McAfee TEECDE-AA-AA Evaluator Guide - Page 37

Resetting the On-Access Scan policy, Verifying the On-Demand Scan task, When an Unwanted Program

Get McAfee TEECDE-AA-AA - Total Protection For Endpoint PDF manuals and user guides View all McAfee TEECDE-AA-AA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 37 highlights

Deploy the McAfee Agent 3 Highlight Test Group. 4 To the right of Unwanted Programs Policy, click Edit Assignment. 5 Select Break inheritance and assign the policy and settings below. 6 Click New Policy. 7 Type a name for the policy, such as PUP exclusions for IT staff, and click OK. The Policy editor opens. 8 In the Unwanted Program Exclusions area, type PortScan-SuperScan and click the plus symbol (+) on the right. 9 Type RemAdm-TightVNC, click + again, and type Reg-TightVNC. TightVNC also requires a "Reg" exclusion for the Windows Registry entries for this application. This instructs the scanner not to clean the associated Registry entries for this program. SuperScan does not require a Reg exclusion as it is just a standalone executable. 10 Click Save. It is safer to exclude only the tools you use, rather than deselecting an entire category. For example, considering remote administration tools, you might need to exclude a few tools for normal operations, but you might also want to know if the McAfee AntiSpyware module finds any non-approved, rogue tools of this nature on your network. After completing the PUP audit, it is important that you change the VirusScan setting back to Clean, and create a policy with exclusions. If you don't revert the policy to clean PUPs, you won't remove spyware. Resetting the On-Access Scan policy Previously, you created a new policy that instructed the on-access scanner to detect PUPs but not clean them. Use this task to reapply the default scanner policy, which enables cleaning. 1 Click Menu | Systems | System Tree, then click Assigned Policies on the menu bar. 2 From the Product drop-down menu, select VirusScan Enterprise 8.7.0. 3 Highlight Test Group. 4 To the right of On-Access Default Processes Policies, click Edit Assignment. 5 For Inherit from, select Break inheritance and assign the policy and settings below. 6 From the Assigned Policy drop-down menu, select My Default. 7 Click Save. Verifying the On-Demand Scan task In a previous exercise, you scheduled a recurring scan for the client system. As part of that configuration we instructed the scanner to temporarily only detect PUPs, and not to clean them. Use this task to reset the option that enables cleaning during a scheduled scan. 1 Click Menu | Systems | System Tree, then click Client Tasks on the menu bar. 2 Highlight Test Group. 3 Locate the scan task you created, then under the Action column click Edit Settings. 4 On the first page of the task wizard, click Next. 5 On the Configuration page, click Actions, then in the When an Unwanted Program is Found drop-down menu, select Clean Files. 6 Click Save. McAfee Total Protection for Endpoint Lab Evaluation Guide 37

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
3
Highlight
Test Group
.
4
To the right of
Unwanted Programs Policy
, click
Edit Assignment
.
5
Select
Break inheritance and assign the policy and settings below
.
6
Click
New Policy
.
7
Type a name for the policy, such as
PUP exclusions for IT staff
, and click
OK
. The Policy editor
opens.
8
In the
Unwanted Program Exclusions
area, type
PortScan-SuperScan
and click the plus
symbol (
+
) on the right.
9
Type
RemAdm-TightVNC
, click
+
again, and type
Reg-TightVNC
.
TightVNC also requires a "Reg" exclusion for the Windows Registry entries for this
application. This instructs the scanner not to clean the associated Registry entries for this
program. SuperScan does not require a Reg exclusion as it is just a standalone executable.
10
Click
Save
.
It is safer to exclude only the tools you use, rather than deselecting an entire category. For
example, considering remote administration tools, you might need to exclude a few tools for
normal operations, but you might also want to know if the McAfee AntiSpyware module finds
any non-approved, rogue tools of this nature on your network.
After completing the PUP audit, it is important that you change the VirusScan setting back to
Clean, and create a policy with exclusions. If you don't revert the policy to clean PUPs, you
won't remove spyware.
Resetting the On-Access Scan policy
Previously, you created a new policy that instructed the on-access scanner to detect PUPs but
not clean them. Use this task to reapply the default scanner policy, which enables cleaning.
1
Click
Menu
|
Systems
|
System Tree
, then click
Assigned Policies
on the menu bar.
2
From the
Product
drop-down menu, select
VirusScan Enterprise 8.7.0
.
3
Highlight
Test Group
.
4
To the right of
On-Access Default Processes Policies
, click
Edit Assignment
.
5
For
Inherit from
, select
Break inheritance and assign the policy and settings
below
.
6
From the
Assigned Policy
drop-down menu, select
My Default
.
7
Click
Save
.
Verifying the On-Demand Scan task
In a previous exercise, you scheduled a recurring scan for the client system. As part of that
configuration we instructed the scanner to temporarily only detect PUPs, and not to clean them.
Use this task to reset the option that enables cleaning during a scheduled scan.
1
Click
Menu
|
Systems
|
System Tree
, then click
Client Tasks
on the menu bar.
2
Highlight
Test Group
.
3
Locate the scan task you created, then under the
Action
column click
Edit Settings
.
4
On the first page of the task wizard, click
Next
.
5
On the
Configuration
page, click
Actions
, then in the
When an Unwanted Program
is Found
drop-down menu, select
Clean Files
.
6
Click
Save
.
Deploy the McAfee Agent
37
McAfee Total Protection for Endpoint Lab Evaluation Guide