McAfee EPOLICY ORCHESTRATOR 3.6 - WALKTHROUGH GUIDE User guide

User Guide
Revision 1.0
®
VirusScan for Mac
Version 8.6
McAfee
System Protection
®
Proven security
COPYRIGHT
Copyright © 2007 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form
or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN
(STYLIZED N), ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA),
INTRUSHIELD, INTRUSION PREVENTION THROUGH INNOVATION, MCAFEE, MCAFEE (AND IN KATAKANA), MCAFEE AND DESIGN,
MCAFEE.COM, MCAFEE VIRUSSCAN, NET TOOLS, NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE,
PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN
KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc. and/or its
affiliates in the US and/or other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered
and unregistered trademarks herein are the sole property of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE
GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE
CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU
HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU
DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF
APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
Attributions
This product includes or may include:
• Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). • Cryptographic software written by Eric
A. Young and software written by Tim J. Hudson. • Some software programs that are licensed (or sublicensed) to the user under the GNU
General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute
certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL which
is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software
covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use,
copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the
rights and restrictions herein. • Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer. • Software
originally written by Robert Nordier, Copyright © 1996-7 Robert Nordier. • Software written by Douglas W. Sauder. • Software developed by the
Apache Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at
www.apache.org/licenses/LICENSE-2.0.txt. • International Components for Unicode ("ICU") Copyright ©1995-2002 International Business
®
Machines Corporation and others. • Software developed by CrystalClear Software, Inc., Copyright ©2000 CrystalClear Software, Inc. • FEAD
®
®
Optimizer technology, Copyright Netopsystems AG, Berlin, Germany. • Outside In Viewer Technology ©1992-2001 Stellent Chicago, Inc. and/or
®
Outside In HTML Export, © 2001 Stellent Chicago, Inc. • Software copyrighted by Thai Open Source Software Center Ltd. and Clark Cooper,
© 1998, 1999, 2000. • Software copyrighted by Expat maintainers. • Software copyrighted by The Regents of the University of California, © 1996,
1989, 1998-2000. • Software copyrighted by Gunnar Ritter. • Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
California 95054, U.S.A., © 2003. • Software copyrighted by Gisle Aas. © 1995-2003. • Software copyrighted by Michael A. Chase, © 1999-2000.
• Software copyrighted by Neil Winton, ©1995-1996. • Software copyrighted by RSA Data Security, Inc., © 1990-1992. • Software copyrighted by
Sean M. Burke, © 1999, 2000. • Software copyrighted by Martijn Koster, © 1995. • Software copyrighted by Brad Appleton, © 1996-1999.
• Software copyrighted by Michael G. Schwern, ©2001. • Software copyrighted by Graham Barr, © 1998. • Software copyrighted by Larry Wall
and Clark Cooper, © 1998-2000. • Software copyrighted by Frodo Looijaard, © 1997. • Software copyrighted by the Python Software Foundation,
Copyright © 2001, 2002, 2003. A copy of the license agreement for this software can be found at www.python.org. • Software copyrighted by
Beman Dawes, © 1994-1999, 2002. • Software written by Andrew Lumsdaine, Lie-Quan Lee, Jeremy G. Siek © 1997-2000 University of Notre
Dame. • Software copyrighted by Simone Bordet & Marco Cravero, © 2002. • Software copyrighted by Stephen Purcell, © 2001. • Software
developed by the Indiana University Extreme! Lab (http://www.extreme.indiana.edu/). • Software copyrighted by International Business
Machines Corporation and others, © 1995-2003. • Software developed by the University of California, Berkeley and its contributors. • Software
developed by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http:// www.modssl.org/). • Software copyrighted by
Kevlin Henney, © 2000-2002. • Software copyrighted by Peter Dimov and Multi Media Ltd. © 2001, 2002. • Software copyrighted by David
Abrahams, © 2001, 2002. See http://www.boost.org/libs/bind/bind.html for documentation. • Software copyrighted by Steve Cleary, Beman
Dawes, Howard Hinnant & John Maddock, © 2000. • Software copyrighted by Boost.org, © 1999-2002. • Software copyrighted by Nicolai M.
Josuttis, © 1999. • Software copyrighted by Jeremy Siek, © 1999-2001. • Software copyrighted by Daryle Walker, © 2001. • Software copyrighted
by Chuck Allison and Jeremy Siek, © 2001, 2002. • Software copyrighted by Samuel Krempp, © 2001. See http://www.boost.org for updates,
documentation, and revision history. • Software copyrighted by Doug Gregor (gregod@cs.rpi.edu), © 2001, 2002. • Software copyrighted by
Cadenza New Zealand Ltd., © 2000. • Software copyrighted by Jens Maurer, ©2000, 2001. • Software copyrighted by Jaakko Järvi
(jaakko.jarvi@cs.utu.fi), ©1999, 2000. • Software copyrighted by Ronald Garcia, © 2002. • Software copyrighted by David Abrahams, Jeremy
Siek, and Daryle Walker, ©1999-2001. • Software copyrighted by Stephen Cleary (shammah@voyager.net), ©2000. • Software copyrighted by
Housemarque Oy <http://www.housemarque.com>, © 2001. • Software copyrighted by Paul Moore, © 1999. • Software copyrighted by Dr. John
Maddock, © 1998-2002. • Software copyrighted by Greg Colvin and Beman Dawes, © 1998, 1999. • Software copyrighted by Peter Dimov,
© 2001, 2002. • Software copyrighted by Jeremy Siek and John R. Bandela, © 2001. • Software copyrighted by Joerg Walter and Mathias Koch,
© 2000-2002. • Software copyrighted by Carnegie Mellon University © 1989, 1991, 1992. • Software copyrighted by Cambridge Broadband Ltd.,
© 2001-2003. • Software copyrighted by Sparta, Inc., © 2003-2004. • Software copyrighted by Cisco, Inc. and Information Network Center of
Beijing University of Posts and Telecommunications, © 2004. • Software copyrighted by Simon Josefsson, © 2003. • Software copyrighted by
Thomas Jacob, © 2003-2004. • Software copyrighted by Advanced Software Engineering Limited, © 2004. • Software copyrighted by Todd C.
Miller, © 1998. • Software copyrighted by The Regents of the University of California, © 1990, 1993, with code derived from software contributed
to Berkeley by Chris Torek.
®
Issued November 2007 / VirusScan for Mac software version 8.6
DBN-001-EN
Contents
1
Introducing VirusScan for Mac
5
What’s in this guide? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
What is VirusScan? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
What you can do with VirusScan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
What’s new in this release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
VirusScan features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
VirusScan console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
On-Demand scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
On-Access scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
VirusScan Schedule Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
eUpdate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
ePolicy Orchestrator Manageability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Getting product information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Standard documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
VirusScan Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Submit a sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Virus Information Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Contact information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
2
Installing VirusScan for Mac
13
System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
ePolicy Orchestrator requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Installing VirusScan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Standard installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Command-line (silent) installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Upgrade installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Testing your installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Uninstalling VirusScan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
3
Getting Started
17
Using the VirusScan console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
The VirusScan console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Configuring the scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Configuring general preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Configuring the On-Demand scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Configuring the On-Access scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Using the On-Demand scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Using the On-Access scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Updating DAT files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Configuring eUpdate settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Using the VirusScan Schedule Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Scheduling eUpdates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4
Integrating with ePolicy Orchestrator 3.6
31
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Prerequisites for using ePolicy Orchestrator to manage VirusScan for Mac . 32
3
®
VirusScan 8.6 for Mac User Guide
Contents
Introducing ePolicy Orchestrator console . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Checking in NAP files to manage VirusScan . . . . . . . . . . . . . . . . . . . . . . . . . 33
Installing the ePolicy Orchestrator agent for Macintosh computers . . . . . . . 35
Installing VirusScan for Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Removing VirusScan for Mac from the ePolicy Orchestrator server . . . . . . . 37
Removing ePolicy Orchestrator Agent for Mac OS X from ePolicy Orchestrator
server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Removing ePolicy Orchestrator Agent from VirusScan for Mac . . . . . . . . . . 38
Setting policies within ePolicy Orchestrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
General tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
eUpdate tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Customizing eUpdate settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
On-Access scanner tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
On-Demand scanner tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Scheduling scans and eUpdates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
On-Demand scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
eUpdate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Viewing ePolicy Orchestrator properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Configuring reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
5
6
Integrating with ePolicy Orchestrator 4.0
49
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Introducing ePolicy Orchestrator 4.0 Dashboard . . . . . . . . . . . . . . . . . . . . . . . . .
Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Removing the product extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Removing the report extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
49
49
50
51
51
52
54
54
54
Troubleshooting
55
Frequently asked questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Viruses and detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
General information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Advanced troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Error messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
55
55
55
56
56
57
57
Glossary
59
Index
65
4
1
Introducing VirusScan for Mac
What’s in this guide?
This guide introduces VirusScan for Mac 8.6 and provides the following information on
how to keep your computer free of viruses:
„
Overview of the product.
„
Descriptions of product features.
„
Descriptions of all new features in this release of the software.
„
Detailed instructions for installing the software.
„
Detailed instructions for configuring and deploying the software.
„
Procedures for performing tasks.
„
Troubleshooting information.
„
Integration with ePolicy Orchestrator 3.6 (Patch 2), 3.6.1, and 4.0.
What is VirusScan?
VirusScan for Mac is an anti-virus application that helps you keep your Macintosh
computer free of viruses, Trojan horses and other malware. VirusScan features
On-Demand scanning, Apple Mail scanning, eUpdate scheduling, online Help,
On-Access scanning and drag-and-drop scanning. In addition, you are only one click
away from the comprehensive online Virus Information Library which will keep you
informed of all new threats.
VirusScan protects your system from viruses that may reside on other computers such
as Macintosh computers, Windows computers, UNIX computers, and externally
mounted volumes such as USB device, Firewire devices and CDs/DVDs.
This version of VirusScan also provides anti-virus support for Mac OS X 10.5 (Leopard)
operating system.
What you can do with VirusScan
VirusScan detects and cleans program viruses, macro viruses, and Trojan horses for all
types of Macintosh, Windows, and UNIX files, including compressed files and OLE
compound documents.
5
VirusScan® 8.6 for Mac User Guide
Introducing VirusScan for Mac
VirusScan features
With VirusScan, you can scan a single file, a file directory, your whole drive, or mounted
volumes such as CDs, .DMG files, network mounted files, Apple Mail messages, and
USB devices such as pen drives, iPods and cameras. Advanced heuristic scanning
detects previously unknown macro and program viruses.
What’s new in this release
„
Support for Mac OS X Leopard (10.5)
„
On-Access scanning performance optimization
„
On-Demand scanning performance optimization
„
Support for ePolicy Orchestrator 4.0
„
Incremental DAT updates
„
5200 scanning engine support
VirusScan features
VirusScan incorporates its previous powerful features with new safeguards and tools
for you to protect your computer system. The online Help system provides you with
troubleshooting assistance and procedures for tasks.
VirusScan console
The VirusScan console enables you to configure VirusScan through an easy-to-use
interface.
Using the console, you can configure the On-Demand scanner as well as perform
On-Demand scans through the drop-zone (an area on the VirusScan console that allows
you to drag and drop files that you want to scan). You can also click Drop items or click here
to open the Select a file or folders to Scan & Clean dialog box to select the file(s) or folder(s)
for the On-Demand scan and clean.
Also, you can configure and enable the On-Access scanner from the VirusScan console
and enable automatic updating of your virus definitions using eUpdate.
To access the VirusScan console, double-click the VirusScan icon in your computer's
Applications folder.
On-Demand scanner
The On-Demand scanner allows you to initiate a scan at any time by dragging and
dropping selected file(s) into the console. You can also click Drop items or click here to
open the Select a file or folders to Scan & Clean dialog box to select the file(s) or folder(s) to
perform scan and clean.
With the On-Demand scanner, you can select multiple files, directories, or volumes.
Scan results are summarized in a report that can be saved or printed. You can configure
what the scanner looks for and how it responds to infected files. The scanner notifies
you when it finds a virus and generates a log of its actions.
6
1
VirusScan® 8.6 for Mac User Guide
Introducing VirusScan for Mac
VirusScan features
To access the On-Demand scanner, drag the file(s) you want to scan and drop them into
the VirusScan icon or into the drop-zone in the console.
On-Access scanner
The On-Access scanner provides continuous monitoring of all files in use to determine
if a virus or other potentially unwanted code is present. A scan takes place
automatically every time a file is read from the disk, and/or written to the disk, either
by the user or by system processes.
With the On-Access scanner, continuous policy enforcement is provided for multiple
files, directories or volumes, including volumes on remote computers connected
through the network. You can configure what the scanner looks for and how it responds
to infected files. The scanner notifies you, in the Reporter pop-up window, if it finds a
virus or other malware.
You enable the On-Access scanner from the VirusScan console.
VirusScan Schedule Editor
The VirusScan Schedule Editor enables you to schedule automated scans and updates
for the anti-virus definitions (DAT) files that are available online. You can schedule scans
and updates through the VirusScan Schedule Editor console. Automated scans and
updates can be set on a daily, weekly, or monthly basis. To access the VirusScan
Schedule Editor, do any one of these tasks:
„
Click Scheduler
„
Select Scheduled Tasks under View in the main menu.
„
Open VirusScan Schedule Editor directly from the /Applications/Utilities
folder.
on the VirusScan console.
eUpdate
eUpdate allows you to update DAT files and the anti-virus engine. eUpdate continuously
updates your anti-virus software with new information on viruses and scanning
capabilities. eUpdate automatically checks for new updates when there is an Internet
connection, and updates the virus definitions when new ones are available. You can
also use VirusScan Schedule Editor to configure eUpdate to check for updates
according to your own schedule.
To initiate an eUpdate manually, click the eUpdate tab on the VirusScan console, then the
Start button. Support for eUpdate is provided using the FTP protocol.
7
1
VirusScan® 8.6 for Mac User Guide
Introducing VirusScan for Mac
Audience
ePolicy Orchestrator Manageability
VirusScan integrates with McAfee ePolicy Orchestrator versions 3.6 (patch 2), 3.6.1,
and 4.0 allowing you to use this software in a managed environment. The ePolicy
Orchestrator software provides a central hub of McAfee System Protection Solutions.
Administrators can mitigate the risk of rogue, non-compliant systems, keep protection
up-to-date, configure and enforce protection policies, and monitor security status from
one centralized, enterprise-scalable console. Using ePolicy Orchestrator, you can
configure VirusScan for Mac on the target systems across your network; you do not
need to configure these computers individually from the Preferences window.
Note
The use of ePolicy Orchestrator is optional and you can use all the functionalities of
VirusScan as a standalone product.
You will be able to use ePolicy Orchestrator related functionality only if you have
ePolicy Orchestrator and Non-Windows Agent installed and configured to manage
VirusScan in an enterprise environment.
Audience
This information is intended for network administrators who are responsible for their
company’s anti-virus and security program.
Conventions
This guide uses the following conventions:
Bold
Condensed
All words from the interface, including options, menus, buttons, and dialog
box names.
Example:
Type the User name and Password of the appropriate account.
Courier
The path of a folder or program; text that represents something the user
types exactly (for example, a command at the system prompt).
Examples:
The default location for the program is:
/Applications/Utilities
Run this command on the client computer:
scan --help
Italic
For emphasis or when introducing a new term; for names of product
documentation and topics (headings) within the material.
Example:
Refer to the VirusScan Enterprise Product Guide for more information.
Blue
A web address (URL) and/or a live link.
Example:
Visit the McAfee website at:
http://www.mcafee.com
<TERM>
Angle brackets enclose a generic term.
Example:
In the console tree, right-click <SERVER>.
8
1
VirusScan® 8.6 for Mac User Guide
Introducing VirusScan for Mac
Getting product information
Note: Supplemental information; for example, another method of
executing the same command.
Note
Tip: Suggestions for best practices and recommendations from McAfee for
threat prevention, performance and efficiency.
Tip
Caution: Important advice to protect your computer system, enterprise,
software installation, or data.
Caution
Warning
Warning: Important advice to protect a user from bodily harm when using
a hardware product.
Getting product information
Unless otherwise noted, product documentation comes as Adobe Acrobat .PDF files,
available on the product CD or from the McAfee download site.
Standard documentation
User Guide — This guide introduces the product, describes its features, and gives
details on how to install and configure the software, ongoing operation and
maintenance. It also introduces ePolicy Orchestrator manageability features for
VirusScan, and provides detailed instructions for installing, configuring and managing
the software in an enterprise environment.This guide (VirusScan User Guide) is
available in .PDF in the Documentation folder of the product package.
Help — High-level and detailed information accessed from the software application.
VirusScan for Mac Release Notes — This file describes the product features,
last-minute additions or changes to the documentation, lists any known behavior or
other issues with the product release, and describes the installation process. This file
is available in the Documentation folder of the product package.
License — The McAfee License Agreement (.PDF) booklet that includes all of the
license types you can purchase for your product. The License Agreement gives general
terms and conditions for the use of the licensed product. Read it carefully. If you install
the product, you agree to the license terms. This McAfee Software License agreement
is available in the Documentation folder of the product package.
9
1
VirusScan® 8.6 for Mac User Guide
Introducing VirusScan for Mac
Getting product information
Links from within the product
The Help menu in the product provides links to some useful resources:
„
VirusScan Help
„
Submit a Sample
„
Technical Support
„
Virus Information Library
VirusScan Help
Use this link to access the online Help topics for the product.
Submit a sample
Use this link to submit potentially infected files to McAfee for analysis. You will receive
information about your files, including solutions and real-time fixes, if required.
Technical Support
Use this link to access the McAfee Technical Support website for product
documentation, FAQs, or troubleshooting hints and tips.
Virus Information Library
Use the Virus Information Library link to access the McAfee® Avert® Labs Virus
Information Library. This website has detailed information on where viruses come
from, how they infect your system, and how to remove them.
In addition to genuine viruses, the Virus Information Library contains useful information
on virus hoaxes, such as those virus warnings that you receive via email. A Virtual Card
For You and SULFNBK are two of the best-known hoaxes, but there are many others.
Next time you receive a well-meaning virus warning, we recommend you view our
hoax page before you pass the message on to your friends or colleagues.
To access the Virus Information Library:
1 Open VirusScan.
2 From the Help menu, select Virus Information Library.
10
1
VirusScan® 8.6 for Mac User Guide
Introducing VirusScan for Mac
Contact information
Contact information
Threat Center: McAfee Avert® Labs http://www.mcafee.com/us/threat_center/default.asp
Avert Labs Threat Library
http://vil.nai.com
Avert Labs WebImmune & Submit a Sample (Logon credentials required)
https://www.webimmune.net/default.asp
Avert Labs DAT Notification Service
http://vil.nai.com/vil/signup_DAT_notification.aspx
Download Site http://www.mcafee.com/us/downloads/
Product Upgrades (Valid grant number required)
Security Updates (DATs, engine)
HotFix and Patch Releases
„
For Security Vulnerabilities (Available to the public)
„
For Products (ServicePortal account and valid grant number required)
Product Evaluation
McAfee Beta Program
Technical Support
http://www.mcafee.com/us/support/
KnowledgeBase Search
http://knowledge.mcafee.com/
McAfee Technical Support ServicePortal (Logon credentials required)
https://mysupport.mcafee.com/eservice_enu/start.swe
Customer Service
Web
http://www.mcafee.com/us/support/index.html
http://www.mcafee.com/us/about/contact/index.html
Phone — US, Canada, and Latin America toll-free:
+1-888-VIRUS NO or +1-888-847-8766 Monday – Friday, 8 a.m. – 8 p.m., Central Time
Professional Services
Enterprise: http://www.mcafee.com/us/enterprise/services/index.html
Small and Medium Business:
http://www.mcafee.com/us/smb/services/index.html
11
1
VirusScan® 8.6 for Mac User Guide
Introducing VirusScan for Mac
Contact information
12
1
2
Installing VirusScan for Mac
This section gives information on installing the VirusScan software and includes details
on:
„
System requirements
„
Installing VirusScan
„
Upgrade installation
„
Testing your installation
„
Uninstalling VirusScan
System requirements
To install VirusScan for Mac software, you require PowerPC or Intel based Mac
computer, Mac OS X Tiger (10.4.6 or later) or Mac OS X Leopard (10.5) operating
system, 512 MB (or higher) RAM, minimum 45 MB of free disk space.
ePolicy Orchestrator requirements
VirusScan integrates with ePolicy Orchestrator versions 3.6 (patch 2), 3.6.1, and 4.0.
However, please note that the use of ePolicy Orchestrator is optional and VirusScan for
Mac can be used as a standalone product.
Note
You will be able to use ePolicy Orchestrator related functionality only if you have
ePolicy Orchestrator and Non-Windows Agent installed and configured to manage
VirusScan in an enterprise environment.
Installing VirusScan
VirusScan for Mac can be installed through either a standard (graphical interface)
installation or a command-line (silent) installation. Once you have installed the product,
its ReadMe file is available in the Documentation folder of the product package. Refer to
this file for known issues, online resources, and other useful information.
13
VirusScan® 8.6 for Mac User Guide
Installing VirusScan for Mac
Upgrade installation
With VirusScan you use the eUpdate feature to connect to a Web location and
download new DAT files. To find out more about eUpdate and other VirusScan features,
see Getting Started on page 17.
You must have administrative privileges to install this product.
Note
Standard installation
You can install VirusScan using the VirusScan install file, either on the product CD or in
the installation .ZIP file downloaded from the McAfee website and saved to a
temporary folder.
To install VirusScan:
1 Double-click the VirusScan.pkg file to start the Installer.
2 Follow the on-screen steps to install the software.
3 Read and accept the license agreement. If you do not accept the license agreement,
the installation cannot continue.
4 Click Install to perform the installation. The Authentication dialog box appears.
5 Type your user name and administrator password and click OK. A message notifies
you when the installation finishes. Click Close.
The VirusScan for Mac installer installs the VirusScan application inside the
Applications folder and the VirusScan Schedule Editor application inside the
Application/Utilities folder of your computer.
Note
You need not restart your computer after installing VirusScan for Mac 8.6 (unlike the
earlier versions).
Command-line (silent) installation
1 Locate the VirusScan.pkg file, either on the product CD or in the installation .ZIP
downloaded from the McAfee web site, and save it to a temporary location.
2 Open the Terminal window and change the working folder to the one where the
VirusScan.pkg file is located.
3 In the Terminal window, execute:
sudo installer -pkg VirusScan.pkg -target /
4 Enter your system password when prompted to do so.
5 A message notifies you when the installation finishes. Close the Terminal window.
Upgrade installation
You can upgrade to VirusScan for Mac v8.6 from earlier VirusScan versions (8.0 and
8.5). After the upgrade, the preferences are migrated from the earlier versions to the
current version (v8.6).
14
2
VirusScan® 8.6 for Mac User Guide
Installing VirusScan for Mac
Testing your installation
Testing your installation
You can test VirusScan by using the European Institute of Computer Anti-Virus
Research (EICAR) standard anti-virus test file. This file is a combined effort by anti-virus
vendors throughout the world to implement one standard by which customers can
verify their anti-virus software.
To test your installation:
1 Go to the EICAR.ORG website http://www.eicar.org and download the AntiVirus
test file, Eicar.zip.
2 Run the On-Demand Scanner on the downloaded ZIP file. VirusScan will report
finding the EICAR test file.
This file is not a virus and is available for testing anti-virus software. You can delete this
file when you have finished testing the software to avoid alarming unsuspecting
users.
Note
If the test is successful, you are now ready to start using the VirusScan software.
Uninstalling VirusScan
You can uninstall VirusScan by using an uninstall file (VirusScan Uninstall.command), either
on the product CD, or in the installation .ZIP file downloaded from the McAfee website
and saved to a temporary folder. You can also execute uninstall command from
terminal.
To uninstall VirusScan:
1 Do one of the following:
Note
„
Double-click the VirusScan Uninstall.command icon.
„
Drag the VirusScan Uninstall.command icon, drop it in the Terminal window and press
Enter.
„
In the Terminal window, change the directory to /usr/local/vscanx, then
execute VirusScan Uninstall.command.
To open the Terminal application, double-click the application located under
/Applications/Utilities.
The Terminal window prompts you for your administrator password.
2 Type your administrator password and click Enter.
Your administrator password will not be displayed in the Terminal window.
Note
When the uninstallation process finishes successfully, a message appears in the
Terminal window to show the VirusScan software has been removed from your
computer.
15
2
VirusScan® 8.6 for Mac User Guide
Installing VirusScan for Mac
Uninstalling VirusScan
16
2
3
Getting Started
This chapter describes VirusScan, and how it helps keep your computer free of viruses.
It includes the following topics:
„
Using the VirusScan console
„
Configuring the scanners
„
Using the On-Demand scanner
„
Using the On-Access scanner
„
Updating DAT files
„
Using the VirusScan Schedule Editor
Using the VirusScan console
The VirusScan console allows you to use and configure On-Demand scanning and
On-Access scanning. The console connects you to the McAfee Virus Information
Library, does eUpdates, and prints and saves virus scan reports.
The VirusScan console also contains a drag-and-drop pane for On-Demand scanning.
You can initiate an On-Demand scan at any time by dragging files into the center pane
of the console, dropping them into the drag-and-drop pane, then clicking the Start
button. If you add another file after the scan has completed, the new file will replace
the first scan.
The VirusScan console
The VirusScan console displays standard Macintosh and specialized anti-virus
components, including:
„
Title bar displaying the name of the program that is currently running.
17
VirusScan® 8.6 for Mac User Guide
Getting Started
Using the VirusScan console
„
Close, minimize, maximize, and hide tool bar buttons to resize or hide the interface.
Figure 3-1 VirusScan console
Toolbar
The toolbar displays these buttons:
Saves the virus scan report as a Rich Text File (.RTF).
Clears the current report showing on the status panel.
Prints the current report.
Allows you to schedule a scan task and an eUpdate task.
Opens the Preferences dialog box, allowing you to:
„
Set preferences for the On-Demand scanner.
„
Set preferences for the On-Access scanner.
„
Set preferences for the action to take if a virus is found.
„
Log results to a file.
„
Configure eUpdate server settings.
„
Configure the exclusion list.
„
Automatically check for virus definitions updates.
Opens your default browser and directs you to the McAfee Virus
Information Library.
Menu bar
The menu bar shows standard drop-down menus common to all screens: File, Edit, View,
Window, and Help.
18
3
VirusScan® 8.6 for Mac User Guide
Getting Started
Configuring the scanners
Configuring the scanners
You can configure the settings for both the On-Demand scanner and the On-Access
scanner using the Preferences dialog box. Two versions of this dialog box are available;
one for configuring the On-Demand scanner, the other for the On-Access scanner. Both
scanners have the same general preferences, while advanced scanning options are
scanner-specific.
Scanner preferences are global settings that apply to all users.
Note
The preferences are saved automatically when you select them.
You need administrative privileges to modify preferences.
Note
Configuring general preferences
General preferences apply to both the On-Demand scanner and the On-Access
scanner. They are the same for both.
To configure general preferences:
1 Click Preferences
on the tool bar to display the Preferences dialog box. The top
panel in this dialog box contains general preferences options that apply to both the
On-Demand scanner and the On-Access scanner.
19
3
VirusScan® 8.6 for Mac User Guide
Getting Started
Configuring the scanners
Figure 3-2 General preferences
2 Select your general scanning preferences for the On-Demand and On-Access
scanners; Table 3-1 shows the available general preferences.
Table 3-1 General preferences for On-Demand and On-Access scanners
Automatically check for virus definition
updates
Enables/disables automatic eUpdates.
On-Access Scanning
Enables/disables On-Access scanning.
Log results to file
Enables/disables logging results to a file.
20
3
VirusScan® 8.6 for Mac User Guide
Getting Started
Configuring the scanners
Table 3-1 General preferences for On-Demand and On-Access scanners
Customize eUpdate Server Settings
Manages your update server with user name and
password. Click Customize to modify the FTP
settings for eUpdate.
Exclude specific disks, files and folders
Configures your scanning exclusions. If this is not
selected, you will not have any exclusions set.
To add an exclusion:
„
Click Add in the Exclude File or Folder list. Select
the file or folder from the Open dialog box.
To remove an exclusion:
„
Select the file or folder from the Exclude File or
Folder list. Click Remove.
To modify an exclusion:
„
Select the file or folder from the Excluded File or
Folder list. Click Modify. The Open dialog box
appears. Select the file or folder to replace the
existing exclusion.
3 Set the advanced preferences you require. These are shown in the lower pane in the
Preferences dialog box. Two different sets of preferences are available; one for the
On-Demand scanner, the other for the On-Access scanner. See Configuring the
On-Demand scanner on page 21 and Configuring the On-Access scanner on
page 23 for details.
4 Click Lock to prevent changes to the preferences.
5 Click Close in the upper left-hand corner to exit the Preferences dialog box.
Configuring the On-Demand scanner
The On-Demand scanner allows you to initiate a scan at any time. You configure the
On-Demand scanner advanced preferences using options available in the lower pane of
the Preferences dialog.
To configure the On-Demand scanner:
1 Click Preferences
on the tool bar to display the Preferences dialog box.
2 Click More Options in the lower right-hand corner of the dialog box to reveal Advanced
Preferences.
3 Select On-Demand Scanner from the drop-down menu (if not already selected) to
display the On-Demand scanning version of this dialog box.
21
3
VirusScan® 8.6 for Mac User Guide
Getting Started
Configuring the scanners
.
Figure 3-3 On-Demand preferences
4 Select your advanced scanning preferences for the On-Demand scanner, Table 3-2
shows the available preferences.
Table 3-2 Advanced Preferences for On-Demand scanner
Scan contents of archives and
compressed files
Sets the selected scanner to scan into archives and
other compressed files. On by default for
On-Demand scanner.
Find Unknown Macro Viruses
If a file contains potentially infected macro
(unknown infection), it will be scanned and
cleaned/deleted, as part of the clean.
Scan Apple Mail messages
Enables/disables the On-Demand scanner to check
Apple Mail messages for infection.
Check files for virus-like characteristics
Enables/disables the On-Demand scanner to check
for files that show characteristics of viruses or
worms and may contain unknown infections.
Find potentially unwanted applications
and joke programs
Enables/disables the On-Demand scanner to check
for unwanted programs or joke programs.
22
3
VirusScan® 8.6 for Mac User Guide
Getting Started
Configuring the scanners
Table 3-2 Advanced Preferences for On-Demand scanner
Selects the primary action for the On-Demand
scanner.
When a virus is found:
„
Clean
„
Delete
„
Notify
Delete when Clean fails or is not
available
Selects the secondary action for the On-Demand
scanner. This is available only when the primary
action is Clean.
5 Click Lock to prevent changes to the preferences.
6 Click Close in the upper left-hand corner to exit the Preferences dialog box.
Configuring the On-Access scanner
The On-Access scanner continually monitors all files that are in use to determine if a
virus or other malware is present. An On-Access scan takes place whenever a file is
read from the disk, written to the disk, or both, depending on the preferences you set
for this scanner.
You configure the On-Access scanner advanced scanner preferences using options
available in the lower pane of the Preferences dialog.
To configure the On-Access scanner:
1 Click Preferences
on the tool bar to display the Preferences dialog box.
2 Click More Options in the lower right-hand corner of the dialog box to reveal Advanced
Preferences.
3 Select On-Access Scanner from the drop-down menu (if not already selected) to
display the On-Access scanning version of this dialog box.
23
3
VirusScan® 8.6 for Mac User Guide
Getting Started
Configuring the scanners
.
Figure 3-4 On-Access preferences
4 Select your scanning preferences for the On-Access scanner; Table 3-3 shows the
available preferences.
Table 3-3 Advanced Preferences for On-Access scanning
Scan contents of archives and
compressed files
Sets the selected scanner to scan into archives and
other compressed files. On by default for the
On-Access scanner. Note that the On-Access
scanner will not scan inside stuffit archives.
Find Unknown Macro Viruses
If a file contains potentially infected macro
(unknown infection), it will be scanned and
cleaned/deleted, as part of the clean.
Scan Apple Mail messages
Enables/disables the On-Access scanner to check
Apple Mail messages for infection.
Check files for virus-like characteristics
Enables/disables the On-Access scanner to check
for files that show characteristics of viruses or
worms and may contain unknown infections.
Find potentially unwanted applications
and joke programs
Enables/disables the On-Access scanner to check
for unwanted programs or joke programs.
24
3
VirusScan® 8.6 for Mac User Guide
Getting Started
Using the On-Demand scanner
Table 3-3 Advanced Preferences for On-Access scanning
Scan files on network volumes
Sets the scanner to scan files accessed from
network volumes.
Scan files:
Determines if the On-Access scanner is to scan
files that are read from the disk, written to the disk,
or both.
„
Always
„
Read
„
Write
Maximum scan time
The maximum length of time, in seconds, that a
scan can last per file. (A compressed file is not
treated as one file; this timeout applies to the last
individual file, and not to the last top level container
file).
When a virus is found:
Selects the primary action for the On-Access
scanner.
„
Clean
„
Delete
„
Notify
Delete when Clean fails or is not
available
Selects the secondary action for the selected
scanner. This is available only when the primary
action is Clean.
5 Click Lock to prevent changes to the preferences.
6 Click Close in the upper left-hand corner to exit the Preferences dialog box.
Using the On-Demand scanner
The On-Demand scanner allows you to initiate a scan at any time in the following ways:
„
By dragging and dropping file(s) into the VirusScan dock icon, the VirusScan icon in the
Finder, or into the drag-and-drop pane in the console.
„
Through the Select a file or folders to Scan & Clean dialog box.
You can select multiple files or directories and the results are summarized in the
reporting window.
To perform On-Demand scanning:
1 Open the VirusScan console.
2 Drag and drop the file, folder, or volume you want to scan into the drag-and-drop
pane of the main console. To select a group of files, do one of the following:
„
Hold down the Shift key while selecting the files you want.
„
Click the drag-and-drop pane. A file selection screen appears. Select the file,
group of files, directory, or volume you want to scan, then click Select Location.
„
Drag the file, folder, or volume to the VirusScan dock icon in the Finder view.
3 Click Start on the console to initiate scanning.
The Status Line shows the name of the file being scanned and the status of the scan.
The arrow beside the status line hides or reveals the Reporting window. The Reporting
window is hidden by default.
25
3
VirusScan® 8.6 for Mac User Guide
Getting Started
Using the On-Access scanner
A scan report appears in the Reporting window. The report notes the time of the scan,
the total files scanned, and the actions taken. The console shows the status of the scan
in a line between the drag-and-drop pane and the report panel. The status panel shows
Idle when it is not scanning.
Using the On-Access scanner
The On-Access scanner provides continuous, automatic policy enforcement for
multiple files, directories and volumes, including volumes on remote computers
connected through the network. Simply enable the On-Access scanner for it to run.
To enable On-Access scanning:
1 Open the VirusScan console.
2 Click Preferences
on the tool bar to display the Preferences dialog box.
3 Select the On-Access Scanning checkbox to enable On-Access scanning.
The scanner notifies you in the Reporter pop-up window if it finds a virus or other
malware.
Updating DAT files
Daily, by default, eUpdate automatically connects to the eUpdate server via your
Internet connection, and checks for new DAT files. Updates can traverse proxy servers.
You can schedule additional eUpdates through the VirusScan Schedule Editor.
Automatic and scheduled eUpdate and On-Demand scans can be run simultaneously.
Note
Why do you need to update?
To ensure that you are protected against the latest threats, you should keep your
anti-virus software up-to-date by updating the DAT files and engine regularly:
„
New viruses and worms emerge frequently. McAfee regularly releases updated
DAT files to ensure VirusScan can detect such viruses and worms.
„
Virus-scanning engine upgrades are occasionally available. These enable VirusScan
to employ the latest virus-detection techniques.
How does eUpdate work?
eUpdate enables you to obtain and apply new DAT files or upgrades to your anti-virus
software while connected to the Internet. If an update exists, VirusScan will
automatically attempt to download and install the update. If a day lapses without
updating, VirusScan will automatically download the update. This ensures your system
is up-to-date at all times.
Configuring eUpdate settings
DAT files can be updated from an FTP server. McAfee provides an FTP server to
eUpdate your DAT files.
26
3
VirusScan® 8.6 for Mac User Guide
Getting Started
Updating DAT files
McAfee FTP server
By default, VirusScan is configured to access the McAfee FTP server to download the
latest DAT files. After you install VirusScan, it automatically connects to the FTP server
to download and update your DAT files while you are connected to the Internet.
Configuring the internal FTP server
To use an internal FTP eUpdate repository for your Macintosh computers on your
network, you need to configure an internal FTP eUpdate server. In this case, you have
to download the DAT files everyday from the McAfee FTP server
(ftp://ftp.mcafee.com/commonupdater) onto the internal FTP server you have
configured.
To configure the internal FTP server:
1 Download the DAT file from ftp://ftp.mcafee.com/commonupdater.
2 Copy the DAT file to a folder on the FTP eUpdate server.
To access the FTP server from Preferences:
1 Open the ViruScan console to modify the settings in the eUpdate Server Settings dialog
box.
2 Click Preferences on the tool bar. The Preferences dialog box appears. Select the
Customize eUpdate Server Settings option.
3 Click the Customize button. The eUpdate Server Settings dialog box appears.
4 Type the URL of the internal FTP server in the Server URL.
5 Type the location to where you have downloaded the DAT file in Directory.
6 Click OK.
27
3
VirusScan® 8.6 for Mac User Guide
Getting Started
Using the VirusScan Schedule Editor
Example:
1 Create a directory named "commonupdater" under your ftp server's top level
directory.
2 Open ftp://ftp.mcafee.com/commonupdater.
3 Download the following files from ftp://ftp.mcafee.com/commonupdater/ to
<your ftpserver>/commonupdater/ location:
„
oem.ini
„
all .gem files
„
gdeltaavv.ini
4 Download
ftp://ftp.mcafee.com/commonupdater/current/VSCANDAT1000/DAT/0000/avvd
at-xxxx.zip to
<your ftpserver>/commonupdater/current/VSCANDAT1000/DAT/0000/.
5 Virus Definitions are updated daily. Hence, you need to repeat Step 1 to 4 daily if
you want to keep your local update repository up-to-date.
How do you eUpdate through proxy server?
WebProxy (HTTP) proxy settings are supported. Refer to Apple's documentation for
details on how to configure these proxy settings on the Max OS X.
You must also ensure that anonymous access is enabled on the FTP server in order for
eUpdate to work.
VirusScan does not support proxy server authentication.
Note
Using the VirusScan Schedule Editor
The VirusScan Schedule Editor allows you to create repetitive scans on a group of files
or folders. You can schedule daily, weekly, and monthly scans.
To schedule a scan:
1 Click Scheduler on the VirusScan console. Alternatively, you can select Scheduled Tasks
from the View menu. The VirusScan Schedule Editor dialog box appears.
28
3
VirusScan® 8.6 for Mac User Guide
Getting Started
Using the VirusScan Schedule Editor
2 Click New Scan Task
. An Untitled dialog box appears.
Figure 3-5 New Scan dialog box
3 Name the task. Use a name that describes the scan you are scheduling.
4 Click Set to specify the Date & Time of the scheduled scan.
5 Choose the items you want scanned. You can do this by:
„
Dragging and dropping items into the Scan Items pane.
„
Clicking on the Scan Items pane. A Choose Item dialog box appears. Click Choose
when you have selected the file(s) to scan.
6 Select Recurrence. Choose from:
„
Daily: Type the sequence of days that the scan will run.
„
Weekly: Select the day(s) of the week on which you want the scan to occur.
„
Monthly: Select the day(s) of the month on which the scan will occur, and the
sequence of months.
„
Never: Select this option if you do not want the scan to reoccur.
7 Specify when the schedule should end, and click OK.
Your new scan task appears in a list of all scheduled scans and eUpdates in the
VirusScan Schedule Editor. To enable or disable scheduled tasks, select the checkbox
next to the task item.
Note
If the computer is switched off when a task is scheduled to run, VirusScan will skip
the task when the computer is turned back on.
Scheduling eUpdates
The VirusScan Schedule Editor allows you to schedule repetitive updates to your
computers DAT files and the virus-scanning engine. This support is provided through
FTP.
29
3
VirusScan® 8.6 for Mac User Guide
Getting Started
Using the VirusScan Schedule Editor
eUpdate is programmed to check for new updates on its own. However, you can
schedule additional eUpdates or modify the existing schedule.
To schedule an eUpdate:
1 From the View menu, select Scheduled Tasks. The VirusScan Schedule Editor dialog box
appears.
2 Click New eUpdate Task.
An Untitled window appears.
Figure 3-6 New eUpdate dialog box
3 Type a name for the task. We recommend using a name that describes the task you
are scheduling.
4 Click Set to specify a Date & Time for the update to occur.
5 Select Recurrence. Choose from:
„
Daily: Type the sequence of days you want the eUpdate to connect.
„
Weekly: Select the day(s) of the week on which you want the eUpdate to occur.
„
Monthly: Select the day(s) of the month you want the automatic update, and the
sequence of months.
„
Never: Select this option if you do not want the automatic update to reoccur.
6 Select an end date and click OK.
Your new eUpdate task appears in a list of all scheduled scans and eUpdates in the
VirusScan Schedule Editor. To enable or disable eUpdate tasks, select the check box
next to the appropriate task item. eUpdate will automatically start when an update is
available.
To initiate an unscheduled eUpdate:
1 Open the VirusScan console.
2 Click the eUpdate tab to switch to the eUpdate pane.
3 Click Start to check if new virus definitions are available for download.
30
3
4
Integrating with ePolicy
Orchestrator 3.6
Introduction
This section describes how to configure VirusScan for Mac using McAfee ePolicy
Orchestrator® management software versions 3.6 and 3.6.1. To use this guide
effectively, you need to be familiar with ePolicy Orchestrator. For more information,
see the ePolicy Orchestrator Product Guides. The ePolicy Orchestrator software
provides a single point of control for your McAfee anti-virus products, to manage
anti-virus policies and view reports of anti-virus events and virus activity in an enterprise
environment. Using ePolicy Orchestrator, you can configure VirusScan for Mac on the
target computers across your network; you do not need to configure them individually.
This section includes the following information:
„
Adding ePolicy Orchestrator agent configuration to ePolicy Orchestrator server.
„
Setting anti-virus policies on the target systems to configure the following VirusScan
for Mac features:
„
General policies controlling overall functions for VirusScan for Mac.
„
eUpdate server policies.
„
On-Demand scanner policies.
„
On-Access scanner policies.
Configuring ePolicy Orchestrator agent features for Macintosh computers:
„
Note
„
Agent communication interval.
„
Policy enforcement interval.
„
Event forwarding.
„
Logging.
This guide does not provide detailed information about installing or using ePolicy
Orchestrator software. See ePolicy Orchestrator Product Guides.
31
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
Introduction
Prerequisites for using ePolicy Orchestrator to manage
VirusScan for Mac
Before you can use the ePolicy Orchestrator software to manage VirusScan for Mac:
„
Check in the appropriate Network Associate Package (.NAP) files for VirusScan for
Mac in the ePolicy Orchestrator software repository.
„
Check in the Non-Windows Agent (NWA) file to the ePolicy Orchestrator repository.
Non-Windows Agent (NWA) is also known as ePolicy Orchestrator Agent for Mac OS X.
Note
„
Install the ePolicy Orchestrator agent on your Macintosh computer.
Introducing ePolicy Orchestrator console
The Microsoft Management Console (MMC) is your interface to the ePolicy
Orchestrator product and its features. Here you register and configure the VirusScan
for Mac anti-virus product that is managed through ePolicy Orchestrator. The console
uses standard MMC features.
The console is divided into two sides or panes:
„
The console tree is the navigation pane of the console. It shows the servers,
workstation, and appliances that you can administer using ePolicy Orchestrator.
„
The details pane is to the right of the console. Depending on the item selected in
the console tree, the details pane might have an upper details pane and lower details
pane.
Figure 4-1 ePolicy Orchestrator console
When you first log on to the server, the console appears with Console Root highlighted
in the left pane.
32
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
Installation
The console’s appearance changes to reflect the items you have selected in the
console tree or in the details pane.
For detailed information about using ePolicy Orchestrator, refer to the ePolicy
Orchestrator Product Guides.
Note
Installation
Introduction
The Non-Windows agent is the distributed component of ePolicy Orchestrator that
must be installed on each Macintosh computer on the network. The agent collects and
sends information between the ePolicy Orchestrator server and repositories, and
manages VirusScan installations across the network. How you configure the agent and
its policy settings determines how it facilitates communication and updating in your
environment.
System requirements
The agent can be installed on the Apple Macintosh OS X operating system, version
10.4.6 (or later), on any of the following Macintosh platforms:
„
G3
„
G4
„
G5
„
SMP (dual processor)
„
Intel-based Macintosh computer
Checking in NAP files to manage VirusScan
To manage VirusScan through ePolicy Orchestrator, you must first add the product
.NAP files to the software repository on the ePolicy Orchestrator server. The .NAP files
contain VirusScan policy pages, where you control the product settings that are
deployed through the ePolicy Orchestrator agent to the client computers.
McAfee releases .NAP files for all anti-virus and security products supported by ePolicy
Orchestrator. The .NAP file for a given product is available with the other installation
files for that product. These can be either on the product CD or in the product .ZIP file
if you downloaded the installation files from the McAfee web site. The .NAP files for
VirusScan are available in the ePolicy Orchestrator Server Components subfolder on the
product CD, or in the product .ZIP file. A .NAP file always has a .NAP extension and is
named with a product name code and version number, such as NWA-MAC300.NAP.
Note
Policy pages are not added to the master repository; they are stored on the ePolicy
Orchestrator server. Because of this, NAP files are not replicated to distributed
repositories or updated to Macintosh computers.
33
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
Installation
Adding Macintosh Non-Windows Agent NAP file
(NWA-MAC300.NAP)
To check in a Macintosh Non-Windows Agent .NAP file to the ePolicy Orchestrator
server:
1 Locate the NWA-MAC300.NAP file, either on the product CD or in the installation .ZIP
file that you downloaded from the McAfee web site, and save it to a temporary
folder accessible from the ePolicy Orchestrator server.
2 Log on to the ePolicy Orchestrator server with administrative rights.
3 In the ePolicy Orchestrator console tree, right-click Repository and select Configure
Repository. The Configure Software Repository wizard appears.
Tip
Alternatively, you can open the wizard by double-clicking Repository in the ePolicy
Orchestrator console tree, then clicking Check in NAP in the details pane.
4 Select Add new software to be managed and click Next.
5 In the Select a Software Package dialog box, browse to and select the NWA-MAC300.NAP
file you saved to a temporary folder in Step 1 on page 34.
6 Click Open to enable ePolicy Orchestrator to load the selected .NAP file.
Adding VirusScan for Mac NAP file (Virex.nap)
To add Virex.nap file to the ePolicy Orchestrator server:
1 Locate the Virex.nap file, either on the product CD or in the installation .ZIP file
downloaded from the McAfee web site, and save it to a temporary folder accessible
from the ePolicy Orchestrator server.
2 Log on to the ePolicy Orchestrator server with administrative rights.
3 In the ePolicy Orchestrator console tree, right-click Repository and select Configure
Repository. The Configure Software Repository wizard appears.
4 Select Add new software to be managed and click Next.
5 In the Select a Software Package dialog box, browse to and select the Virex.nap file you
saved to a temporary folder in Step 1 on page 34.
6 Click Open to enable ePolicy Orchestrator to load the selected .NAP file.
Adding VirusScan for Mac Report NAP file (virexExt.nap)
To add virexExt.nap file to the ePolicy Orchestrator server:
1 Locate the virexExt.nap file, either on the product CD or in the installation .ZIP file
downloaded from the McAfee website, and save it to a temporary folder accessible
from the ePolicy Orchestrator server.
2 Log on to the ePolicy Orchestrator server with administrative rights.
3 In the ePolicy Orchestrator console tree, right-click Repository and select Configure
Repository. The Configure Software Repository wizard appears.
4 Select Add new reports and click Next.
34
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
Installation
5 In the Select a Software Package dialog box, browse to and select the virexExt.nap file
you saved to a temporary folder in Step 1 of Adding VirusScan for Mac Report NAP
file (virexExt.nap) section, and click Open to enable ePolicy Orchestrator to load the
report .NAP file into the repository.
Once ePolicy Orchestrator completes loading all the .NAP files, the agent will appear in
the policy list in the details pane.
Installing the ePolicy Orchestrator agent for Macintosh
computers
The ePolicy Orchestrator agent for Macintosh computers can be installed through
either a standard (graphical interface) installation, or a command-line (silent) install. The
agent is installed in the /Library/NETAepoagt directory and also uses the
/Library/NETASSOC directory for configuration related data.
You cannot change the installation directory of the ePolicy Orchestrator agent.
Note
Standard installation
1 Locate the nwa.dmg file, either on the product CD or in the installation .ZIP file
downloaded from the McAfee website, and save it to a temporary folder.
nwa.dmg is located in the ePO Agent folder of the ePO Components.ZIP file on the
product CD.
Note
2 Double-click the nwa.dmg file. The following files appear.
„
NWA.pkg
„
cmdinstall
3 Double-click the NWA.pkg file. The Welcome to the ePO Agent for Mac OS X installer window
appears.
4 Click Continue. The ReadMe window appears. This ReadMe describes the agent
features, and lists any known behavior or other issues with the agent release.
5 Click Continue. The Software License agreement window appears.
Note
Read and accept the license agreement. If you do not accept the license agreement,
the installation cannot continue.
6 Click Continue. The Select a Destination window appears. Select the volume where you
want to install the ePolicy Orchestrator agent and click Continue.
7 The Easy Install window appears.
Note
There are two versions of this window depending on whether you are
installing/reinstalling the agent or upgrading it. If you are installing the agent for the
first time, or reinstalling it after you have uninstalled the previous ePolicy Orchestrator
agent installation, this window contains an Install button. If upgrading a previous
version of ePolicy Orchestrator agent, this window contains an Upgrade button.
35
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
Installation
8 Click Install/Upgrade to continue.
9 You are required to authenticate your credentials. Type your password and click OK.
The Install Software window appears.
During this process, the installer will require you to authenticate the ePO Agent
Configurator. Type your password and click OK. The ePO Agent Configurator dialog box
appears.
10 Type the ePO Server IP address and the ePO Server Port number. Click Apply. The Install
Software window appears.
11 Click Restart to complete the installation process.
Silent installation (command-line)
1 Locate the nwa.dmg file, either on the product CD or in the installation .ZIP file
downloaded from the McAfee web site, and save it to a temporary folder.
nwa.dmg is located in the ePO Agent folder of the ePO Components.ZIP file on the
product CD.
Note
2 Double-click the nwa.dmg file. The following files appear.
„
NWA.pkg
„
cmdinstall
3 Open the Terminal window and change the working directory to /Volumes/NAINWA.
You need to be have administrator rights to execute this command.
Note
4 In the Terminal window, execute
sudo ./cmdinstall <ePO Server IP Address>:<ePO Server Port>
36
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
Uninstallation
5 When the silent installation completes, the Terminal window shows:
Figure 4-2 Terminal window - Install/Upgrade complete
You have successfully installed/upgraded your ePolicy Orchestrator Agent for Mac
OS X.
Installing VirusScan for Mac
Refer to the section Installing VirusScan for Mac on page 13 for details on installing the
software on Macintosh computers.
Uninstallation
Removing VirusScan for Mac from the ePolicy Orchestrator
server
You can uninstall the VirusScan for Mac .NAP file from the ePolicy Orchestrator server.
To remove the VirusScan for Mac NAP file:
1 Log on to the ePolicy Orchestrator database server.
2 Select VirusScan for Mac under Repository | Managed Products | MAC OS X | in the console
tree.
3 Right-click VirusScan for Mac and select Remove to uninstall the VirusScan .NAP file
from the ePolicy Orchestrator server.
Removing ePolicy Orchestrator Agent for Mac OS X from
ePolicy Orchestrator server
You cannot remove the ePolicy Orchestrator Agent for MAC OS X from the ePolicy
Orchestrator server after you have checked it in.
37
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
Setting policies within ePolicy Orchestrator
Removing ePolicy Orchestrator Agent from VirusScan for Mac
You can uninstall the ePolicy Orchestrator Agent from a Macintosh computer.
To uninstall ePolicy Orchestrator agent using the command line:
1 Log in with administrative rights.
2 Go to the /Library/NETAepoagt directory.
3 Run cmduninst.
Setting policies within ePolicy Orchestrator
The ePolicy Orchestrator console allows you to enforce policies across groups of
computers or on a single computer. These policies override configurations set on
individual computers.
Before configuring any policies, select the group of computers for which you want to
modify VirusScan for Mac policies. You can modify VirusScan for Mac policies from the
pages and tabs that are available in the details pane of the ePolicy Orchestrator
console. These pages are nearly identical to those you can access directly from the
VirusScan for Mac user interface.
After you have modified the appropriate polices and saved the changes for the
intended computer or group of computers, you are ready to deploy the new settings
via the ePolicy Orchestrator agent.
38
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
Setting policies within ePolicy Orchestrator
To modify policies for VirusScan for Mac in ePolicy Orchestrator:
1 Log on to the ePolicy Orchestrator server.
2 In the console tree under ePolicy Orchestrator | <SERVER> | Directory, select the site,
group, single computer, or the entire directory to which these policies are to apply.
The Policies, Properties, and Tasks tabs appear in the details pane.
3 Select the Policies tab in the details pane, then expand VirusScan for Mac 8.6. Enforce
Policies and VirusScan Policies appear beneath the VirusScan for Mac 8.6 entry.
4 Under Policy Name, click McAfee Default for a Category to view the default policy settings.
Note
You cannot configure the McAfee Default policy settings for a selected Category. To
configure a selected category, you must create a new policy for the selected Category.
To create a new policy for a category:
1 Click Edit for a Category in the VirusScan for Mac 8.6 entry in the ePolicy Orchestrator
details pane.
2 Click the Policy Name drop-down list and select New Policy. The Create a new policy dialog
box appears.
Create a new policy options
Duplicate the following policy
Creates a duplicate policy for the selected Category. Select
the policy from the drop-down list.
Create a policy in which all tabs
inherit
Creates a new policy in which all the policy tab settings are
inherited.
New policy name
Type the new policy name for the Category you want to
create.
3 Configure the required options from the original policy, then click OK to create the
new policy.
4 Click Apply to save these settings.
To edit an existing policy:
1 Click
for the selected Category in the VirusScan for Mac 8.6 entry in the ePolicy
Orchestrator details pane.
2 Configure the required options, then click Apply to save the policy.
To enforce policies:
1 Click Edit for Enforce Policies in the VirusScan for Mac entry in ePolicy Orchestrator.
2 Click the Policy Name drop-down list and select Yes.
3 Click Apply to enforce the policies that you just configured.
39
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
General tab
General tab
The General tab allows you to enforce general policies controlling overall functioning of
VirusScan for Mac, such as automatically checking for virus definitions updates,
performing On-Access scans, logging scan results, and creating exclusion lists for
specific disks, files and folders.
You can enforce the following general policies:
Automatically check for virus definition
updates
Enables/disables automatic eUpdates.
On-Access scan
Enables/disables On-Access scanning.
Log results to file
Enables/disables logging results to a file.
Exclude specific disks, files and folders
Excludes from scanning the items listed here. If
this option is not selected, the scanner ignores
the list of exclusions.
Add Exclusion:
„
Click Add, you will see the Add Scan Item -Web Page dialog. Type the full path of the file,
directory or disk you want to exclude and
click OK. The exclusions will be listed in the
Exclusion list.
Remove Exclusion:
„
Select the exclusion in the Exclusion list and
click Remove.
Edit Exclusion:
„
Select the exclusion in the Exclusion list and
click Edit.
eUpdate tab
The eUpdate tab allows you to customize DAT and virus-scanning engine update
settings. eUpdate keeps your anti-virus software continuously updated with new
information on viruses and scanning capabilities. You can update your DAT and engine
files using FTP.
Customizing eUpdate settings
When updating your DAT and engine files, you must specify the details of the server
from where the update files are to be transferred.
Server URL
The server URL for downloading DAT and
Engine updates.
Port
The port number you want to use for FTP.
Username
Your username.
Password
Your password.
Account
Your FTP account.
Directory
The path where your DAT and engine files are
located.
40
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
On-Access scanner tab
On-Access scanner tab
The On-Access scanner tab allows all files that are currently in use to be scanned
automatically to determine if a virus or other malware is present. A scan takes place
whenever a file is read from the disk, and/or written to the disk, either by the user or
by system processes. Using the On-Access scanner, continuous policy enforcement
can be provided for multiple files, directories, or volumes, including volumes on remote
computers connected through the network. You can configure what the scanner looks
for and how it responds to infected files. The scanner notifies you, in the Reporter pop-up
window of the Macintosh computer, if it finds a virus or other malware.
You can enforce the following On-Access scanner policies:
Scan contents of archives and
compressed files
Sets the scanner to scan inside archives and other
compressed files. Off by default for the On-Access scanner.
Note that the On-Access scanner will not scan inside stuffit
archives.
Find Unknown Macro Viruses
If a file contains potentially infected macro (unknown
infection), it will be scanned and cleaned/deleted, as part of
the clean.
Scan Apple Mail messages
Sets the scanner to scan Apple Mail messages.
Check files for virus-like
characteristics
Enables/disables heuristics, which scan for files that show
characteristics of viruses or worms, and may contain
unknown infections.
Find potentially unwanted
application and joke programs
Enables/disables the scanner to check for unwanted
programs or joke programs.
Scan files on network volumes
Sets the scanner to scan files held on network volumes.
Scan files:
Determines if the scanner is to scan files that are read from
the disk, written to the disk, or both. By default, this is set to
Always so files that are written to the disk or read from the
disk are scanned.
„
Always
„
Read
„
Write
When a virus is found:
„
Clean
„
Delete
„
Notify
Selects the primary action of the On-Access scanner when
a virus is found.
Delete when Clean fails or is
not available
Selects the secondary action for the scanner when a virus is
found. This is only available when the primary action is
Clean.
Maximum scan time
The maximum length of time, in seconds, that a scan can
last for one file. (A compressed file is not treated as one file;
this timeout applies to the last individual file, and not to the
last top level container file.)
41
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
On-Demand scanner tab
On-Demand scanner tab
The On-Demand scanner tab allows you to initiate a scan at any time by dragging and
dropping selected files into the console or through a File Open dialog box. With the
On-Demand scanner, you can select multiple files, directories, or volumes. Scan results
are summarized in a report that can be saved or printed. You can configure what the
scanner looks for and how it responds to infected files. The scanner notifies you when
it finds a virus and generates a log that appends its actions.
You can enforce the following On-Demand scanner policies:
Scan contents of archives and
compressed files
Sets the scanner to scan into archives and other
compressed files. On by default for the On-Demand
scanner.
Find Unknown Macro Viruses
If a file contains potentially infected macro (unknown
infection), it will be scanned and cleaned/deleted, as part of
the clean.
Scan Apple Mail messages
Sets the scanner to scan Apple Mail messages.
Check files for virus-like
characteristics
Enables/disables heuristics, which scan for files that show
characteristics of viruses, or worms, and may contain
unknown infections.
Find potentially unwanted
application and joke programs
Enables/disables the scanner to check for unwanted
programs or joke programs.
When a virus is found:
Selects the primary action of the scanner when a virus is
found.
„
Clean
„
Delete
„
Notify
Delete when Clean fails or is
not available
Selects the secondary action for the selected scanner when
a virus is found. This is only available when the primary
action is Clean.
42
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
Scheduling scans and eUpdates
Scheduling scans and eUpdates
When VirusScan for Mac scans for viruses, it uses information in the DAT files to find
and remove viruses. Many new viruses are discovered daily, and McAfee regularly
creates new DAT files to provide protection from these viruses. To ensure the best
anti-virus protection, you can use ePolicy Orchestrator to inform VirusScan for Mac
where to access the latest DAT files, to create schedules for replacing earlier DAT files,
and to run On-Demand scans.
Using ePolicy Orchestrator, you can create these types of scheduled tasks for the
VirusScan for Mac software:
„
On-Demand scan
„
eUpdate
Scheduled tasks for a computer can be set to execute based on the local time or GMT
(Greenwich Mean Time). However, ePolicy Orchestrator cannot monitor the progress
of a scheduled task, so we recommend that you periodically view the log file on the
server to check if the scheduled task was executed successfully.
On-Demand scans
VirusScan for Mac can perform On-Demand scanning of your files, so that all files on
your computer are checked for viruses, Trojan horses and other malware. You can
create any number of On-Demand scan schedules. The scan schedules can be
configured to run at set intervals, and can be run at any time by the user. You can also
disable schedules that you do not want to run automatically.
Creating a new task
1 Click Tasks tab in the upper details pane. Right-click in the pane, and select Schedule
Tasks.
2 Type a name for the task in the New Task Name field and select the task you want to
create.
3 In the Task Type drop-down list, select ODS. Click OK.
The created task is listed in the Tasks tab.
Editing a task
1 Right-click the task and select the Edit Task option.
43
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
Scheduling scans and eUpdates
2 Click Settings. The Where page appears where you can include files and directories in
the scheduled scan.
Include these files and
directories in the scan.
Configures your scanning inclusions.
Add inclusion:
„
Click Add, you will see the Add Scan Item -- Web Page
dialog . Type the full path of the file, directory or disk you
want to include and click OK. The inclusion will be listed in
the Inclusion list.
Remove inclusion:
„
Select the inclusion in the Exclusion list and click Remove.
Edit inclusion:
„
Select the inclusion in the Inclusion list and click Edit. In
the Add Scan Item -- Web Page dialog, modify the full path
of the file or directory you want to include in the scan and
click OK.
Schedule Settings
3 Deselect Inherit to enable the settings in the Schedule Settings pane.
Enable (schedule task runs at
specified time)
Select to enable the task to run at a specified time.
Stop the task if it runs for:
Specify the maximum hours and minutes the task can run
before it is cancelled.
4 Click the Schedule tab to find these options:
Schedule Task
Start Time
„
UTC Time
„
Local Time
Select one of the available task types from the drop-down
list:
„
Daily
„
Weekly
„
Monthly
„
Once
„
At System Startup
„
Run Immediately
Specify the start time for the scheduled task. Select the local
time option to run the task using the scheduled interval at
the client computer system time. This is useful for
scheduling processor-intensive tasks, such as On-Demand
scans, to run during non-business hours.
Selecting the UTC Time option uses the Universal Time
Conversion (also known as Greenwich Mean Time or GMT)
to run the task. This option causes the task to run at the
same time for all your Macintosh clients regardless of the
local system time on the Macintosh systems.
Enable randomization
The task does not run at exactly the specified start time,
instead, it starts after a random, specified time. Specify the
hours and minutes to enable randomization.
Run missed task
Ensures that the task is started if the Macintosh computer is
shutdown or otherwise not available at the scheduled start
time. Selecting this option ensures the task is run the next
time the Macintosh computer becomes available.
44
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
Scheduling scans and eUpdates
Delay missed task by
Click Advanced on the Advanced Schedule Options dialog
box. When running missed tasks, selecting this option sets a
delay after the Macintosh computer becomes available
before the missed tasks run.
Start Date / End Date
Click Advanced on the Advanced Schedule Options dialog
box. Type the start and end dates if you only want the task to
run for a specified period, such as for a few days or weeks.
Repeat Task
Click Advanced on the Advanced Scheduled Options dialog
box. Use this option to run a task multiple times in the same
day. To do this, check Repeat Task and then set the repeat
interval appropriately.
Typically, you might do this to run a client update task several
times a day, especially if there are a lot of new viruses. You
can also schedule the task to repeat during other intervals,
such as weekly or monthly.
Schedule Task Daily
Specify the interval to execute the schedule task; this could
be an interval of 1 or several days. If you select 1, the
schedule task is executed every other day.
Deleting a task
„
Right-click the task in the Tasks pane and select Delete.
eUpdate
Your anti-virus software can only provide full protection if you keep it up-to-date with the
latest DAT file and virus-scanning engine. We recommend that you update DAT files
daily, and regularly check the McAfee Avert Labs web site for new DAT files. If you have
multiple servers in the current domain (all running VirusScan for Mac), you can use one
server to download the latest DAT files, then configure the others to copy the files from
that server. Your servers can download files for a number of operating systems,
regardless of the operating systems that are in use.
Specifying the location of the DAT files
You can specify the source of the DAT files using the eUpdate tab.
Creating an eUpdate task
1 In the console tree under ePolicy Orchestrator, right-click Directory or the site, group, or
host, then select Schedule Task. The Schedule Task dialog box opens.
2 Type a name in New Task Name.
3 Select VirusScan for Mac 8.6 - Update from the Software/Task Type list.
4 Click OK to create the task.
Configuring an eUpdate task
After you have created a new eUpdate task, you can configure the task as required.
1 On the Tasks tab in the upper details pane, right-click the task, then select Edit Task.
The ePolicy Orchestrator Scheduler dialog box appears.
2 Click Settings, edit the required options in both the Task and Schedule tabs.
45
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
Viewing ePolicy Orchestrator properties
3 Deselect Inherit.
4 Select Run eUpdate and then select Inherit.
5 Click OK to return to ePolicy Orchestrator Scheduler dialog box.
Viewing ePolicy Orchestrator properties
From ePolicy Orchestrator server, you can view various system properties.
To view the properties:
1 In the console tree, select the server for which you want to view settings.
Figure 4-3 System Properties
2 In the upper details pane, click the Properties tab.
3 In the Properties pane, expand the VirusScan for Mac tree view to list its various
properties.
4 Click + next to a property to view its details.
Reports
From the ePolicy Orchestrator console, you can view reports that show how the
VirusScan for Mac hosts are handling infections, and you can check the configurations
that have been set up on the hosts. You can also create reports using data sent by the
Non-Windows Agent in the selected ePolicy Orchestrator database. You can save the
selections you make in the Enter Report Inputs and Report Data Filter dialog boxes for future
use.
All VirusScan for Mac reports fall under the Antivirus heading.
Note
46
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
Reports
ePolicy Orchestrator reports allow you to:
„ Set a directory filter to gather only the information that you want to view. When
setting this filter you can choose which part of the ePolicy Orchestrator console
tree is included in the report.
„
Set a data filter, by using logical operators, to define precise filters on the data
returned by the report.
„
Generate graphical reports from the information in the database, and filter the
reports as desired. You can print the reports and export them for use in other
software.
„
Conduct queries of computers, events, and installations.
To run a report:
1 Log on to the ePolicy Orchestrator database server.
2 Select the desired VirusScan for Mac report under Reporting | ePO Databases |
<database server> | Reports | <report group> in the console tree.
Note
„
If the Current Protection Standards dialog box appears, specify the version of virus
definition files or the virus scanning engine on which you want to report.
„
If the Enter Report Inputs dialog box appears, make selections on any of the tabs
that may appear: Rules, Layout, Data Grouping, Within, Saved Settings.
Tabs may vary based on which report is selected. See ePolicy Orchestrator Product
Guides for more details on all the available settings tabs.
3 Select the report (Agent Versions) you want to generate, then set the data filter in the
Report Data Filter dialog box. Click OK.
47
4
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 3.6
Reports
4 A report for Agent Versions is generated.
Figure 4-4 Sample report - Agent Versions
Configuring reports
There are several ways in which you can control what data appears on reports. You can
define the version number of virus definition files, virus scanning engines, and
supported products that need to be installed on Macintosh client computers for them
to be considered compliant based on your company’s anti-virus and security program.
You can also limit the results of reports by selected product criteria. (For example,
computer name, operating system, virus name, or action taken on infected files.)
Once the results of a report appear, you can then perform a number of tasks on the
data. You can view details on required report data, (for example, to determine which
Macintosh client computers do not have a compliant version of VirusScan for Mac
installed on them). Some reports even provide links to other reports, called sub-reports,
that provide data related to the current report. You can also print reports or export report
data into a variety of file formats, including HTML and Microsoft Excel.
48
4
5
Integrating with ePolicy
Orchestrator 4.0
Introduction
This chapter describes how to configure VirusScan using McAfee ePolicy Orchestrator
management software version 4.0. To use this chapter effectively, you need to be
familiar with ePolicy Orchestrator 4.0.
ePolicy Orchestrator 4.0 provides a scalable platform for centralized policy
management and enforcement on your security products and systems on which they
reside. It also provides comprehensive reporting and product deployment capabilities,
all through a single point of control.
Note
This guide does not provide detailed information about installing or using ePolicy
Orchestrator software. See ePolicy Orchestrator v4.0 Product Guide.
Extensions
VirusScan extensions come pre-installed with ePolicy Orchestrator 4.0. You can install,
remove and manage the VirusScan extension files. Extension files are in ZIP file format
and must be installed before that product or component can be managed by ePolicy
Orchestrator 4.0.
Note
In case you uninstall VirusScan extensions, the extensions are available at Program Files
| McAfee | ePolicyOrchestrator | Extensions.
The two extension files for VirusScan are:
„
VSCANMAC8600.ZIP
„
VIREXREPORTS.ZIP
To install the VirusScan policy extension files
1 Using an administrative account, log on to the ePolicy Orchestrator server.
2 Click Configuration | Extensions | Install Extension. The Install Extension dialog box appears.
3 Click Browse, select the extension file VSCANMAC8600.ZIP and click OK.
To install the VirusScan report extension files
1 Using an administrative account, log on to the ePolicy Orchestrator server.
49
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 4.0
Introducing ePolicy Orchestrator 4.0 Dashboard
2 Click Configuration | Extensions | Install Extension. The Install Extension dialog box appears.
3 Click Browse, select the extension file VIREXREPORTS.ZIP and click OK.
Introducing ePolicy Orchestrator 4.0 Dashboard
Dashboards are a collection of pre-configured and/or user-selected monitors that
provide current data about your detections.
The ePolicy Orchestrator dashboard consists of a collection of named dashboard
monitors. Depending on the permissions assigned to your user account, you can create
a new dashboard, manage existing dashboards, select active dashboards, and edit
dashboard preferences
Creating a new dashboard
1 Using an administrative account, log on to the ePolicy Orchestrator server.
2 Click Dashboards | Options | New DashBoard. The New DashBoard page appears.
3 Enter a Dashboard Name and choose a desired Dashboard Size from the drop-down.
4 Click New Monitor.
5 Choose the Category as Queries and a desired VirusScan related query from the
Monitor drop-down menu.
6 Click OK.
7 Repeat step 4 and 5 for the remaining monitors.
8 Click Save. The Make Active dialog box appears.
9 Click Yes to add this new dashboard to your active set.
Table 5-1 Dashboard Options
Options
Description
Dashboard Name
Specifies the name of the dashboard you select.
Dashboard Size
Specifies the dimensions (by number of dashboard
monitors) of the selected dashboard.
Created by
Specifies the user name who created the selected
dashboard.
Last modified by
Specifies the user name, date and time stamp of the last
modification made to the selected dashboard.
Edit
Takes you to the Edit Dashboard page where you can
make changes to the dashboard’s name and size.
Delete
Deletes the selected dashboard.
Duplicate
Creates and saves a copy of the selected dashboard. This
allows you to create and edit similar dashboards without
having to create one from scratch.
Make Public
Adds the selected private dashboard to the Public
Dashboards list, making it available to all users with
permissions, to use public dashboards.
Make Active
Adds the selected dashboard to the Dashboards tab for
easy access.
50
5
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 4.0
Systems
Systems
All the systems in the network are managed in the Systems tab. The System Tree contains
all systems that are managed by the ePolicy Orchestrator. It is the primary interface for
managing policies and tasks on these systems. You can organize or sort these systems
into logical groups in the System Tree.
My Organization is the root of the System Tree. It includes a Lost&Found group that stores
systems whose locations cannot be determined by the server. Depending on the
methods you use to create and maintain the System Tree segments (systems), the
server uses different characteristics to place the systems in the System Tree.
Note
For information on adding a new system, refer to the ePolicy Orchestrator 4.0 Product
Guide.
Sending an Agent Wakeup Call
1 Using an administrative account, log on to the ePolicy Orchestrator server.
2 Click Systems.
3 Choose a group in the System Tree.
4 Select the desired Computer Name(s) of that group.
5 Click More Actions | Wake Up Agent. The Wake Up Agents page appears.
6 Choose a Wake-up call type and a Randomization period (0-60 minutes) during which the
system(s) respond to the wakeup call sent by the ePolicy Orchestrator server.
7 Select Get full product properties for the agent(s) to send complete properties instead
of sending only those that have changed since the last agent-to-server
communication.
8 Click OK.
Navigate to Server Task Log to see the status of the agent wakeup call.
Note
Policies
You can create, edit, delete or assign a policy to a specific group/system in the System
Tree.
Creating a new policy
1 Using an administrative account, log on to the ePolicy Orchestrator server.
2 Click Systems | System Tree and choose a desired group.
3 From Policies, select the desired Product from the drop-down. A list of policies
managed by the chosen point product appears in the lower pane.
4 Locate a desired policy category, then click Edit Assignment. The Policy assignment for:
My Organization| Lost& Found | (chosen group) page appears.
5 Click Create new policy. The Create a new policy dialog box appears.
51
5
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 4.0
Systems
6 Choose McAfee Default or My Default as desired.
The McAfee Default policies are read-only and cannot be edited, renamed, or deleted.
Note
7 Enter a New policy name.
8 Click OK, then Save.
Enforcing Policies
You can enforce a policy to multiple managed systems within a group.
1 Using an administrative account, log on to the ePolicy Orchestrator server.
2 Click Systems | System Tree and choose a desired group.
3 Select the desired system(s).
4 Click Assign Policy. The Assigning Policy for <n> system page appears.
5 Select the desired Product, Category, and Policy from the drop-down, then click Save.
6 Select the systems again.
7 Send an agent wakeup call.
Note
Note
For instructions on sending an agent wake-up call, please refer to Sending an Agent
Wakeup Call on page 51.
You can create and enforce VirusScan policies and view reports only after adding the
VirusScan extension files.
Client tasks
ePolicy Orchestrator allows you to create, schedule and maintain client tasks that run
on the managed systems. You can define client tasks for the entire System Tree, a
specific group, or an individual system.
Using ePolicy Orchestrator 4.0, you can create these types of scheduled tasks for the
VirusScan software:
„
eUpdate task
„
OnDemand scan task
The client tasks available in the drop-down depend on the extension files installed.
Note
eUpdate task
Your software can only provide full protection if you keep it up-to-date with the latest
anti-virus definitions (DATs) and virus-scanning engine. We recommend that you
update DAT files daily and regularly check the McAfee AVERT (Anti-Virus Emergency
Response Team) website for new DAT files.
52
5
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 4.0
Systems
Creating a new eUpdate task
1 Using an administrative account, log on to the ePolicy Orchestrator server.
2 Click Systems | System Tree and choose a desired group.
3 From the Client Tasks, select the desired group in the System Tree for which you want
to create the eUpdate task.
4 Click Create Task. The Client Task Builder page appears.
5 Under Description, type a Name and Notes (if required) for the eUpdate task.
6 Choose eUpdate Task (VirusScan 8.6) as the Type of the task and click Next.
7 Schedule the task as desired and click Next to view the Summary of the eUpdate task,
which includes the Name, Notes, Product, Type of the task, and the Schedule
information.
8 Click Save.
9 Send an agent wake-up call.
Note
For instructions on sending an agent wake-up call, please refer to Sending an Agent
Wakeup Call on page 51.
Click Edit to change the description/schedule of an eUpdate task or Delete to remove it.
Note
On-Demand scan task
You can create any number of on-demand scan schedules. The scan schedules can be
configured to run at set intervals or can be run at any time by the user.
Creating an on-demand scan task
1 Using an administrative account, log on to the ePolicy Orchestrator server.
2 Click Systems | System Tree | Client Tasks.
3 Select the desired group in the System Tree for which you want to create the
on-demand scan task.
4 Click Create Task. The Client Task Builder page appears.
5 Under Description, type a Name and Notes (if required) for the on-demand scan task.
6 Choose On Demand Scan (VirusScan 8.6) as the Type of the task and click Next.
7 Under Configuration, choose a policy from the drop-down.
8 Click Next and schedule the task as desired.
9 Click Next to view the Summary of the on-demand scan task, which includes the Name,
Notes, Product, Type of the task, and the Schedule information.
10 Click Save.
53
5
VirusScan® 8.6 for Mac User Guide
Integrating with ePolicy Orchestrator 4.0
Uninstallation
11 Send an agent wakeup call.
Note
Note
For instructions on sending an agent wake-up call, please refer to Sending an Agent
Wakeup Call on page 51.
Click Edit to change the description/schedule of an on-demand scan task or Delete to
remove it.
Uninstallation
Removing the product extension
1 Using an administrative account, log on to the ePolicy Orchestrator server.
2 Click Configuration | Extensions.
3 Choose the extension file VirusScan, click Remove.
4 Select the option Force removal, bypassing any checks or errors.
5 Click OK.
Removing the report extension
1 Using an administrative account, log on to the ePolicy Orchestrator server.
2 Click Configuration | Extensions.
3 Choose the extension file VirusScan Reports, click Remove.
4 Select the option Force removal, bypassing any checks or errors.
5 Click OK.
54
5
6
Troubleshooting
This chapter provides solutions to situations that you might encounter when installing
or using VirusScan software.
The following topics are included:
„
Frequently asked questions
„
Error messages
Frequently asked questions
Installation
Why is the installer not working?
Check the platform you are trying to install VirusScan onto: it must be Mac OS X version
10.4.6 (or later) or Mac OS X Leopard version 10.5, PowerPC or Intel-based Mac
computer. The computer must have a minimum of 512 MB RAM and 45 MB of free
disk space. Alternatively, an existing anti-virus program might have been detected
during installation, which must be removed for VirusScan to be installed successfully.
VirusScan also requires the BSD subsystem to be installed in order to function
correctly.
What VirusScan files are installed and where?
VirusScan is installed in /Applications, VirusScan Schedule Editor is installed in
/Applications/Utilities, and VirusScan Reporter is installed in
/Library/Application Support. DAT files, dynamic libraries, and daemons can be
found at /usr/local/vscanx.
Scanning
Why has VirusScan skipped scanning certain files?
Check to make sure the skipped files are not on the exclusion list. In addition, VirusScan
will not scan archives and compressed files unless configured to do so.
55
VirusScan® 8.6 for Mac User Guide
Troubleshooting
Frequently asked questions
When VirusScan was scanning a file, I dragged-and-dropped another file to be
scanned. What happened to the file?
During a scan, you cannot add files to the scanning queue. Dragging multiple items
simultaneously queues the scan; that is, dragging-and-dropping three folders or files
would cause the scanner to perform three scans. Dragging one folder containing
multiple files causes the scanner to perform one scan.
Why is VirusScan not scanning my computer at regular intervals?
Check that you have an On-Demand scan schedule set up to scan your computer, it is
enabled, and it is configured to run regularly.
Viruses and detection
Can VirusScan detect both Macintosh and Windows viruses?
VirusScan detects all known Macintosh and Windows viruses and worms.
Why has VirusScan stopped displaying items that are scanned?
VirusScan will only show the first 200,000 items that have been scanned and found to
be infected.
Why is the content in my log file cut off?
The size of a log file cannot exceed 512 KB. When a log file does exceed 512 KB, the
file is renamed to VirusScan.log.0 and a new VirusScan.log is created. A maximum of two
backup log files are kept. If you specifically want to keep a copy of the existing log file,
we recommend that you save old log files before starting a new scan. To view the log
file, select File | View Log .
General information
Can I undo the changes I made to the Preference settings?
If you have saved unwanted preferences, the settings can be reset to their default by
clicking Reset to Defaults on the lower left corner of the Preferences window. There is no
way to undo preference setting changes once they are made; settings in the
Preferences menu are saved as soon as any change is made. We recommend that you
make a note of your current preference settings before changing them.
Is there rollback support with eUpdate?
eUpdate only supports current or new updates. There is no rollback support.
Are Macintosh virus definitions included in the updates?
The eUpdates include both Macintosh and Windows virus definitions.
How do I find out the version number and date of the virus definitions (DAT) files?
Select About VirusScan from the VirusScan menu on the menu bar of the application. The
dates of the DAT versions reflect only when the DAT files were created.
How often are DAT files updated automatically in VirusScan?
eUpdate checks for new updates automatically every day via the Internet. You can also
manually download daily updates from the McAfee Virus Information Library website.
56
6
VirusScan® 8.6 for Mac User Guide
Troubleshooting
Error messages
Why can’t I connect to the eUpdate Server to perform an unscheduled eUpdate?
Check to see if you are connected to the Internet. The eUpdate server may also be
busy.
Advanced troubleshooting
After installing VirusScan, can I view the processes running?
The processes that are running are VShieldScanManager and VShieldScanner.
Can I manually download virus definitions without using eUpdate?
From the Toolbar of the VirusScan Console, click Virus Info. This launches your default
browser and directs you to the McAfee Virus Information Library. Click the Downloads
link on the left-hand side of the screen to download the DAT files.
How do I customize eUpdate Server Settings?
1 Click Preferences on the tool bar to display the Preferences dialog box.
2 Click More Options.
3 Select the option Customize eUpdate server settings, then click Customize.
4 Configure the eUpdate FTP server settings and click OK.
5 Click Close.
Where can I find the log files?
Table 6-1 lists the log files.
Table 6-1 Log files
Log file
Description
Where can I find them
VirusScan.log
Contains VirusScan related
entries.
You can access this log file from
/var/log/VirusScan.log
log
Contains ePolicy Orchestrator
Agent related entries.
You can access this log file from
/Library/NETAepoagt/scratc
h/etc/log
Error messages
Table 6-2 lists all possible error messages you can see while running the VirusScan
application, and the possible reasons for their occurrence.
Table 6-2 Error messages - VirusScan application
Serial
No.
Message
Possible Reason
1
Initialization of VirusScan engine failed
(error x).
The engine or DAT files have become
corrupt or have been moved/deleted.
Please re-install.
2
The Report could not be saved.
Maybe the disk is full or there is no data
to be written.
Your disk may not have enough space to
save the report. Free up some room and
try to save again.
57
6
VirusScan® 8.6 for Mac User Guide
Troubleshooting
Error messages
Table 6-2 Error messages - VirusScan application
Serial
No.
Message
Possible Reason
3
The URL for the Virus Information
Library could not be opened.
Your browser may not be correctly
installed.
Please ensure that your browser is
installed correctly.
4
An error occurred while installing the
update. The eUpdate was not
completed.
There was an error when attempting to
install the update. Please restart the
eUpdate process and try again.
5
An error occurred while unpacking the
update. The eUpdate was not
completed.
There was an error when attempting to
unpack the update for installation. Please
restart the eUpdate process and try again.
6
An error occurred while downloading the
update. The eUpdate was not
completed.
There was an error when attempting to
download the update. The server may be
busy currently. Wait a few minutes then
restart the eUpdate process and try again.
7
This software product is becoming close
to the end of its designed life. To
maintain correct anti-virus capability, it is
recommended that the product is
updated as soon as possible.
Your version of VirusScan has become
outdated. We recommend that you
upgrade to the newest version of
VirusScan to ensure the best virus
protection possible.
8
This software product is coming very
close to the end of its designed life and
its further use can no longer be
supported. To maintain correct anti-virus
capability, it is now important that the
product is updated as soon as possible.
Your version of VirusScan has become
outdated. We recommend that you
upgrade to the newest version of
VirusScan to ensure the best virus
protection possible.
9
This software product can no longer
provide satisfactory virus protection. To
maintain correct anti-virus capability, it is
now necessary that the product is
updated.
Your version of VirusScan has become
outdated. We recommend that you
upgrade to the newest version of
VirusScan to ensure the best virus
protection possible.
10
The scanning engine installed for this
product is coming close to the end of its
designed life. To maintain correct
anti-virus capability, it is recommended
that the scanning engine is updated as
soon as possible.
The engine included with VirusScan has
become outdated. We recommend that
you perform an eUpdate task as soon as
possible to ensure the best virus
protection possible.
11
The scanning engine installed for this
product is coming very close to the end
of its designed life and its further use
can no longer be supported. To maintain
correct anti-virus capability, it is now
important that the scanning engine is
updated as soon as possible.
The engine included with VirusScan has
become outdated. We recommend that
you perform an eUpdate task as soon as
possible to ensure the best virus
protection possible.
12
The scanning engine installed for this
product can no longer provide
satisfactory virus protection. To provide
correct anti-virus capability, it is now
necessary to update the scanning
engine.
The engine included with VirusScan has
become outdated. We recommend that
you perform an eUpdate task as soon as
possible to ensure the best virus
protection possible.
58
6
Glossary
agent AutoUpgrade
The act of automatically upgrading the agent whenever a newer version is
available on the ePolicy Orchestrator server.
agent installation
package
The Setup program and all other files needed to install the agent.
agent language
packages
The set of files that need to be distributed to client computers to view the
agent user interface in languages other than English.
Agent Monitor
The agent user interface that appears optionally on managed computers. It
allows you to run tasks immediately that are normally initiated by the agent
at predefined intervals.
agent wakeup call
The ability to initiate agent-server communication from the server-side.
agent-server
communication
Any communication that occurs between ePolicy Orchestrator agent and the
ePolicy Orchestrator server where agent and server exchange data. Typically,
the agent initiates all communication with the server.
agent-server
communications
interval (ASCI)
The time period between predefined agent-server communication.
alert
A message or notification regarding computer activity, such as virus
detection. It can be sent automatically according to a predefined
configuration, to system administrators and users, via email, pager, or phone.
binary (Setup) files
The Setup program and all other files needed to install products.
branch
Locations on the master repository that allow you to store and distribute
different versions of selected updates.
check in, checking in
The process of adding files to the master repository.
clean, cleaning
An action taken by the scanner when it detects a virus, a Trojan horse or a
worm. The cleaning action can include removing the virus from a file and
restoring the file to usability; removing references to the virus from system
files, system .INI files, and the registry; ending the process generated by the
virus; deleting a macro or a Microsoft Visual Basic script that is infecting a file;
deleting a file if it is a Trojan horse or a worm; and renaming a file that cannot
be cleaned.
console tree
The contents of the Tree tab in the left pane of the ePolicy Orchestrator
console; it shows the items that are available in the console.
console tree item
The individual icons in the console tree of the ePolicy Orchestrator console.
59
®
VirusScan 8.6 for Mac User Guide
Glossary
Daemon
A program that runs constantly and exists to handle service requests the
computer system receives. The daemon program then forwards these
requests to other programs or processes.
DAT files
Virus definition files that allow the anti-virus software to recognize viruses
and related potentially unwanted code embedded in files.
EICAR
European Institute of Computer Anti-Virus Research. EICAR has developed
files that can be used to test the proper installation and operation of anti-virus
software.
deploy, deployment
The act of distributing and installing Setup programs to client computers
from a central location.
directory
In the console tree, the list of all computers to be managed via ePolicy
Orchestrator; the link to the primary interfaces for managing these
computers.
distributed software
repositories
A collection of web sites or computers located across the network in such a
way as to provide bandwidth-efficient access to client computers. Distributed
repositories store the files that client computers need to install supported
products and updates to these products.
enforce, enforcement
The act of applying predefined settings on client computers at predetermined
intervals.
ePolicy Orchestrator
agent
A program that performs background tasks on managed computers,
mediates all requests between the ePolicy Orchestrator server and the
anti-virus and security products on these computers, and reports back to the
server to indicate the status of these tasks.
ePolicy Orchestrator
console
The user interface of the ePolicy Orchestrator software that is used to
remotely control and monitor managed computers.
ePolicy Orchestrator
database
The database that stores all data received by the ePolicy Orchestrator server
from the ePolicy Orchestrator agent and all settings made on the server itself.
ePolicy Orchestrator
database server
The computer that hosts the ePolicy Orchestrator database. This can be the
same computer on which the ePolicy Orchestrator server is installed or a
separate computer.
ePolicy Orchestrator
remote console
The ePolicy Orchestrator user interface when it is installed on a separate
computer from the ePolicy Orchestrator server.
ePolicy Orchestrator
server
The back-end component of the ePolicy Orchestrator software.
error reporting utility
A utility specifically designed to track and log failures in the McAfee software
on your system. The information that is obtained can be used to help analyze
problems.
eUpdate
eUpdate allow you to update your DAT files and the virus-scanning engine. It
automatically checks daily for new updates when there is an Internet
connection.
events
Data exchanged during agent-server communication that includes
information about each managed computer (for example, hardware and
software) and its managed products (for example, specific policy settings and
the product version numbers).
60
®
VirusScan 8.6 for Mac User Guide
Glossary
Extra DAT files
Supplemental virus definition file that is created in response to an outbreak
of a new virus or a new variant of an existing virus.
Firewall
A program that acts as a filter between your computer and the network or
Internet. It can scan all traffic arriving at your computer (incoming traffic) and
all traffic sent by your computer (outgoing traffic). It scans traffic at the packet
level, and either blocks it or allows it, based on rules that you set up.
FTP
File Transfer Protocol. It is a common way to move files between two Internet
sites.
Global Administrator
A user account with read, write, and delete permissions, and rights to all
operations. Operations that affect the entire installation are reserved for use
only by global administrator user accounts.
group
In the console tree, a logical collection of entities assembled for ease of
management. Groups can contain other groups or computers, and can be
assigned IP address ranges or IP subnet masks to allow the sorting of
computers by IP address. If you create a group by importing a Windows NT
domain, you can automatically send the agent installation package to all
imported computers in the domain.
HTTP
HyperText Transfer Protocol. It is a protocol for moving files across the
Internet. It requires an HTTP client program on one end and an HTTP server
program on the other.
immediate event
forwarding
The act of immediately sending events of a specific severity or higher to the
ePolicy Orchestrator server once a predefined number of events are available.
This communication is done outside of other agent-server communication.
inactive agent
Any agent that has not communicated with the ePolicy Orchestrator server
within a specified time period.
inherit, inheritance
The act of applying the settings defined for an item within a hierarchy from
the item above it.
Joke program
A non-replicating program that may alarm or annoy users, but contains no
malware and does not do any actual harm to files or data.
Log/log file
A record of the activities of a component of McAfee anti-virus software. Log
files record the actions taken during an installation, or during scanning, or
updating tasks.
Lost&Found group
A group used to temporarily store computers whose appropriate location in
the Directory cannot be determined.
Macro
In some programs, like word-processing programs, a macro is a saved
sequence of commands that can be stored and then recalled with a single
command or keyboard stroke.
McAfee Virus
Information Library
The Virus Information Library (http://vil.nai.com/vil/default.aspx)
has detailed information about the origins of viruses, how they infect your
computer, and how to remove them. The site also contains information on
hoaxes.
On-Access scanner
The On-Access scanner continuously monitors all files in use to determine if
a virus or other potentially unwanted malware is present. It takes place
whenever a file is read from the disk, and/or written to the disk. Multiple
directories and volumes can be scanned.
61
®
VirusScan 8.6 for Mac User Guide
Glossary
On-Demand scanner
The On-Demand scanner allows you to initiate a scan at any time by dragging
and dropping selected files into the console or through a file open dialog box.
You can scan multiple files, directories, and volumes.
On-access scanning
A continuous examination of files in use to determine if a virus or other
malware is present. It can take place whenever a file is read from the disk,
and/or written to the disk. Multiple directories and volumes can be scanned.
On-demand scanning
A scheduled examination of selected files to determine if a virus or other
potentially unwanted code is present. It can take place immediately, at a
future scheduled time, or at regularly scheduled intervals.
policy
The configuration settings of managed products that are defined and
managed from ePolicy Orchestrator.
policy enforcement
interval
The time period during which the agent enforces the settings it has received
from the ePolicy Orchestrator server. Because these settings are enforced
locally, this interval does not require any bandwidth.
properties
Data exchanged during agent-server communication that includes
information about each managed computer (for example, hardware and
software) and its managed products (for example, specific policy settings and
the product version number).
Repository
The location that stores policy pages used to manage products.
scan task
A single scan event.
scan, scanning
An examination of files to determine if a virus or other potentially unwanted
code is present.
server events
Activity on the ePolicy Orchestrator server that is recorded by the Windows
Event Viewer. This information is not stored in the ePolicy Orchestrator
database, so is not available for reporting purposes.
silent installation
An installation method that installs a software package onto a computer
silently, without need for user intervention.
site
In the console tree, a logical collection of entities assembled for ease of
management. Sites can contain groups of computers, and can be organized
by IP address range, IP subnet mask, location, department, and others.
task
An activity (both one-time such as On-Demand scanning, and routine such as
updating) that is scheduled to occur at a specific time, or at specified intervals.
Compare to policy.
Trojan horse
A program that either pretends to have, or is described as having, a set of
useful or desirable features, but actually contains a damaging payload. Trojan
horses are not technically viruses, because they do not replicate.
upper details pane
In the console, the upper-right pane, which contains the Policies, Properties, and
Tasks tabs.
UTC time
Coordinated Universal Time (UTC). This refers to time on the zero or
Greenwich meridian.
62
®
VirusScan 8.6 for Mac User Guide
Glossary
VirusScan Console
The most common user interface for VirusScan. This console allows you to
configure the On-Demand scanner and the On-Access scanner, run
On-Demand scans, and start eUpdates.
VirusScan Schedule
Editor
Allows you to schedule additional virus definition and software updates.
Virus
A program containing malware that can alter or destroy files or programs that
is capable of replicating with little or no user intervention, and the replicated
program(s) also replicate further.
Worm
A virus that spreads by creating duplicates of itself on other drives, systems,
or networks. It does not attach itself to additional programs but can alter,
install, or destroy files and programs.
warning priority
The value that you assign each alert message for informational purposes.
Alert messages can be assigned a Critical, Major, Minor, Warning, or Informational
priority.
63
®
VirusScan 8.6 for Mac User Guide
Glossary
64
Index
A
creating 45
agent
On-Demand scanner
eUpdates
installing
standard installation 35
system requirement 33
audience 8
on-demand scanner
unscheduled 30
command line 36
silent installation 36
configuring 21
scheduling 29
introduction 6
evaluating McAfee products,
download website 11
on-demand scanning 42
G
P
General preferences
Avert Labs Threat Center 11
using 25
preferences
configuring 19
Avert Labs Threat Library 11
general troubleshooting information
B
glossary 59–63
automatically check for virus
definition updates 20
56
beta program website 11
check for virus-like
characteristics 22, 24
configuring 18
H
C
clear report 18
contacting McAfee 11
conventions 8
customer service, contacting 11
exclusion list 21
HotFix and Patch releases (for
products and security
vulnerabilities) 11
finding joke programs 22, 24
log results to file 20
removing macros 22, 24, 41, 42
I
scan apple mail 22, 24
installation
D
scan contents of archives and
compressed files 22, 24
testing 15
DAT
troubleshooting 55
updating 26
DAT file
specify location 45
DAT files
server settings 21
K
print report 18
KnowledgeBase search 11
product information, where to find 9
product upgrades 11
L
Avert Labs notification service
for updates 11
log file 57
professional services, McAfee
resources 11
updates, website 11
M
R
McAfee Virus Information Library
recurrence, scheduling 29
definition of terms (See Glossary)
delete virus 23, 25
download website 11
E
ePolicy Orchestrator
18
clearing 18
N
printing 18
adding NAP file 34
new policy options 39
8
VirusScan application 57
eUpdate 7, 40
configuring 26, 45
internal FTP server 27
configuring 48
adding report NAP file 34
S
check in 33
sample submission 10
notify of virus 23, 25
scanning
troubleshooting 55
O
error messages
reports
adding non-windows agent 34
editing policies 39
ePolicy Orchestrator manageability
saving 18
NAP files
create a new policy 39
server properties 46
report
menu bar 18
on-access scanner
configuring 23
introduction 7
using 26
on-access scanning 41
65
scheduling scans and eUpdates 43
Security Headquarters (See Avert
Labs)
security updates, DAT files and
engine 11
®
VirusScan 8.6 for Mac User Guide
Index
security vulnerabilities, releases for
11
server components 33
ServicePortal, technical support 11
setting policies
general 40
setting preferences 18
submit a sample, Avert Labs
WebImmune 11
T
task
deleting 45
editing 43
Technical Support 10
technical support, contacting 11
Threat Center (See Avert Labs)
threat library 11
title bar 17
tool bar 18
training, McAfee resources 11
U
uninstallation
ePO agent from Mac OS X 38
virex NAP from ePO server 37
updating 30
upgrade website 11
V
Virus Information Library (See Avert
Labs Threat Library)
VirusScan
console 6
features 6
schedule editor 7
software requirements 13
VirusScan schedule editor
using 28
VirusScan software
testing 15
uninstalling 15
W
WebImmune, Avert Labs Threat
Center 11
66
Copyright © 2007 McAfee, Inc. All Rights Reserved.
mcafee.com