McAfee M3050 Installation Guide - Page 22
Functional requirements, Using anti-virus software with the Manager
View all McAfee M3050 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 22 highlights
McAfee® Network Security Platform 6.0 Preparing for the Manager installation If applicable, identify the ports to be mirrored, and someone who has the knowledge and rights to mirror them. Allocate the proper static IP addresses for the Sensor. For the Sensors, you cannot assign IPs using DHCP. Identify hosts that may cause false positives, for example, HTTP cache servers, DNS servers, mail relays, SNMP managers, and vulnerability scanners. Functional requirements Following are the functional requirements to be taken care of: Install Wireshark (formerly known as Ethereal http://www.wireshark.com http://www.wireshark.org) on the client PCs. Ethereal is a network protocol analyzer for Unix and Windows servers, used to analyze the packet logs created by Sensors. Ensure the correct version of JRE is installed on the client system, as described in the Release Notes. This can save a lot of time during deployment. Determine a way in which the Manager maintains the correct time. To keep time from drifting, for example, point the Manager server to an NTP timeserver. (If the time is changed on the Manager server, the Manager will lose connectivity with all Sensors and the McAfee® Network Security Update Server because SSL is time sensitive.) If Manager Disaster Recovery (MDR) is configured, ensure that the time difference between the Primary and Secondary Managers is less than 60 seconds. (If the spread between the two exceeds more than two minutes, communication with the Sensors will be lost.) If you are upgrading from a previous version, we recommend that you follow the instructions in the respective version's release notes or, if applicable, the Upgrade Guide. Using anti-virus software with the Manager If you plan to install anti-virus software such as McAfee VirusScan on the Manager, be sure the MySQL directory and its sub-directories are excluded from the anti-virus scanning processes. For example selecting ...\Manager\MySQL and its subdirectories will exclude the entire MySQL installation directory from the anti-virus scanning processes. Otherwise, Network Security Platform packet captures may result in the deletion of essential MySQL files. Also exclude the Network Security Platform installation directory and its sub-directories because temporary files are created there that might conflict with the anti-virus scanner. Note: If you install McAfee VirusScan 8.5.0i on the Manager after the installation of the Manager software, the MySQL scanning exceptions will be created automatically, but the Network Security Platform exceptions will not. McAfee VirusScan and SMTP notification From 8.0i, VirusScan includes an option (enabled by default) to block all outbound connections over TCP port 25. This helps reduce the risk of a compromised host propagating a worm over SMTP using a homemade mail client. 14