McAfee VirusScan Enterprise 8.8, EPOLICY ORCHESTRATOR 4.5 -, SAV85E - Active VirusScan - PC Supplement Manual

  • Hello! I am an AI chatbot trained to assist you with the McAfee VirusScan Enterprise 8.8 Supplement Manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Supplement for Common Criteria
Operational User Guidance and Preparative
Procedures
McAfee
®
VirusScan
®
Enterprise 8.8
McAfee
®
ePolicy Orchestrator
®
4.5 Software
2 Operational User Guidance and Preparative Procedures Supplement for Common Criteria
COPYRIGHT
Copyright © 2011 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any
means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE),
MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered
trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of
McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS
AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER
RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE
PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT
AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
Prepared For:
Prepared By:
McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
www.mcafee.com
Apex Assurance Group, LLC
530 Lytton Avenue, Ste. 200
Palo Alto, CA 94301
www.apexassurance.com
Operational User Guidance and Preparative Procedures Supplement for Common Criteria 3
Contents
1 Introduction 5
About the Common Criteria ................................................................................................. 5
Assumptions ..................................................................................................................... 6
Authorized Administrators ............................................................................................ 6
Physical Access ........................................................................................................... 6
Acronyms ......................................................................................................................... 6
2 Installation Guidelines and Preparative Procedures 7
Overview .......................................................................................................................... 7
Downloading the TOE ......................................................................................................... 7
Evaluated Configuration...................................................................................................... 8
Functionality Not Included in the Evaluation .................................................................... 9
Verify Software ................................................................................................................. 9
Updating System Software ......................................................................................... 10
Install Database Capacity Monitor Extension ....................................................................... 10
Step 1: Adjust or Review Database space requirements ................................................. 11
Step 2: Create a Server Task to generate the Event ...................................................... 11
Step 3: Setting up the automatic response ................................................................... 12
3 Guidance for Administrators 15
Software Version Inspection .............................................................................................. 15
Required Password Length ................................................................................................ 15
4 Operational User Guidance and Preparative Procedures Supplement for Common Criteria
Operational User Guidance and Preparative Procedures Supplement for Common Criteria 5
1 Introduction
This guide provides operational guidance and installation procedures for the VirusScan Enterprise 8.8
and ePolicy Orchestrator 4.5.
This guide was written to provide the evidence required by the following assurance requirements of
the Common Criteria (CC) Version 3.1, Part 3:
AGD_OPE.1
AGD_PRE.1
These assurance requirements call for documentation of installation procedures that provide assurance
that the TOE is installed and configured in the evaluated configuration.
This document serves as a supplement to the standard McAfee documentation set including the
following:
McAfee VirusScan Enterprise 8.8 Product Guide
McAfee VirusScan Enterprise 8.8 Installation Guide
McAfee ePolicy Orchestrator 4.5 Installation Guide
McAfee ePolicy Orchestrator 4.5 Product Guide
These documents should be read prior to configuring the product in accordance with the Common
Criteria evaluated configuration. The documents listed above in conjunction with this supplement
describe how to administer the TOE in a manner that meets the Common Criteria evaluated
configuration. Any changes to or deviations from the information provided in this document will result
in noncompliance between the product and the Common Criteria evaluated configuration.
The audience for this document includes administrators who are authorized to install and configure
TOE. Since administrators configure the TOE and set policies for use, there is no specific user guidance
documentation.
Contents
About the Common Criteria
Assumptions
Acronyms
About the Common Criteria
The Common Criteria for Information Technology Security Evaluation (or “Common Criteria”) provides
a methodology for evaluating security features of IT products. Product vendors pursue Common
Criteria evaluation to meet assurance needs of customers and to seek third-party validation of security
function claims. The Target of Evaluation (TOE) encompasses the evaluated security functionality of a
product.
Introduction
Assumptions
6 Operational User Guidance and Preparative Procedures Supplement for Common Criteria
The McAfee VirusScan Enterprise 8.8 and ePolicy Orchestrator 4.5 (hereafter called “Target of
Evaluation” or the “TOE”) has achieved Common Criteria Evaluation Assurance Level 2 and augmented
by ALC_FLR.2 Flaw Reporting Procedures.
Please visit: http://www.commoncriteriaportal.org for more information on the Common Criteria.
Assumptions
The TOE and the TOE operating environment should be managed to satisfy the assumptions presented
in the following sections.
Authorized Administrators
Authorized administrators are non-hostile, are authenticated to the internal network, and follow all
administrator guidance. Human users (considered to be anyone who interacts with the TOE) who are
not authorized administrators cannot access the administration features.
Physical Access
The TOE must be located in a physically secure environment, and only an authorized administrator has
access to this environment. The evaluated configuration of the TOE can be compromised if an intruder
gains physical access to the product. Therefore only authorized administrators shall be allowed
physical access to the workstation(s) for power/reset controls.
Acronyms
The following table lists the acronyms used in this document:
Table 1 Acronyms and Terms
Acronym Term
CC Common Criteria
EAL Evaluation Assurance Level
TOE Target of Evaluation
TSF TOE Security Function
Operational User Guidance and Preparative Procedures Supplement for Common Criteria 7
2 Installation Guidelines and Preparative
Procedures
This section provides guidelines for installing McAfee VirusScan Enterprise 8.8 and ePolicy Orchestrator
4.5 to meet the Common Criteria evaluated configuration. The following guidelines may augment the
details of or provide exceptions to the documents referenced in the Purpose section of this document.
Prior to installation, the administrator should read and be familiar with the details of all documentation
for VirusScan Enterprise 8.8 and ePolicy Orchestrator 4.5.
Contents
Overview
Downloading the TOE
Evaluated Configuration
Verify Software
Install Database Capacity Monitor Extension
Overview
Prior to installation, the administrator should read and be familiar with the details of all documentation
for McAfee VirusScan Enterprise 8.8 and ePolicy Orchestrator 4.5.
Downloading the TOE
The administrator should follow these steps to download the VirusScan TOE component:
1 Log in to the download/upgrade site.
(https://secure.nai.com/us/forms/downloads/upgrades/login.asp) and enter the grant number
provided.
The My Products page appears showing links for the products to which the customer is entitled.
For example, if the grant number includes entitlement to McAfee VirusScan Enterprise, there will
be an entry for the McAfee Active VirusScan.
2 Select McAfee Active VirusScan.
The list of related products appears.
3 Select VirusScan Enterprise v8.8.
The license agreement page appears.
Installation Guidelines and Preparative Procedures
Evaluated Configuration
8 Operational User Guidance and Preparative Procedures Supplement for Common Criteria
4 Click I Agree.
The VirusScan Enterprise download page appears.
5 On the Software Downloads tab, select VSE880LML.zip and VSE880_Client_Help.Zip.
6 Download each item.
7 On the Documentation tab, select English from the Language drop-down box.
8 Select any or all of the available VirusScan Enterprise documentation.
9 Download each item.
The administrator should follow these steps to download the ePolicy Orchestrator TOE component:
1 Log in to the download/upgrade site
(https://secure.nai.com/us/forms/downloads/upgrades/login.asp
) and enter the grant number
provided.
The My Products page appears.
2 Select McAfee Active VirusScan.
The list of related products appears.
3 Select ePolicy Orchestrator v4.5.0.
The license agreement page appears.
4 Click I Agree, the ePolicy Orchestrator download page appears, containing a list of links.
5 Click and download the ePolicy Orchestrator file (ePO450P3.Zip).
6 Click the Documentation tab.
7 Select English from the Language drop-down box, and click Go.
8 Select any or all of the available ePolicy Orchestrator documentation.
9 Download each item.
The administrator should follow these steps to download the Database Capacity Monitor TOE
component:
1 Log in to the McAfee Service Portal site (https://mysupport.mcafee.com/Eservice/Default.aspx
).
2 Select Download Software Updates.
3 Click on Download EPolicy Orchestrator 4.5 Database Capacity Monitor.
4 Follow the instructions in the Install Database Capacity Monitor Extension section of this
document.
Evaluated Configuration
The evaluated configuration includes one or more instances of McAfee Agent and McAfee VirusScan
Enterprise and an instance of McAfee ePolicy Orchestrator. Note that for the evaluated configuration,
all user accounts defined in McAfee ePO must specify Windows authenticaltion (rather than McAfee
ePO authentication).
Installation Guidelines and Preparative Procedures
Verify Software
Operational User Guidance and Preparative Procedures Supplement for Common Criteria 9
The evaluated configuration includes one or more instances of McAfee Agent and VirusScan Enterprise
and an instance of McAfee ePO. The following configuration should apply to the evaluated
configuration:
1 All user accounts defined in McAfee ePO must specify Windows authentication.
2 McAfee Agent should only be installed by using the McAfee ePO interface.
3 Remote viewing of TOE log files on the clients is disabled.
4 Only authorized processes may initiate network connections to remote port 25 (SMTP). The
Central Administrator configures the list of authorized processes.
5 The U.S. Government Protection Profile Anti-Virus Applications for Workstations in Basic
Robustness Environments requires the TOE to restrict specific management functionality to the
Central Administrator role. At least one ePO user must be defined as a Central Administrator. For
this TOE, the Central Administrator role is defined as an authorized administrator with Global
Administrator status.
6 Because the
U.S. Government Protection Profile Anti-Virus Applications for Workstations in Basic
Robustness Environments requires the TOE to restrict specific management functionality to the
Central Administrator role, the following permissions may never be assigned:
a View audit log.
b View and purge audit log.
c View VSE settings.
d View and change VirusScan Enterprise settings.
Functionality Not Included in the Evaluation
The following functionality is not included in the evaluation:
The ability to protect against buffer overflows
The ability to identify spyware
The Scriptscan feature that scans JavaScript and VBScript scripts
The ability to update the TOE (scan engine). Note that the ability to update the virus
signatures (DAT file) is included in the evaluation.
The optional Alert Manager product
Verify Software
The administrator should follow one of the following points to ensure the proper version of software is
installed:
The administrator can view McAfee ePO versioning information on the title bar/tab header
when logged into ePolicy Orchestrator:
Installation Guidelines and Preparative Procedures
Install Database Capacity Monitor Extension
10 Operational User Guidance and Preparative Procedures Supplement for Common Criteria
The administrator can view VirusScan Enterprise versioning information via Menu / Software /
Extensions / VirusScan Enterprise when logged into ePolicy Orchestrator
Updating System Software
If the TOE is not running the evaluated version of software, the administrator should contact McAfee
to obtain the appropriate license/grant for the evaluated software version.
Install Database Capacity Monitor Extension
The purpose of the feature is to enable the use of automatic responses to alert the administrator of
the exhaustion of storage space being used by the SQL database. To facilitate events, a new project
has been created that allows the user to configure alert settings. This project is being released by way
of an extension and can be installed by the end user.
To install the Database Capacity Monitor Extension, follow the instructions below:
1 Download the Database Capacity Monitor Extension (DBCapMon.zip) from McAfee Service Portal.
2 As a Global Admin, select Software / Extensions from the main menu.
Installation Guidelines and Preparative Procedures
Install Database Capacity Monitor Extension
Operational User Guidance and Preparative Procedures Supplement for Common Criteria 11
3 Select Install Extension.
4 Follow the prompts to install the downloaded extension.
5 Once installed, verify that the version matches below:
Creating and generating responses for Database is a three-part sequence. These steps require
adjusting or reviewing database limits, setting up a server task and finally creating an Automatic
Response.
Step 1: Adjust or Review Database space requirements
The user can create a query for systems with less than, for example, 10GB free of system drive space.
The user can create a server task to mail the results of this query to a designated recipient. From the
server configuration, select the “Database watcher limits” category. Clicking edit will that use to
specify the maximum expected database and the percentage at which a server event will be triggered.
Step 2: Create a Server Task to generate the Event
To use the limits specified a user must create a server task to run the “Check Database Size” action
and set a schedule at which the limits will be queried.
1 New Server Task:
Installation Guidelines and Preparative Procedures
Install Database Capacity Monitor Extension
12 Operational User Guidance and Preparative Procedures Supplement for Common Criteria
a Provide name and Enable the task.
b Select the “Check Database Size” action.
c Provide schedule settings.
d Review and save the server task.
This server task creates entries in the EPOServerEvents table using the event id of ‘16081’ and
contains information pertaining to the audit log entry and server information. The presence of the
event id in this table represents the limits have been met based on the criteria set in the configuration
screen. This process does not generate the alerts and communication; this will be via an automatic
response.
Step 3: Setting up the automatic response
1 Select the ePO Notification group, and specify “server” from the event type.
Installation Guidelines and Preparative Procedures
Install Database Capacity Monitor Extension
Operational User Guidance and Preparative Procedures Supplement for Common Criteria 13
2 Add the Event ID as a filter and specify ‘16081’ as the value:
On the Aggregation tab of the Automatic Response builder screen, it should be noted that
throttling should be used in order to not overload an overload system.
From the Actions screen the user can specify the appropriate response; in this case a server issue
is being created and assigned to the global administrator.
Installation Guidelines and Preparative Procedures
Install Database Capacity Monitor Extension
14 Operational User Guidance and Preparative Procedures Supplement for Common Criteria
3 Review settings and save the automatic response settings.
Operational User Guidance and Preparative Procedures Supplement for Common Criteria 15
3 Guidance for Administrators
The Common Criteria evaluated configuration is designed to be as flexible as possible in a deployment
scenario. As such, the ongoing guidance for administrators is largely covered in the McAfee VirusScan
Enterprise 8.8 software Product Guide. Administrators should read and configure the software
according to the guidelines in available documentation and according to their site-specific security
policies. Following those guidelines and those mentioned below will ensure that the TOE is
administered in a manner that complies with the Common Criteria evaluation.
Contents
Software Version Inspection
Required Password Length
Software Version Inspection
The administrator should periodically verify that the evaluated version of software is running.
Required Password Length
When adding other administrator accounts to the TOE, the administrator should choose strong
passwords by adhering to the following rules:
Use long passwords (8 characters or longer).
Do not use something found in a dictionary (in any language or jargon).
Do not use a name (including that of a spouse, parent, child, pet, fantasy character, famous
person, and location) or any variation of the account name or administrator identity.
Do not use accessible information (such as phone numbers, license plates, or social security
numbers).
Do not use a birthday or a simple number pattern.
Use a mixture of upper and lower case letters, as well as digits or punctuation. When choosing
a new password, make sure it is unrelated to any previous password.
Note that the administrator should also follow these rules when maintaining his/her own password.
/