McAfee DFFCDE-AA-DA - Endpoint Encryption For Files User manual

Type
User manual

This manual is also suitable for

McAfee Endpoint Encryption for Files and Folders
4.0.0
Product Guide
COPYRIGHT
Copyright © 2011 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form
or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE
EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN,
WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in
connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property
of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED,
WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH
TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS
THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET,
A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU
DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN
THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide2
Contents
Introducing McAfee Endpoint Encryption for Files and Folders. . . . . . . . . . . . . . . . . . . . . . . 5
Why EEFF?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
How EEFF 4.0 works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
EEFF Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
About this guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Installing EEFF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Installing EEFF using ePO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Checking in the EEFF deployment package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Installing EEFF extension. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Installing the ePO help extension. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Registering an LDAP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Deploying EEFF on managed nodes using ePO 4.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Deploying EEFF on managed systems using ePO 4.6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Uninstalling EEFF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Uninstalling EEFF from managed nodes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Uninstalling EEFF from managed nodes using ePO 4.6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Removing the EEFF extension. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Removing EEFF deployment package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Uninstalling EEFF from managed nodes using command prompt. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Uninstalling EEFF from managed nodes using Shell command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Uninstalling EEFF from managed nodes using MSI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Configuring EEFF policies using ePO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
EEFF Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Creating a policy from Policy Catalog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Editing the EEFF policy settings from Policy Catalog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Assigning policies to a system or a system group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Assigning a policy to a managed node. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Assigning a policy to a system group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Enforcing EEFF policies on a system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Enforcing EEFF policies on a system group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide
How Policy Assignment Rules work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Policy assignment rule priority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Working with policy assignment rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
How multi-slot policies work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Assigning multiple instances of Grant Key policy through System Tree. . . . . . . . . . . . . . . . . . . . . . . 25
Assigning Grant key policy through policy assignment rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Viewing effective policy assigned to systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Viewing effective policy assigned to users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Managing EEFF keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Creating a regular key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Activating or deactivating keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Assigning keys to a policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Editing a key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Deleting keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Exporting keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Importing keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
How user personal keys work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Working with user personal keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Managing EEFF Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Creating EEFF custom queries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Viewing the standard EEFF queries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Defining EEFF permission sets for ePO users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Creating permission sets for user accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Editing EEFF Policy Permissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Editing EEFF Key Server permissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Appendix A: Removable Media registry controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Relaxing the Removable Media definition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Exempt local drives and network shares from encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Appendix B: Best Practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide4
Contents
Introducing McAfee Endpoint Encryption for
Files and Folders
McAfee Endpoint Encryption for Files and Folders (EEFF) offers data protection in the form of
powerful encryption technology so that only authorized users can access information.
Contents
Why EEFF?
How EEFF 4.0 works
EEFF Features
System requirements
About this guide
Why EEFF?
EEFF offers enhanced security to protect your data. EEFF depends on Microsoft Windows user
accounts and works in real-time to authenticate user to access encryption keys and to retrieve
the correct policy in EEFF. A smart card implementation based on Windows logon can be used
for enhanced security.
Endpoint Encryption for Files and Folders allows you to define and protect information in a way
that only certain users can access it. This data is stored, managed, archived, and distributed
as any other file is, however, it can be viewed only by those who have been granted access.
Endpoint Encryption for Files and Folders is a Persistent Encryption engine: when a file has
been encrypted and has been moved or copied to another place, it remains encrypted. If a file
is moved out of an encrypted directory, it will also remain encrypted. Likewise, if an encrypted
file is moved to a memory stick – the encryption will remain in place.
EEFF integrates with McAfee ePolicy Orchestrator (ePO), which provides a single point of control
over all the data on the systems. EEFF with ePO supports both user-based and system-based
policies. Assigning these policies to users encrypts the data on the client as configured.
EEFF depends on Microsoft Windows credentials therefore, both registered domain users and
local system users can be assented encryption policies and associated keys.
How EEFF 4.0 works
EEFF encrypts folders and files according to policies assigned to the user. These policies are
enforced by the ePO server.
5McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide
The client software is installed on the client system. After the installation, the system synchronizes
with the ePO server and acquires the user data. EEFF then assigns encryption policies and keys
to the user as configured.
EEFF client acts like a filter between the application creating or editing the files and the storage
media. When a file is saved, EEFF filter executes the assigned encryption policies and encrypts
the data, if applicable. If the user manages to kill the main EEFF process on the client system,
EEFF encrypts folders and files according to policies assigned to the user. These policies are
enforced by the ePO server.
The client software is installed on the client system. After the installation, the system synchronizes
with the ePO server and acquires the user data. EEFF then assigns encryption policies and keys
to the user as configured.
The EEFF client acts like a filter between the application creating or editing the files and the
storage media. When a file is saved, the EEFF filter executes the assigned encryption policies
and encrypts the data, if applicable. If the user manages to kill the main EEFF process
(MfeffCore.exe) on the client system, attempting to deviate from the assigned encryption policy,
the process will be automatically regenerated. The automatic restart cannot be disabled.
When a file that is encrypted with key A is moved to a folder where files are encrypted with
key B, the file encrypted with key A will immediately be re-encrypted with key B. This behavior
is known as
follow-target-encryption
and requires that the user or process transferring the file
has access to both key A and key B. This operation takes place instantly when the file is placed
in the folder encrypted with key B.
EEFF Features
Centralized management Provides support for deploying and managing McAfee Endpoint
Encryption for Files and Folders using ePO 4.5 and 4.6.
Windows authentication based policy enforcement Assigns encryption policies and
keys to Windows user accounts.
Integration with the McAfee Tray icon - Consolidates the tray icons to one common
McAfee icon.
User Personal Keys - Allow users to have individual keys, generated centrally and possible
to assign in policies for encryption.
Protect data on Removable media — Provides support for removable media encryption.
Migration from EEFF v3.x to EEFF v4 - Provides support for migrating keys from EEFF
v3.x to EEFF v4 by importing them into ePO.
File Extension exclusion - Excludes the listed file types from encryption. For example,
MP3 and WAV files.
System requirements
System requirements
RequirementsSystems
See McAfee ePolicy Orchestrator 4.5 and 4.6 - Installation GuideePO Server Systems
Introducing McAfee Endpoint Encryption for Files and Folders
EEFF Features
McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide6
Software requirements
RequirementsSoftware (or package name)
McAfee management software ePO 4.5 (minimum patch 4) and 4.6
McAfee Agent for Windows 4.5 (minimum Patch 2) and 4.6
Endpoint Encryption for Files and Folders EEFF Extension
EEFF_4.0.0_xxx.ZIP
help_eeff_400.ZIP
MfeEEFF_Client_4.0.0.x.ZIP
See McAfee ePolicy Orchestrator 4.5 and 4.6 - Installation GuideMicrosoft “Windows Installer 3.0
Redistributable” package ( for ePO)
See McAfee ePolicy Orchestrator 4.5 and 4.6 - Installation GuideMicrosoft “.NET Framework 2.0
Redistributable” package ( for ePO)
See McAfee ePolicy Orchestrator 4.5 and 4.6 - Installation GuideMicrosoft MSXML 6 ( for ePO)
Operating system requirements
SoftwareSystems
See McAfee ePolicy Orchestrator 4.5 and 4.6 - Installation GuideePO Server Systems
Client Systems Microsoft Windows Vista (32-bit) SP 2
Microsoft Windows XP (32-bit) SP 3
Microsoft Windows 7 (32-bit and 64-bit) SP 0 and SP 1
About this guide
This guide provides information on detailed instructions for managing the McAfee Endpoint
Encryption for Files and Folders 4.0 client.
Target audience
This guide is mainly intended for McAfee Endpoint Encryption for Files and Folders users.
Introducing McAfee Endpoint Encryption for Files and Folders
About this guide
7McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide
Installing EEFF
This chapter describes how to install EEFF using McAfee ePolicy Orchestrator management
software version 4.5 and 4.6. To use this chapter effectively, you need to be familiar with ePO.
NOTE: This document does not provide detailed information about installing or using ePO. See
the McAfee ePolicy Orchestrator product documentation for more information.
Installing EEFF using ePO
The ePO server provides a scalable platform for centralized policy management and enforcement
of EEFF on the managed nodes. It also provides comprehensive reporting and product
deployment capabilities, all through a single point of control.
Tasks
Checking in the EEFF deployment package
Installing EEFF extension
Installing the ePO help extension
Registering an LDAP Server
Deploying EEFF on managed nodes using ePO 4.5
Deploying EEFF on managed systems using ePO 4.6
Checking in the EEFF deployment package
Use this task to check in the EEFF deployment package to the master repository.
Task
For option definitions, click ? in the interface.
1 Copy the MfeEEFF_Client_4.0.0.x archive to a temporary location of your ePO computer.
2 Log on to the ePO server as an administrator.
3 Click Menu | Software | Master Repository, then click Actions | Check In Package.
The Check In Package wizard appears.
4 In the Package page, select the Package type as Product or Update (.ZIP) and browse
in File path to locate MfeEEFF_Client_4.0.0.x saved in a temporary folder.
5 Click Next. The Package Options page appears with the package information.
6 Click Save.
McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide8
Installing EEFF extension
Use this task to install the EEFF extension. The extension file is in .ZIP format.
Task
For option definitions, click ? in the interface.
1 Copy the EEFF_4.0.0_xxx archive to a temporary location of your ePO computer.
2 Log on to the ePO server as an administrator.
3 Click Menu | Software | Extensions | Install Extension. The Install Extension dialog
box appears.
4 Click Browse to locate the extension file EEFF_4.0.0_xxx, then click OK. The Install
Extension page appears with the extension name and version details.
5 Click OK.
Installing the ePO help extension
You can install the ePO help extension separately on the ePO 4.5 and 4.6 server using the
Software tab. The Help extension is a .ZIP file.
Task
For option definitions, click ? in the interface.
1 Log on to the ePO server as an administrator.
2 Click Menu | Software | Extensions | Install Extension. The Install Extension dialog
box appears.
3 Click Browse, then select the extension file help_eeff_400.ZIP, then click OK. The
Install Extension page appears with the extension name and version details.
4 Click OK.
Registering an LDAP Server
Use this option to register an LDAP Server such as Microsoft Active Directory (AD). You must
have a registered Active Directory to use Policy Assignment Rules, to enable dynamically assigned
permission sets, and automatic user account creation.
Before you begin
Make sure you have the appropriate rights to modify server settings, permission sets, users,
and registered servers.
Task
For option definitions, click ? in the interface.
1 Log on to the ePO server as an administrator.
2 Click Menu | Configuration | Registered Servers, then click New Server. The
Registered Server Builder wizard opens.
3 From the Server type drop-down list on the Description page, select LDAP Server, specify
a unique name (a user friendly name) and any details, then click Next. The Details page
appears.
Installing EEFF
Installing EEFF using ePO
9McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide
4 Type the Domain name or the Server name.
NOTE: Use DNS-style domain name. While using DNS-style domain name, ensure that the
system is configured with appropriate DNS setting and can resolve the DNS-style domain
name of the Active Directory. The Server name is the name or IP address of the system
where the Windows Active Directory is present.
5 Type the User name and Password.
NOTE: The User name should be of the format: domain\Username of Active Directory
accounts.
6 Click Test Connection to ensure that the connection to the server works, then click Save.
Deploying EEFF on managed nodes using ePO 4.5
Use this task to deploy EEFF on the managed nodes. ePO allows you to create tasks to deploy
product on a single node, or on groups of the system tree.
Task
For option definitions, click ? in the interface.
1 Log on to the ePO server as an administrator.
2 Click Menu | Systems | System Tree | Client Tasks, select the required group in the
System Tree, then click Actions | New Task. The Client Task Builder wizard appears.
3 In the Description page, type a Name for the task, Notes (optional), select the Type as
Product Deployment, then click Next.
4 In the Configuration page, select Target Platforms as Windows, Products and
components as McAfee Endpoint Encryption for Files and Folders 4.0.0.0, Action
as Install. Select an appropriate Language, then click Next.
5 Schedule the task to run immediately or as required, then click Next to view a summary
of the task.
6 Review the summary of the task, then click Save. The task is added to the list of client
tasks for the selected group and any group that inherits the task.
7 Send an agent wake-up call.
Deploying EEFF on managed systems using ePO 4.6
Use this task to deploy EEFF to groups of managed systems in the System Tree.
Task
For option definitions, click ? in the interface.
1 Click Menu | Policy | Client Task Catalog , select McAfee Agent | Product
Deployment as Client Task Types, then click Actions | New Task . The New Task dialog
box appears.
2 Ensure that Product Deployment is selected, then click OK.
3 Type a name for the task you are creating and add any notes.
4 Select Target Platforms as Windows, Products and components as McAfee Endpoint
Encryption for Files and Folders 4.0.0.0, Action as Install. Select an appropriate
Language
Installing EEFF
Installing EEFF using ePO
McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide10
5 Next to Options, select if you want to run this task for every policy enforcement process
(Windows only) and click Save.
6 Click Menu | Systems | System Tree | Assigned Client Tasks, then select the required
group in the System Tree.
7 Select the Preset filter as Product Deployment (McAfee Agent).
Each assigned client task per selected category appears in the details pane.
8 Click Actions | New Client Task Assignment. The Client Task Assignment Builder wizard
appears.
9 On the Select Task page, select Product as McAfee Agent and Task Type as Product
Deployment, then select the task you created for deploying product.
10 Next to Tags, select the desired option, then click Next:
Send this task to all computers
Send this task to only computers that have the following criteria — Use one
of the edit links to configure the criteria.
11 On the Schedule page, select whether the schedule is enabled, and specify the schedule
details, then click Next.
12 Review the summary, then click Save.
Installing EEFF
Installing EEFF using ePO
11McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide
Uninstalling EEFF
This chapter describes how to uninstall EEFF from managed nodes and ePO server.
Contents
Uninstalling EEFF from managed nodes
Uninstalling EEFF from managed nodes using ePO 4.6
Removing the EEFF extension
Removing EEFF deployment package
Uninstalling EEFF from managed nodes using command prompt
Uninstalling EEFF from managed nodes
Use this task to uninstall EEFF from managed nodes.
Task
For option definitions, click ? in the interface.
1 Log on to the ePO server as an administrator.
2 Click Menu | Systems | System Tree | Client Tasks, select the required group in the
System Tree, then click Actions | New Task. The Client Task Builder wizard appears.
3 In the Description page, type a Name for the task, Notes (optional), select the Type as
Product Deployment, then click Next.
4 In the Configuration page, select Target Platforms as Windows, Products and
components as McAfee Endpoint Encryption for Files and Folders 4.0.0.0, Action
as Remove. Select an appropriate Language, then click Next.
5 Schedule the task to run immediately or as required, then click Next to view a summary
of the task.
6 Review the summary of the task, then click Save.
7 Send an agent wake-up call.
Uninstalling EEFF from managed nodes using ePO
4.6
Use this task to unistall EEFF from managed systems in the System Tree.
McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide12
Task
For option definitions, click ? in the interface.
1 Click Menu | Policy | Client Task Catalog , select McAfee Agent | Product
Deployment as Client Task Types, then click Actions | New Task . The New Task dialog
box appears.
2 Ensure that Product Deployment is selected, then click OK.
3 Type a name for the task you are creating and add any notes.
4 Select Target Platforms as Windows, Products and components as McAfee Endpoint
Encryption for Files and Folders 4.0.0.0, Action as Remove. Select an appropriate
Language
5 Next to Options, select if you want to run this task for every policy enforcement process
(Windows only) and click Save.
6 Click Menu | Systems | System Tree | Assigned Client Tasks, then select the required
group in the System Tree.
7 Select the Preset filter as Product Deployment (McAfee Agent).
Each assigned client task per selected category appears in the details pane.
8 Click Actions | New Client Task Assignment. The Client Task Assignment Builder wizard
appears.
9 On the Select Task page, select Product as McAfee Agent and Task Type as Product
Deployment, then select the task you created for uninstalling EEFF from managed nodes.
10 Next to Tags, select the desired option, then click Next:
Send this task to all computers
Send this task to only computers that have the following criteria — Use one
of the edit links to configure the criteria.
11 On the Schedule page, select whether the schedule is enabled, and specify the schedule
details, then click Next.
12 Review the summary, then click Save.
Removing the EEFF extension
Use this task to remove the EEFF extension from the ePO server.
Task
For option definitions, click ? in the interface.
1 Log on to the ePO server as an administrator.
2 Click Menu | Software | Extensions. The Extension page appears with the extension
name and version details.
3 Select the Endpoint Encryption for Files and Folders extension file, then click Remove.
The Remove extension confirmation page appears.
4 Select Force removal, bypassing any checks or errors to force product extension
removal, then click OK.
Uninstalling EEFF
Removing the EEFF extension
13McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide
Removing EEFF deployment package
Use this task to remove the EEFF deployment package from the ePO.
Task
For option definitions, click ? in the interface.
1 Log on to the ePO server as an administrator.
2 Click Menu | Software | Master Repository. The Packages in Master Repository page
appears with the list of software packages and their details.
3 Click Delete next to EEFF package. The Delete package confirmation page appears.
4 Click OK on the Delete Package page.
Uninstalling EEFF from managed nodes using
command prompt
Use these tasks to uninstall EEFF from managed nodes using command prompt.
Uninstalling EEFF from managed nodes using Shell command
Use this task to uninstall EEFF from a managed node using MfeFfShell command.
Before you begin
You should have administrator rights to run this command on the managed node.
Task
For option definitions, click ? in the interface.
1 On the command prompt navigate to the folder where EEFF was installed.
NOTE: By default, EEFF is installed in
[SYSDRIVE]:\Program Files\McAfee\Endpoint Encryption for Files and Folders
2 Run the following command MfeFfShell.com-force_uninstall. You will be prompted to
restart the system after uninstallation.
Uninstalling EEFF from managed nodes using MSI
Use this task to uninstall EEFF from a managed node using MSI.
Before you begin
You should have administrator rights to run this command on the managed node.
Task
For option definitions, click ? in the interface.
Uninstalling EEFF
Removing EEFF deployment package
McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide14
1 On the command prompt navigate to the folder where EEFF was installed.
NOTE: By default, EEFF is installed in
[LOCAL APPDATA]\McAfee\Common Framework\Current/EEFF____4000\Install\0000
[LOCAL APPDATA] specifies:
C:\Document and Settings\All Users in Windows XP and Windows 2003
C:\ProgramData in Windows Vista, Windows 2008, and Windows 7
2 Run the following commands to uninstall EEFF. You will be prompted to restart the system
after uninstallation.
1
msiexec /q /norestart /I eeff[XX].msi
2
msiexec /q /x eeff[XX].msi
[XX] — 32 for 32-bit Operating System and 64 for 64-bit Operating System
Uninstalling EEFF
Uninstalling EEFF from managed nodes using command prompt
15McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide
Configuring EEFF policies using ePO
A policy is a collection of settings that you create, configure, then enforce. Policies ensure that
the managed security software products are configured and perform accordingly.
Some policy settings are the same as the settings you configure in the interface of the product
installed on the managed system. Other policy settings are the primary interface for configuring
the product or component. The ePO console allows you to configure policy settings for all
products and systems from a central location.
How policy enforcement is set
For each managed product or component, choose whether the agent enforces all or none of
its policy selections for that product or component.
From the Assigned Policies page, choose whether to enforce policies for products or components
on the selected group.
In the Policy Catalog page, you can view policy assignments, where they are applied, and if
they are enforced. You can also lock policy enforcement to prevent changes to enforcement
below the locked node.
Contents
EEFF Policies
Creating a policy from Policy Catalog
Editing the EEFF policy settings from Policy Catalog
Enforcing EEFF policies on a system
Enforcing EEFF policies on a system group
How Policy Assignment Rules work
EEFF Policies
Policy settings for EEFF are grouped by category. Each policy category refers to a specific subset
of policy settings. Policies are created and displayed by product and category.
Policy categories
DescriptionCategory
General Explorer Integration — Specifies the context menu options available to a
user on the client system.
Allow Explicit Encrypt — Enables the Encrypt option for client system
users. Default value is disabled.
Allow Explicit Decrypt — Enables the Decrypt option for client system
users. Default value is disabled.
McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide16
DescriptionCategory
Enable padlock icon visibility — Displays a padlock icon on encrypted
objects. Default value is enabled.
Enable search encrypted Enables Search encrypted option for client
system users. Default value is disabled.
Allow creation of Self-Extractors – Enables users to manually create
encrypted Self-Extractors for files and folders. Self-Extractor are
password-protected executable files that can be decrypted on non-EEFF
client systems. Default value is enabled.
Email Integration — Specifies the context menu options available to a user
on the client system.
Enable sending of encrypted email attachments – Enables managed
node users to send encrypted email attachments, either for internal
recipients (SBA attachment) or for external recipients (Self-Extractor CAB
files). Default value is disabled.
Click Add to specify folder(s) to be encrypted.Folder Encryption
Path — Specifies the path of the folder to be encrypted.
Specify the path of the folder by selecting from the list or typing it in the text
box.
Key Specifies the encryption key which will be assigned to the policy. Browse
to select the key.
Click Add to specify file extension(s) to be encrypted.File Encryption
Process name — Specifies the process name of the application creating the
files to be encrypted.
Extensions Specifies the file extensions to be encrypted that are supported
by the process. Multiple file extensions can be specified using a space,
semi-colon, or colon as separators.
Key Specifies the encryption key which will be assigned to the policy. Browse
to select the key.
Removable Media Encryption Method Specifies methods used to encrypt a removable media.
Use no removable media encryption — Does not encrypt files on
removable media. Default value is disabled.
NOTE: The context menu options on the client system will be enabled.
Use regular encryption Encrypts files and folders on removable media
with the specified key. Browse to select the key. Default value is disabled.
NOTE: The context menu options on the client system will be disabled if
Decrypt option is selected.
Ignore existing content — Does not encrypt existing files on
removable media.
Use McAfee Endpoint Encryption for Removable Media — Specifies
options to encrypt removable media.
Protected area — Specifies the options to configure encrypted area
on a removable media
Entire device — Encrypts the entire removable media.
Percentage of total capacity Encrypts a specified percentage
of the removable media. The remaining percentage of the device
can be used without authentication. Default value is 50%.
Percentage of free space — Encrypts a specified percentage of
the free space on the removable media. Default value is 100%.
Recovery Methods — Specifies methods used to recover the EERM
encrypted removable media.
Configuring EEFF policies using ePO
EEFF Policies
17McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide
DescriptionCategory
Use recovery key — Specifies the Regular or User Personal key
that can be used to recover the encrypted removable media.
Allow recovery password — Enables user to specify a password
during initialization that can be used to recover the encrypted
removable media.
Allows user questions — Enables user to specify five questions
during initialization that can be used to recover the encrypted
removable media. To recover the device, user must answer at least
four questions correctly.
Allow user certification — Enables user to attach a Windows
certificate during initialization that can be used to recover the
encrypted removable media.
Options — Specifies general encryption options for the removable
media
Exclude devices larger than — Disables encryption of devices
whose size is larger than the specified value. Default value is 8192
MB.
Make unprotected files and folders read-only (when used
with EEFF) Does not allow user to modify unprotected files and
folders on the device when used on a system with EEFF client.
Floppy Disk Drives Specifies encryption options for floppy disk drives.
Make floppy disk drives Read-Only Does not allow user to modify
files and folders on floppy disk drives.
Exempt device IDs — Does not update the specified devices with the
changes in encryption policies.
Add — Adds the ID of the device that will not be updated with the
changes in encryption policies.
Remove — Removes device ID from exemption list.
Edit — Edits the ID of the device that will not be updated with the
changes in encryption policies.
CD/DVD Encryption None Selected — Does not encrypt while burning files and folders to a CD or
DVD. User can encrypt or decrypt files or folders using the context menu on
the client system, if required.
Enforce encryption on CD/DVD write operations — Encrypts files and
folders while burning it to a CD or DVD with the selected key. If Decrypt key
is selected, Encrypt and Decrypt options in the context menu is disabled on
the client system.
Do not allow writing to CDs and DVDs (make CD/DVD read-only)
Does not allow user to write any files or folders on CD or DVD.
Encryption Options Encryption Options
Preserve file times — Does not change the file modified and accessed
time on encryption or decryption.
Require authentication for listing of encrypted folders — Blocks
unauthorized users from browsing encrypted folders.
If the key used to encrypt a folder is not assigned to the user, then the
user cannot view the content of that folder if EEFF is installed. If the key
is assigned to the user, then the user can view the content of folders
encrypted with that key.
Use wiping when encrypting and deleting files Uses a secure delete
algorithm when encrypting files to ensure that no trace of the plaintext
data remains on the client system.
NOTE: File wiping may slow down encrypted file operations due to the
additional disk operations required.
Configuring EEFF policies using ePO
EEFF Policies
McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide18
DescriptionCategory
Enable limiting of the file size that will be encrypted — Encrypts
only if the file size is less than the specified limit. Default value is 20 MB.
NOTE: This is applicable only if the folder is encrypted using Folder
Encryption policy.
I/O Utilization
Maximum I/O utilization Specifies the percentage of I/O usage EEFF
processes can utilize during encryption.
Blocked Processes — Blocks the specified processes from opening or editing
encrypted files. EEFF blocks a process by withholding the keys required to
decrypt the files.
Add — Adds the process using which the user can not open or edit
encrypted files.
Remove — Removes the process using which the user can not open or
edit encrypted files.
Edit — Edits the process using which the user can not open or edit
encrypted files.
Key Request Exclusion Enables the process such as anti-virus to exclude
encrypted files if it does not have access to the required encryption key.
NOTE: All the keys assigned to the user through policy are unloaded every time
the user logs off.
Add — Adds the process that will be excluded.
Remove — Removes the process from exclusion list.
Edit — Edits the process that will be excluded.
File Extension Exclusion — Excludes the specified file extension from
encryption.
Add — Adds the file extension that will be excluded.
Remove — Removes file extension from exclusion list.
Edit — Edits file extension that will be excluded.
Grant Keys
(Multi-slot policy)
Available Keys — Lists all the active keys, which includes regular, and user
personal keys.
Selected Keys — Specifies the keys which the policy grants when assigned
to users.
Network Enable network encryption — Enables encryption of files on network
locations.
Enable network bandwidth limit — Limits the network bandwidth used by
EEFF when encrypting files on network locations. Default value is 50 KB/sec.
Disable encryption on slow connections — Does not encrypt files on
network locations if the network latency is above the specified limit. Default
value is 500 milliseconds.
NOTE: This option is applicable only if the file is being encrypted through policy
enforcement.
Maximum clients allowed to encrypt folders — Specifies the maximum
number of users who can simultaneously encrypt folders on a network.
NOTE: This option is applicable only if the file is being encrypted through policy
enforcement.
Configuring EEFF policies using ePO
EEFF Policies
19McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide
DescriptionCategory
Allow user local keys Allows users to create local keys on a client system using
EEFF client. These user local keys can be shared among users using the Export
and Import options in EEFF client.
User Local Keys Options
Recovery Key — Specifies a Regular or a User Personal Key which can be
used to recover user local keys.
Allow user local key generation — Allows users to create local keys on a
client system using EEFF client.
Allow export of user local keys — Allows users to export local keys from a
client system using EEFF client.
Allow import of user local keys — Allows users to import local keys to a
client system using EEFF client.
Allow deletion of user local keys — Allows users to delete local keys from
a client system using EEFF client.
Automatically create a user local key — Creates a default user local key
when a new user logs on to the client system.
Creating a policy from Policy Catalog
Use this task to create a new policy from the Policy Catalog. By default, policies created using
Policy Catalog are not assigned to any groups or systems. When you create a policy, you are
adding a custom policy to the Policy Catalog.
You can create policies before or after the EEFF software is deployed.
Task
For option definitions, click ? in the interface.
1 Click Menu | Policy | Policy Catalog, then select the Product as Endpoint Encryption
for Files and Folders 4.0.0.0 and a policy Category from the drop-down lists. All created
policies for the selected category appear in the details pane.
2 Click Actions | New Policy. The Create New Policy dialog box appears.
3 Select the policy you want to duplicate from the Create a policy based on this existing
policy drop-down list.
4 Type a name for the new policy and click OK. The Policy Settings wizard opens.
5 Edit the policy settings on each tab as needed.
6 Click Save.
Editing the EEFF policy settings from Policy Catalog
Use this task to modify the EEFF policy settings. Your user account must have appropriate
permissions to edit EEFF policy settings.
Task
For option definitions, click ? in the interface.
1 Click Menu | Policy | Policy Catalog, then select Endpoint Encryption for Files and
Folders from the Product drop-down list.
Configuring EEFF policies using ePO
Creating a policy from Policy Catalog
McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide20
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44

McAfee DFFCDE-AA-DA - Endpoint Encryption For Files User manual

Type
User manual
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI