2. Computers & electronics
  3. Software
  4. McAfee
  5. MANAGEMENT EDITION 2.5

McAfee MANAGEMENT EDITION 2.5 Administrator's Manual

  • Hello! I am an AI chatbot trained to assist you with the McAfee MANAGEMENT EDITION 2.5 Administrator's Manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Management Edition
Administrator’s Guide
Version 2.5
COPYRIGHT
Copyright © 1998–1999 Networks Associates Technology, Inc. All Rights Reserved. No part of
this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or
translated into any language in any form or by any means without the written permission of
Networks Associates Technology, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
* ActiveHelp, Bomb Shelter, Building a World of Trust, CipherLink, Clean-Up, Cloaking, CNX,
Compass 7, CyberCop, CyberMedia, Data Security Letter, Discover, Distributed Sniffer System, Dr
Solomon’s, Enterprise Secure Cast, First Aid, ForceField, Gauntlet, GMT, GroupShield, HelpDesk,
Hunter, ISDN Tel/Scope, LM 1, LANGuru, Leading Help Desk Technology, Magic Solutions,
MagicSpy, MagicTree, Magic University, MagicWin, MagicWord, McAfee, McAfee Associates,
MoneyMagic, More Power To You, Multimedia Cloaking, NetCrypto, NetOctopus, NetRoom,
NetScan, Net Shield, NetShield, NetStalker, Net Tools, Network Associates, Network General, Network
Uptime!, NetXRay, Nuts & Bolts, PC Medic, PCNotary, PGP, PGP (Pretty Good Privacy),
PocketScope, Pop-Up, PowerTelnet, Pretty Good Privacy, PrimeSupport, RecoverKey,
RecoverKey-International, ReportMagic, RingFence, Router PM, Safe & Sound, SalesMagic,
SecureCast, Service Level Manager, ServiceMagic, Site Meter, Sniffer, SniffMaster, SniffNet, Stalker,
Statistical Information Retrieval (SIR), SupportMagic, Switch PM, TeleSniffer, TIS, TMach, TMeg,
Total Network Security, Total Network Visibility, Total Service Desk, Total Virus Defense, T-POD,
Trusted Mach, Trusted Mail, Uninstaller, Virex, Virex-PC, Virus Forum, ViruScan, VirusScan,
VShield, WebScan, WebShield, WebSniffer, WebStalker WebWall, and ZAC 2000 are registered
trademarks of Network Associates and/or its affiliates in the US and/or other countries. All
other registered and unregistered trademarks in this document are the sole property of their
respective owners.
LICENSE AGREEMENT
NOTICE TO ALL USERS: FOR THE SPECIFIC TERMS OF YOUR LICENSE TO USE THE
SOFTWARE THAT THIS DOCUMENTATION DESCRIBES, CONSULT THE README.1ST,
LICENSE.TXT, OR OTHER LICENSE DOCUMENT THAT ACCOMPANIES YOUR
SOFTWARE, EITHER AS A TEXT FILE OR AS PART OF THE SOFTWARE PACKAGING. IF
YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH THEREIN, DO NOT INSTALL
THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO THE PLACE OF
PURCHASE FOR A FULL REFUND.
Issued September 1999/Management Edition v2.5.0
Administrators Guide iii
Table of Contents
Chapter 1. Introducing the Management Edition Program . . . . . . . . . . 11
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
What is the Management Edition program? . . . . . . . . . . . . . . . . . . . . . . . . . . .11
How does the Management Edition program work? . . . . . . . . . . . . . . . . . . . .11
What comes with the Management Edition program? . . . . . . . . . . . . . . . . . .13
Management Edition program features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
New functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Seamlessly interactive management tools . . . . . . . . . . . . . . . . . . . . . . .17
Automated software distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Real-time virus detection and notification . . . . . . . . . . . . . . . . . . . . . . . .18
Conventions used in this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
How to contact Network Associates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Customer service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Technical support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Network Associates training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Comments and feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Reporting new items for anti-virus data file updates . . . . . . . . . . . . . . .21
International contact information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Chapter 2. Installing the Management Edition Program . . . . . . . . . . . . 25
System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Hardware recommended . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Software supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Defining anti-virus domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Installing the Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Installation scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Installation steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Running the Management Console (initial use) . . . . . . . . . . . . . . . . . . . . . . . .36
Installing the master repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Installing anti-virus components in the Repository . . . . . . . . . . . . . . . .42
Understanding the Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Upgrading the Management Edition program . . . . . . . . . . . . . . . . . . . . . . . . .62
Table of Contents
iv Management Edition
Chapter 3. Creating Anti-virus Domains . . . . . . . . . . . . . . . . . . . . . . . . . 63
Preparing member machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Determining initial setup of machines . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Finding machines in the network view . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Preparing machines with peer networking . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
Windows NT machines (trust relationships) . . . . . . . . . . . . . . . . . . . . . .68
Windows 95 and Windows 98 machines (user-level access) . . . . . . . . .70
Windows 95 and Windows 98 machines (share-level access) . . . . . . . .72
Windows for Workgroups 3.11 machines . . . . . . . . . . . . . . . . . . . . . . . .74
Preparing machines without peer networking . . . . . . . . . . . . . . . . . . . . . . . . .75
Windows 3.1 machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76
Windows NT, Windows 95, or Windows 98 machines . . . . . . . . . . . . . .79
Automating setup via NetWare login scripts . . . . . . . . . . . . . . . . . . . . . .81
Preparing NetWare servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
SECURE CONSOLE command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
AUTOEXEC.NCF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Installation method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
Checking rights for Microsoft network domain members . . . . . . . . . . . . . . .84
Assigning a Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Adding member machines to an anti-virus domain . . . . . . . . . . . . . . . . . . . .87
Using the drag-and-drop method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Using the Discover method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Choosing your anti-virus software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91
Selecting anti-virus domain components . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92
Adding or removing components for all anti-virus domains . . . . . . . . .93
Adding or removing components for non-standard machines . . . . . . .95
Chapter 4. Creating Schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Scheduling scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
Scheduling similar scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Running on-demand scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Viewing results of on-demand scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107
Administrators Guide v
Table of Contents
Checking virus scan status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Acknowledging virus scan status . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Rescanning the machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Viewing the virus scan status report . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Refreshing the display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
Setting a warning period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
Logging scheduled events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
Enabling logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
Filtering the log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
Refreshing the log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
Saving the log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120
Changing the log appearance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121
Chapter 5. Updating Your Anti-virus Software . . . . . . . . . . . . . . . . . . . 123
Installing .DAT and program file updates . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
Installing extra .DAT files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Installing .DAT updates and .ZIP files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129
Installing script, extension .DLL, or setup file updates . . . . . . . . . . . . . . . .132
Forcing updates of invalid external mirrors . . . . . . . . . . . . . . . . . . . . . . . . . .133
Changing anti-virus software versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
Changing the version for all anti-virus domains . . . . . . . . . . . . . . . . . .134
Changing the version for individual domains . . . . . . . . . . . . . . . . . . . .135
Changing the version for individual machines . . . . . . . . . . . . . . . . . . .135
Viewing component properties in the Repository . . . . . . . . . . . . . . . . . . . . .136
Removing old versions from the Repository . . . . . . . . . . . . . . . . . . . . . . . . .137
Marking shares as null session shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Choosing an update method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
Using the Push On Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
Using the Pull Off Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
Using the Batch Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Globally applying configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Configuring reboot options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
Configuring custom update message options . . . . . . . . . . . . . . . . . . . . . . . .155
Configuring custom tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157
Table of Contents
vi Management Edition
Chapter 6. Using the Alert Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Enabling centralized alerting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161
Enabling centralized alerting for the NetShield program . . . . . . . . . . .161
Enabling centralized alerting for the VirusScan program . . . . . . . . . .162
Configuring alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165
Viewing the Summary page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Forwarding an alert to a networked computer . . . . . . . . . . . . . . . . . . .167
Sending an alert as a network message . . . . . . . . . . . . . . . . . . . . . . . .170
Sending an alert as an SMTP e-mail message . . . . . . . . . . . . . . . . . . .173
Sending an alert to a pager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176
Sending an alert to a network printer . . . . . . . . . . . . . . . . . . . . . . . . . . .180
Sending an alert as an SNMP network message . . . . . . . . . . . . . . . . . .183
Sending an alert to a DMI console . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
Launching a program on alert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188
Sending an alert as an audible .WAV file . . . . . . . . . . . . . . . . . . . . . . . .190
Logging alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192
Chapter 7. Configuring Complex Domains . . . . . . . . . . . . . . . . . . . . . . 195
Designing anti-virus domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Single office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
Multiple office, one site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
Multiple site, one country . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
Multiple site, international . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197
Adding anti-virus domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .198
Moving machines between anti-virus domains . . . . . . . . . . . . . . . . . . . . . . .199
Deleting machines from anti-virus domains . . . . . . . . . . . . . . . . . . . . . . . . .200
Deleting anti-virus domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
Renaming anti-virus domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203
Adding hidden machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204
Adding multiple hidden machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206
Formatting imported browse lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207
Importing browse lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210
Viewing machine properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211
Organizing machines in an anti-virus domain . . . . . . . . . . . . . . . . . . . . . . . .212
Administrators Guide vii
Table of Contents
Chapter 8. Using Mirror and Linked Repositories . . . . . . . . . . . . . . . . 213
Creating mirror repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213
Creating Windows NT mirrors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215
Creating NetWare mirrors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219
Assigning different repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221
Configuring mirror repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222
Configuring Windows NT mirrors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222
Configuring NetWare mirrors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223
Manually logging in to the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227
Promoting mirror repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Granting access rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229
Configuring access to Windows NT mirrors . . . . . . . . . . . . . . . . . . . . .229
Configuring access to NetWare mirrors . . . . . . . . . . . . . . . . . . . . . . . .234
Reducing WAN traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235
Using linked repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237
Linking repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238
Listing the Repository contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239
Filtering the report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239
Formatting the Repository report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
Reporting on the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .242
Formatting the Installation Log report . . . . . . . . . . . . . . . . . . . . . . . . . .243
Chapter 9. Advanced Configuration and Troubleshooting . . . . . . . . . 245
Managing domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245
Managing machines in a non-trusted Windows NT domain . . . . . . . .245
Changing the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246
Running Management Console from another workstation . . . . . . . . .248
Securing anti-virus domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249
Collecting diagnostic information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252
Viewing items in the console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253
Discovering machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253
Viewing machine comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254
Expanding and collapsing the member machines view . . . . . . . . . . .255
Removing managed machines from the network view . . . . . . . . . . . . .255
Finding machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255
Refreshing the Name Provider view . . . . . . . . . . . . . . . . . . . . . . . . . . . .257
Table of Contents
viii Management Edition
Installing components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .258
Diagnosing installation problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .258
Submitting batch updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
Installing anti-virus components to different directories . . . . . . . . . . .261
Customizing installation options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263
Removing the Management Edition program . . . . . . . . . . . . . . . . . . . .264
Changing machine configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266
Making machines non-standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266
Making non-standard machines standard . . . . . . . . . . . . . . . . . . . . . . .268
Recovering deleted items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268
Recovering deleted machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268
Recovering the Name Provider database . . . . . . . . . . . . . . . . . . . . . . .269
Appendix A. Using the AUTOINST Utility . . . . . . . . . . . . . . . . . . . . . . . 271
Appendix B. Using MCScript to Update Your Script Files . . . . . . . . . . 273
Determining when to edit your MCSCRIPT.INI files . . . . . . . . . . . . . . . . . . . .273
Defining MCScript files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273
Specifying [ID] keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .275
Specifying [Inclusions] keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277
Specifying [ExcludedComponents] keys . . . . . . . . . . . . . . . . . . . . . . . .277
Specifying [ParentComponents] keys . . . . . . . . . . . . . . . . . . . . . . . . . .278
Specifying [ExtensionDLLs] keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278
Specifying [Commands] keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279
Editing MCScript files for versions or languages . . . . . . . . . . . . . . . . . . . . .281
Understanding MCScript commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282
File system commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282
Program Manager commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284
Private profile commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286
Miscellaneous commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288
Registry commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293
Service control commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .295
Flow control statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296
NetWare file manipulation commands . . . . . . . . . . . . . . . . . . . . . . . . . .297
NetWare operating system commands . . . . . . . . . . . . . . . . . . . . . . . . .298
NetWare miscellaneous commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .298
Administrators Guide ix
Table of Contents
Understanding Management Edition macros . . . . . . . . . . . . . . . . . . . . . . . . .299
Directory macros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299
File transfer macros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299
Miscellaneous macros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300
Embedding AutoRepo scriptlets in MCSCRIPT.INI . . . . . . . . . . . . . . . . . . . .300
Understanding AutoRepo commands . . . . . . . . . . . . . . . . . . . . . . . . . .301
Getting support for customized scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302
Appendix C. Network Associates Support Services . . . . . . . . . . . . . . 303
Adding value to your Network Associates product . . . . . . . . . . . . . . . . . . . .303
PrimeSupport options for corporate customers . . . . . . . . . . . . . . . . . .303
Ordering a corporate PrimeSupport plan . . . . . . . . . . . . . . . . . . . . . . .306
PrimeSupport options for home users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .308
How to reach international home user support . . . . . . . . . . . . . . . . . . .309
Ordering a PrimeSupport plan for home users . . . . . . . . . . . . . . . . . . .310
Network Associates consulting and training . . . . . . . . . . . . . . . . . . . . . . . . .311
Professional Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .311
Total Education Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .312
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Table of Contents
x Management Edition
1
Administrators Guide 11
1
Introducing the Management
Edition Program
Introduction
As a network administrator, your time is valuable. Youre responsible for
maintaining your corporate network at its optimum. The Management Edition
program solves your need for timely, efficient, and cost-effective
enterprise-wide anti-virus software distribution. With it, you can seamlessly
install, configure, and manage anti-virus software for remote networked
machines within anti-virus domains that you create.
What is the Management Edition program?
The Management Edition program is Network Associates* real-time software
distribution system, which installs, configures, upgrades, and removes
anti-virus software for remote machines on a network. The Management
Edition software helps protect your network from attacks by enabling
centralized upgrading of your networks anti-virus software, as well as
centralized alerting of detected attacks. It reduces the time you must spend
installing and managing anti-virus software, particularly on large networks,
ensuring uninterrupted network security.
The Management Edition software helps you safeguard one of your most
important assetsyour databy delivering timely upgrades of VirusScan*
(for Windows95, Windows98, WindowsNT, and Windows3.1x) and
NetShield* for Windows NT. Anti-virus software distribution is an important
element in a comprehensive security program that includes a variety of safety
measures, such as regular use of encryption and intrusion detection software,
backups, meaningful password protection, training, and security awareness.
Network Associates urges you to set up and comply with such a security
program.
How does the Management Edition program work?
The Management Edition program installs software to member machines in
the anti-virus domains that you create, from software repositories (master,
mirror, and linked) that you create. You control these activities from the
Management Console, a drag-and-drop application that runs on Microsoft
Windows NT.
Introducing the Management Edition Program
12 Management Edition
You can install the Management Edition program on the local hard disk drive
of the administrators workstation. You will need a Microsoft Windows NT
Domain Administrator account.
NOTE: You must install the Management Console and the Management
Server only on a Windows NT system. (The Management Console runs
only on Windows NT 4.0, and the Management Server runs on Windows
NT 3.51 or later.) Both applications, however, handle all tasks in the same
way across all Management Agent workstation platforms (Windows NT,
Windows 95, Windows 98, Windows 3.x, and Novell NetWare 3.12 or
later), which means less time spent learning new systems.
Most of the programs functionality is built into these integrated services:
Management Console.
Use the Management Console to configure and
install anti-virus software on any machines in the anti-virus domain. For
details, see Chapter 3, Creating Anti-virus Domains and Chapter 5,
Updating Your Anti-virus Software.
Management Server. Use the Management Server to coordinate the
scheduling of scans, receive alerts, and generate reports for the entire
anti-virus domain. For details, see Chapter 4, Creating Schedules.
Management Agent. Use the Management Agent to initiate on-demand
scans via the Scheduler, and to send virus alerts from on-demand and
on-access scans back to the Management Server. For details, see Chapter
4, Creating Schedules.
Alert Manager. Use the Alert Manager to configure alert notification
settings. When the anti-virus software managed by the Management
Edition program detects malicious activity on your servers, you can be
notified immediately by one or more of a wide variety of notification
methods. For details, see Chapter 6, Using the Alert Manager.
These services work together to provide easy management of machines in
your anti-virus domain. Each service is configurable through a console. To
access the Alert Manager settings from the Management Console, click
Anti-Virus Domain(s)
, an individual domain, a members group, or an
individual machine, and then click the
Component Configuration
toolbar button.
Administrators Guide 13
Introducing the Management Edition Program
What comes with the Management Edition
program?
The Management Edition program consists of several component sets that
combine one or more related programs, each of which play a part in defending
your computer against viruses and other malicious software. The component
sets are:
Management Console. This component gives you exceptional control over
your anti-virus software distribution and scanning operations. You can
specify one of three methods for updating member machines. You can also
initiate a scan operation at any time (a feature known as on-demand
scanning), configure continuous on-access scanning to monitor network
traffic, choose how your anti-virus software will respond to any infections
it finds, and see reports on its actions.
Management Components. This set consists of the Management Agent,
Scheduler, Response Manager (which runs in the background and is not
configurable), Update Agent, and Update Manager.
Management Agent. This component helps you manage the member
machines. It is installed automatically on the Management Server and on
all the machines in the anti-virus domain when you apply a configuration.
The Management Agent receives an instruction from the Scheduler to start
an on-demand scan, and sends virus alerts from on-demand and on-access
scans back to the Management Server.
Scheduler. This component lets you schedule an on-demand scan to occur
at a specific time. It then sends a command to all selected member machines
that are running, telling them to scan themselves using their on-demand
scanner. The Scheduler can schedule scans for a single machine, a group of
machines or all machines within the anti-virus domain. Do not confuse this
with the local Scheduler, which can only schedule scans for the individual
machine on which it is present. See Chapter 4, Creating Schedules, for
details.
Update Agent. This component processes changes to the configuration of
installed components. The Management Console automatically produces a
script to control these changes, and to control component installation and
uninstallation. The Update Agent then processes this script. Unlike the
other components, which run in the background, the Update Agent is
launched by the Management Agent.
Update Manager. This component runs on the Management Server and
provides one of three methods for updating member machines. It can retry
updates to machines that are powered off. You can configure the number of
retries and specify the maximum number of machines to simultaneously
update, using traffic limitation. This limits traffic to and from the
Management Server, preventing it from running out of connections or from
flooding it with file-copy requests when updating many machines.
Introducing the Management Edition Program
14 Management Edition
Documentation. The Management Edition program documentation
includes:
A printed Getting Started Guide, which introduces the product,
provides installation instructions, outlines how to respond if you
suspect your computer has a virus, and provides a brief product
overview. The Getting Started Guide comes with the copies of the
Management Edition program distributed on CD-ROM discs. You
can also download it from Network Associates website or from
other electronic services.
This administrators guide saved on the Management Edition
CD-ROM or installed on your hard disk in Adobe Acrobat .PDF
format. The Management Edition Administrators Guide describes in
detail how to use the Management Edition program and includes
other information useful as background or as advanced
configuration options. Acrobat .PDF files are flexible online
documents that contain hyperlinks, outlines and other aids for easy
navigation and information retrieval.
For best results when opening and printing the Administrators
Guide, Network Associates recommends using Acrobat Reader 4.0
Reader version 3.0.1 has difficulty correctly printing graphics
included in the .PDF file.
An online help file. This file gives you quick access to hints and tips
about how to use the Management Edition program. To open the
help file from within the Management Console, choose
Contents
from the
Help
menu.
The Management Edition program also includes context-sensitive
online help. You can right-click buttons, lists or other elements
within dialog boxes to see brief, descriptive help topics. Click
Help
buttons where you see them to open the main help file to a relevant
topic.
A README.1ST or LICENSE.TXT file. This file outlines the terms of
your license to use the Management Edition program. Read it
carefullyby installing the Management Edition program you
agree to its terms.
A WHATSNEW.TXT file. This file contains last-minute additions or
changes to the documentation, lists any known behavior or other
issues with the product release, and often describes new product
features incorporated into incremental product updates. Youll find
the WHATSNEW.TXT file at the root level of your Management
Edition CD-ROM disc or in the Management Edition program
folderyou can open and print it from Windows Notepad, or from
nearly any word-processing software.
Administrators Guide 15
Introducing the Management Edition Program
Once youve installed the Management Edition components, you must install
the anti-virus components that you want to manage:
Anti-virus Components. This set consists of the on-access (VShield*) and
on-demand scanners used by NetShield or VirusScan. These components
include virus definition (.DAT) files, default configuration files, validation
files, and other files.
VShield. This component gives you continuous anti-virus protection from
viruses borne on floppy disks, brought in from your network, or loaded
into memory. VShield starts when you start your computer, and stays in
memory until you shut down. A flexible set of property pages allows you
to tell VShield which parts of your system to scan, when to scan them,
which parts to leave alone, and how to respond to any infected files it finds.
In addition, VShield can alert you when it finds a virus, and can generate
reports that summarize each of its actions.
The latest VShield version includes technology that guards against hostile
Java applets and ActiveX controls. With this new capability, VShield can
automatically scan e-mail messages and attachments that you receive from
the Internet via Lotus cc:Mail, Microsoft Mail or other mail clients that
comply with Microsofts Messaging Application Programming Interface
(MAPI). It can also filter out hostile Java classes and ActiveX controls by
comparing those that it encounters with a database of classes and controls
known to cause harm. When it detects a match, VShield can alert you, or it
can automatically deny harmful objects access to your system. VShield can
also keep your computer from connecting to dangerous Internet sites.
Simply designate the sites your browser software should not visit, and
VShield automatically prevents access. Secure password protection for
your configuration options prevents others from making unauthorized
changes. The same convenient dialog box controls configuration options
for all VShield modules.
NetShield or VirusScan. This component gives you unmatched control
over your scanning operations. You can initiate a scan operation at any
time (a feature known as on-demand scanning), specify local and
network disks as scan targets, choose how your anti-virus software will
respond to any infections it finds, and see reports on its actions. You can
start with its basic configuration mode, then move to its advanced mode for
maximum flexibility. Consult your NetShield or VirusScan Users Guide for
details.
Alert Manager. This component runs on the Management Server and
receives alerts from the Management Agents when centralized alerting is
enabled. There is only one Alert Manager component for each anti-virus
domain. Using the Management Console, you can define who to alert and
how to alert them. See Chapter 6, Using the Alert Manager, for details.
Introducing the Management Edition Program
16 Management Edition
Command-line Scanner. The VirusScan set consists of SCANPM.EXE, a
powerful scanning agent for 32-bit environments, and BOOTSCAN.EXE, a
smaller, specialized scanner. The NetShield command-line scanner is
SCAN32.EXE. These programs allow you to initiate targeted scan
operations from the MS-DOS prompt window or from protected MS-DOS
mode. Ordinarily, youll use your anti-virus softwares graphical user
interface (GUI) to perform most scanning operations, but if you have
trouble starting Windows or if the GUI components will not run in your
environment, you can use the command-line scanners as a backup.
SCANPM.EXE provides you with a full-featured scanner for 16- and 32-bit
protected-mode DOS environments and includes support for extended
memory and flexible memory allocations. SCAN32.EXE is for only 32-bit
environments. To use the scanner, open an MS-DOS prompt window or
restart your computer in MS-DOS mode, then run SCANPM.EXE or
SCAN32.EXE from the command line, together with the scan options you
want. See the appendix in your anti-virus software Users Guide for a list
and description of available command-line options.
VirusScan uses BOOTSCAN.EXE on its Emergency Disk in order to
provide you with a virus-free boot environment. When you run the
Emergency Disk creation wizard, VirusScan copies BOOTSCAN.EXE, a
specialized set of .DAT files, and boot files to a single floppy disk. With this
disk, you can start your computer, then scan its memory and the Master
Boot Record, the boot sector, and the system files on your hard disk.
BOOTSCAN.EXE will not detect or clean macro viruses, but it will detect
or clean other viruses that can jeopardize your VirusScan installation or
infect files at system startup. Once you identify and respond to those
viruses, you can safely run VirusScan to clean the rest of your system,
provided you dont run any other programs in the meantime.
Management Edition program features
This version of the Management Edition program builds on the strengths of
previous versions, extending the established functionality and providing new
features to help you manage your network anti-virus solutions. See the
WHATSNEW.TXT file included with the software for a full list of new features
and information on the latest changes.
New functionality
The Management Edition program now supports NetShield for NetWare
v4.1.1 anti-virus software.
Forced updates of invalid external mirrors give you more control over how
and when mirror repositories are updated.
Administrators Guide 17
Introducing the Management Edition Program
This release includes the ability to configure custom toolssuch as the
additional console required to configure remote NetShield for NetWare
serversthat can be launched from the
Tools
menu in the Management
Console.
You can now use the Repositorys Products page to update product files
such as SETUP.EXE or SETUP.ISS in addition to script (MCSCRIPT.INI)
and extension .DLL files.
You can now define custom messages that can be appear immediately
before or after a client update.
This release features enhanced control over Name Provider-installed
machines.
Seamlessly interactive management tools
The Management Console lets you configure and install anti-virus
software on any machines in the anti-virus domain from any Windows NT
machine on which it is installed.
The Management Server coordinates the scheduling of scans, receives
alerts, and generates reports for the entire anti-virus domain from the
Windows NT machine on which it is installed.
The Management Agent provides client installers for Windows 95 and
Windows NT machines that have peer networking disabled or removed, so
that you can add them to the network without need for file sharing.
The diagnostics wizard gathers information in an e-mailable format and
helps our technical support staff solve your problems faster.
Automated software distribution
The Management Console enables enhanced distribution speeds to a large
number of machines and efficiently stores domain and machine
information as registry entries (not .INI files).
An enhanced Batch Install method lets desktop and laptop users initiate an
update upon login for fast installation of anti-virus software and updates.
Linked repositories reduce WAN traffic by allowing you to distribute
software between repositories without having to install software from
separate CD-ROM discs.
Different language versions of the same anti-virus software can co-exist in
a single repository. You specify the language version to be distributed for
each machine, group, or domain.
Software installation reports show which anti-virus software is installed on
which machines, which machines are in which anti-virus domain, and
which machines have a non-standard configuration.
Introducing the Management Edition Program
18 Management Edition
Real-time virus detection and notification
On-access (inbound and outbound) anti-virus scanning provides real-time
identification of both known and unknown viruses upon file access, create,
copy, rename, and run; disk access; system startup; and system shutdown.
On-demand anti-virus scanning offers user-initiated detection of known
boot, file, macro, multi-partite, stealth, encrypted, and polymorphic
viruses located within files, drives (local and network), and diskettes.
The Alert Manager offers centralized virus notification via alphanumeric
pager, SMTP e-mail, SNMP messaging, DMI alerting, audible alerting,
network broadcast, program execution, and Windows NT event logging.
(See Chapter 6, Using the Alert Manager, for details.)
At-a-glance scan status via the anti-virus domain view reveals whether a
machine is all clear, infected, or overdue for a scan.
Scans can be scheduled for entire member groups, as well as individual
machines or the whole domain.
Virus-scan reports display how many virus alerts have occurred over a
specified period of time on specified machines.
Conventions used in this guide
The following describes the typeface conventions used in this guide:
Bold
Menu names, commands, buttons, and dialog box options
are shown in a bold sans-serif font.
Sans-serif font
Folder, icon, and computer key names, as well as screen text
on the software, are shown in a sans-serif font.
Keystrokes
Text that the user must type in as a command or as a text
box entry (e.g., a pathname) is shown in a monospaced font.
Variables
Command-line text for which you must supply a value is
shown in an italic sans-serif font.
Administrators Guide 19
Introducing the Management Edition Program
How to contact Network Associates
Customer service
To order products or obtain product information, contact the Network
Associates Customer Care department at (408) 988-3832 or write to the
following address:
Network Associates, Inc.
McCandless Towers
3965 Freedom Circle
Santa Clara, CA 95054-1203
U.S.A.
Technical support
Network Associates is famous for its dedication to customer satisfaction. We
have continued this tradition by making our site on the World Wide Web a
valuable resource for answers to technical support issues. We encourage you
to make this your first stop for answers to frequently asked questions, for
updates to Network Associates software, and for access to Network Associates
news and virus information
.
If you do not find what you need or do not have web access, try one of our
automated services.
If the automated services do not have the answers you need, contact Network
Associates at one of the following numbers Monday through Friday between
6:00
A
.
M
. and 6:00
P
.
M
. Pacific time.
For corporate-licensed customers:
World Wide Web http://support.nai.com
Internet support@nai.com
CompuServe GO NAI
America Online keyword MCAFEE
Phone (408) 988-3832
Fax (408) 970-9727
Introducing the Management Edition Program
20 Management Edition
For retail-licensed customers:
To provide the answers you need quickly and efficiently, the Network
Associates technical support staff needs some information about your
computer and your software. Please have this information ready before you
call:
Product name and version number
Computer brand and model
Any additional hardware or peripherals connected to your computer
Operating system type and version numbers
Network type and version, if applicable
Contents of your AUTOEXEC.BAT, CONFIG.SYS, and system LOGIN
script
Specific steps to reproduce the problem
Network Associates training
For information about scheduling on-site training for any Network Associates
product, call (800) 338-8754.
Comments and feedback
Network Associates appreciates your comments and reserves the right to use
any information you supply in any way it believes appropriate without
incurring any obligation whatsoever. Please address your comments about
Network Associates anti-virus product documentation to: Network
Associates, Inc., 15220 NW Greenbrier Parkway, Suite 100, Beaverton, OR
97006-5762, U.S.A. You can also send faxed comments to (503) 531-7655 or
e-mail to tvd_documenta[email protected].
Phone (972) 855-7044
Fax (408) 970-9727
/