and McAfee similar. Consolidate exclusion list to
On-Access policies and
exclusions into the Information
ePolicy Orchestrator reports are configured for Scanning policies. their exclusion
new On-Access Security Office
endpoint security products. Then, document this lists.
Scanning policies. and receive
information and create an action plan to ensure signoff.
operational effectiveness. This review gives you an
Figure 7. OAS – Example Policy Consolidation Workflow
opportunity to introduce additional monitoring insights
into your existing operational processes. Refer to the
McAfee ePolicy Orchestrator product guide on the Track policy consolidation decisions, so that you will
documentation portal for additional information on have a record of why you created new McAfee Endpoint
monitoring and reporting configuration. Security OAS policies.
Note: You can find an example future state dashboard Note: You can find McAfee VirusScan policy and task
on page 38 in the Appendix. tracking sheets on page 37 in the Appendix.
Conduct McAfee Host Intrusion Prevention policy review You can reduce the complexity of firewall rules by
The McAfee Endpoint Migration Assistant can be leveraging McAfee Host IPS Catalog, which contains
used to migrate McAfee Host IPS policies and tasks to reusable items that you can import into firewall policies.
McAfee Endpoint Security 10.x. Consider maintaining a baseline firewall policy that
satisfies most of the security requirements of your
Project participants and stakeholders should review and organization. You can then create additional catalog and
consolidate Host IPS policies, exclusions, and firewall policy items for specific types of users and groups.
rules.
Review any configured McAfee Host IPS product-
Note: McAfee Host Intrusion Prevention, IPS Protection, specific tasks. Task-consolidation decisions need to take
and Rules policies may contain exceptions and/or into consideration whether new or additional McAfee
changes to the severity of a specific signature. Capture Endpoint Security tasks might need to be created to
policy settings that deviate from the McAfee default and mirror specific task goals.
attempt to consolidate the IPS rules policies.
Note: You can find McAfee HIPS IPS Rules Policies and
Exception Rules McAfee Host IPS Firewall Rules Policies tracking sheets
Exception Rules from the IPS Rules policy migrate to on page 37 in the Appendix.
the Access Protection and Exploit Prevention policies as
executables under Exclusions. Run McAfee SiteAdvisor Enterprise policy review
McAfee SiteAdvisor Enterprise and Web Control can
Refer to the McAfee Endpoint Security Product Guide take action on over 100 categories of web content.
for further information on Exception Rules. You’ll need to ensure that your environment has
Exception Rules with signatures an acceptable internet usage policy and block web
IPS Exceptions can include custom signatures. The categories that violate your usage policy. If numerous
executables and parameters from exceptions are McAfee SiteAdvisor Enterprise policies contain similar
appended to the McAfee Endpoint Security Access or identical settings (for example, blocking the same
Protection Rule created during signature migration. If web categories), use the Policy Comparison tool or an
all McAfee-defined signatures are added to a subrule Excel spreadsheet to find identical settings that can be
exception, the exception migrates as a global exclusion consolidated. Identify which web browsers are approved
in the Access Protection and Exploit Prevention policies. for use in your environment. Both McAfee SiteAdvisor
Enterprise and McAfee Endpoint Security Web Control
can be configured to block unsupported internet
browsers.
■
Run Endpoint Upgrade Assistant and analyze
Export production policies and tasks results
Import production policies and tasks
Export the recently reviewed and consolidated
■
■
Assign the migrated policies and tasks to
endpoints
■
Configure a deployment dashboard
Plan Design Assess Test Implement ■
Configure product deployment tasks
Upgrade ■
Deploy McAfee Agents to pilot endpoints
Test ■
Deploy McAfee Endpoint Security to pilot
During this phase, project participants will install, endpoints
Installation Component
Once you’ve completed your backups, it’s time to check
McAfee Endpoint Security Web Control
in and install the McAfee Endpoint Security software and
McAfee Endpoint Security Threat Prevention
the supporting components.
McAfee Endpoint Security Platform
Check in required packages
McAfee Endpoint Security Firewall
You can obtain the installation software from the McAfee
ePolicy Orchestrator Software Manager (also called the McAfee Client Proxy
Software Catalog) or via the McAfee Products download McAfee Endpoint Security Adaptive Threat Protection
page at https://www.mcafee.com/enterprise/en-us/ Figure 9. McAfee Endpoint Security 10.x Packages
downloads/my-products.html.
Figure 10. Management Extensions Note: For more information on McAfee Endpoint
Upgrade Assistant, see page 8.
Import production policies and tasks Run McAfee Endpoint Migration Assistant
Next, import the consolidated policies for McAfee Refer to the McAfee Endpoint Security Migration
VirusScan, McAfee Host IPS, and McAfee SiteAdvisor Guide for specific steps required to migrate policies
Enterprise. These policies will be converted to their before installing McAfee Endpoint Security.
McAfee Endpoint Security 10.x counterparts by the
The McAfee Endpoint Migration Assistant can be
McAfee Endpoint Migration Assistant tool.
accessed from Menu > Policy > Endpoint Migration
Configuration Assistant.
You’re almost ready to deploy McAfee Endpoint Security
The McAfee Endpoint Migration Assistant will perform
to your pilot endpoints. You just need to configure users,
a policy and task conversion of your current VSE/HIPS/
permissions, policies, and tasks first.
SAE settings and migrate them to their corresponding
Configure users and permission sets McAfee Endpoint Security counterparts. You can choose
Once you check in the McAfee Endpoint Security 10.x from two migration modes:
extensions, new permissions for McAfee Endpoint ■ Manual Migration—Recommended for environments
Security 10.x will become available. Update your existing that have unnecessary policies and tasks that should
permission sets to include these new products and/ be consolidated for easier administration. This may
or create new permission sets that focus on McAfee need to be run multiple times as different policies are
Endpoint Security 10.x. migrated.
You should update the assigned permission sets of ■ Automatic Migration— Not recommended, since it will
existing McAfee ePolicy Orchestrator users who are migrate unneeded policies.
responsible for McAfee Endpoint Security to reflect the
Note: Remember to configure and assign policies
additional McAfee Endpoint Security 10.x products.
to endpoints and groups prior to deploying McAfee
Existing permission sets will have “no permissions” for
Endpoint Security 10.x.
McAfee Endpoint Security-specific products until you
manually add them. When you use the manual migration option, you have
an opportunity to selectively migrate policies and make
Perform initial validation testing
policy adjustments on the fly. You’ll also want to ensure
Prior to installing McAfee Endpoint Security, collect basic
that you migrate relevant On-Demand Scan Tasks.
performance information from your test machines. This
will give you a simple baseline to measure against. Configure the baseline policy
Configure and assign the baseline policy to endpoint
Note: You can see an example of performance metrics
groups or to individual endpoints.
to measure on page 42 in the Appendix.
Assign the migrated policies and tasks to endpoints Method 1: Deploy the Upgrade Automation Task using
Assign migrated policies and tasks to endpoints in your the McAfee Endpoint Upgrade Assistant
test environment. The package named McAfee Endpoint Upgrade Assistant
can be used to upgrade devices to McAfee Endpoint
Configure your deployment dashboard
Security 10.x. All McAfee Endpoint Security 10.x
Your deployment dashboard will show endpoints that packages and extensions must be checked into McAfee
are in scope for McAfee Endpoint Security 10.x. Consider ePolicy Orchestrator prior to deploying this package.
creating a Boolean pie chart query that contains
matching criteria for McAfee Endpoint Security 10.x The McAfee Endpoint Upgrade Assistant package will
security modules. Endpoints that lack the matching deploy the McAfee Endpoint Security modules you
criteria will appear as “non-compliant.” select. If you do not want to deploy all the modules,
you can create a task in the Client Task Catalog that
A default query named “Endpoint Security: Installation explicitly specifies the modules to be deployed. You
Status Report” displays the total number of endpoints also can select the modules to deploy with Endpoint
that have McAfee Endpoint Security 10.x installed. Upgrade Assistant. Refer to the Enterprise Product
Consider adding this query to your deployment Documentation for further information.
dashboard.
Note: Perform extensive testing prior to using the
Configure product deployment tasks Deploy Upgrade Automation Task.
Review and identify the deployment task method(s)
The workflow for deploying an Upgrade Automation task
you’ll be using to control the scope of your software
is shown here:
deployments.
Method 2: Selectively deploy McAfee Endpoint Deploy McAfee Endpoint Security to pilot endpoints
Security modules via the Client Task Catalog and Deploy McAfee Endpoint Security 10.x using your
system tree assignment planned deployment method.
Create a task in the Client Task Catalog that includes all
or some of the McAfee Endpoint Security Modules.
Validation
During this step, you’ll verify that your technical
Note: You might be more familiar with leveraging implementation meets the security objectives that you
Method 2 as it is the legacy method. previously established and perform tests to ensure that
Method 3: Use the McAfee Endpoint Upgrade everything is operating properly.
Assistant Package Creator to create an Endpoint Monitor McAfee Agent and McAfee Endpoint
Security package Security deployments
The McAfee Endpoint Upgrade Assistant Package
The overwhelming majority of your McAfee Endpoint
Creator will walk you through the creation of a package
Security deployments should be successful. Capture
to be deployed with a third-party deployment tool, and
any reported issues and document the solutions for
will provide options for tailoring the deployment package
those issues. Engage the McAfee Support team when
to various environments.
necessary.
After the package is created, you can use a third-party
Perform post-upgrade validation testing
deployment tool, such as SCCM or Bigfix, to perform the
Verify that your technical implementation meets the
deployment.
security objectives discussed in the Plan and Design
Upgrade phases.
Now you’re ready to deploy McAfee Endpoint Security
These activities will validate the newly created McAfee
to your pilot endpoints and validate the success of that
Endpoint Security 10.x policies configured for your
deployment.
environment. Validate any additional testing criteria that
Deploy McAfee Agents to pilot endpoints may have been defined in the Plan and Design phases,
If the required version of McAfee Agent is not currently for specific use cases.
installed, deploy the required McAfee Agent version for Note: Verify any additional performance and functional
your test environment to your pilot endpoints before testing requirements planned for your critical enterprise
you move on to deploying McAfee Endpoint Security applications. Ensure all applications perform the
10.x. required business tasks that business owners specified
as requirements in the Plan phase.
Validation tests verify that your McAfee products are Activities performed during this phase will result in
blocking and monitoring activity and producing logs and changes to your production environment. McAfee
events that are viewable on client endpoints and from recommends following your organization’s practices
the McAfee ePolicy Orchestrator console. for submitting change requests, performing endpoint
backups, and developing a recovery plan.
Note: You can find example validation tests for features
specific to McAfee Endpoint Security on pages 39-41 in Implement
the Appendix. Prepare for: By taking these steps:
■
Validate distributed repository replication
If the McAfee Migration Assistant was used to convert
■
Import the baseline policies and tasks
policies to their McAfee Endpoint Security 10.x ■
Configure users and permission sets
equivalents, these newly converted policies are now ■
Configure a deployment dashboard
ready to be exported from your test environment and
imported into your production environment. Run Endpoint Upgrade Assistant
Deployment ■
■
Assign the migrated policies and tasks to
endpoints
Plan Design Assess Test Implement
■
Configure product deployment tasks
Deploy McAfee Agents to endpoints, as
Implement
■
needed
Appendix Design
Plans and Tracking Sheets [ ] Discuss the McAfee solution architecture overview
Test Implement
[ ] Prepare for installation [ ] Prepare for installation
[ ] Backup the McAfee ePO application server and database [ ] Backup the McAfee ePO application server and database
[ ] Check in required packages [ ] Check in required packages
[ ] Install required management extensions [ ] Install required management extensions
[ ] Validate distributed repository replication [ ] Validate distributed repository replication
[ ] Run Endpoint Upgrade Assistant [ ] Import the baseline policies
[ ] Analyze Endpoint Upgrade Assistant results [ ] Import the baseline tasks
[ ] Import production policies [ ] Configure users and permission sets
[ ] Import production tasks [ ] Configure a deployment dashboard
[ ] Configure users and permission sets [ ] Run the Endpoint Upgrade Assistant
[ ] Perform initial validation testing [ ] Analyze Endpoint Upgrade Assistant results
[ ] Run the Endpoint Migration Assistant [ ] Configure the baseline policy
[ ] Migrate policies [ ] Assign the migrated policies to endpoints
[ ] Migrate tasks [ ] Assign the migrated tasks to endpoints
[ ] Configure the baseline policy [ ] Configure product deployment tasks
[ ] Assign the migrated policies to endpoints [ ] Deploy McAfee Agents to endpoints, as needed
[ ] Assign the migrated tasks to endpoints [ ] Deploy McAfee Endpoint Security to endpoints
[ ] Configure a deployment dashboard [ ] Monitor McAfee Agent and Endpoint Security deployments
[ ] Configure product deployment tasks [ ] Perform validation testing
[ ] Deploy McAfee Agents to pilot endpoints, as needed
[ ] Deploy McAfee Endpoint Security to pilot endpoints
[ ] Monitor McAfee Agent and Endpoint Security deployments
[ ] Perform post-upgrade validation testing
[ ] Export the baseline policy
Pilot Endpoint Plan Tracking Sheet McAfee VirusScan Tasks - Consolidation Tracking
# Pilot Sheet
Application(s) OS App Owner Contact
Devices
McAfee VirusScan Tasks - Consolidation Tracking Sheet
Win
EMC Backup John.doe@contoso. VSE Task Name Description Action Plan
Server 2
Server com
2012 Update All Updates DAT None – This task will be
Win files for VSE used for Endpoint Security
DHCP Server Server kyle.doe@contoso.com 2 content updates
2016 Weekly ODS Performs full Schedule a new Scan task for
Win 7 endpoint scan a Endpoint Security 10.x
Common and 10 weekly basis
Desktop_infra@
Desktop (x86 4
contoso.com
Applications and McAfee HIPS IPS Rules Policies - Consolidation
64bit)
Tracking Sheet
Win
DL-DatabaseTeam@ McAfee HIPS IPS Rules Policies - Consolidation Tracking
[Critical App 1] Server 3
contoso.com
2016 Sheet
HIPS IPS Rules
MacOS Description Action Plan
Mac Desktop macs@contoso.com 1 Policy
10.12
IPS Rules- Contains exceptions
The list of exclusions
Marketing for an app used by
pertaining to these
VirusScan Policies - Consolidation Tracking Sheet Marketing.
applications will be
IPS Rules Contains exceptions consolidated into a new
VirusScan Policies - Consolidation Tracking Sheet Publishing for an app used by policy named IPS Rules-
VSE Policy Marketing. General-Apps
Description Action Plan
Name
Note: The environment may have many firewall policies
Finance.Corp- This policy includes exclusions The list of
OAS Policy Legacy financial applications exclusions
with rules in them that are not currently linked to the
that have known performance for these Host IPS Firewall Catalog.
issues. The exclusions are applications will
recommended by the vendor. be placed into
a new policy
Revenue Cycle- This policy includes exclusions named “Finance-
OAS Policy for the app named Revenue OAS-G1”.
Cycle. The exclusions are
recommended by the vendor.
McAfee Host IPS Firewall Rules Policies - Example Format for a Validation Test
Consolidation Tracking Sheet Test Name Test ID#
McAfee HIPS Firewall Rules Policies - Consolidation Validation Steps Step 1)
Tracking Sheet Step 2)
HIPS Firewall Step 3)
Description Action Plan
Rules Policy Expected Results
FW Rules- Firewall rules used by The firewall rules for Actual Results
Coders software coders. these applications will
be placed into a new
FW Rules- Firewall rules used by
firewall policy named Note: The results of validation testing should provide
Programmers Python Programmers.
FW-Rules-Developers.
discussion points for additional policy configurations as
required.
Examples
Example Application Owners Sheet Example Future State Dashboard for Endpoint
Application Owners
Security Products
Application
Purpose Owner/Administrator
Operational Dashboard
Name
Monitor
Description Action Plan
Example: Pharmacy Workflow, John.doe@company.com Name
Meditech Laboratory
Antivirus This Boolean chart Update the query to
Diagnostics
Installed/ shows machines that include criteria for McAfee
Example: Accounts Receivable, John.doe@company.com Missing have AV installed as Endpoint Security 10.x
Invoice Supreme Recurring Billing well as machines that Threat Prevention.
are missing AV. The
approved antivirus
Note: The Application Owners Sheet is important for software is McAfee
VirusScan.
Endpoint Security-based exclusions, exceptions, and
other policies. Business owners may require a new or HIPS Shows devices running Add a new monitor that
Content up to date HIPS content also shows content
different policy based on the application vendor’s list of Compliance (Signatures). compliance for Exploit
recommended exclusions or other configurations. Prevention.
Example Validation Tests for Endpoint Security- Exploit Prevention - Blocking Hidden PowerShell
specific Features Exploit Prevention -
On Access Scanning - EICAR Test TC-ENS-003
Hidden PowerShell Detected
On Access Scanning – EICAR Test Test Ensure that the browser plugin for McAfee Endpoint
Setup Security Web Control is running
■
Create a new text file
Validation
Validation ■
Open the Google Chrome Browser
Steps ■
Within the text file, enter the following string:
Steps
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR- ■
Navigate to http://www.testingmcafeesites.com/
STANDARD-ANTIVIRUS-TEST-FILE!$H+H* testcat_ph.html
■
Save and close the text file Expected The site is blocked because it has a “red rating” (See
Results screen shot)
■
Attempt to copy the text file
Actual Results
Actual
Results
Actual Attachments How to test SiteAdvisor Enterprise 3.x category
Results ratings
Attachments How to test SiteAdvisor Enterprise 3.x category https://kc.mcafee.com/corporate/
ratings index?page=content&id=KB72563
https://kc.mcafee.com/corporate/
index?page=content&id=KB72563
Actual
Results
Actual
Results
[example] application specific performance metrics TC- Options – Viewing the Quarantine Folder Pass
ENS-002
Technical Information
Endpoint Requirements
Minimum
Operating System Service Pack 32bit 64bit Processor RAM Hard Disk
Space Free
2 GHz
Windows 10 X X 3 GB 1 GB
or higher
2 GHz
Windows 8.1 X X 3 GB 1 GB
or higher
2 GHz
Windows 8 (Except RT) X X 3 GB 1 GB
or higher
1 GHz
Windows Embedded Standard 7 X 1 GB 1 GB
or higher
Windows XP Pro
(No longer supported by 1 GHz
SP3 X 1 GB 1 GB
Microsoft.) (not supported with or higher
Endpoint Security 10.5)
Minimum
Operating System Service Pack 32bit 64bit Processor RAM Hard Disk
Space Free
Minimum
Operating System Service Pack 32bit 64bit Processor RAM Hard Disk
Space Free
Windows Small
X 1.4 GHz or higher 2 GB 1 GB
Business Server 2011
Windows Embedded
X 1 GHz or higher 1 GB 1 GB
Standard 2009
Windows Point
X 1 GHz or higher 1 GB 1 GB
of Service 1.1
Windows Point of
X 1 GHz or higher 1 GB 1 GB
Service Ready 2009
www.mcafee.com.
6220 America Center Drive McAfee and the McAfee logo, ePolicy Orchestrator, McAfee ePO, SiteAdvisor, and VirusScan are trademarks or registered trademarks of
San Jose, CA 95002 McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. Copyright
888.847.8766 © 2020 McAfee, LLC. 4594_0820
AUGUST 2020
www.mcafee.com