McAfee MANAGEMENT EDITION 2.5 Administrator's Manual

Management Edition

Administrator’s Guide

Version 2.5

COPYRIGHT

this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or

translated into any language in any form or by any means without the written permission of

Networks Associates Technology, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONS

* ActiveHelp, Bomb Shelter, Building a World of Trust, CipherLink, Clean-Up, Cloaking, CNX,

Compass 7, CyberCop, CyberMedia, Data Security Letter, Discover, Distributed Sniffer System, Dr

Solomon’s, Enterprise Secure Cast, First Aid, ForceField, Gauntlet, GMT, GroupShield, HelpDesk,

Hunter, ISDN Tel/Scope, LM 1, LANGuru, Leading Help Desk Technology, Magic Solutions,

MagicSpy, MagicTree, Magic University, MagicWin, MagicWord, McAfee, McAfee Associates,

MoneyMagic, More Power To You, Multimedia Cloaking, NetCrypto, NetOctopus, NetRoom,

NetScan, Net Shield, NetShield, NetStalker, Net Tools, Network Associates, Network General, Network

Uptime!, NetXRay, Nuts & Bolts, PC Medic, PCNotary, PGP, PGP (Pretty Good Privacy),

PocketScope, Pop-Up, PowerTelnet, Pretty Good Privacy, PrimeSupport, RecoverKey,

RecoverKey-International, ReportMagic, RingFence, Router PM, Safe & Sound, SalesMagic,

SecureCast, Service Level Manager, ServiceMagic, Site Meter, Sniffer, SniffMaster, SniffNet, Stalker,

Statistical Information Retrieval (SIR), SupportMagic, Switch PM, TeleSniffer, TIS, TMach, TMeg,

Total Network Security, Total Network Visibility, Total Service Desk, Total Virus Defense, T-POD,

Trusted Mach, Trusted Mail, Uninstaller, Virex, Virex-PC, Virus Forum, ViruScan, VirusScan,

VShield, WebScan, WebShield, WebSniffer, WebStalker WebWall, and ZAC 2000 are registered

trademarks of Network Associates and/or its affiliates in the US and/or other countries. All

other registered and unregistered trademarks in this document are the sole property of their

respective owners.

LICENSE AGREEMENT

NOTICE TO ALL USERS: FOR THE SPECIFIC TERMS OF YOUR LICENSE TO USE THE

SOFTWARE THAT THIS DOCUMENTATION DESCRIBES, CONSULT THE README.1ST,

LICENSE.TXT, OR OTHER LICENSE DOCUMENT THAT ACCOMPANIES YOUR

SOFTWARE, EITHER AS A TEXT FILE OR AS PART OF THE SOFTWARE PACKAGING. IF

YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH THEREIN, DO NOT INSTALL

THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO THE PLACE OF

PURCHASE FOR A FULL REFUND.

Issued September 1999/Management Edition v2.5.0

Administrator’s Guide iii

Table of Contents

Chapter 1. Introducing the Management Edition Program . . . . . . . . . . 11

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

What is the Management Edition program? . . . . . . . . . . . . . . . . . . . . . . . . . . .11

How does the Management Edition program work? . . . . . . . . . . . . . . . . . . . .11

What comes with the Management Edition program? . . . . . . . . . . . . . . . . . .13

Management Edition program features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

New functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Seamlessly interactive management tools . . . . . . . . . . . . . . . . . . . . . . .17

Automated software distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Real-time virus detection and notification . . . . . . . . . . . . . . . . . . . . . . . .18

Conventions used in this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

How to contact Network Associates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Customer service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Technical support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Network Associates training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Comments and feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Reporting new items for anti-virus data file updates . . . . . . . . . . . . . . .21

International contact information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

Chapter 2. Installing the Management Edition Program . . . . . . . . . . . . 25

System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Hardware recommended . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Software supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Defining anti-virus domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Installing the Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Installation scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Installation steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Running the Management Console (initial use) . . . . . . . . . . . . . . . . . . . . . . . .36

Installing the master repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36

Installing anti-virus components in the Repository . . . . . . . . . . . . . . . .42

Understanding the Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

Upgrading the Management Edition program . . . . . . . . . . . . . . . . . . . . . . . . .62

Table of Contents

iv Management Edition

Chapter 3. Creating Anti-virus Domains . . . . . . . . . . . . . . . . . . . . . . . . . 63

Preparing member machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Determining initial setup of machines . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Finding machines in the network view . . . . . . . . . . . . . . . . . . . . . . . . . . .66

Preparing machines with peer networking . . . . . . . . . . . . . . . . . . . . . . . . . . . .68

Windows NT machines (trust relationships) . . . . . . . . . . . . . . . . . . . . . .68

Windows 95 and Windows 98 machines (user-level access) . . . . . . . . .70

Windows 95 and Windows 98 machines (share-level access) . . . . . . . .72

Windows for Workgroups 3.11 machines . . . . . . . . . . . . . . . . . . . . . . . .74

Preparing machines without peer networking . . . . . . . . . . . . . . . . . . . . . . . . .75

Windows 3.1 machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76

Windows NT, Windows 95, or Windows 98 machines . . . . . . . . . . . . . .79

Automating setup via NetWare login scripts . . . . . . . . . . . . . . . . . . . . . .81

Preparing NetWare servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

SECURE CONSOLE command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

AUTOEXEC.NCF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

Installation method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

Checking rights for Microsoft network domain members . . . . . . . . . . . . . . .84

Assigning a Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85

Adding member machines to an anti-virus domain . . . . . . . . . . . . . . . . . . . .87

Using the drag-and-drop method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Using the Discover method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89

Choosing your anti-virus software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

Selecting anti-virus domain components . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92

Adding or removing components for all anti-virus domains . . . . . . . . .93

Adding or removing components for non-standard machines . . . . . . .95

Chapter 4. Creating Schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Scheduling scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97

Scheduling similar scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103

Running on-demand scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Viewing results of on-demand scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107

Administrator’s Guide v

Table of Contents

Checking virus scan status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108

Acknowledging virus scan status . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109

Rescanning the machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

Viewing the virus scan status report . . . . . . . . . . . . . . . . . . . . . . . . . . .111

Refreshing the display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115

Setting a warning period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117

Logging scheduled events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118

Enabling logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118

Filtering the log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118

Refreshing the log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119

Saving the log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120

Changing the log appearance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121

Chapter 5. Updating Your Anti-virus Software . . . . . . . . . . . . . . . . . . . 123

Installing .DAT and program file updates . . . . . . . . . . . . . . . . . . . . . . . . . . . .123

Installing extra .DAT files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126

Installing .DAT updates and .ZIP files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129

Installing script, extension .DLL, or setup file updates . . . . . . . . . . . . . . . .132

Forcing updates of invalid external mirrors . . . . . . . . . . . . . . . . . . . . . . . . . .133

Changing anti-virus software versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134

Changing the version for all anti-virus domains . . . . . . . . . . . . . . . . . .134

Changing the version for individual domains . . . . . . . . . . . . . . . . . . . .135

Changing the version for individual machines . . . . . . . . . . . . . . . . . . .135

Viewing component properties in the Repository . . . . . . . . . . . . . . . . . . . . .136

Removing old versions from the Repository . . . . . . . . . . . . . . . . . . . . . . . . .137

Marking shares as null session shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138

Choosing an update method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139

Using the Push On Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139

Using the Pull Off Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140

Using the Batch Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141

Globally applying configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153

Configuring reboot options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153

Configuring custom update message options . . . . . . . . . . . . . . . . . . . . . . . .155

Configuring custom tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157

Table of Contents

vi Management Edition

Chapter 6. Using the Alert Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Enabling centralized alerting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161

Enabling centralized alerting for the NetShield program . . . . . . . . . . .161

Enabling centralized alerting for the VirusScan program . . . . . . . . . .162

Configuring alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165

Viewing the Summary page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166

Forwarding an alert to a networked computer . . . . . . . . . . . . . . . . . . .167

Sending an alert as a network message . . . . . . . . . . . . . . . . . . . . . . . .170

Sending an alert as an SMTP e-mail message . . . . . . . . . . . . . . . . . . .173

Sending an alert to a pager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176

Sending an alert to a network printer . . . . . . . . . . . . . . . . . . . . . . . . . . .180

Sending an alert as an SNMP network message . . . . . . . . . . . . . . . . . .183

Sending an alert to a DMI console . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186

Launching a program on alert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188

Sending an alert as an audible .WAV file . . . . . . . . . . . . . . . . . . . . . . . .190

Logging alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192

Chapter 7. Configuring Complex Domains . . . . . . . . . . . . . . . . . . . . . . 195

Designing anti-virus domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195

Single office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196

Multiple office, one site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196

Multiple site, one country . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197

Multiple site, international . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197

Adding anti-virus domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198

Moving machines between anti-virus domains . . . . . . . . . . . . . . . . . . . . . . .199

Deleting machines from anti-virus domains . . . . . . . . . . . . . . . . . . . . . . . . .200

Deleting anti-virus domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202

Renaming anti-virus domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203

Adding hidden machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204

Adding multiple hidden machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206

Formatting imported browse lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207

Importing browse lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210

Viewing machine properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211

Organizing machines in an anti-virus domain . . . . . . . . . . . . . . . . . . . . . . . .212

Administrator’s Guide vii

Table of Contents

Chapter 8. Using Mirror and Linked Repositories . . . . . . . . . . . . . . . . 213

Creating mirror repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213

Creating Windows NT mirrors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215

Creating NetWare mirrors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219

Assigning different repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221

Configuring mirror repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222

Configuring Windows NT mirrors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222

Configuring NetWare mirrors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223

Manually logging in to the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227

Promoting mirror repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229

Granting access rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229

Configuring access to Windows NT mirrors . . . . . . . . . . . . . . . . . . . . .229

Configuring access to NetWare mirrors . . . . . . . . . . . . . . . . . . . . . . . .234

Reducing WAN traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235

Using linked repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237

Linking repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238

Listing the Repository contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239

Filtering the report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239

Formatting the Repository report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241

Reporting on the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242

Formatting the Installation Log report . . . . . . . . . . . . . . . . . . . . . . . . . .243

Chapter 9. Advanced Configuration and Troubleshooting . . . . . . . . . 245

Managing domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245

Managing machines in a non-trusted Windows NT domain . . . . . . . .245

Changing the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246

Running Management Console from another workstation . . . . . . . . .248

Securing anti-virus domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249

Collecting diagnostic information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252

Viewing items in the console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253

Discovering machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253

Viewing machine comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254

Expanding and collapsing the member machines view . . . . . . . . . . .255

Removing managed machines from the network view . . . . . . . . . . . . .255

Finding machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255

Refreshing the Name Provider view . . . . . . . . . . . . . . . . . . . . . . . . . . . .257

Table of Contents

viii Management Edition

Installing components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .258

Diagnosing installation problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .258

Submitting batch updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259

Installing anti-virus components to different directories . . . . . . . . . . .261

Customizing installation options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263

Removing the Management Edition program . . . . . . . . . . . . . . . . . . . .264

Changing machine configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266

Making machines non-standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266

Making non-standard machines standard . . . . . . . . . . . . . . . . . . . . . . .268

Recovering deleted items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268

Recovering deleted machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268

Recovering the Name Provider database . . . . . . . . . . . . . . . . . . . . . . .269

Appendix A. Using the AUTOINST Utility . . . . . . . . . . . . . . . . . . . . . . . 271

Appendix B. Using MCScript to Update Your Script Files . . . . . . . . . . 273

Determining when to edit your MCSCRIPT.INI files . . . . . . . . . . . . . . . . . . . .273

Defining MCScript files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273

Specifying [ID] keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .275

Specifying [Inclusions] keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277

Specifying [ExcludedComponents] keys . . . . . . . . . . . . . . . . . . . . . . . .277

Specifying [ParentComponents] keys . . . . . . . . . . . . . . . . . . . . . . . . . .278

Specifying [ExtensionDLLs] keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278

Specifying [Commands] keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279

Editing MCScript files for versions or languages . . . . . . . . . . . . . . . . . . . . .281

Understanding MCScript commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282

File system commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282

Program Manager commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284

Private profile commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286

Miscellaneous commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288

Registry commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293

Service control commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .295

Flow control statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296

NetWare file manipulation commands . . . . . . . . . . . . . . . . . . . . . . . . . .297

NetWare operating system commands . . . . . . . . . . . . . . . . . . . . . . . . .298

NetWare miscellaneous commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .298

Administrator’s Guide ix

Table of Contents

Understanding Management Edition macros . . . . . . . . . . . . . . . . . . . . . . . . .299

Directory macros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299

File transfer macros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299

Miscellaneous macros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300

Embedding AutoRepo scriptlets in MCSCRIPT.INI . . . . . . . . . . . . . . . . . . . .300

Understanding AutoRepo commands . . . . . . . . . . . . . . . . . . . . . . . . . .301

Getting support for customized scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302

Appendix C. Network Associates Support Services . . . . . . . . . . . . . . 303

Adding value to your Network Associates product . . . . . . . . . . . . . . . . . . . .303

PrimeSupport options for corporate customers . . . . . . . . . . . . . . . . . .303

Ordering a corporate PrimeSupport plan . . . . . . . . . . . . . . . . . . . . . . .306

PrimeSupport options for home users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .308

How to reach international home user support . . . . . . . . . . . . . . . . . . .309

Ordering a PrimeSupport plan for home users . . . . . . . . . . . . . . . . . . .310

Network Associates consulting and training . . . . . . . . . . . . . . . . . . . . . . . . .311

Professional Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .311

Total Education Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .312

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

Table of Contents

x Management Edition

1

Administrator’s Guide 11

1

Introducing the Management

Edition Program

Introduction

As a network administrator, your time is valuable. You’re responsible for

maintaining your corporate network at its optimum. The Management Edition

program solves your need for timely, efficient, and cost-effective

enterprise-wide anti-virus software distribution. With it, you can seamlessly

install, configure, and manage anti-virus software for remote networked

machines within anti-virus domains that you create.

What is the Management Edition program?

The Management Edition program is Network Associates* real-time software

distribution system, which installs, configures, upgrades, and removes

anti-virus software for remote machines on a network. The Management

Edition software helps protect your network from attacks by enabling

centralized upgrading of your network’s anti-virus software, as well as

centralized alerting of detected attacks. It reduces the time you must spend

installing and managing anti-virus software, particularly on large networks,

ensuring uninterrupted network security.

The Management Edition software helps you safeguard one of your most

important assets—your data—by delivering timely upgrades of VirusScan*

(for Windows95, Windows98, WindowsNT, and Windows3.1x) and

NetShield* for Windows NT. Anti-virus software distribution is an important

element in a comprehensive security program that includes a variety of safety

measures, such as regular use of encryption and intrusion detection software,

backups, meaningful password protection, training, and security awareness.

Network Associates urges you to set up and comply with such a security

program.

How does the Management Edition program work?

The Management Edition program installs software to member machines in

the anti-virus domains that you create, from software repositories (master,

mirror, and linked) that you create. You control these activities from the

Management Console, a drag-and-drop application that runs on Microsoft

Windows NT.

Introducing the Management Edition Program

12 Management Edition

You can install the Management Edition program on the local hard disk drive

of the administrator’s workstation. You will need a Microsoft Windows NT

Domain Administrator account.

NOTE: You must install the Management Console and the Management

Server only on a Windows NT system. (The Management Console runs

only on Windows NT 4.0, and the Management Server runs on Windows

NT 3.51 or later.) Both applications, however, handle all tasks in the same

way across all Management Agent workstation platforms (Windows NT,

Windows 95, Windows 98, Windows 3.x, and Novell NetWare 3.12 or

later), which means less time spent learning new systems.

Most of the program’s functionality is built into these integrated services:

• Management Console.

Use the Management Console to configure and

install anti-virus software on any machines in the anti-virus domain. For

details, see Chapter 3, “Creating Anti-virus Domains” and Chapter 5,

“Updating Your Anti-virus Software.”

• Management Server. Use the Management Server to coordinate the

scheduling of scans, receive alerts, and generate reports for the entire

anti-virus domain. For details, see Chapter 4, “Creating Schedules.”

• Management Agent. Use the Management Agent to initiate on-demand

scans via the Scheduler, and to send virus alerts from on-demand and

on-access scans back to the Management Server. For details, see Chapter

4, “Creating Schedules.”

• Alert Manager. Use the Alert Manager to configure alert notification

settings. When the anti-virus software managed by the Management

Edition program detects malicious activity on your servers, you can be

notified immediately by one or more of a wide variety of notification

methods. For details, see Chapter 6, “Using the Alert Manager.”

These services work together to provide easy management of machines in

your anti-virus domain. Each service is configurable through a console. To

access the Alert Manager settings from the Management Console, click

Anti-Virus Domain(s)

, an individual domain, a members group, or an

individual machine, and then click the

Component Configuration

toolbar button.

Administrator’s Guide 13

Introducing the Management Edition Program

What comes with the Management Edition

program?

The Management Edition program consists of several component sets that

combine one or more related programs, each of which play a part in defending

your computer against viruses and other malicious software. The component

sets are:

• Management Console. This component gives you exceptional control over

your anti-virus software distribution and scanning operations. You can

specify one of three methods for updating member machines. You can also

initiate a scan operation at any time (a feature known as “on-demand”

scanning), configure continuous on-access scanning to monitor network

traffic, choose how your anti-virus software will respond to any infections

it finds, and see reports on its actions.

• Management Components. This set consists of the Management Agent,

Scheduler, Response Manager (which runs in the background and is not

configurable), Update Agent, and Update Manager.

• Management Agent. This component helps you manage the member

machines. It is installed automatically on the Management Server and on

all the machines in the anti-virus domain when you apply a configuration.

The Management Agent receives an instruction from the Scheduler to start

an on-demand scan, and sends virus alerts from on-demand and on-access

scans back to the Management Server.

• Scheduler. This component lets you schedule an on-demand scan to occur

at a specific time. It then sends a command to all selected member machines

that are running, telling them to scan themselves using their on-demand

scanner. The Scheduler can schedule scans for a single machine, a group of

machines or all machines within the anti-virus domain. Do not confuse this

with the local Scheduler, which can only schedule scans for the individual

machine on which it is present. See Chapter 4, “Creating Schedules,” for

details.

• Update Agent. This component processes changes to the configuration of

installed components. The Management Console automatically produces a

script to control these changes, and to control component installation and

uninstallation. The Update Agent then processes this script. Unlike the

other components, which run in the background, the Update Agent is

launched by the Management Agent.

• Update Manager. This component runs on the Management Server and

provides one of three methods for updating member machines. It can retry

updates to machines that are powered off. You can configure the number of

retries and specify the maximum number of machines to simultaneously

update, using traffic limitation. This limits traffic to and from the

Management Server, preventing it from running out of connections or from

flooding it with file-copy requests when updating many machines.

Introducing the Management Edition Program

14 Management Edition

• Documentation. The Management Edition program documentation

includes:

– A printed Getting Started Guide, which introduces the product,

provides installation instructions, outlines how to respond if you

suspect your computer has a virus, and provides a brief product

overview. The Getting Started Guide comes with the copies of the

Management Edition program distributed on CD-ROM discs. You

can also download it from Network Associates website or from

other electronic services.

– This administrator’s guide saved on the Management Edition

CD-ROM or installed on your hard disk in Adobe Acrobat .PDF

format. The Management Edition Administrator’s Guide describes in

detail how to use the Management Edition program and includes

other information useful as background or as advanced

configuration options. Acrobat .PDF files are flexible online

documents that contain hyperlinks, outlines and other aids for easy

navigation and information retrieval.

For best results when opening and printing the Administrator’s

Guide, Network Associates recommends using Acrobat Reader 4.0

—Reader version 3.0.1 has difficulty correctly printing graphics

included in the .PDF file.

– An online help file. This file gives you quick access to hints and tips

about how to use the Management Edition program. To open the

help file from within the Management Console, choose

Contents

from the

Help

menu.

The Management Edition program also includes context-sensitive

online help. You can right-click buttons, lists or other elements

within dialog boxes to see brief, descriptive help topics. Click

Help

buttons where you see them to open the main help file to a relevant

topic.

– A README.1ST or LICENSE.TXT file. This file outlines the terms of

your license to use the Management Edition program. Read it

carefully—by installing the Management Edition program you

agree to its terms.

– A WHATSNEW.TXT file. This file contains last-minute additions or

changes to the documentation, lists any known behavior or other

issues with the product release, and often describes new product

features incorporated into incremental product updates. You’ll find

the WHATSNEW.TXT file at the root level of your Management

Edition CD-ROM disc or in the Management Edition program

folder—you can open and print it from Windows Notepad, or from

nearly any word-processing software.

Administrator’s Guide 15

Introducing the Management Edition Program

Once you’ve installed the Management Edition components, you must install

the anti-virus components that you want to manage:

• Anti-virus Components. This set consists of the on-access (VShield*) and

on-demand scanners used by NetShield or VirusScan. These components

include virus definition (.DAT) files, default configuration files, validation

files, and other files.

• VShield. This component gives you continuous anti-virus protection from

viruses borne on floppy disks, brought in from your network, or loaded

into memory. VShield starts when you start your computer, and stays in

memory until you shut down. A flexible set of property pages allows you

to tell VShield which parts of your system to scan, when to scan them,

which parts to leave alone, and how to respond to any infected files it finds.

In addition, VShield can alert you when it finds a virus, and can generate

reports that summarize each of its actions.

The latest VShield version includes technology that guards against hostile

Java applets and ActiveX controls. With this new capability, VShield can

automatically scan e-mail messages and attachments that you receive from

the Internet via Lotus cc:Mail, Microsoft Mail or other mail clients that

comply with Microsoft’s Messaging Application Programming Interface

(MAPI). It can also filter out hostile Java classes and ActiveX controls by

comparing those that it encounters with a database of classes and controls

known to cause harm. When it detects a match, VShield can alert you, or it

can automatically deny harmful objects access to your system. VShield can

also keep your computer from connecting to dangerous Internet sites.

Simply designate the sites your browser software should not visit, and

VShield automatically prevents access. Secure password protection for

your configuration options prevents others from making unauthorized

changes. The same convenient dialog box controls configuration options

for all VShield modules.

• NetShield or VirusScan. This component gives you unmatched control

over your scanning operations. You can initiate a scan operation at any

time (a feature known as “on-demand” scanning), specify local and

network disks as scan targets, choose how your anti-virus software will

respond to any infections it finds, and see reports on its actions. You can

start with its basic configuration mode, then move to its advanced mode for

maximum flexibility. Consult your NetShield or VirusScan User’s Guide for

details.

• Alert Manager. This component runs on the Management Server and

receives alerts from the Management Agents when centralized alerting is

enabled. There is only one Alert Manager component for each anti-virus

domain. Using the Management Console, you can define who to alert and

how to alert them. See Chapter 6, “Using the Alert Manager,” for details.

Introducing the Management Edition Program

16 Management Edition

• Command-line Scanner. The VirusScan set consists of SCANPM.EXE, a

powerful scanning agent for 32-bit environments, and BOOTSCAN.EXE, a

smaller, specialized scanner. The NetShield command-line scanner is

SCAN32.EXE. These programs allow you to initiate targeted scan

operations from the MS-DOS prompt window or from protected MS-DOS

mode. Ordinarily, you’ll use your anti-virus software’s graphical user

interface (GUI) to perform most scanning operations, but if you have

trouble starting Windows or if the GUI components will not run in your

environment, you can use the command-line scanners as a backup.

SCANPM.EXE provides you with a full-featured scanner for 16- and 32-bit

protected-mode DOS environments and includes support for extended

memory and flexible memory allocations. SCAN32.EXE is for only 32-bit

environments. To use the scanner, open an MS-DOS prompt window or

restart your computer in MS-DOS mode, then run SCANPM.EXE or

SCAN32.EXE from the command line, together with the scan options you

want. See the appendix in your anti-virus software User’s Guide for a list

and description of available command-line options.

VirusScan uses BOOTSCAN.EXE on its Emergency Disk in order to

provide you with a virus-free boot environment. When you run the

Emergency Disk creation wizard, VirusScan copies BOOTSCAN.EXE, a

specialized set of .DAT files, and boot files to a single floppy disk. With this

disk, you can start your computer, then scan its memory and the Master

Boot Record, the boot sector, and the system files on your hard disk.

BOOTSCAN.EXE will not detect or clean macro viruses, but it will detect

or clean other viruses that can jeopardize your VirusScan installation or

infect files at system startup. Once you identify and respond to those

viruses, you can safely run VirusScan to clean the rest of your system,

provided you don’t run any other programs in the meantime.

Management Edition program features

This version of the Management Edition program builds on the strengths of

previous versions, extending the established functionality and providing new

features to help you manage your network anti-virus solutions. See the

WHATSNEW.TXT file included with the software for a full list of new features

and information on the latest changes.

New functionality

• The Management Edition program now supports NetShield for NetWare

v4.1.1 anti-virus software.

• Forced updates of invalid external mirrors give you more control over how

and when mirror repositories are updated.

Administrator’s Guide 17

Introducing the Management Edition Program

• This release includes the ability to configure custom tools—such as the

additional console required to configure remote NetShield for NetWare

servers—that can be launched from the

Tools

menu in the Management

Console.

• You can now use the Repository’s Products page to update product files

such as SETUP.EXE or SETUP.ISS in addition to script (MCSCRIPT.INI)

and extension .DLL files.

• You can now define custom messages that can be appear immediately

before or after a client update.

• This release features enhanced control over Name Provider-installed

machines.

Seamlessly interactive management tools

• The Management Console lets you configure and install anti-virus

software on any machines in the anti-virus domain from any Windows NT

machine on which it is installed.

• The Management Server coordinates the scheduling of scans, receives

alerts, and generates reports for the entire anti-virus domain from the

Windows NT machine on which it is installed.

• The Management Agent provides client installers for Windows 95 and

Windows NT machines that have peer networking disabled or removed, so

that you can add them to the network without need for file sharing.

• The diagnostics wizard gathers information in an e-mailable format and

helps our technical support staff solve your problems faster.

Automated software distribution

• The Management Console enables enhanced distribution speeds to a large

number of machines and efficiently stores domain and machine

information as registry entries (not .INI files).

• An enhanced Batch Install method lets desktop and laptop users initiate an

update upon login for fast installation of anti-virus software and updates.

• Linked repositories reduce WAN traffic by allowing you to distribute

software between repositories without having to install software from

separate CD-ROM discs.

• Different language versions of the same anti-virus software can co-exist in

a single repository. You specify the language version to be distributed for

each machine, group, or domain.

• Software installation reports show which anti-virus software is installed on

which machines, which machines are in which anti-virus domain, and

which machines have a non-standard configuration.

Introducing the Management Edition Program

18 Management Edition

Real-time virus detection and notification

• On-access (inbound and outbound) anti-virus scanning provides real-time

identification of both known and unknown viruses upon file access, create,

copy, rename, and run; disk access; system startup; and system shutdown.

• On-demand anti-virus scanning offers user-initiated detection of known

boot, file, macro, multi-partite, stealth, encrypted, and polymorphic

viruses located within files, drives (local and network), and diskettes.

• The Alert Manager offers centralized virus notification via alphanumeric

pager, SMTP e-mail, SNMP messaging, DMI alerting, audible alerting,

network broadcast, program execution, and Windows NT event logging.

(See Chapter 6, “Using the Alert Manager,” for details.)

• At-a-glance scan status via the anti-virus domain view reveals whether a

machine is all clear, infected, or overdue for a scan.

• Scans can be scheduled for entire member groups, as well as individual

machines or the whole domain.

• Virus-scan reports display how many virus alerts have occurred over a

specified period of time on specified machines.

Conventions used in this guide

The following describes the typeface conventions used in this guide:

Bold

Menu names, commands, buttons, and dialog box options

are shown in a bold sans-serif font.

Sans-serif font

Folder, icon, and computer key names, as well as screen text

on the software, are shown in a sans-serif font.

Keystrokes

Text that the user must type in as a command or as a text

box entry (e.g., a pathname) is shown in a monospaced font.

Variables

Command-line text for which you must supply a value is

shown in an italic sans-serif font.

Administrator’s Guide 19

Introducing the Management Edition Program

How to contact Network Associates

Customer service

To order products or obtain product information, contact the Network

Associates Customer Care department at (408) 988-3832 or write to the

following address:

Network Associates, Inc.

McCandless Towers

3965 Freedom Circle

Santa Clara, CA 95054-1203

U.S.A.

Technical support

Network Associates is famous for its dedication to customer satisfaction. We

have continued this tradition by making our site on the World Wide Web a

valuable resource for answers to technical support issues. We encourage you

to make this your first stop for answers to frequently asked questions, for

updates to Network Associates software, and for access to Network Associates

news and virus information

.

If you do not find what you need or do not have web access, try one of our

automated services.

If the automated services do not have the answers you need, contact Network

Associates at one of the following numbers Monday through Friday between

6:00

A

.

M

. and 6:00

P

.

M

. Pacific time.

For corporate-licensed customers:

World Wide Web http://support.nai.com

Internet support@nai.com

CompuServe GO NAI

America Online keyword MCAFEE

Phone (408) 988-3832

Fax (408) 970-9727

Introducing the Management Edition Program

20 Management Edition

For retail-licensed customers:

To provide the answers you need quickly and efficiently, the Network

Associates technical support staff needs some information about your

computer and your software. Please have this information ready before you

call:

• Product name and version number

• Computer brand and model

• Any additional hardware or peripherals connected to your computer

• Operating system type and version numbers

• Network type and version, if applicable

• Contents of your AUTOEXEC.BAT, CONFIG.SYS, and system LOGIN

script

• Specific steps to reproduce the problem

Network Associates training

For information about scheduling on-site training for any Network Associates

product, call (800) 338-8754.

Comments and feedback

Network Associates appreciates your comments and reserves the right to use

any information you supply in any way it believes appropriate without

incurring any obligation whatsoever. Please address your comments about

Network Associates anti-virus product documentation to: Network

Associates, Inc., 15220 NW Greenbrier Parkway, Suite 100, Beaverton, OR

97006-5762, U.S.A. You can also send faxed comments to (503) 531-7655 or

e-mail to tvd_documenta[email protected].

Phone (972) 855-7044

Fax (408) 970-9727

Page is loading ...

McAfee MANAGEMENT EDITION 2.5 Administrator's Manual

McAfee MANAGEMENT EDITION 2.5 Administrator's Manual

in other languages

Related papers

Other documents