McAfee TEECDE-AA-AA Evaluator Guide - Page 35

Deploy the McAfee Agent The McAfee Agent is the distributed component of ePolicy Orchestrator that must be installed on each system in your network that you want to manage. The agent collects and sends information to the ePO server. It also installs and updates the endpoint products, and applies your endpoint policies. Systems cannot be managed by ePolicy Orchestrator unless the McAfee Agent is installed. Before deploying the McAfee Agent, it is useful to verify communication between the server and systems, and access to the default administrator share directory. Also, you might need to create firewall exceptions. 1 Check that you can ping client systems by name. This demonstrates that the server can resolve client names to an IP address. 2 Check for access to the default Admin$ share on the client systems: in the Windows interface, click Start | Run, then type \\computer-name\admin$. If the systems are properly connected over the network, your credentials have sufficient rights, and the Admin$ shared folder is present, a Windows Explorer dialog box opens. 3 If an active firewall is running on any client systems, create an exception for Framepkg.exe. This is the file ePolicy Orchestrator copies to the systems you want to manage. Deploying the agent Use this task to deploy the McAfee Agent to your client systems. 1 Click Menu | Systems | System Tree, then click Systems on the menu bar. 2 Highlight Test Group. If this group has no systems, but has subgroups with systems, click the Filter drop down and select This Group and All Subgroups. 3 Select one or more systems from the list, and click Actions | Agent | Deploy Agents. 4 Type credentials that have rights to install software on client systems, such as a Domain Administrator, and click OK. It will take a few minutes for the McAfee Agent to install and for client systems to retrieve and execute the installation packages for the endpoint products. When first installed, the agent determines a random time within 10 minutes for connecting to the ePO server to retrieve policies and tasks. There are many other ways to deploy the McAfee Agent (see the ePolicy Orchestrator documentation or online help). Verifying agent communication with ePolicy Orchestrator Once the initial agent-server communication has occurred, the agent polls the server once every 60 minutes by default. This is known as the Agent to Server Communication Interval or ASCI. Every time this occurs, the agent retrieves policy changes and enforces the policies locally. With the default ASCI, an agent that polled the server 15 minutes ago will not pick up any new policies for another 45 minutes. However, you can force systems to poll the server with an Agent Wake Up Call. The Wake Up Call is useful when you need to force a policy change sooner McAfee Total Protection for Endpoint Lab Evaluation Guide 35